Astaro Blog Feed

Astaro Security Gateway V7 End-of-Life Reminder

Angelo Comazzetto — Wed, 02 May 2012 23:33:40 +0000

As originally announced last year to our partners, Version 7 of Astaro Security Gateway will be end-of-life on December 31st 2012. As this date approaches we’d like to provide an update on the options available if you still run this version of our product. If you do not have an ASG V7 installation you are unaffected by this announcement (and following ones) and can disregard it. If however you maintain an active installation of ASG V7, you should read on for what the sun setting on this version means for you.

On December 31st 2012, we will conclude all maintenance, security patching, updates, and any further kind of support for Astaro Security Gateway (ASG) Version 7. Before this date occurs, you should migrate to the latest stable version - either to ASG V8 or its successor UTM V9 that will launch in July 2012. Customers with an existing valid license and maintenance can choose several paths for upgrading their installation to a newer version. For a complete list of current options, pricing, and anything not covered in this reminder announcement, you should always contact your partner or sales representative who will be happy to assist you in answering any questions.

Installations running an ASG V7 software appliance on their own hardware need to install an updated version and then restore a backup file of their configuration, which will apply all your settings except for log files and on-box reports. Logs can be exported in bulk from within the WebAdmin beforehand, while reports will begin anew on your updated platform as existing ones will be purged. If you have an Astaro Security Gateway hardware appliance running V7.510+, there is the option from the Up2Date menu to one-touch-upgrade to ASG V8. This will bring you to the V8 platform automatically, but will require further Up2Dates to be applied after the migration is complete to bring you to the very latest release of the V8 platform. This summer in July of 2012, we will release UTM 9 which is currently in open beta. This platform cannot be directly upgraded to from ASG V7 via a one-touch operation. In order to move from ASG V7 to UTM 9, you will need to re-install UTM 9 when it is released and then restore a backup file. Most features should import successfully, but for best results you should first restore your backup into ASG V8 and then take a backup from that platform into UTM 9.

As we move closer to the End-of-Life date for V7, we will send out additional notices and information covering this topic via email to registered V7 administrators, our Partner newsletter, and other channels. Our newest versions offer complete security, better performance, and hundreds of new features to make your business safer and more productive. We look forward to having you as customer on our latest technology.

-Angelo Comazzetto

Sr. Product Manager

You, Us, and the Amazon Cloud

Angelo Comazzetto — Wed, 18 Apr 2012 02:29:43 +0000

As several customers and partners have expressed their interest in our current Amazon capabilities, I'd like to take the chance to summarize our integration with Amazon and their excellent cloud services. In ASG 8.300, we added two different areas of support with Amazon Web Services (AWS) products; our solution can be run within the Amazon Elastic Computing Cloud (EC2)using a pre-built machine image provided by us, along with a dedicated Amazon Virtual Private Cloud (VPC) connector to join your ASG to your VPC with a level of ease never before possible. As a result, you then saw the business case possibilities around using RED appliances and WIFI Access Points for connecting branch offices back to products hosted within Amazon; we have shipped thousands of units in response. If you'd like to get started (or improve) with Amazon Web Services, download some guides on how to setup these configurations yourself, and otherwise learn about what is possible around these technologies, I would invite you to read on for the rest of this posting.

A quick note: if you happen to be in the New York area tomorrow, November 19th, you might be interested in the Amazon Web Services Summit taking place at the Javits Convention center where you will see our products in action along with many other innovative and amazing things. (If you cannot physically attend, they plan to offer streaming for several tracks as well. See below.)

Let's look at the two primary efforts we have made around integrating with Amazon. While it might look like a lot of acronyms, you'll quickly get the hang of it. They (and we!) have many products, and every product has some abbreviation. The first is the ability to run a hosted Astaro Security Gateway within the Amazon Elastic Computing Cloud (EC2). To accomplish this, we have built, uploaded, and will now maintain Amazon Machine Images (AMI’s) of our Astaro Security Gateway 8.300+ and Astaro Command Center 3.0+, along with our upcoming Sophos UTM9 release which is available now as public beta to be released in July.

EC2 allows you to take advantage of the massive Amazon infrastructure and make the act of hosting an ASG purely about the software; you don’t need to worry about available bandwidth, redundancy, or hardware failures. There is no need to ship appliances, rack-mount hardware, or deal with cabling. Just activate (launch) an ASG within the EC2, and literally within minutes you have an ASG of any size you need ready for work. EC2 is basically a big datacenter where users can activate “images” (similar to a virtualization platform you might build on your own hardware) and then pay only for the resources & bandwidth your Amazon Machine Images consume. Amazon provides very detailed billing for all activity, and you can run reports down to the penny which show precise resource usage at any time so you are not surprised by any costs with an unexpected bill at the end of a period. We have observed ASG 220-sized instances consuming anywhere from $30-$250 per month, but this directly depends on the installation and how it is used.
In summary, you can activate an ASG within EC2 and then use it like a hosted virtual machine. Partners can connect branch offices to it using our unmatched RED and Wireless products, meaning their customers can avoid having extra infrastructure at their “main” site. Engineers are frequently using Amazon ASG's for testing and demo purposes as well. With a reliable, scalable ASG running in EC2, the use cases and chances to innovate in solving customer problems are almost endless. I'd invite you to share your successes in our forums at www.astaro.org.

The other thing we’ve added is completely different - A Virtual Private Cloud (VPC) connector within ASG itself. To quickly simplify VPC, it gives you a “piece” of the Amazon cloud to launch your servers in securely, separated in your own private IP space. The problem we wanted to solve by adding a VPC connector into ASG is that VPC requires a customer to have a way “get” to it from their business in order to access whatever they have chosen to run there. This could be mail servers, file servers, or virtually any kind of hosted machine. To do this securely, you need a hardware VPC using a costly and complex product from some larger networking companies, along with the technical knowledge to configure the required BGP routing (to dual redundant gateways) in order to create a connection to VPC. It is not possible to use a very simple, single IPSec VPN tunnel. Our VPC connector lets you download a single file from Amazon and upload it into your local ASG, which then builds the connection to your VPC automatically. You do not need to know anything about advanced routing, complex multi-homed IPSec tunnels, or anything about how the inner workings of VPC operate. If you can enter a name and password or click to upload a configuration file, you can join your ASG to your VPC and be securely accessing your files in minutes. Our VPC connector is all about using your existing ASG located at your business to connect to the Amazon VPC, turning a technical and expensive process into something very simple, and best of all free! You read that right: we’ve included our Amazon VPC connector as part of the Astaro Essential Firewall which is fully free for business use.

Now if you wish to go one step further for the ultimate in cloud-hosted protection and connectivity, launch an ASG within EC2, use the connector to join it to your VPC, and then connect from your office(s) to your ASG using Astaro RED (and Wireless with it!). There is less to configure, less to deploy, and new sites can be brought online by drop-shipping a RED & access point. To get started, you can sign up for Amazon Web Services, use our ASG-EC2 getting started guide (see below), and then follow our other guide to set up your own Amazon Virtual Private Cloud (again, see below) and connecting to it with your ASG (hosted in EC2 or at your own site on hardware/software/virtual appliance). All Astaro AMI's come with 30 days of full access, and you can request evaluation units and license keys for longer periods.

Useful Links:

Up2Date 8.302 Released

Angelo Comazzetto — Wed, 11 Apr 2012 17:23:02 +0000

Today we released Up2Date 8.302 of Astaro Security Gateway. This release is soley for the purpose of addressing an issue our Swisscom DSL Customers reported due to changes implemented by this ISP. As a result, a small version bump will occur, in that the larger release we had intended to be 8.302 will now be released as 8.303 later this month which contains many fixes and updates for ASG V8. You can read on for the details of the Up2Date package.

Astaro Security Gateway Up2Date 8.302 Information

News:

Addressed connection issues with Swisscom DSL

Remarks:

System will be rebooted

Fixes:

[20573] Problems with PPPoE with Swisscom DSL

Download:
Link: ftp.astaro.de/ASG/v8/up2date/u2d-sys-8.302.tgz.gpg
Size: 123KB
MD5: 283d9427cba1395d14ef147870ce57b2

Up2Date Installation:
Astaro Up2Date technology makes it easy to upgrade your Astaro Security Gateway to the latest version. There are two ways to apply an already-downloaded Up2Date package to the system:

Log on to WebAdmin, navigate to Management >> Up2Date >> Overview and use Update to latest version now to install the Firmware Up2Date. Click on the "Watch Up2Date Progress in new window" and an extra browser window will show the progress of the Up2Date installation. (The System administrator will receive a notification email once the Up2Date process has finished.)
Download the Up2Date package from our HTTP or FTP Server and install it under Management >> Up2Date >> Advanced:

	Astaro Security Gateway Up2Date FTP Mirrors:

Feedback

If you want to provide feedback or want to discuss any of the ASG V8 features you should post it on our User Bulletin Board. Please indicate the version you are using (e.g. "[8.302] Using Multiple Internet Links").
If you have any feedback on our help, manual, or any documentation (Online Help) please send it to docu@astaro.com.
There is also a demo server for public use: http://demo.astaro.com

Angelo Comazzetto
UTM Product Manager

Create your malware monster: And the winners are...

Joerg Schindler — Mon, 02 Apr 2012 14:31:34 +0000

Over the past few weeks, hordes of strange and frightening monsters invaded our website. Fortunately only in a metaphorical sense – however they would have had a day thanks to our Complete Security package which eliminates all threats thoroughly. The monsters we are speaking of are the ones from our creative competition and built with bricks.

We were pretty impressed by your the creativity and the tough competition at the end of the count down.

Your votes are now in and the champions are set. Take a look here to see the winning monsters and all the other great entries!

Complete Security Buzz at CeBIT 2012

Joerg Schindler — Tue, 13 Mar 2012 08:45:54 +0000

CeBIT 2012 was a great success. The world's largest tradeshow showcasing digital IT and telecommunications solutions for home and work environments was the perfect platform for Sophos and Astaro to showcase our products and the Complete Security Strategy. The conference was also the perfect platform to debut the new company appearance.

The seven product families Unified, Web, Email, Endpoint, Mobile, Network and Data are now united below the Sophos brand with White as the main color theme. Our corresponding white booth at CeBIT within the IT-Security hall attracted thousands of visitors during the five day fair. In addition to business talks at the demo stations, which were occupied all the day, the booth also attracted the masses due to its entertainment program such as expert’s talks and the large Complete-Security-Bridge, built from 200.000 bricks. VIP visitors like the Vice President of the European Commission, Nellie Kroes, and a delegation of the Russian ministry of Education underlined the growing importance of Sophos in the IT security market. UTM meets endpoint is gathering speed. If you want to get some impressions of the event visit our Facebook page.

The Sophos-Astaro Roadshow 2012

Joerg Schindler — Mon, 12 Mar 2012 10:28:25 +0000

We would like to thank everyone who visited the Sophos-Astaro Partner Roadshow events and hope that you were able to take enough valuable information home with you.

It was especially pleasing for us to greet so many new (and familiar) faces and open the IT security "Complete Security" chapter. As always, we would like to offer you some impressions from the events. Below you can see some pictures in a slideshow.

Recognized as a Leader in 2012 Magic Quadrant for UTM by Gartner

Joerg Schindler — Mon, 12 Mar 2012 10:18:44 +0000

We are proud to announce that we have been positioned in the “Leaders” quadrant of Gartner, Inc’s 2012 Magic Quadrant for Unified Threat Management. The quadrant is based on an assessment of a company’s ability to execute and completeness of vision.

According to the report, “The Leaders quadrant contains vendors at the forefront of making and selling UTM products that are built for midsize business requirements. The requirements necessary for leadership include a wide range of models to cover midsize business use cases, support for multiple features, and a management and reporting capability that's designed for ease of use. Vendors in this quadrant lead the market in offering new safeguarding features, and in enabling customers to deploy them inexpensively without significantly affecting the end-user experience or increasing staffing burdens.

These vendors also have a good track record of avoiding vulnerabilities in their security products. Common characteristics include reliability, consistent throughput, and a product that's intuitive to manage and administer.” Sophos UTM eliminates the complexity of deploying and managing a variety of point solutions to secure businesses against viruses, spam and hackers. It combines essential security solutions within a single flexible appliance, providing centralized control through an easy-to-use console. And in response to growing customer needs, Sophos recently introduced UTM cloud capabilities via the Amazon VPC (Virtual Private Cloud), enabling customers to easily host and run server infrastructure in a secure, scalable cloud. Gartner states that: “especially under the current economic conditions, most SMBs have strong IT budgetary and staffing constraints. This causes them to highly value ease of deployment and use, strong local channel support, and flexible pricing.”

To download a complimentary copy of this report, please click here.

Sophos UTM 9 Public Beta Begins

Angelo Comazzetto — Sat, 03 Mar 2012 22:06:59 +0000

The next major version of Astaro Security Gateway will be known as Sophos UTM 9. You are invited to participate in our just-released public Beta of this version to test and provide feedback which we will use to shape and polish the product as we move towards GA. The public Beta for UTM 9 is scheduled to run until late June, in preparation for a release that is targeted for July 15th.

Many exciting new features have been added; we have extended onto the desktop with Endpoint Protection, Wireless Protection has a new captive portal system which is perfect for hotels & coffee shops, and a jaw-dropping HTML5 VPN Portal for true clientless access makes its debut as well. Full details on the UTM 9 Public Beta, (along with download links and license keys) can be found here in our community forums. A brief overview of some notable things you might be waiting for can be viewed by reading on.

ï»¿Sophos UTM 9 At A Glance
Major New Features

Endpoint Protection
Wireless Captive Portals
HTML5 VPN Portal
Sophos Anti-Virus Engine
New WebAdmin GUI Look

Minor New Features

Apple iOS Support for WebAdmin
YouTube for Schools
1:1 NAT Rules
New Appliance LCD Functions
HA/Clustering Cold-Standby During Up2Date
Constant Live-Log Button
Customizable Dashboard
New Listbox Functionality
Network Definition Ranges
Download and Distribution of User VPN Configurations
Multiple Objects in Firewall Rules

There are many more new things for you to see and test (over 100 in fact), and I invite you to create and vote for features at our feature request site, your idea could change the product and benefit others! On behalf of myself, the Network Security Group, and all of Sophos, enjoy the Beta of UTM 9 and be sure to share your results in our forums.

Angelo Comazzetto

SC Top Rating for Astaro Security Gateway

Joerg Schindler — Fri, 02 Mar 2012 08:23:13 +0000

SC Magazine tested Astaro Security Gateway recently and awarded the highest score of 5 stars in each sub category. Of course we are very proud of this result. But read the tester's results by yourself: "The Astaro Security Gateway is a flexible, full gateway security appliance that can be deployed and configured to fit almost any environment. This product is available as a full hardware appliance, software installation or virtual appliance. The Security Gateway offers firewall and intrusion prevention protection along with application control, web content filtering, gateway anti-virus, email content filtering and anti-spam."

"We found deployment to be fairly easy with help from an initial setup wizard. The wizard is launched from a web browser once the appliance is connected to the network. This utility will help in creating the initial network settings of the appliance, as well as establish a base configuration of the security policy. At the completion of the wizard, all further administration and management is done via the web-based interface of the appliance. We found this to be well-organized and intuitive to navigate." Get the full article here!

For: Full-featured security gateway with many deployment and configuration options.
Against: None that we found.
Verdict: A solid product that is feature rich and well worth your short list.

Up2Date 8.301 Released

Angelo Comazzetto — Wed, 29 Feb 2012 02:31:44 +0000

ï»¿Today we have made available Version 8.301 of Astaro Security Gateway. This is a maintenance release only which addresses various reported issues and will contribute to the stability of your ASG installation. While this Up2Date will be made automatically available for installation, you can read on for more details and manual download links.

This release contains a number of fixes around VPN, Web Security, and wireless.

Astaro Security Gateway Up2Date 8.301 Information
News:

Several bug fixes for IPsec VPN
Several bug fixes for Web Filter
IRQd restarting often has been fixed

Remarks:

System will be rebooted
Configuration will be upgraded
Connected Wireless AP's will perform a firmware upgrade

Fixes:

[19482] Data transfer over L2TP VPN breaks after a few minutes for Windows clients
[19740] Downloads larger than the max. scanning size with chunked encoding break if AntiVirus is enabled
[19806] Web Filter: iPhone/iPad exception for Youtube doesn't match
[19914] Can't select 2012 as custom time frame in Logging & Reporting >> View Log Files >> Search Log Files
[20102] WiFi: Connection problems for clients using powersaving

Download:
Link: ftp.astaro.de/ASG/v8/up2date/u2d-sys-8.301.tgz.gpg
Size: ~90MB
Md5: fdd007446fbad7b8553b6b91f806ea68

Up2Date Installation:
Astaro Up2Date technology makes it easy to upgrade your Astaro Security Gateway to the latest version. There are two ways to apply an already-downloaded Up2Date package to the system:

Log on to WebAdmin, navigate to Management >> Up2Date >> Overview and use Update to latest version now to install the Firmware Up2Date. Click on the "Watch Up2Date Progress in new window" and an extra browser window will show the progress of the Up2Date installation. (The System administrator will receive a notification email once the Up2Date process has finished.)
Download the Up2Date package from our HTTP or FTP Server and install it under Management >> Up2Date >> Advanced:

	Astaro Security Gateway Up2Date FTP Mirrors:

Feedback

If you want to provide feedback or want to discuss any of the ASG V8 features you should post it on our User Bulletin Board. Please indicate the version you are using (e.g. "[8.301] Amazon VPC Connector").
If you have any feedback on our help, manual, or any documentation (Online Help) please send it to docu@astaro.com.
There is also a demo server for public use: http://demo.astaro.com

Angelo Comazzetto
Product Manager

Bringing in the white!

Amir Khawaja — Thu, 23 Feb 2012 07:40:59 +0000

The winter is leaving us but we will remain white! The cool new website look is here and we are now more aligned in Sophos style!

Brilliant white is the perfect color for symbolizing a successful start into a new era based on Complete Security. This visual modification is the next step in growing together with Sophos and ensures that we can present a recognizable brand to you under the Sophos banner. As far as the website goes, you will have no difficulty in navigating to your favorite places because the site structure is exactly the same as before.

There will be more updates to come and we will keep you posted right here!

Astaro Command Center V3.002 Released

Angelo Comazzetto — Fri, 17 Feb 2012 10:12:35 +0000

Today we have released a maintenance Up2Date for Astaro Command Center. This release will increase the stability of your installation by addressing a few reported bugs, most notably the World-Map overview not operating correctly due to a change at Yahoo with their maps interface. Full details are available inside after the break.

ACC Up2Date V3.002 Information

News

-This is a maintenance release

Remarks:
-System will be rebooted
-Configuration will be upgraded

Fixes:
-[20087] ACC loses Confd connection after session timeout
-[20107] Worldmap does not work due to old mapstraction version
-[20108] Fix library dependencies after apl update (Reporting now uses GD.pm)

Download link:
http://ftp.astaro.de/ACC/v3/up2date/u2d-sys-3.002.tgz.gpg
MD5: 26005022fe45c5b0e6c8a280e77eaf98
Size: ~23MB

**Important Licensing Note**: ACC Version 3 now uses our the newer-style licensing model we released in 2010 for our ASG products. While ACC remains totally free, this means your existing V2 ACC key from the MyAstaro.com portal is longer valid, nor is any outstanding static keys from the time when we only offered a single key for all installations. To get your new ACC 3.0 key, fill out the creation form on our website. Your personalized license will then be available via the License Management section of your MyAstaro account.

	Astaro Command Center FTP Mirrors:

Feedback

If you want to provide feedback or want to discuss any of the ACC V3 features you should post it on our User Bulletin Board. Please indicate the version you are using (e.g. "[3.002] Central Backup Creation Question").
If you have any feedback on our help, manual, or any documentation (Online Help) please send it to docu@astaro.com.
There is also an ACC demo server for public use: http://demo.astaro.com

Angelo Comazzetto

Are Wireless Access Points part of your network?

Charles Tracey — Mon, 13 Feb 2012 13:21:28 +0000

Were your access points part of your original equipment when the rest of your network was planned/built? Probably Not. New installs, or green field installations, are networks with an existing physical LAN that an organizations wishes to add Access Points(APs) to. This is done to extend the network to accommodate the growing number of users, devices, and visitors. In most cases APs are evaluated and installed without considering or leveraging existing security devices. For existing users they may be able to roam with their existing Ldap inspired credentials via a back-up Authentication method. In modern networks that does not include everybody. Thankfully modern APs have guest network options which can be set up. Some even have a check box for client isolation. Some check it, others will leave unchecked. Why?, because they may need a resource on your network.

The Potential Problems:
In this now merged network we can see employees, visitors/guest with tablets, cell phones, pcs, etc.. We need a way to corral, protect, and prevent. The access point may be a Gateway in a bad way; it could be a "rogue access point". Organizations need to determine how to allow access to the network for known resources while blocking those the company does not want to have access. It's a relationship that goes both ways because devices need "protected" status access to and from the network. The APs should be set up so that no malware should be sent or received, a strong password is established for guests and the guest account password needs to change and be easy to convey. Much has been written about simple passwords for account access. Those simple passwords have found their way to access points as well.

The Solution:
Start with the who, what, where and how list.
Ask yourself:
Who needs access? Employees, contractors, guests, those people slowly driving by in their car?
The answer:
Employees get WPA-*.* tied to their Ldap Account which equals authentication, encryption, and allowed destinations. Contractors may have a temporary account linked to another SSID with a similar set up as employees.
Guest and those who are just driving by: What do they get? We know the new 802.11n standard registers some impressive distances.

What needs access?
PCs, tablets, wifi enabled-phones

Where do they(s) need to go?
Printers, Servers, the Internet (with or without filtering). Those guests might need access back to their corporate network.

How are they going to be allowed?
Through Firewall Rules,Web Filter, AV filter, etc.,

So with this short list you can plan, design and execute a Wifi policy that make sense and is enforceable. In our audit required world we need to prove the policy through logging and reporting as well. But that is a subject for another post.

Who can help your business offer secure wireless?

Jessica Pozerski — Tue, 07 Feb 2012 08:54:57 +0000

Just about anywhere you go you will find a Wireless Wi-Fi Network. Your local Starbucks, hotels, bars, and even department stores now offer customers wireless access to the Internet. The question then comes to mind; are you secured when connecting to these Wi-Fi networks? This questions especially important this time of year when everyone is out doing their holiday shopping. Whether you are at your local Starbucks on your laptop doing your online shopping or at the Macy’s using your Smartphone to help you find more information on that special item the lack of secure wireless means you need to ensure your device is secure.

If everyone has access through these networks than it’s probably not that secure. Who then bares the responsibility of securing the customers? I believe the responsibility is shared with the business offering the Wi-Fi connection and the customer who would like to frequent said establishments. From a business side, selecting the right security network device is essential as is selecting the right Wireless Access Point.

Business can look at many security solutions. When looking to secure your Wi-Fi network, I would look at solutions that can service my perimeter, internal and Wi-Fi network. Security companies such as Fortinet, and Astaro (now a Sophos company) provide secure wireless. For instance, Astaro provides a Unified Threat Management (UTM) System that can protect your business from the perimeter all the way down to your internal infrastructure then to your Wi-Fi Network. Astaro has access points, an AP10 and AP30, that directly connect to your Astaro Security Gateway. The Astaro access points can create up to 8 SSIDs. Businesses can then create a wireless security zone for themselves and a separate security zone for their customers. Everyone that connects to these access points, communication over-the-air is encrypted. The access points are directly connected to the ASG so traffic is always inspected coming into or out of the Wi-Fi Network.

Consumers must also be aware of security threats to their personal and financial files stored on their Smartphones. If you have an unlimited data plan, then why turn on your wi-fi? For those who don’t have an unlimited plan, make sure you do have some security software on your Smartphones. Companies like Symantec, Sophos, and Norton offer such protection. They will help you be secured with antivirus software clients to prevent the loss of data and services to malware. This will be important for those of you consumers checking your bank accounts on your mobiles this holiday season.

Astaro Command Center V3.001 Released

Angelo Comazzetto — Mon, 06 Feb 2012 09:38:57 +0000

We have made released the first maintenance update for V3 of the Astaro Command Center (ACC). A bugfix & stability release, this package will address certain issues in ACC 3.000 and increase the reliability of your installation. You can read the full details after the break.

News:
-This is a maintenance release

Remarks:
-System will be rebooted
-Configuration will be upgraded

Fixes:
[18822] Confd clients may miss storage changes
[19649] Devices without configuration feature let accd run into a deadlock
[na] Various Gateway Manager fixes

Download Links:
Size: 62.7MB
MD5: c8b9ed5aa0089a53cd3614be4e6de402
http://ftp.astaro.de/ACC/v3/up2date/u2d-sys-3.001.tgz.gpg

**Important Licensing Note**: Version 3 now uses our the newer-style licensing model we released in 2010 for our ASG products. This means your existing ACC key from the MyAstaro portal is longer valid, nor is any outstanding static keys from the time when we only offered a single key for all installations. To get your new ACC 3.0 key, fill out the creation form on our website. Your personalized license will then be available via the License Management section of your MyAstaro account.

	Astaro Command Center FTP Mirrors:

Feedback

If you want to provide feedback or want to discuss any of the ACC V3 features you should post it on our User Bulletin Board. Please indicate the version you are using (e.g. "[3.001] Central Backup Creation Question").
If you have any feedback on our help, manual, or any documentation (Online Help) please send it to docu@astaro.com.
There is also an ACC demo server for public use: http://demo.astaro.com

Angelo Comazzetto
ACC Product Manager

Create your own Lego Malware monster and win a Nintendo DSi!

Joerg Schindler — Wed, 01 Feb 2012 10:07:27 +0000

The creative heads at Astaro - a Sophos company have thrown the ball to you... or rather the bricks!

They have challenged you to put a face to the dangers of the Internet using Lego or Duplo bricks. All you need to do it build your very own malware monster, take a photo and upload it on their site. Visitors can vote in the gallery until the end of February and the most popular entries win a prize including a Nintendo DSi!

You can find the promotional site here!

Evolution of online attacks mirrors the history of advertising

Cameron Byers — Mon, 23 Jan 2012 09:18:21 +0000

The rise of television brought with it the golden age of mass marketing. Businesses selling consumer goods would pay large sums of money to have their ads featured during prime viewing hours and during popular programs and continues today with extravagant Superbowl ad space. Over the last decade with the explosion of online content and sophisticated database mining advertisers became more aware of demographic information that would allow them to become more targeted in their approach. Today, with the prevalence of Internet access and the amount of time consumers spend online, advertisers have moved away from mass marketing programs and are more focused on targeted and personalized marketing.

The evolution of online attacks seems to mirror the progression advertising has taken. In the beginning, hacking was done for fun and hackers were driven by a spirit of adventure. However, some hackers soon realized the potential for personal financial gain their hacking created. Thus the birth of Trojan Horses, keyloggers, and malware distributed via spam messages. Much like television commercials of old, these attacks were broadly distributed; the strategy being to hit as many people as possible in the hopes a small percentage will download the malware. In general this shotgun type strategy was successful as unsuspecting victims would click on malicious links and had their account information, passwords, or identity sent to a hackers developing databases. Black-hat hackers could focus on quickly creating simple, and often times, low quality malware and due to the sheer distribution volume this method was profitable.

Just as we are seeing an increase in personalized targeted advertising, we are now seeing the rise of targeted attacks. In the past this method of hacking was considered unprofitable as it took too long to create a targeted attack, thus reducing the profit margin. With the lowering cost of producing high quality malware, large customer database breaches, coupled with the surge in hacktivism means we will begin seeing more targeted attacks in the future.

While the goals of criminal gangs and hacktivists may differ (profit vs. issues awareness), they are using similar tactics – malicious code designed for a specific targeted attack. The reason for the coming rise in targeted attacks is twofold:
1) targeting certain types of businesses has become a profitable endeavor and
2) social issues are once again spurring hackers into action.

Why is it now profitable to target specific account when it once was not considered a lucrative strategy? One reason may be the success security professionals have had with educating employees and technology users regarding online threats. It isn’t that the creation of high quality malware has become easier, it is that getting users to fall for their scams has become more difficult, making broad based attacks less profitable. As a result, hackers are finding it more profitable to target a specific company or organization with an attack designed to steal data. These attacks are harder to defend against as they often involve rather sophisticated social engineering approaches and often times are harder for common email spam scanners or content filters to detect. They depend on SQL injections and the infection of web applications or common social media sites such as Facebook rather than spam or malicious websites.

On the other side of the spectrum are hacktivists who are targeting a specific organization, not for profit but for social awareness. These socially minded hackers know that a high profile security breach can damage the reputation of a socially irresponsible organization or bring down the network of a company the hacktivist feels is responsible for some injustice. It is the technological equivalent of protesting outside of the organization’s office and even more effective as it can quickly generate a global media buzz online when successful.

The number of targeted attacks will only increase in 2012 as users become more aware of broad based threats, hacktivists become more active and black-hat hackers create more sophisticated malware. For the general consumer and business watching for these new approaches and taking control of your security policy enforcement should be a focus for your New Year’s resolutions.

Astaro Security Gateway V8.300 Released

Angelo Comazzetto — Tue, 10 Jan 2012 03:02:03 +0000

I am pleased to announce that we have released ASG 8.300 via our Up2Date distribution network. The main features of this release are Amazon Machine Images of Astaro Security Gateway (along with Astaro Command Center), an integrated connector for the Amazon Private Cloud (VPC), ASG Site-to-Site VPN Tunnels using our RED protocol, support for our Wireless AP50 product, and BGP4 routing support. In addition, we have added numerous tweaks, dozens of stability improvements and increased the performance of many features. This release will solidify your ASG V8 installation and give you the best Astaro experience yet. The release notes for this version can be found here, while summary and download information can be found by reading on.

ASG 8.300 Feature Summary:

Amazon Machine Images (AMI) for ASG (and ACC)
As mentioned in our earlier technical preview, you can now launch and run Astaro Security Gateway inside Amazon's Elastic Computing Cloud (EC2). Already we are seeing creative uses of this deployment method with partners using their cloud-based ASG to connect our RED product, and then extending their branches further by adding our Access Points to those devices - all managed centrally from their Amazon ASG. Let us know via a post at our UBB at www.astaro.org how it works for you, and how you are (or plan) to use it for your business - we are always interested in use cases! To locate the ASG AMI's, go to the community AMIs tab and search for "ASG". (A full deployment tutorial will be available at GA)

Amazon Virtual Private Cloud (VPC) Connector
The Amazon VPC service allows you to host and run your server infrastructure in a secure, scalable cloud. Our VPC connector gives you a permanent, encrypted connection to your VPC resources right from ASG. The back end for this uses our new BGP routing to redundant Amazon gateways, and is done automatically without you needing to know anything about BGP or the Amazon technical parameters for doing it manually (or with more complex products). A guide will be available at GA release to assist you in connecting to your VPC.

Support for Astaro Wireless AP50
Our new Wireless AP50 product is finished production and will be available very soon. You will need to be at ASG V8.300+ to use this product. With 5Ghz and 2.4Ghz bands, dual high-gain antennas, and Gigabit ethernet, this is our biggest and most capable wireless product, perfect for bigger environments or locations where the 2.4Ghz band is cluttered with interference. You can get more information from the Astaro Access Points section on our Website.

Site-to-Site VPN using RED Protocol
We have added the ability to make tunnels between ASG devices using our much-heralded RED tunnel technology*. This operates similarly to how site-site over SSL works, you setup one ASG as the "Main" office (Server) and connect to them from other ASG sites as the "Client". Some quick steps to begin:

At the Main Site:
- Go to "WebAdmin-->RED Management-->[Server]Client Management Tab"
- Add a RED, enter a name and pick type "ASG". Click Apply.
- Download the .red provisioning file which is created.
On the Remote ASG you wish to connect:
- Go to "WebAdmin-->RED Management-->[Client]Tunnel Management"
- Add a tunnel, create (or select) a definition for the Hostname of the Main ASG and supply the provisioning file you downloaded from the Main ASG
- The tunnel will now be created.
Now that you have a tunnel, you must to setup things manually. You will find hardware interfaces you can use to create a Network Interface in the ASG's, select IP ranges to be used, and otherwise manually configure the connectivity. This was originally designed for a special use case; you have however surprised us with your interest in this feature. So, we plan to have a more guided setup within WebAdmin for using RED for a site-site VPN with ASG's in a future Up2Date.
*This will NOT turn your remote ASG into a RED terminal. It will still have a GUI and work like a normal Site-Site VPN does.

BGP4 Routing Support
ASG now has the ability to do Border Gateway Protocol Routing (BGP). You will find the configuration for this in WebAdmin at "Interfaces & Routing-->Border Gateway Protocol". A specialized routing protocol with specific applications, you should make use of this feature only if you know what you are doing.

Minor Adjustments

The Astaro Authentication Agent (AAA) has by popular request been made available as an MSI package as well as an EXE. You will find both on the Client Authentication section in WebAdmin. Enjoy your mass roll-outs of the AAA!
Saved Web Reports have been to school and now remember how info was sorted when you saved them
The printable configuration engine has also been educated on how to properly display big blocks of text without going outside the lines and now looks much better
You can now see and sort application rules by the groups you create
Notifications have had "select-all" boxes added, saving you from having to click dozens of times to select what you want
You can now create Web Security Reports from Pre-8.2 Logs, see Support-->Advanced-->Weblog Import
The Wireless Access Points Grouping section now has an apply button like the rest of WebAdmin, and no longer resets your selections between clicks as a result.

Astaro Security Gateway Up2Date 8.300 Information
News:

Added: Amazon VPC connector
Added: Wifi AP50 support
Added: BGP4 support
Added: RED ASG-to-ASG tunel
Fixed: VLAN and PPPoE over bridge are now subject to packet filter

Remarks:

System will be rebooted
Configuration will be upgraded
Connected Wifi APs will perform firmware upgrade
Connected RED devices may perform firmware upgrade
Amazon Machine Images for ASG/ACC available in the community AMI tab of Amazon Web Services

Fixes:

[16884] Confd should reject IP addresses with leading zeros
[17199] RAS addresses are never removed from back end group network objects
[18581] QoS limits maximum packet size to 2047
[18600] Web Security reporting: scheduled reports might always be empty
[18728] SMTP Proxy can't send any email when special characters are used in BATV secret

Download Details:
ASG Up2Date Package
Size: ~134MB
Md5: 4eb7c6533b9f393050756c40ac350fcf
Download link: http://ftp.astaro.de/ASG/v8/up2date/u2d-sys-8.300.tgz.gpg

ASG Hardware Appliance ISO
Size: ~531MB
MD5: b15a06d21e3edaea730ee2d132a722679
Download: http://ftp.astaro.de/ASG/v8/hardware_appliance/iso/ssi-8.300-13.1.iso

ASG Software Appliance ISO
Size: ~530MB
MD5: 701853cb46670dcc2f10bbea4171282e
Download link: http://ftp.astaro.de/ASG/v8/software_appliance/iso/asg-8.300-13.1.iso

VMware ESX
Size: ~1.4GB
MD5: e433f32e2a578a296ed9feebd78bcab8
Download: http://ftp.astaro.de/ASG/v8/virtual_appliance/asg-8.300-esx-v4.zip

VMware Player
Size: ~1.4GB
MD5: 7b2f59dd419eb4301e82ffc2cd841d5d
Download: http://ftp.astaro.de/ASG/v8/virtual_appliance/asg-8.300-vmware.zip

*(Astaro Smart Installer Images will be updated to 8.3 and published within the next few days)

Log on to WebAdmin, navigate to Management >> Up2Date >> Overview and use Update to latest version now to install the Firmware Up2Date. Click on the "Watch Up2Date Progress in new window" and an extra browser window will show the progress of the Up2Date installation. (The System administrator will receive a notification email once the Up2Date process has finished.)
Download the Up2Date package from our HTTP or FTP Server and install it under Management >> Up2Date >> Advanced:

	Astaro Security Gateway Up2Date FTP Mirrors:

Feedback

If you want to provide feedback or want to discuss any of the ASG V8 features you should post it on our User Bulletin Board. Please indicate the version you are using (e.g. "[8.300] Running ASG with Amazon EC2").
If you have any feedback on our help, manual, or any documentation (Online Help) please send it to docu@astaro.com.
There is also a demo server for public use: http://demo.astaro.com

Angelo Comazzetto
ASG Product Manager

Five Security Resolutions for 2012

Joerg Schindler — Thu, 29 Dec 2011 08:23:52 +0000

As 2011 comes to a close and we prepare to usher in a new year it is time to reflect on transgressions from the past 12 months and on how we can better ourselves in the coming year. In addition to making resolutions to lose weight or exercise more, we at Astaro, Sophos Network Security, urge you to consider committing to resolutions that will help secure your personal and business networks. Below are some suggestions for resolutions. At the turn of the year, it has become a tradition for many to seize the opportunity to leave one or the other bad habit behind and start anew. Why not also deploy this vigor for the best friend of the modern era: your PC, Laptop, Smart Phone or Tablet will be thankful too (and at the same time, your online world gets a little bit more secure!). If you want to pledge your commitment simply “like” this post or add a comment at Facebook.

Resolution No. 1: I will not access the Internet without up to date malware protection and an installed firewall and antivirus

Why? Last year150,000 malware attacks were registered* daily! If only everybody would install sufficient security software, this threat would be minimalized.

Insider-Tip: Complete home network protection doesn’t need to cost big bucks. Secure your own network for free with our software!

Resolution No. 2: I will not click on tinyURLs, hyperlinks or links of unknown origin without investigating first.

Why? Even if you think you know the sender or the site, this won’t guarantee your safety. 80% of these URLs stem from former legitimate pages, which were either hacked or infected.

Insider-Tip: Computer and security threats made easy! Learn more about what is out there in our threatsaurus! (PDF)

Resolution No. 3: I will update my security software package regularly and with a watchful eye!

Why? Fake antivirus software and SEO poisoning are the number one way malware is spread. Therefore stay alert and don’t blindly install updates, make sure they are from your provider. Otherwise, you are opening the door for new security breaches.

Insider Tip: Take the threat detection test. Download our free computer security scan!

Resolution No. 4: I will not wait until my laptop is stolen or lost before I encrypt data!

Why? Loss or theft of hardware makes up 30% of all data loss scenarios. Do your best to physically protect your hardware, but also make sure information is encrypted in case these precautions fail.

Insider-Tipp: Quick and easy encryption for all your data. Download our free tool here!

Resolution No. 5: I will stop using “password” as my password

Why? In 2011, passwords such as “password”, “123456”, “qwerty” and “abc123” were still topping the most used passwords list*. Moreover, 67% of all mobile device users haven’t installed any password protection at all. A secure password can go a long way towards protecting your data.

Insider-Tip: Simple tips for better security. Take a look at this video about the perfect password!

* Sources: Sophos Security Threat Report Mid-Year 2011, Data Loss DB, TNS

Konnichiwa! - Japanese Website Available

Joerg Schindler — Fri, 16 Dec 2011 11:12:39 +0000

Once again we have expanded the language sphere of our website! From now on Japanese visitors can get information about the complete Astaro portfolio and the company itself in their native language. So if you are Japanese or just want to get an interesting new optical approach to our products you can view the new site here: www.astaro.com/ja-jp

Furthermore, the new Japanes datasheets can be found here: http://www.astaro.com/ja-jp/resources/datasheets

RED – How to connect your remote location in less than 2 minutes?

Joerg Schindler — Mon, 12 Dec 2011 14:54:21 +0000

Perhaps this scenario sounds familiar: you need to connect several remote branch offices to your corporate headquarters, maybe also including a few mobile employees and home offices. There is no IT know-how on site at most of these locations! How can you handle this situation? In the past, connecting remote offices to the central network while maintaining an appropriate level of security was a complex and costly task.

Installing small UTM appliances at every site provided sufficient security, but was expensive and very labour-intensive to manage. At the same time, simple VPN-Gateways lacked important security functions that your company couldn't do without. Furthermore, both solutions required a visit from a technician for installation. With Astaro RED, these problems are now a thing of the past. Find out how you can handle this situation in an easy way:

• Connect your remote location in less than 2 minutes

• Complete UTM security at your branch office

• Total cost of ownership is reduced by up to 80%

• Quality products made in Germany

Learn about the advantages of the Astaro RED in our free live Webinar at December 14th and see for yourself how easy it can be to connect remote sites to your headquarters. Sign up today! Use this unique opportunity to your advantage and discuss Astaro RED live with our experts! Register now!

ASG Up2Date 8.203 Released

Angelo Comazzetto — Wed, 07 Dec 2011 03:06:05 +0000

We've released Up2Date 8.203 today. This Up2Date will enhance the stability and performance of your ASG installation. Of note is the reverting of the default SMTP RDNS checks to a more relaxed way, however the more effective "strict" options remains available for admins looking to combat spam with the tightest measures. Read on for more details on this Up2Date.

Astaro Security Gateway Up2Date 8.203 Information
News:

SMTP Proxy: Reduced strictness of RDNS check to earlier (V8.1) behavior
SMTP Proxy: Added configuration option to use the "strict" RDNS checks
Reporting/Accounting: Improved database performance and fixed some reported problems
HTTP Proxy: Various stability improvements

Remarks:

System will be rebooted
Configuration will be upgraded

Fixes:

[19097] Exim RDNS check behavioral change between 8.1x and 8.2x
[19241] Firefox updates filling up tmp directory with downloads
[19597] Trendmicro updates filling up tmp directory with downloads

Download:
Link: ftp.astaro.de/ASG/v8/up2date/u2d-sys-8.203.tgz.gpg
Size: ~32MB
Md5: e45bd9805e15c791a26fd6daadce6062

Up2Date Installation:
Astaro Up2Date technology makes it easy to upgrade your Astaro Security Gateway to the latest version. There are two ways to apply an already-downloaded Up2Date package to the system:

Log on to WebAdmin, navigate to Management >> Up2Date >> Overview and use Update to latest version now to install the Firmware Up2Date. Click on the "Watch Up2Date Progress in new window" and an extra browser window will show the progress of the Up2Date installation. (The System administrator will receive a notification email once the Up2Date process has finished.)
Download the Up2Date package from our HTTP or FTP Server and install it under Management >> Up2Date >> Advanced:

	Astaro Security Gateway Up2Date FTP Mirrors:

Feedback

If you want to provide feedback or want to discuss any of the ASG V8 features you should post it on our User Bulletin Board. Please indicate the version you are using (e.g. "[8.203] RED Deployment Helper").
If you have any feedback on our help, manual, or any documentation (Online Help) please send it to docu@astaro.com.
There is also a demo server for public use: http://demo.astaro.com

Angelo Comazzetto
ASG Product Manager

National Cyber Security Awareness Month Contest Winners

Jessica Pozerski — Thu, 01 Dec 2011 14:36:09 +0000

As part of National CyberSecurity Awareness Month (NCSAM), Astaro held a video contest asking “Why is cyber security awareness important and what are you doing to stay safe online?” for a chance to win a laptop.

The videos that came in were very creative and we enjoyed them very much. Now that the competition has closed, the votes are in and we have our winners (click to view their entry):

1. Eddie Cardona from United States
2. Axel Hoffmann from Germany
3. Stefan Augustin from Germany
4. Daniela Kuenstler from Germany
5. Taylor Cole-Lovelace from United States

Congratulations to all our winners, we will contact you shortly about your prize.

You may still view the rest of the submissions here. Thanks to everyone for taking part.

Your IT-land needs you!

Joerg Schindler — Wed, 30 Nov 2011 09:55:53 +0000

Today and tomorrow the German Federal Ministry of Interior has launched a nationwide IT-security event with the illustrious description “5th Strategic Crisis Management Exercise” – code named “LÜKEX 11”. Within the scope of this event the government, federal states, organizations and companies likewise practice for the IT emergency in a concerted project.

As a result the organizers want to create effective defenses against the more and more frequent attacks at IT infrastructures. “Think Big” seems to be the slogan of this occasion which even is very helpful due to organizational issues on a nationwide scale. But while LÜKEX might help the government to analyze potential weaknesses amid the big players, the real challenge starts right at the endpoint: Without securing networks of end-users at home and business LÜKEX and Co. are not worth a thing. Therefor we will use the current event as an opportunity to announce the “1st Strategic Crisis Exercise on how to make your wireless networks unbreakable” today and teach LÜKEX the ins and outs! Just keep 6 ways to strengthen your wireless network’s protection in mind. Your IT-land needs you!

More Air Traffic Control For Your Network with the Sophos AP50

Amir Khawaja — Fri, 25 Nov 2011 08:33:08 +0000

With the Astaro Security Gateway centrally acting as a wireless controller, our access points are the easiest and most cost-effective way to secure your wireless networks. The Wireless Access Point product family is about to get bigger with the introduction of the AP50 device.

The AP50 is a dual-band/dual-radio wireless access point that operates in both the 2.4 and 5 GHz WLAN frequency bands and features:

802.11 a/b/g/n support
300 Mbits throughput
PoE+ compatibility
Gigabit Ethernet interface
Support for up to 50 users

The AP50 provides fast and reliable WLAN for more flexibility and is less vulnerable to interference, even in congested environments. The dual-band/radio capability can be segmented by frequency. This means users who require fast and seamless connection with little interference may use the 5 GHz network; while others may use the 2.4 GHz spectrum. This type of segmentation optimizes performance and delivers the best user experience possible. Be the first to find out when the new AP50 is available.

Astaro Security Gateway V8.2 Competition Results

Amir Khawaja — Mon, 21 Nov 2011 10:31:31 +0000

With the release of Astaro Security Gateway V8.2 a few months ago, we celebrated by running a competition where users could win an Apple iPad2. Over five thousand people tried their luck, but there could only be one!

And that "one" is Mr. Alexander Schapeit (pictured right) from Tenovis Direct GmbH who was lucky enough to be selected at random to claim the prize.

We not only wish him much fun with his iPad2, but also would like to thank everyone else for taking part and supporting the new version of Astaro Security Gateway.

We look forward seeing you at the next competition!

Kind regards,
Your Astaro Marketing Team

Hacktivism: How to stay one step ahead of this troublesome trend

Cameron Byers — Mon, 14 Nov 2011 09:14:42 +0000

Organizations need to be aware of the changing landscape of non-violent political expression. Socially minded hackers worldwide have expressed themselves in a variety of ways, from attacks against government websites to simple twitter hacks of celebrities to sending unintended endorsements of a political view or vote.

Hidden dangers of free expression

Social media sites have created a wide awareness of world events and changes, beyond that available from the typical media news outlets. With these new outlets, however, come many hidden dangers for political parties, businesses and individuals, as access to their websites, online profiles, Twitter feeds, contact lists, and business Facebook sites allow for another type of expression by discontented and tech-savvy users. These users, who portray themselves as social advocates for justice and change in society, practice what is called “hacktivism.”

Although many individuals see hacktivism as a relatively benign form of political expression on the Internet, no different than a common street protester holding a sign in front of city hall, the actual act of hacking a user’s account or site is in fact a criminal offense. And the organization affected can suffer dramatic reputation losses, due to negative perceptions by their clients or other companies about their lack of security.

Public relations nightmare

Security for a business’s social media accounts is generally regarded as a low priority for many companies. Access to Twitter feeds or Facebook sites is often given to a marketing team or the new intern who understands the power of reaching customers with these sites.

The danger of these sites, however, is that having access to all of those customers means that communication with them can be greatly affected by the loss of a simple password. Once an account has been compromised, the online presence is quickly tainted by a hacker’s chosen political or social message. These messages, unlike a typical attack against a web server or individual user’s email account, are wide-open and immediately known by the online community, creating a public relations nightmare exercise (after the account is reclaimed) on calming users regarding the security of their data. After all, if you can’t keep your marketing team’s password secure, how secure can you keep users’ accounts and credit card information?

Protecting your accounts and servers

Mitigating exposure of your accounts and systems to hacktivism (or hacking in general) should always be part of a comprehensive security strategy. A few important parts to this strategy:

Access to social media accounts such as Facebook or Twitter feeds via your corporate account should be limited to specific personnel and governed by a policy of password enforcement and rotation.
To limit downloading of malware (such as key loggers or password grabbers) from your users, a web content filtering system should be used. Such a system will enforce safe website access as well as scan for malware and viruses that could give a hacker account information or remote access to a user’s system.
Always ensure that web servers and public-facing portals are protected behind an active intrusion-prevention system or web application firewall that actively scans content uploaded or downloaded from your websites.

An effective security policy, with centralized enforcement through the use of a Unified Threat Management system such as the Astaro Security Gateway, will help your organization to avoid becoming a targeted political victim.

Astaro Security Gateway Public Beta 8.300

Angelo Comazzetto — Fri, 11 Nov 2011 12:49:08 +0000

The public Beta of Astaro Security Gateway 8.300 has begun! During the next few weeks, you can test our upcoming release and try out new features early. 8.300 introduces BGP Routing, Amazon Machine Images (to run ASG in the Amazon Elastic Computing Cloud), an Amazon Virtual Private Cloud (VPC) connector, support for a new Wireless AP50 product, and the ability to create site-to-site VPN's between ASG installations using our RED tunnel technology. This and more is ready for you to see! Read on for the rest of the details and how you can participate in the beta of ASG 8.300

General Beta Information
Why Participate?
You get to see and play with things before they are Generally Available, and have a chance to shape features and functionality based on your comments and findings. We closely monitor all our Beta feedback, and over the years have worked hard to listen to our market in order to build products that people like you want to buy. By helping us, we gain insight as to how we are doing and have the chance to identify bugs, polish some features, and make corrections in hundreds of different installation scenarios which is extremely useful to our QA and testing efforts. In return, you get to see things early.
How to be a Beta tester:
No forms, no pesky emails or submission process with a bunch of information to provide -we know that's not fun. Just download the Beta ISO image via our forums (first version is 8.270), burn it to a CD and install it to your appliance or own box. Once you are using the 8.300 Beta, you can Up2Date and install the next Beta releases for 8.300 without needing to re-install. We will release a final Up2Date package at the end of the 8.300 Beta which will take your installation to the GA release of 8.300.
How you can contribute:
During the period of the Beta for 8.300 (which will run until approximately mid-December), we would encourage you to post your impressions, feedback, bug reports, and all the associated things you like (and don't like!) in our Beta forums.

Astaro Beta 8.300 Download Information:
For the first release of the Beta, version 8.270 is the version we'll start with. Future updates and releases will be communicated soley through the forums and not via this blog, so check there often for all the updates and news around V8.300. You will find many answers to early questions, test licenses, and general Beta information there.

Beta 8.300 ISO Download Links (V8.270):

ASG ISO for Software/Virtual appliances (Your own hardware):
Download: ftp://ftp.astaro.de/pub/ASG/v8/beta/asg-8.270-5.1.iso

SSI ISO for Astaro Hardware appliances (eg. an ASG 220):
Download: ftp://ftp.astaro.de/pub/ASG/v8/beta/ssi-8.270-5.1.iso

8.300 Beta Feature Overview
We might re-work or change features entirely, add new items, and delay things which don't meet our standards.

Major New Things

BGP4 Routing Support
ASG now has the ability to do Border Gateway Protocol Routing. You will find the configuration for this in the Interfaces & Routing section under BGP. A specialized routing protocol with specific applications, you should make use of this feature only if you know what you are doing.

Site-to-Site VPN using RED Protocol
We have added the ability to make tunnels between ASG devices using our much-heralded RED tunnel technology. This operates similarly to how site-site over SSL works;
1.) Login to the main site, go to the RED section, add a RED, and pick type "ASG"
2.) Download the provisioning file which is created
3.) Login to the remote site, go to the Client [Tunnel Management] tab in RED
4.) Add a tunnel, enter the hostname of the ASG and supply the provisioning file you downloaded.
5.) Presto, you'll have a tunnel!
*Note: this will NOT turn your remote ASG into a RED terminal. It will still have a GUI and work like a normal Site-Site VPN does.
*Note 2: We will likely move this feature into the VPN section in a future 8.3 Beta release.

Amazon Machine Images (AMI) for ASG (and ACC)
As mentioned in our early technical preview, you can now launch and run Astaro Security Gateway inside Amazon's Elastic Computing Cloud. Already we are seeing creative uses of this deployment method. Let us know how it works for you, and how you are (or plan) to use it for your business - we are always interested in use cases.

Amazon Virtual Private Cloud (VPC) connector
The Amazon VPC service allows you to host and run your server infrastructure in a secure, scalable cloud. The VPC connector gives you a permanent connection to your VPC resources right from ASG. The back end for this uses the BGP routing to redundant Amazon gateways, and is done automatically without you needing to know BGP or the Amazon technical parameters for doing it manually or with more complex products.

Support for Astaro Wireless AP50
We have a new AP50 product which will soon be available and some select users have gained access to early review units. If/when we have some more available we'll announce how you might get one, for now, if you do have one, you can post your feedback in the dedicated sub-forum. If you don't have one, you can't get one to test...yet.

Minor Adjustments

You can now create Web Security Reports from Pre-8.2 Logs, see Support-->Advanced-->Weblog Import
Saved Web Reports have been to school and now remember how info was sorted when you saved them
The printable configuration engine has also been educated on how to properly display big blocks of text without going outside the lines and now looks much better
You can now see and sort application rules by the groups you create
Notifications have had "select-all" boxes added, saving you from having to click dozens of times to select what you want
The Astaro Authentication Agent (AAA) has by popular request been made available as an MSI package as well as an EXE. You will find both on the Client Authentication section in WebAdmin. Enjoy those mass roll-outs!

Fixed Issues
We have spent a lot of time on stability fixes and enhancements. Here are some of the most prominent current ones:
    [14019] SMTP relay attempts shown as webadmin logins
    [14073] WAF: SSL support for multiple DNS names (subjectAlternativeName certificates)
    [14186] WebAdmin last failed session count doesn't match executive report
    [14782] UTF-8 characters in realname of imported keys are not displayed correctly
    [14820] Virus uploads don't get blocked if XSS or SQL Injection filter (mod_security) is enabled
    [15438] Sortable tables and Batch-Operation use same GUI element
    [15440] Improve input validation for advanced bridge settings
    [15654] Packets mislabeled as connections in reporting
    [15972] Exceptions do not work for Cross Site Scripting, SQL-Injection or Cookie Signing
    [16103] missing table header at NAT and SNAT/DNAT
    [16153] Radius secret containing backtick character (`) doesn't work
    [16255] Exception for Certificate Trust Check does not work in transparent mode
    [16438] Self signed certificate in chain and an exception for all requests going to this category will not work for some banking sites

Enjoy the 8.300 Beta, we eagerly await your feedback.

Angelo Comazzetto
Astaro Product Manager

Making sense of log management

Bill Prout — Fri, 28 Oct 2011 07:38:01 +0000

Bringing together all your information to make better decisions.

Firewalls, routers, intrusion prevention systems, web content filters, mail gateways, application servers, authentication servers, host-based intrusion prevention, end point client software.

The list of devices and applications that generate security logs already seems endless, and yet the list continues to grow as new security tools are used in response to the ever-evolving threat landscape. These logs often produce enormous amounts of information and are delivered in a variety of formats making it very difficult to gather useful information or troubleshoot a problem.

Making the situation even more difficult is the fact that many organizations now have remote offices and workers with equipment and logs of their own. These systems and applications must also be monitored to ensure you have consistent security across your organization, and that your remote users and networks aren’t a security weak point that could lead to exploits. Managing, maintaining and making sense of all this information is a daunting task for any organization, but can be especially challenging for smaller organizations with limited budgets and IT resources.

Despite these challenges, an effective log management strategy is a critical piece of any organization’s IT security program, and used properly, log management can help you make better decisions relating to IT resources, purchasing, and the overall security and health of your network.

The enormous amount of information that IT systems generate can be used to fix issues, provide audit trails and baselines, and proactively prevent problems. This information can also be used to maintain or achieve compliance, and storing logs for long periods is often a requirement. How to do so properly is one of the major concerns for any organization implementing a log management program.

Organizations that wish to implement an effective log management strategy need to first define their goals and requirements. Is the goal compliance, problem analysis, network monitoring, IT security? If your goal is just to monitor network equipment and/or troubleshoot security issues, then having IT staff handle log management may suffice. However, if your goal includes all of the above, you may need to split up log management responsibility across different departments or teams to ensure that the proper resources have the information they need.

Once you’ve defined your goals and understand what information is needed and who should be responsible, you can confirm which types of logs are available to fit these needs and what may be missing. This will help you determine if another solution or perhaps some specific information is needed to achieve your goals. Perhaps HR needs to monitor web usage by user name, but that information is not currently available on your web filtering device. It may be that a fairly simple configuration change is needed to gather this information, or it may be necessary to re-evaluate the product you’re using.

Understanding what information is needed will also allow you to start thinking about how much storage space is needed for these logs, and whether it’s acceptable to overwrite old logs once a certain time period has passed.

The next step is to determine what will be done with these logs, how long they’ll be stored, and if there are any special requirements such as encryption. Many logs contain sensitive information such as user names and sometimes even passwords, so securing these logs is a very important consideration. If you’re gathering logs from different locations you’ll also need to ensure that this information is protected while in transit. Once you have the logs, will they be actively monitored for events or should they be stored in case they’re needed? If storing logs for future analysis, thought needs to go into how easily archived information can be gathered.

Once you’ve figured out your goals, responsible parties, and what information is needed, you can start to determine which type of log management solution is best for your organization. Fortunately, there are many different options out there for companies developing their log management infrastructure. A variety of open source and commercial applications can help aggregate and parse logs from different vendors and systems, and new cloud-based solutions can offload tasks such as data security and storage and provide redundancy to protect your data. Choosing the right solution will depend on many factors such as cost, complexity and features, but understanding your goals and needs will help guide you in the decision-making process.

As with any IT initiative, support for an effective log management infrastructure must come from the top, so that everyone in the organization understands and supports the goals. This can help avoid log management becoming the afterthought for an overworked IT staff and can help add real value to the organization.

Astaro enters Cloud Security Alliance

Joerg Schindler — Wed, 26 Oct 2011 07:38:49 +0000

Astaro recently joined the Cloud Security Alliance(CSA) along with Sophos and is now looking into further cooperation and speaking opportunities with the group. The CSA is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The association is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders.

By becoming an official member of the CSA, Astaro finds itself right at the pulse of technological advancements and is therefore able to influence the UTM development in the best way possible. Moreover, a worldwide opinion pool will enable Astaro to start from the pole position when entering this and is able to create features accordingly for the next generation of UTM gateways. Stay tuned for exciting times ahead!

More information about CSA can be found here.

A new internet threat every 4.5 seconds

Joerg Schindler — Thu, 20 Oct 2011 12:28:01 +0000

Twice a year Sophos publishes its Security Threat Report. Included within this document is the treat scenario statistics, which evolved very dynamic in the first six months in 2011. The numbers once more highlight the importance of reliability in terms of successful IT security and gives you a compact insight into the threat landscape of the first six months in 2011. Since the start of the year, SophosLabs has seen 150,000 malware samples every day. That's a 60% increase as compared to malware analyzed in 2010.

We've also seen 19,000 new malicious URLs each day in the first half of this year. This makes a new internet threat every 4.5 seconds. Even worse, 80% of those URLs are legitimate websites that were hacked or compromised. Another focus of the survey is the fast growing usage of mobile devices, whose security risks are commonly underestimated by now. Speaking of accessing company resources via mobile devices, Blackberry is number 1 with 73%, Windows (63%), iPhone (57%), Android (48%) and iPad (47%) are following. However, only 69% of the companies have published usage guidelines for company owned mobile devices. Even more alarming is the number as far as private mobile devices of the employees themselves go; Only 31% of the companies publish a proper guideline for this very common scenario.

More information can be found here (You can download the whole report after submitting your name and email address).

Astaro Command Center V3.0 Released

Angelo Comazzetto — Thu, 13 Oct 2011 14:25:38 +0000

I am proud to announce the availability of Astaro Command Center 3.0. ACC is our central management application that you use to see and work with all Astaro products through a single GUI. Simplify your management of Astaro Installations by sharing objects, centrally configuring security policies, and pushing out rules to one or many devices. Whether you have two installations or hundreds, ACC gives you the ability to manage and work with your sites. Best of all, this exciting new version remains completely free -no gimmicks, no asterisks, no hidden conditions. Enjoy!

**Important Licensing Note**: Version 3 now uses our the newer-style licensing model we released in 2010 for our ASG products. This means your existing ACC key from the MyAstaro portal is longer valid, nor is any outstanding static keys from the time when we only offered a single key for all installations. To get your new ACC 3.0 key, fill out the creation form on our website. Your personalized license will then be available via the License Management section of your MyAstaro account.

ACC Version 3.0 is now running on the same technology platform that powers Version 8 of our flagship Astaro Security Gateway product. This gives us a new, capable base with which to advance ACC with even more functionality for the future. Sporting a massively-upgraded GUI experience, ACC 3.0 now offers on-demand reporting, central backup file management, and support for notifications to alert you during desired events.

1) On Demand (Forensic) Reporting - the reporting section can now be used to run aggregated report queries "as needed" across some/all installations for a desired timeframe. A change from our existing aggregated reporting (which compiles almost instantly but has history and detail limitations), the new ODR can be used to run more detailed queries. This will take a few moments to generate (depending on the amount of installations selected and the time period you require) as the information is fetched and compiled.

2) Central Backup Management - you can now save and work with backup files in ACC, providing not only a safe repository to store your backups, but letting you restore and make backups without logging into WebAdmin. Combined with the new capabilities of ASG 8.200 to remove installation-specific data from backups, admins can easily work with a cookie-cutter type backup which significantly eases implementation of new ASG's which have a shared "base" configuration.

3) Notifications - ACC also now supports notifications, alerting configured administrators of many possible events.

ACC 3.0 Download Information:
Remarks:

System will be rebooted
Configuration will be upgraded

News:

V2 & V3 are based on different backends; an upgrade package is not available
ACC V2 backup files can be restored into V3

Fixes:

[18808] Update procedure for global objects is not thread-safe and leads to deadlocks
[18865] ANY device also resolves devices which haven't backup feateure
[18957] Notification Refactoring
[18975] ACC WebAdmin language selection dropdown only shows default value
[18972] Expand odr create and abort messages
[18969] Allow only selection of devices which support backup rollout
[18770] Remove Product upgrade modules (acc3000 branch part)

Download Links:
Below are the links for the ISO image and Astaro Smart Installer for ACC V3. We plan to offer newly-updated VMware Virtual Appliances within the next two weeks.

Software ISO Image
Link: http://ftp.astaro.de/ACC/v3/software_appliance/iso/acc-3.000-10.1.iso
Size: 312.9MB
Md5: 39228469c44207a4ba488065f62fed07

Smart Installer - ASI V1
Link: http://ftp.astaro.de/ACC/v3/software_appliance/smart_installer/v1/acc-3.000-10.1-ASI.zip
Size: 301.7M
MD5: 932adc90163cbeae258aeb4d329715eb

Smart Installer - ASI V2
Link: http://ftp.astaro.de/ACC/v3/software_appliance/smart_installer/v2/acc-3.000-10.1-ASI-V2.zip
Size: 301.9M
MD5: 83f80c7a68dcd5328be03ad8b6748be3

Once more:
**Important Licensing Note**: Version 3 now uses our the newer-style licensing model we released in 2010 for our ASG products. This means your existing ACC key from the MyAstaro portal is longer valid, nor is any outstanding static keys from the time when we only offered a single key for all installations. To get your new ACC 3.0 key, fill out the creation form on our website. Your personalized license will then be available via the License Management section of your MyAstaro account.

	Astaro Command Center FTP Mirrors:

Feedback

If you want to provide feedback or want to discuss any of the ACC V3 features you should post it on our User Bulletin Board. Please indicate the version you are using (e.g. "[3.000] Central Backup Creation Question").
If you have any feedback on our help, manual, or any documentation (Online Help) please send it to docu@astaro.com.
There is also an ACC demo server for public use: http://demo.astaro.com

Angelo Comazzetto
ACC Product Manager

it-sa 2011: Astaro exhibits at IT security fair

Joerg Schindler — Tue, 11 Oct 2011 12:28:16 +0000

The it-sa has established itself as one of the leading fairs regarding IT security in the German speaking market over the last years. In 2011 the fair expects about 7.000 visitors from industry, science and public authorities. Beyond question that Astaro presents its portfolio and upcoming releases at the event in Nuremberg together with the distribution partners TLK and Infinigate.

Packed appointment books and a huge number of new partners getting firsthand information from the Astaro staff during the event underline the success of this year’s participation. New products like Next Generation Firewall, Astaro Endpoint Security, and Astaro Log Management will be shown at it-sa until October 13th. More information can be found at www.it-sa.de.

Please klick the image below to open the slight show.

Astaro pillars GITEX Technology Week

Joerg Schindler — Mon, 10 Oct 2011 14:34:59 +0000

During this week the international ICT industry is looking to Dubai and its GITEX Technology Week. With over 136,000 visitors from more than 139 countries, the fair event provides a mix of solution demos, product launches, networking opportunities or conference sessions and therefore an unrivalled ICT marketing platform in the Middle East.

Right in the middle of it are the overarching booths from Astaro and Sophos with individual presentation and meeting areas which are only a stone’s throw apart and thus provide an excellent communication transfer. The security specialists offer an exclusive glimpse into the new products and extensions for existing lines such as Next Generation Firewall, Astaro Endpoint Security or Astaro Log Management. A huge number of new customers and partners already enjoyed the professional competence of the team on site and there is no end in sight as far as the stream of visitors goes. So if you happen to be in Dubai during the next day don’t miss this event until October 13th!

Klick the image below to open the slight show.

Astaro Security Gateway Up2Date 8.202 Released

Angelo Comazzetto — Thu, 06 Oct 2011 08:25:04 +0000

Today we have released ASG 8.202 to increase performance in many areas, especially for the Web Filtering engine. This release addresses the majority of the issues reported by users of 8.200/8.201, and greatly enhances the stability of your Astaro Security Gateway V8.2 installation.

We still plan to release a feature which allows you to re-inject a past Web Security log for report regeneration in a future 8.20x Up2Date. More information will be communicated on this as it is known. Note that when you are updating from 8.103, you can push the "Update to latest version" button, which will apply Up2Dates 8.200, 8.201, and 8.202 in order, and then reboot only one time.

Astaro 8.202 Download Information:
Remarks:

System will be rebooted
Configuration will be upgraded
Connected Wifi APs will perform firmware upgrade
If you are affected by issue 18872, power-cycle your Wireless AP's so they reconnect

News:

Greatly Improved Web Filter performance
Removed DigiNotar HTTPS Verification CA

Fixes:

[16215] ctype: application/flash-video not contained per default in cc>http>noscancontent
[18567] "MIME blocking inspects HTTP body" is broken
[18604] Web Application Firewall mixes backend websites
[18653 If the HTTPs-Proxy is enabled, login to some websites may result in "Internal server error"
[18684] Exception for extensions will not be logged. There will be always a empty string in the log: exceptions=""
[18695] Policy routing in combination with Application Control may cause problems
[18769] If virus scanning of a website failed, no error message is shown in the browser
[18771] Passwords with special characters (@, =) cause authentication to fail when using 'Transparent w/ Auth' mode
[18802] Executive reports will not be generated in some installations
[18825] HTTP Proxy doesn't reauthenticate AD SSO client after auth exception matched
[18872] WiFi: astaro wireless daemon client sends incomplete client list to ASG, entering "inactive" state
[18880] Edir SSO authentication still times out in http proxy after 8.201
[18927] Wifi: Access Point with a MAC address ending in :f8 cannot connect to the ASG
[18929] Transparent Proxy with Auth not working properly
[18936] HTTP Proxy: SSL tunnel handler doesn't close client connection in all cases
[18974] Up/down script running on 100%
[17693] AntiVirus scan fails with cssd response: 500 Internal Server Error
[18607] No Wireless-Communication between AP30 and Clients when using "AVM Fritz USB WLAN-Stick N"

Download Links:
Below is the link for a manual download of the Up2Date package from 8.201 to 8.202.
Corresponding 8.202 ISO images and Virtual Machines will be released ASAP and this post will be updated at that time.

ASG 8.202 Up2Date Package
Link: ftp.astaro.de/ASG/v8/up2date/u2d-sys-8.202.tgz.gpg
Size: ~101MB
Md5Sum: a43263326af6bd9b977a9a3f1a6affa3

Up2Date Installation:
Astaro Up2Date technology makes it easy to upgrade your Astaro Security Gateway to the latest version. There are two ways to apply an already-downloaded Up2Date package to the system:

Log on to WebAdmin, navigate to Management >> Up2Date >> Overview and use Update to latest version now to install the Firmware Up2Date. Click on the "Watch Up2Date Progress in new window" and an extra browser window will show the progress of the Up2Date installation. (The System administrator will receive a notification email once the Up2Date process has finished.)
Download the Up2Date package from our HTTP or FTP Server and install it under Management >> Up2Date >> Advanced:

	Astaro Security Gateway Up2Date FTP Mirrors:

Feedback

If you want to provide feedback or want to discuss any of the ASG V8 features you should post it on our User Bulletin Board. Please indicate the version you are using (e.g. "[8.202] WAN Balancing Rules").
If you have any feedback on our help, manual, or any documentation (Online Help) please send it to docu@astaro.com.
There is also a demo server for public use: http://demo.astaro.com

Angelo Comazzetto
ASG Product Manager

More Astaro Security Gateway Tips & Tricks!

Sebastian Fiene — Thu, 06 Oct 2011 08:18:39 +0000

Our popular "Tips & Tricks" webinar series is now entering its seventh next round and the live session will take place in December 2011. Sign up today and secure your place!

This edition of our tips series (for the EMEA and APAC regions) will help you master the intricacies of the Astaro Security Gateway.

Why is the Internet connection so slow?

Learn how to find the root of the problem
Find out how you can optimise your configuration

This online session will provide you with detailed technical information and practical tips and tricks that are not in available in your handbook! Our webinars use few PowerPoint slides, and focus on live system demonstrations.

Register today and comfortably take part from your workplace. And don’t forget, our live sessions enable you to ask our experts your individual questions at the end of the presentation.

Date: Tuesday, 20.12.2011 | 10:00am CET
Length: 60 Minutes
Hosts: Lutz Linzenmeier (Astaro Head of Pre-Sales EMEA) & Sebastian Fiene (Astaro Marketing Manager)
Target Groups: End users, partners, distributors and anyone interested in Astaro products.

We look forward to seeing you at the webinar! Please note: If you are not able to participate in the live session, registration ensures that the recorded file is sent to your inbox upon availability.

Sign up here >

Astaro celebrates Cyber Security Awareness Month

Jessica Pozerski — Tue, 04 Oct 2011 13:23:44 +0000

Each October the National Cyber Security Awareness Alliance hosts National Cyber Security Awareness month, a national public awareness campaign to encourage everyone to protect their computers and our nation’s critical cyber infrastructure. Businesses can participate in the campaign to help improve awareness around this important issue.

Astaro has always been concerned with educating the public on the importance of cyber security and how people can secure their homes and business networks. This is why we offer our Astaro Security Gateway to home users for free and created an informative Facebook Fan Page. It is also the driving force behind this blog. So, it only made sense for us to participate in Cyber Security Awareness Month.

Our efforts include the creation of www.astaro.com/ncsam-2011 where we will post tips for parents, teachers, students and businesses on staying safe online as well as information about a video submission contest for students. Through this contest, students can submit a one- to two-minute video answering the questions “Why is cyber security awareness important?” and “What are you doing to stay safe online?” using this online portal. During the month of October, visitors to our site can vote on the best videos in each age group. At the end of the month Astaro will select one winner from each age group and four lucky winners will receive a brand new laptop!

Please join us in promoting cyber security awareness by forwarding the link to the micro-site and participating in the video contest. With a little education we can make the Internet a safer place. Please note that the competition is open to residents of the United States and Canada only.

Enter here >

3 reasons that make mail archiving a priority

Kathrin Moeschle — Mon, 19 Sep 2011 11:32:20 +0000

Welcome to our new blog series on e-mail archiving!

E-mail systems are not designed to manage huge volumes of data, and yet they are forced to do so by an ever growing e-mail flood. In real terms, this leads to mail server capacity problems. As a result, servers may become slow and unstable and ordinary maintenance routines can take a disproportionate amount of time – or users are forced to limit their e-mail volume and thus store their e-mails in PST-files.

The fact of having e-mails stored at dispersed locations directly leads to the next challenge: to quickly retrieve specific e-mails when needed. Furthermore, archiving business correspondence is a legal requirement and more often than not, includes the need to archive e-mails.

All these troubles are surely worth to have a closer look at archiving e-mails. We'll do so in five consecutive blog articles and start with the three most important reasons to opt for an e-mail archive. With an effective archiving solution in place, administrators and end users benefit from various advantages such as increased productivity and will not need to worry about mail server scalability or mailbox limitations.

Legal Compliance – a proactive approach is best
Legislature dictates precisely what e-mail content must be archived and for how long. There are no exceptions or excuses to these laws, and non-compliance may lead to severe penalties. On the other hand, there are rules in place which define the content that must not be archived.
An e-mail archiving solution helps you to adhere to legal compliance requirements and even provides additional benefits regarding productivity.

Mail Server Offloading – relief for administrators
E-mail servers need to manage growing data traffic. As a result, these systems often become unstable and slow if not maintained accordingly. These efforts for maintenance, hardware and upgrades incur additional costs. Likewise, backups and restoration are then disproportionately complex and lengthy. The cost of storing mail data in e-mail systems is relatively high.
Modern archiving solutions address these issues by reducing the data volume on e-mail servers to the data from the last few weeks - instead of years.

The Infinite Mailbox – productivity gained easily
A great deal of business relevant information is very often only available via e-mail. As a matter of fact, reliable retrieval of old e-mails is essential. However, mailbox limitations force users to delete e-mails or to locally save complex archives - which makes their recovery more difficult. It also increases the risk of losing important e-mails as local archives might not be included in regular backups.
With structured and quick search functions, archiving solutions offer significant facilitation for the user. Users get access to the archive and process archived e-mails exactly like “normal” ones in their inbox.

After having considered the reasons for mail archiving, the next logical step is to take a look at the different deployment scenarios.
Stay tuned for part II of our new blog series on mail archiving!

If you like to receive more information on mail archiving in the meantime – why not register for our e-mail series?

ASG Up2Date 8.201 Released

Angelo Comazzetto — Thu, 18 Aug 2011 02:18:52 +0000

Today we have released ASG 8.201 and 8.200 to our installations via the Astaro Up2Date system. 8.201 solidifies the 8.2 release and should be applied along with 8.200. We took the opportunity to further increase the Web Filtering throughput, address a few bugs, and polish the 8.200 release. You will find both these packages are ready to install at this time. Read on for further details about 8.201. Enjoy ASG 8.2!

You can view the initial 8.200 announcement here, while the 8.2 release notes are located here.

We still plan to release a feature which allows you to re-inject a past Web Security log for report regeneration in a future 8.20x Up2Dates. More information will be communicated on this as it is known. Note that when you are updating from 8.103, you can push the "Update to latest version" which will apply both 8.200 and 8.201 in order, and then reboot only once.

Astaro 8.201 Download Information:
Remarks:

System will be rebooted
Configuration will be upgraded
Connected Wifi APs will perform firmware upgrade
DHCP lease files will be deleted
DHCP clients will reappear in list on their next lease refresh

News:

Fixed: Various problems with SSL VPN
Fixed: Issue with PDF Executive Report
Fixed: Application Control Reporting
Added: Support for ACC Version 3 Backup Rollout feature

Fixes:

[17693] AntiVirus scan fails with cssd response: 500 Internal Server Error
[18607] No Wireless-Communication between AP30 and Clients using "AVM Fritz USB WLAN-Stick N"

Download Links:
Below is the link for a manual download of the Up2Date package from 8.200 to 8.201. Corresponding 8.201 ISO images will be released next week and this post will be updated at that time.
Link: ftp.astaro.de/ASG/v8/up2date/u2d-sys-8.201.tgz.gpg
Size: ~27MB
Md5: 022d0480940f796d28532d00c3cae1c4

Log on to WebAdmin, navigate to Management >> Up2Date >> Overview and use Update to latest version now to install the Firmware Up2Date. Click on the "Watch Up2Date Progress in new window" and an extra browser window will show the progress of the Up2Date installation. (The System administrator will receive a notification email once the Up2Date process has finished.)
Download the Up2Date package from our HTTP or FTP Server and install it under Management >> Up2Date >> Advanced:

	Astaro Security Gateway Up2Date FTP Mirrors:

Feedback

If you want to provide feedback or want to discuss any of the ASG V8 features you should post it on our User Bulletin Board. Please indicate the version you are using (e.g. "[8.201] Application Control Question").
If you have any feedback on our help, manual, or any documentation (Online Help) please send it to docu@astaro.com.
There is also a demo server for public use: http://demo.astaro.com

Angelo Comazzetto
ASG Product Manager

New Website Languages Available!

Amir Khawaja — Wed, 10 Aug 2011 11:46:24 +0000

We are proud to announce the release of two further Astaro website languages, Spanish and Portuguese.

At Astaro, we are always working towards further expanding our online presence. After the recent successful launch of the Chinese site (www.astaro.com/zh-cn), we have since been diligently working on two more languages which will help us in local markets.

You can view the new sites here:

Spanish - www.astaro.com/es-es
Portuguese - www.astaro.com/pt-br

Furthermore, the new Portuguese datasheets can be found here: www.astaro.com/pt-br/recursos/folhas-de-dados. The Spanish versions will be available shortly.

Astaro Supports Charity in Friendly Soccer Tournament

Kathrin Moeschle — Fri, 29 Jul 2011 11:46:10 +0000

This past Saturday, six members of the Astaro staff competed in this year’s charity soccer summer cup.

Our selected group proved to be thoroughly motivated and energetic as it was all in good spirits and supported the Hänsel + Gretel Foundation (http://www.haensel-gretel.de). This organization works to raise money in their quest to protect children against abuse.

Themed “goals for children”, the BWG Systemhausgruppe and the SSV Ettlingen organized the event for the third time running. A big thank you to the Astaro team, represented by the departments R&D, IT, Support, Presales, Sales, Finance and even senior management and congratulations on finishing in 10th place (out of 11 teams).

Despite the game results, we felt like winners anyway in the end as we were able to help raise 5,000€ through participation fees and private donators.

Astaro’s Regina Vignone Recognized as One of the Top Women of the Channel

Jessica Pozerski — Wed, 27 Jul 2011 13:38:59 +0000

Astaro's own Regina Vignone, Director of Sales, has been recognized by Everything Channel’s CRN Magazine as one of the top Women of the Channel in 2011.

This annual list recognizes female executives for their accomplishments over the past year, based on their achievements as executives and the amount of influence they wield over the technology channel. This year’s Women of the Channel were chosen by the editors of CRN Magazine from a field of vendor channel organizations, distributors and solution providers.

Last year Regina took over Astaro’s renewal business in the United States, building a renewal program that also included a customer satisfaction component. Her efforts have not only improved relationships with partners and customers, she has improved Astaro’s renewal rate to be well above 90%.

“We are very proud of Regina here at Astaro. Since joining Astaro over six years ago, Regina has quickly moved up the ranks in large part due to her ability to develop relationships with partners that are mutually beneficial” said Bob Darabant, Vice President of Americas, Astaro. “Astaro has always respected Regina and her talents as well as her leadership skills. However, this recognition demonstrates to the world what we’ve known all along.”

Read the full press release here >

Successful Completion of MSPAlliance Vendor Accreditation Program

Jessica Pozerski — Tue, 26 Jul 2011 13:46:40 +0000

We have successfully received accreditation under the MSPAlliance’s (MSPA) Vendor Accreditation Program (VAP). VAP is the first program of its kind, specifically designed by managed service providers (MSPs) as a benchmark for vendors who sell to the MSP community. Vendors who bear the VAP seal have shown they abide by the highest principles of quality in areas such as financial stability, positive channel practices, product research and development, and MSP customer satisfaction.

"The Vendor Accreditation Program is important to MSPs, since companies that receive accreditation have demonstrated their ongoing commitment to the channel,” said Charles Weaver, president of the MSPAlliance. "We are very proud to have Astaro as a part of this prestigious body of vendors.”

Read the full press release here >

Astaro Security Gateway Version 8.200 Released

Angelo Comazzetto — Fri, 22 Jul 2011 07:20:33 +0000

Announced at CeBit earlier this year, Astaro Security Gateway V8.200 is now available. ASG 8.2 adds Application Control (aka. Layer-7 or "Next-Generation" Firewall) and Network Visiblity so that you see everything happening in your network and can make educated, reactive decisions about how your connection is used.

There is also an Interactive Web Reporting Engine that lets you craft and mold reports; you can navigate through data until you have the answer you need, no more tirelessly looking through pre-arranged reports hoping you stumble across the right one! 3G/UMTS USB support, Search Engine "Safe Search" enforcement, weights for Internet Connection balancing, and a User agent for user-based security configuration have all been introduced as well, to name just a few. WebAdmin sees usability improvements, and there is a technical preview of our upcoming Log Management product. Taking advantage of new technology and methods, we have vastly improved throughput performance of ASG, increasing it by up to four times in some areas, with a focus on Intrusion Protection and Firewall throughput. Read on for more...

For over 8 months our ASG Public Beta program has seen hundreds of particpants making over 5000 posts while you helped us shape and build this version to solve the problems you face in the real-world. Dozens of new features and functions have been added or improved upon, and our open approach to feedback and improvement suggestions via our Feature Portal has evolved Astaro Security Gateway further than ever; it truly is a product of YOUR environment.

A summary of some new features and functionality follows below, along with download information. For more details about Astaro Security Gateway 8.2 you can view the full release notes here. We hope you enjoy this release as much as we enjoyed making it for you.

ASG 8.200 Feature Summary:

Application Control

ASG provides Application Control and Network Visibilty. Application Control uses hundreds of precise patterns to identify which applications are being used on the network, regardless of the port or protocol they use to communicate. Network Visibility gives you a real-time display of exactly how your Internet connection is being used, and lets you create configuration directly from the display. We are pleased to included Application Control as part of our Web Security and Full Guard subscriptions. Read more >

Interactive Web Reporting

The Web Reporting Engine has been entirely re-designed from the ground-up to give a new, optimized experience which is tailored for how you expect to see data while delivering the information you are looking for easily. Click, build, save, and subscribe users and groups to automated report delivery in moments. You can even see exactly what your users are searching for with Google, Yahoo, and Bing. A staggering array of features awaits you. Read more >

*Note* - Installing ASG 8.200 will clear existing Web Security Reports! This is necessary as the database systems are vastly different. Soon, we will offer the ability to “re-inject” a past Web Security log file from 8.103 into the system so that you can control when this system-intensive task will occur. (Log files are completely untouched and remain intact on the system as configured)
If you rely on existing Web Security reports, do NOT install ASG 8.200 until the re-inject feature has been released in a future Up2Date.

3G/UMTS USB Modem Support

ASG supports the use of 3G/UMTS USB modems (sticks). This feature allows for these cellular USB-connected devices to be used as an Internet interface. The support of these devices lets you add redundancy or connectivity at temporary sites, remote locations, or areas without a good selection of affordable Internet connections. Further, you can add 3G/UMTS connections to the ASG’s WAN (Internet) link balancing pool.

Astaro Authentication Agent

Provide per-user configuration using the new Astaro Authentication Agent (AAA). Users can now authenticate using this lightweight program that is used for identification to control access or assign permissions such as Web Security profiles, while gaining more detailed reporting for environments without dedicated authentication servers

Web Filtering Safe Search Enforcement

The Web Security system of ASG can now enforce the enabling of “Safe Searching” for the user at the three major search engines (Google, Yahoo, and Bing).
This feature will automatically enable the “safe search” features of these engines, which will filter their search queries and results no matter what the user sets for preferences in their browsers

More features:

Web Application Security: Form Hardening - Enforce the answers which can be given to forms you offer on your servers. Read more >
Web Application Security: Reputation Filter - Disallow visitors from anonymous or known malicious sources.
Weighted Load Balancing for WAN Uplink and Server Load Balancing - Specifiy how heavily each of your Internet connections should be used.
Improved IP Address-to-User Mappings - Resolution system displays Authenticated Name, Definition Name, and other factors before displaying IP addresses in reports.
Backup File Information Stripping - Reuse backups in other installations easily.
Group-in-Group support - Reduce the amount of individual rules you need to make by grouping existing object groups together.
L2TP VPN for Android Devices - Connect securely with an IPSec-Based VPN for your Android mobile.
"No NAT" NAT rules (NAT exceptions) - Remove/Exempt traffic from NAT
Virtualization - Increased performance of Citrix XenServer, Microsoft Hyper-V, and KVM
Astaro Wireless Security Improvements - Wireless Access Points can update without rebooting, and accept configuration changes without dropping connections.
WebAdmin Dashboard Timeout Option - Choose if the ASG dashboard honors your timeout settings or not.
Dashboard License Expiration Colors - A visual aid about your subscription statuses for the ASG Dashboard
Demo Data Injection - Command line option to saturate an ASG with usage and reports, great for demonstrating to customer sites or events.

Other new things:

-SNMP Version 3 support
-Improved Web Filter Deployment Mode Selection
-Interface Virtual MAC Address (Spoofing)
-Web Application Security: Drop Invalid Cookies
-Web Application Security: Rule Skipping
-Web Application Security: SAN Certificate Support
-Editing User-Defined Mail White/Blacklists in WebAdmin
-Support for Hurricane Electric IPv6 Tunnel Broker
-Backend Firewall Rule Enhancements (IPSets)
-Web Filter Multi-CPU Scaling
-Greatly Improved Network Performance (Soft-IRQ Balancing)
-WebAdmin Physical Console Direction Message
-Color Blindness Support for ASG Red/Green Buttons
-WebAdmin “Terms of Use”

Astaro 8.200 Download Information:

Remarks:
-System will be rebooted
-Configuration will be upgraded
-Existing Web Security log files are retained
-Web Reporting Data will be reset
-Web Reporting Data can be recreated from log files in an upcoming Up2Date
-Connected REDs will perform firmware upgrade
-Connected Wifi APs will perform firmware upgrade

News:
•Next Generation Firewall: Network Visibility and Application Control
       •Application Control supersedes IM/P2P
•New Web Security reporting:
       •Improved UI
       •Custom reports per mail
       •Departmental reports
       •Search engine usage reporting
•Client-based user authentication for Windows
•ASG integration for hosted Log Management service (Beta)
•New Wifi firmware:
       •Rebootless reconfiguration (for majority of cases)
       •AP grouping
       •Dynamic VLAN tagging (with RADIUS)
•WebApplication Security:
       •Form Hardening
       •Reputation-based client blocking
       •Sitemap-XML import
       •Invalid cookies now dropped instead of rejected
•HTTP/S Proxy: SafeSearch enforcement
•IPv6:
       •IPv6 support for SMTP proxy
       •IPv6 support for HTTP proxy in "full transparent" mode
       •ICMPv6 service definitions
•Configuration:
      •Group-in-Group support for network and service definitions
      •Support for "Stripped Backups" (usable as templates)
•UMTS modem support
•KVM VirtIO support
•Hyper-V support
•Network performance improvements:
      •Packet filter ruleset optimization (IPset)
      •New IRQ balancer
      •IPS optimization
•SNMP v3 support
•Weighted server load balancing
•Weighted uplink balancing
•NAT exceptions
•Display "Terms of Use" for WebAdmin

Fixes:
[11998] - Default src addr parameter not working for S2S IPv6 routes
[12839] - Site-to-Site connection will not be established with SHA2 as ipsec authentication algorithm
[14782] - UTF-8 characters in realname of imported keys are not displayed correctly
[14820] - Virus uploads don't get blocked if XSS or SQL Injection filter (mod_security) is enabled
[15972] - Exceptions do not work for Cross Site Scripting, SQL-Injection or Cookie Signing
[16153] - Radius secret containing backtick character (`) doesn't work
[16206] - [AUA] AD groups containing utf8 characters are not returned when using test authentication
[16431] - PGP Inline encrypted Emails arrive with emtpy body at the mail-client
[16593] - Scheduled up2dates don't run when atd is dead. Selfmon check needed.
[16853] - Radius secret containing backtick character (`) doesn't work
[16880] - WAF logfile does not show block reason for "XSS Filter" or "SQL Injection Filter"
[17362] - After successful Smime-decryption, the emails are sent out encrypted when signature verification fails
[17498] - Need an option to clear, set, or copy the DF bit flag for traffic related to the IPSEC tunnel
[17907] - User prefetch fails if the mail and proxyAddresses is case-sensitive

Download Links:
Below is the link for the Up2Date package from 8.103 to 8.200. (ISO images for all installations will be available for the GA Up2Date Push)
Link: ftp://ftp.astaro.de/ASG/v8/up2date/u2d-sys-8.200.tgz.gpg
Size: ~189MB
MD5: 3954085f9e6b2e290233ff7716c83bac

Up2Date Installation:
Astaro Up2Date technology makes it easy to upgrade your Astaro Security Gateway to the latest version. There are two ways to apply an already-downloaded Up2Date package to the system:

Log on to WebAdmin, navigate to Management >> Up2Date >> Overview and use Update to latest version now to install the Firmware Up2Date. Click on the "Watch Up2Date Progress in new window" and an extra browser window will show the progress of the Up2Date installation. (The System administrator will receive a notification email once the Up2Date process has finished.)
Download the Up2Date package from our HTTP or FTP Server and install it under Management >> Up2Date >> Advanced:

	Astaro Security Gateway Up2Date FTP Mirrors:

Feedback

If you want to provide feedback or want to discuss any of the ASG V8 features you should post it on our User Bulletin Board. Please indicate the version you are using (e.g. "[8.200] Application Control Question").
If you have any feedback on our help, manual, or any documentation (Online Help) please send it to docu@astaro.com.
There is also a demo server for public use: http://demo.astaro.com

Angelo Comazzetto
ASG Product Manager

Common Criteria certificate presented by Mr. Michael Hange, president of the BSI

Martin Becker — Fri, 15 Jul 2011 11:12:14 +0000

On the occasion of the "3. Day of IT Security and 10 Years KA-IT-Si" in Karlsruhe, Mr. Michael Hange, president of the BSI, presented Astaro's Common Criteria EAL4+ certificate to Markus Hennig, CTO of Astaro.

On July 14, 2011, the Karlsruher Sicherheitsinitiative "KA-IT-Si" celebrated its 10th anniversary at the "3. Day of IT Security", a joint event of the Karlsruher Sicherheitsinitiative KA-IT-Si, IHK Karlsruhe and the CyberForum e.V. On this occasion, Mr. Michael Hange, president of the Federal Office for Information Security (BSI), gave the keynote on IT security in Germany and the role of the BSI. Subsequent to his keynote speech, he presented Astaro's recent Common Criteria EAL4+ certificate to Markus Hennig, CTO of Astaro.

The certificate with the identification number BSI-DSZ-CC-0696-2011 applies to the product Astaro Security Gateway V8 Packet Filter Version 1.000 / secunet wall 2 packet filter version 1.000, which has been developed by Astaro and secunet in a technological partnership.

The Astaro Security Gateway V8 Packet Filter / secunet wall 2 packet filter is the firewall component of the UTM security solutions Astaro Security Gateway V8 and secunet wall 2. The certification is based on the Common Criteria version 3.1 for the security level EAL4+ and was accompanied by the accredited testing laboratory SRC Security Research & Consulting GmbH situated in Bonn.

The highest internationally, mutually recognized certification level EAL4 + requires in addition to an inspection of the development environment by the BSI also close scrutiny of the complete source code by independent experts. The IT Security Certificate therefore warrants to customers that security requirements created by Astaro are properly implemented and that the processes used in this case meet recognized standards.

With the certification of the product Astaro Security Gateway V8 Packet Filter it is world’s first complete IPv6 packet filtering functionality of a UTM security solution that has been officially accredited and approved. The certified packet filter was delivered for the first time with Astaro Security Gateway Version 8.103 and secunet wall 2 version 8.103, respectively.

Astaro actively supports underprivileged children

Kathrin Moeschle — Thu, 14 Jul 2011 08:15:15 +0000

UNSERE KLEINEN BRÜDER UND SCHWESTERN E.V., which translates as "Our Little Brothers and Sisters", is an internationally active children's fund which operates in Latin America. The organization works to support needy, disadvantaged and abandoned children, teenagers and young adults.

Employees and partners on-site install children's villages in which the girls and boys live like in an extended family. They care for the integral development of the children in their homes, schools, training centers, medical and agricultural institutions as well as other programs. At present, about 3,500 children live in 9 orphanages in Mexico, Honduras, Haiti, Nicaragua, Guatemala, El Salvador, the Dominican Republic, Peru and Bolivia. In addition, the fund supports the poorest children in the slums of its neighborhood. Annually, about 40,000 needy children are given the chance of a better future.

All those involved in the project fight daily to cater for the needs of so many children, which is a difficult and strenuous task. Thus, the organization constantly looks for donations via their website (www.mygoodshop.org) and we are impressed that 100% of all donations reach their objective! We at Astaro are touched not only by the plight of these underprivileged children, but also by those who work with the project to make a difference. We have contributed to the organization by supplying a free Full Guard bundle to protect them against all Internet-based threats.

We wish "Our Little Brothers and Sisters" not only a secure and protected year, but also a lot of fun!

ASG Up2Date 7.511 Released

Angelo Comazzetto — Tue, 12 Jul 2011 07:58:05 +0000

Greetings! Today we have published a maintenance release for Astaro Security Gateway V7 users. This Up2Date will address some minor bugs, improve the stability and performance of RED and Wireless under Version 7, and increase the performance of Web Security when used with Authentication. No major changes or new features have been introduced.

Details
Remarks:
* Your system will be rebooted
* Configuration will not be upgraded
* AP10 and AP30 units will upgrade their firmware after Up2Date has fully installed. Avoid power cycling your AP device

News:
Improved HTTP Proxy, especially with remote authentication
Improved Wireless firmware
Improved RED service

Fixes:
[1468]: Scheduled Up2Dates do not work correctly
[15225]: Availability groups deployed via ACC are unresolved
[15337]: WiFi: Possible connectivity problems with 40Mhz channels
[17198]: Upgrade to V8 not possible in some rare cases

Download Information
   Link: ftp://ftp.astaro.com/pub/ASG/v7/up2date/u2d-sys-7.511.tgz.gpg
   Size: ~155 MB
   Md5: e764f7ce6f97d07d6f3db6a8c374717d

Astaro Up2Date technology makes it easy to upgrade your Astaro Security Gateway to the latest version. There are two ways to manually apply an Up2Date package to the system:

Log on to WebAdmin, navigate to Management >> Up2Date >> Overview and use Update to latest version now to install the Firmware Up2Date. Click on the "Watch Up2Date Progress in new window" and an extra browser window will show the progress of the Up2Date installation. (The System administrator will receive a notification email once the Up2Date process has finished.)
Download the Up2Date package from our HTTP or FTP Server and install it under Management >> Up2Date >> Advanced:

Astaro ASG Up2Date Download Mirrors:

Feedback

If you want to provide feedback or want to discuss any of the ASG V8 features you should post it on our User Bulletin Board. Please indicate the version you are using (e.g. "[8.103] Using Astaro RED with Split-tunneling").
If you have any feedback on our help, manual, or any documentation (Online Help) please send it to docu@astaro.com.
There are also demo servers for public use anytime at http://demo.astaro.com

Enjoy,

Angelo Comazzetto

Sophos Broadens Security Portfolio with Completion of Astaro Acquisition

Jan Hichert — Wed, 06 Jul 2011 09:09:04 +0000

Global IT security and data protection company Sophos today announced that it has completed its acquisition of network security vendor Astaro. This acquisition will allow Sophos to deliver coordinated, best-in- class threat and data protection offerings from every endpoint to any network boundary.

Organizations today face new challenges in protecting users and IT infrastructure from complex and targeted security threats; especially those that gain entry from across the Web or through new applications. As workforces become distributed across multiple offices, including the home, even basic security controls have become hard to update and enforce. Through this acquisition, Sophos will address the need for security solutions that provide threat and policy protection no matter where the user or company data resides.

“Never before has the security and IT environment been so challenging to secure for our customers,” said Steve Munford, Chief Executive Officer, Sophos. “Together Sophos and Astaro have the ingredients to uniquely solve today and tomorrow’s increasingly complex security challenges while allowing IT to enable users to work more flexibly and embrace new devices and applications.”

The acquisition, which was announced on May 6, 2011, will deliver an industry-first combination of endpoint protection with UTM. Once integration is complete, the Sophos portfolio of security products will:

Combine Astaro’s network security with Sophos’ threat expertise. The initial integration with the Astaro Security Gateway and Sophos Anti-Virus will bring real-time protection against malware using Sophos Live Protection infrastructure, a comprehensive architecture for real-time updates to users in offices anywhere around the globe, and Sophos Web protection, real-time blocking of malicious websites via SophosLabs extensive Web reputation systems; which classify over 50,000 infected Web pages every day.
Longer term, the integration will allow central management of anti-malware, Web and data control policies across endpoint, mobile and network enforcement points – including consumer-owned mobile devices and branch, home or remote offices. This will offer IT better visibility and control, whether the enforcement points are enterprise, consumer owned or located at a central, branch or home or remote office.
Upon completing Astaro partner certification, Sophos partners will have access to the full network security portfolio including unique capabilities for protecting branch offices, log management and a leading network security gateway available in any delivery model. Likewise, Astaro partners will have the opportunity to become Sophos partners and deliver a complete set of endpoint, mobile and gateway solutions to their customers.

“Both companies are pragmatic and appreciate the need to be simple and secure for target buyers,” wrote The 451 Group in a May 6th 2011 Deal Analysis¹ , regarding the acquisition. “The disruptions in this market require bold moves. Sophos has made one.”

“We founded Astaro with the mission of bringing network security products to organizations of all sizes and accomplished this goal by creating easy-to-use, Unified Threat Management solutions that addressed several facets of network security. However, as the threat landscape continued to evolve it became clear that gateway security alone would no longer be sufficient to effectively secure a network,” said Jan Hichert, Astaro co-founder and CEO, and now Sophos’ Senior Vice President and General Manager, Network Security.

About Sophos
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards. Sophos is headquartered in Boston, US and Oxford, UK.

About Astaro
Astaro offers the most complete and easy to use network security appliances available. Astaro’s award-winning products provide the latest protection with the best total cost of ownership. Software, hardware and virtual appliance offerings provide users the flexibility to meet a wide variety of deployment scenarios. Distributed by a growing worldwide network of more than 2,500 resellers, more than 56,000 Astaro installations protect business, school and government networks against IT security threats. Astaro, headquartered in Karlsruhe, Germany, offers free downloads of its products at www.astaro.com.

¹“Sophos moves beyond the endpoint in acquiring Astaro” published May 6, 2011.

Astaro Partner Roadshow 2011 – again a great success!

Kathrin Moeschle — Tue, 21 Jun 2011 06:25:17 +0000

The Astaro Partner Roadshow is over again for another year. We visited 12 cities in Europe and in the Middle East and were able to welcome more than 500 visitors – a new attendance record!

Held for the first time as a whole day event, high-profile speakers from the Astaro Management and Product Management teams gave a detailed insight into our strategy, roadmap and the status of new and upcoming product innovations.

We would like to thank everyone who shared their valuable time with us and came to one of the locations. We were especially happy to hear constructive feedback about our products. In many discussions, we received important suggestions and learned that our partners understand and approve of our motives for the Sophos acquisition.

It is important to us to continue to uphold our successful relationship with our resellers and customers whilst strengthening it in the future!

We are already looking forward to seeing you at our next roadshow tour.

Some impressions of our Astaro Partner Roadshow 2011:

Worldwide IPv6 Day – Business As Usual for the Astaro Security Gateway

Kathrin Moeschle — Fri, 17 Jun 2011 09:40:25 +0000

The Internet Protocol Version 6 (IPv6) can be described as the “Internet standard of the future”. On 8th June 2011, the world's first practical test took place and many large websites were available for the new IPv6 standard. We at Astaro also participated in the experiment and as everything ran so smoothly, we don’t even feel the need to switch back to IPv4. We have to thank our partner Telemaxx, who provided us with the new IPv6 lines and helped make this transition possible.

The Internet connects about two billion people today. If it continued to only connect people, four billion IPv4 addresses would probably suffice for quite a while. But in recent years, the Internet has become so much more - now supporting new technology such as smartphones, iPods and TVs connected directly to the Internet. All equipped with their own IP addresses.

IDC believes that the digital universe as we know it today will increase by a factor of 44 until the year 2020. This is why an alternative standard to the common IPv4 had to be found. Astaro is confident that IPv6 will soon become the Internet standard of the future and joined the International IPv6 Day in order to test how far we are away from completely switching over to IPv6.

Markus Hennig, Astaro Chief Technology Officer:
"The experiment has shown whether routers, computers and specific Web browsers can deal with IPv6. Thus, we changed our website to the new Internet standard. In parallel, we wanted and still want to offer our customers the opportunity to test IPv6. As we did not encounter any problems we are still running on the IPv6 standard.”

For all those who still want to test their IPv6 readiness:
Here is a short guide on how to enable IPv6 on your Astaro Security Gateway.

Step 1: Get a IPv6 tunnel broker
Your ISP will not support the native IPv6 standard, so you will probably need to first get an IPv6 tunnel broker. For Internet access with dynamic IP addresses, we recommend the tunnel brokers from freenet6 or SixXS because they do not change the assigned IPv6 subnet. For Internet access via fixed IP addresses, you can also opt for the 6to4 as a tunnel broker as it can be activated with a single click and without prior registration.

Step 2: Create a Freenet6 account
Create a Gogo6 Account first: http://gogonet.gogo6.com/main/authorization/signUp
Then you can register for a freenet6 Account for the IPv6 Tunnel Broker Service: http://gogonet.gogo6.com/page/freenet6-account

Step 3: Adjust your ASG settings
Go to the column “Interfaces & Routing” on your ASG and click on "Enable IPv6”. Now choose “user” for the field “authentication” of your tunnel broker mask and select “Freenet6” in the field “broker”. Enter your tunnel ID and password as username and click “apply”.

On the tab "Global", you can now see your current status and your IPv6 subnet. You now have full IPv6 connectivity! Web Security users with a current HTTP proxy can now connect to IPv6 addresses such as http://www.test-ipv6.com, although they only have IPv4.

Step 4: Client configuration
To roll out IPv6 to your clients, you must configure IPv6 on your internal network. For your first IPv6 supporting internal interface you can choose, for example, the first IP from the first available subnet (eg 2001:0 db8: 85a3: eb00:: 1 / 64).

Clients can be either configured via pre-installed Advertisments or via DHCPv6. For best compatibility please go in the column "Prefix Advertisments" on "IPv6" and activate the pre-installed Advertisments on your internal network interface.

Most of your existing packet filter rules are probably already IPv6-compatible. Depending on your configuration, you may still need an additional rule that allows IPv6 traffic between your internal network and the Internet, such as web traffic.

Step 5: The test
ipconfig in the Windows command line shows if the Advertizing works and which IP address was assigned to you.
In order to finally test IPv6, start your browser and go to http://www.test-ipv6.com.

Goodbye to an Uncommon Security Professional

Jessica Pozerski — Tue, 14 Jun 2011 13:25:00 +0000

It is with great sadness that we announce Jack Daniel is leaving Astaro.

For the past ten years Astaro has grown and developed to become one of the leading network security companies in the market. This growth is in part due to our strong product line and singular focus to provide easy-to-use security solutions, but it is also due to our involvement in the security community.

For the past several years, Jack Daniel has pushed Astaro to be more involved in the security community first as a Support Engineer and then as our Community Development manager.

Jack initiated our involvement with organizations such as NAISIG and the Security BSides un-conferences. He helped drive our social media initiatives on Twitter and was a frequent visitor and contributor to our Up2Date blog and Astaro Security Perspectives blog.

When Jack informed us that he would be leaving Astaro, it was clear this decision came after much thought and contemplation. The position that awaits him at Tenable Network Security will offer new opportunities and challenges and we respect his decision. We are disappointed to see Jack leave, but we are excited for the opportunity that awaits him in his new role and understand that sometimes great people are hard to keep – no matter how hard you try. It is no surprise that another company recognized Jack’s abilities.

Astaro will continue to participate in the Security BSides conferences as well as the other programs Jack worked on. We are still committed to the security community and look forward to interacting with Jack during these events. His direct contributions to Astaro will be missed, but as long as he is involved in the security field we all benefit from will knowledge and perspectives.

Goodbye, Jack, and good luck.

Telemedicine and improving patient care

Bill Prout — Tue, 14 Jun 2011 06:48:19 +0000

Studies show that physicians who study in large cities prefer to stay there and it can be difficult for rural areas to attract doctors. Additionally, as training costs rise and doctors look to large city hospitals for their careers, rural areas in states like such as Minnesota and Indiana have noticed a shortage in doctors. Short of opening medical schools in remote areas of the country there is little these small towns and counties can to do attract doctors. Working in a remote area with few facilities and less resources and peers can be difficult and states like Texas are looking to new legislation to help attract and retain young doctors.

While increasing the number of doctors in rural regions is the ideal solution, there are alternatives to solving this pressing issue. One such solution is implementing Telemedicine or telehealth facilities. A recent study from UMass Memorial finds that telemedicine can help improve ICU patient care.

Given the need for rural doctors and the potential for improved patient care telemedicine presents we would think more and more hospitals would jump at the chance to implement telemedicine policies and procedures. However, like any new idea there are barriers to this possibility. According to Dr. Jeremy Kahn who was quoted in a recent blog post by Boston.com’s Liz Kowalczyk, “while telemedicine programs have exploded in the past decade, studies of the benefits, especially in ICUs, have produced disappointing results. Policy-makers have questioned whether this expensive technology is useful at all, if it just drives up health care costs without showing a payoff of improving care.”

As with all industries medical organizations face challenges when choosing and deploying the technology that is ever more relied upon to diagnose and care for patients. These new solutions come with the burden of new training, integration hurdles, and of course have a price tag that organizations are increasingly concerned about in these trying financial times

The key here seems to be “expensive technology”. If we can lower the costs of the technology needed to connect healthcare facilities, secure patient data and monitor patients’ statuses remotely then telemedicine becomes more of a reality than wishful thinking. Unfortunately the technology necessary to create secure connections can be costly, especially when it comes to managing the technology. What good is a remote monitoring tool if it needs a full time IT administrator to make sure it stays connected?

The technology industry needs to partner with the healthcare industry to find realistic ways of connecting remote/rural healthcare facilities to doctors in more populated areas. This way we can ensure all patients are getting the best care possible. It may not be as ideal as recruiting doctors to practice in these rural areas, but it is the next best thing.

While Telemedicine programs are unique to the medical field, the criticisms and concerns are all too common when it comes to technology, and the challenges faced by administrators and IT staff can be found in most businesses today. How do we provide secure business critical services while being cost conscious.

One solution may be to use a configuration-less device such as Astaro’s RED which offers simple ‘plug n play’ connectivity which can allow remote medical professionals the ability to help care for patients while not being physically onsite. These solutions make it possible to set up a remote healthcare facility and monitor patients from afar. Solutions like Astaro RED, along with the proliferation of broadband and electronic medical records may make telehealth a reality.

Astaro Supports Roparun 2011

Amir Khawaja — Tue, 14 Jun 2011 07:14:04 +0000

The Roparun is the longest non-stop relay race in the world, covering approximately 530 KM between Rotterdam and Paris. The aim of this charity event is to raise funds for cancer-diagnosed patients and took place this year between 11th and 13th June 2011.

This event is not only unique in its length, but also with its goal carrying the motto: "Aiming to add life to the days that remain, when no more days can be added to life". Throughout its 17 year history, over 29,000,000 EUR has been raised.

This year, Astaro proudly supported this event with our Astaro Security Gateway and Wireless Security solutions. The good people at Contec, our Dutch Distributor, made it possible and ensured that all VIPs and the on-location media had secure access to the WiFi network.

View our slideshow from the event below.

Up2Date 8.103 Released

Angelo Comazzetto — Wed, 08 Jun 2011 18:14:24 +0000

Up2Date Version 8.103 has been released for Astaro Security Gateway appliances. The main reason for this release is to add the Common Criteria (EAL4+) Certified architecture to ASG. (This represents the culmination of many months of focused development and procedural work.) We also take this opportunity to address some issues with the HTTP/S Proxy (Web Filter). Read on for more details.

Details
Remarks:
   * Your system will be rebooted
   * Configuration will not be upgraded

News:
   Contains ASGPF (Firewall) certified according to CC EAL4+
   Fix various issues in HTTP/S Proxy

Fixes:
[16255] Exception for Certificate Trust Check does not work in transparent mode
[16438] Self signed certificate in chain (and an exception for all requests going to this category) will not work for some banking sites

Download Information
   Link: ftp://ftp.astaro.de/pub/Astaro_Security_Gateway/v8/up2date/u2d-sys-8.103.tgz.gpg
   Size: ~84.5MB
   Md5: c65ab286d656b8f84e7c6ee3e3f5054

The ASG V8.000 release notes can be found here, 8.100+ release notes (here) are located on the Astaro Support KB.
Astaro Up2Date technology makes it easy to upgrade your Astaro Security Gateway to the latest version. There are two ways to apply an Up2Date package to the system:

Log on to WebAdmin, navigate to Management >> Up2Date >> Overview and use Update to latest version now to install the Firmware Up2Date. Click on the "Watch Up2Date Progress in new window" and an extra browser window will show the progress of the Up2Date installation. (The System administrator will receive a notification email once the Up2Date process has finished.)
Download the Up2Date package from our HTTP or FTP Server and install it under Management >> Up2Date >> Advanced:

Astaro Security Gateway Up2Date Download Mirrors:

Feedback

If you want to provide feedback or want to discuss any of the ASG V8 features you should post it on our User Bulletin Board. Please indicate the version you are using (e.g. "[8.103] Using Astaro RED with Split-tunneling").
If you have any feedback on our help, manual, or any documentation (Online Help) please send it to docu@astaro.com.
There are also demo servers for public use anytime at http://demo.astaro.com

Enjoy,

Angelo Comazzetto
ASG Product Manager

Hacking at the highest level of excellence

Kathrin Moeschle — Fri, 27 May 2011 13:21:57 +0000

Large crowds reigned at the 10th hacking contest which took place during the LinuxTag exhibition in Berlin. The event was again sponsored by Astaro and saw six teams compete against each other to test their skills to the limit.

Around 300 spectators watched and listened to the running commentary by the two moderators, Markus Hennig from Astaro and Kester Habermann from LinuxTag. This year, the jury already revealed the systems in advance of the contest which allowed the teams to prepare “battle plans” in advance of the competition. All teams were paired up and competed against each other through three phases and worked to infiltrate the system while repairing security holes set up by the opposing team. The winning team was then decided by the total amount of points accumulated overall.

The contest conditions for the participants were challenging as they had to demonstrate their skill and concentrate under time pressure and the watchful eyes of the audience. This required a great deal of ingenuity and creativity and the teams did not fail. They impressed the audience with numerous spectacular hacks. "I thought that I was well versed with Linux systems, but these teams taught me better. Congratulations!" praised an interested spectator.

Astaro supports the Hacking Contest as every hacker has the potential to become a solid computer scientist who can overcome the obstacles and weaknesses of any system without any problems – which is an asset for every company and IT infrastructure.

We are happy to announce and congratulate this year’s winners:

In the first row - first place with 61 Points: Team Legofan
Members: Jakob Lell, Christopher Nguyen, Andrew Karpow

In the second row - second place with 32 points: Team POVaddict
Members: Christian Perle, Michael Karcher

In the third row - third place with 26.5 points: Das Green Team
Members: Bernhard M. Wiedemann, Rainer ten Haaf, Mathias Jeschke

The Hacking Contest in pictures:
http://www.flickr.com/photos/linuxtag/sets/72157626591974079/with/5718422603/

Demystifying Cloud Computing

Jack Daniel — Tue, 24 May 2011 13:15:21 +0000

There is a lot of hype and confusion about cloud computing, what it is, and what it isn’t. Here are some resources I use, and ones I recommend for understanding the fundamentals of cloud computing and cloud security. You will not find any “cloud will change everything” nonsense here (it won’t). Nor “cloud is nothing new” nor “cloud is completely new” nonsense, either (cloud computing is a mix of old and new ideas and technology, it is mostly evolutionary, but in some cases revolutionary).

Properly deployed for appropriate purposes, cloud computing can be fantastic. I have moved most of my lab systems to a cloud environment and it has provided a huge improvement in my ability to test systems and deliver demonstrations. Astaro uses cloud systems to deliver content and services for partners and customers more effectively that we could with internal resources. But, cloud computing is not for everyone, or for everything. You just need to research, plan, and migrate wisely.

There are a handful of very good cloud computing security documents out there, here are ones I recommend (some are pretty big PDFs):

Start with the NIST definitions doc, it is only seven pages, and only the last two have the actual definition. It is not “security specific”, but is sets a common terminology for the rest. Download it here (PDF).

My new favorite cloud security reference is from the Australian Defence Signals Directorate; their Cloud Computing Security Considerations is great resource and a great conversation starter for those considering a move to cloud computing. (It is 19 pages and an easy read, too). If you read only one, read this. And share it. Download it here (PDF).

For more meaty discussions of cloud security, it is hard to beat the documents recommended for those preparing to take the Cloud Security Alliance (https://cloudsecurityalliance.org) CCSK (Certificate of Cloud Computing Knowledge https://ccsk.cloudsecurityalliance.org) exam:

CSA’s own “Security Guidance for Critical Areas of Focus in Cloud Computing V2.1” (download the PDF here) is not a light read, and is enterprise focused, but has a lot of good information. The other study document is the ENISA “Cloud Computing Risk Assessment”. It is also not a quick read, but has more small- to mid-sized business focus (reflecting its European origin).

Speaking of CCSK, it is an interesting certification. I’ve recently passed the exam, and heartily recommend the study material- but the certification is probably of limited value to most people until “cloud” is better understood. As you would expect, CSA has an enormous amount of information on their site, covering a myriad of cloud concepts.

A couple more references for those of you who want a broader understanding:

NIST also has a “Cloud Computing Reference Architecture” (download the PDF here) which needs some help in the area of readability, but is a good resource, especially for the discussion of cloud computing roles.

OpenCrowd’s Cloud Taxonomy (http://cloudtaxonomy.opencrowd.com) is useful for help in categorizing cloud products and services and for understanding the categories.

This is by no means a complete, or even exhaustive list; but it is a good set of resources which should be helpful to those considering a move to cloud computing (or to those already in the clouds, but afraid of heights).

Sophos to Acquire Astaro to Meet Demand for Complete, Layered Security Protection

Jan Hichert — Fri, 06 May 2011 06:42:49 +0000

Sophos, a global security leader, today announced it has entered into an agreement to acquire Astaro, a privately held provider of network security solutions, headquartered in Wilmington, Massachusetts, USA and Karlsruhe, Germany.

Businesses today face unprecedented challenges in protecting users and IT infrastructure from escalating complex security threats, especially those brought on by more mobile, roaming users, new application protocols, and distributed networks. There is a widening security gap for companies given the new rules by which users, businesses and IT operate and this acquisition answers unmet customer needs for better security coordination and effectiveness between users, applications and IT infrastructure.

“The combination of Astaro’s comprehensive portfolio of network security solutions alongside our endpoint, mobile, and email and web threat and data protection capabilities will enable us to continue to deliver on our vision of providing complete security without complexity wherever the user and company data resides,” stated Steve Munford, Chief Executive Officer, Sophos.

The market for multi-function security appliances has continued to grow because organizations of all sizes want better protection against security threats and need to support their users and distributed workplaces in a comprehensive, easy to use, efficient way. According to IDC, the market for unified threat management was approximately $2 billion worldwide in 2010, with a CAGR of 13% 2010-2014 .

Astaro, with $56 million in billings and 30% year over year growth in 2010, is the fourth largest dedicated unified threat management (UTM) provider, leads the market and has sustained fast growth due to its strong track record of innovation and robust portfolio of feature rich network security solutions. With over 56,000 installations in over 60 countries, Astaro protects business and government networks across the globe against IT security threats. The company currently has more than 220 employees in nine countries spanning three continents, including a significant presence in the EMEA region.

“Demand for network security solutions with more comprehensive and high-quality protection is accelerating fast, and yet companies are struggling with the complexity of multiple security solutions to serve these needs,” stated Jan Hichert, Chief Executive Officer, Astaro. “We are excited to join forces with Sophos, as we share a common mission and passion for providing the most comprehensive security solutions that are also easy to use. Together, we will deliver to customers the ability to apply consistent security and web and application controls regardless of where the user is or where the network boundary may lie.”

Customer and Partner Benefits of the Combination:

Industry-First Coordinated Protection Between Endpoint and Network: This transaction brings two leading complementary security portfolios together to deliver coordinated protection and policy between endpoint and network. By combining policy, security filtering and information known at the endpoint with the network, Sophos will be able to provide improved security and visibility along with integrated management and reporting.
Solutions Fuelled by Best-in-Class Threat and Data Protection and Web and Application Control: Solutions will offer complete protection to meet complex threats and malware challenges, especially from the web, applications and social engineering vectors that require full visibility and coordination, supported by SophosLabs and renowned malware and threat expertise.
Enriched Channel Offerings: The combination of Sophos and Astaro will offer partners a complete and differentiated range of security solutions and services to meet customer needs not answered in the market today. Partners can deliver coordinated threat and data protection, and policy from any endpoint to any network boundary with solutions that can be deployed in any way: software, virtual, appliance, via a cloud services platform and backed by security updates from Sophos Live Protection for real-time, high-performance protection for end users no matter where they are.

Read more here >

About Sophos
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs—a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards. Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.

Our EMEA Headquarter Location Has Moved!

Amir Khawaja — Mon, 02 May 2011 13:17:36 +0000

After months of planning and seemingly endless construction work, the Karlsruhe team was successfully able to move into the new office building this Easter weekend. Astaro has grown rapidly as a company over the past few years and as a result, office space was depleting swiftly.

Just before the Easter weekend rolled around, the boxes were packed, picked up and shipped off to the new location. Thanks to a lot of hard work and good organization, operations were resumed after the weekend without much fuss.

The new office location is not far away from the old building, just over the street in fact, and spans 3000 square meters over 3 floors - enough space for further growth in the future. Aside from more floor space, the new office also has a great roof-top terrace with a splendid view.

We look forward to welcoming you to our new office in the near future. Until then, we have put together a small image gallery for you.

Introducing the New Pacific Australia Dream Team

Cheryl Tuquib — Mon, 02 May 2011 13:36:33 +0000

After a scrutinizing and in-depth search for a new Country Manager and Pre-Sales Engineer for Pacific Australia, Karen Delaney and Troy Cunningham have joined Astaro, bringing with them years of experience in the IT Industry.

Picking the dream team to take over the Pacific Australia business was not an easy endeavor. Passion, dedication and enthusiasm were but a few elements we needed from the new Country Manager and Pre-Sales Engineer, other than the industry experience and channel and customer-based platform.

Karen Delaney joined Astaro in late March, coming from a 2-year stint as a Channel Manager with Sonicwall. With her extensive on-field experience in building and managing the channels, Karen takes on a challenging and promising job of re-energizing the Astaro channels in Pacific Australia, as well as building relationships with MSSP partners and customers.

Troy Cunningham joined Astaro in mid-April from Sonicwall where he worked closely with Karen. Troy’s deeply rooted technical expertise, which stems from his hands-on experience with various security products like Sonicwall, WatchGuard and Barracuda, will be a great advantage when getting Astaro’s innovative products out into the Pacific Australia market.

Welcome the Pacific Australia dream team and email them at anz@astaro.com.

Revision 4 of the Astaro Security Gateway 110-120 Available

Udo Kerst — Mon, 02 May 2011 13:38:58 +0000

A new revision of the ASG 110/120 has left our production facilities. The ASG 110/120 rev.4 features an Intel processor which produces 1.8 Gbps of firewall throughput.

The new revision 4 of the ASG 110/120 is now being shipped! The ASG 110/120 rev.4 is based on a new platform featuring an Intel processor which produces 1.8 Gbps of firewall throughput. There are also four fully configurable gigabit Ethernet ports, a faster 160 GB server grade hard drive and a new chassis designed for quieter and cooler operation. The unit itself is also physically smaller and can be either placed on a desk, wall mounted via holes in the bottom, or mounted in a rack using a new optional rack mount kit which is now also able to house the external power supply.

The part number and pricing for this new model remains unchanged. However, part numbers and pricing for the new rack mount kit and power supply have changed and are included in the updated Astaro price list which is available in the partner portal.

Documentation and updated collateral (datasheets, customer presentation etc.) which reflect the updates to this model have been made; you will find them in the partner portal and on the Astaro website accordingly.

InterOp Conference 2011 is back

Jessica Pozerski — Mon, 02 May 2011 13:59:13 +0000

Once again, Astaro will be attending the Interop Conference in Las Vegas. This year, the event will be held in mid-May and Astaro has some exciting announcements and activities going on at our booth.

We would like to invite you to join us on Tuesday, May 10th as Astaro's Community Development Manager, Jack Daniel, presents "Cloud Definitions You've Been Struggling to Understand" at 10:15 a.m. in the Mandalay Bay Room J. To make it even better, Astaro will also be hosting the following security discussions right at booth #960 on Tuesday, Wednesday and Thursday. For a FREE Expo pass or 25% off a Conference pass register here today and use Priority Code: CNYKNL01 – complements of Astaro.

To see a list of all the activities we will have at our booth, new announcements and presentation schedule, use the QR code or click the button below to visit our landing page before the event. Then check back after Interop is over for photos and lists of prize winners.

Learn more here

ComputerWorld Singapore Security Summit 2011 (A post-event report)

Cheryl Tuquib — Mon, 02 May 2011 14:27:51 +0000

Astaro Asia joins as a Silver Sponsor in this year’s ComputerWorld Singapore Security Summit 2011. This annual gathering of security experts and enthusiasts gives perspective to security scenarios that constantly evolve.

ComputerWorld brings together network security experts and enthusiasts for this annual 1 day conference to look into the current state of Internet security. The summit aims to impart knowledge to determine the strengths and weaknesses of global networks right now, especially in battling ever-growing sophisticated threats, and look into what should be done to strengthen infrastructures and corporate environments.

It also dives further on how far technology can take us in the protection of our digital assets, looking into best practices and strategies that work.

Apart from a booth space, Astaro’s Benjamin Hodge, Director for Technical Services, took the stage at Track A on Zero Day Defense where he shed more light on the threat landscape and what all companies should realistically consider when looking into their network security infrastructure.

Upcoming Event: AusCERT 2011

Cheryl Tuquib — Mon, 02 May 2011 14:34:09 +0000

In partnership with WhiteGold Solutions, Astaro will be showcased in the largest and most-anticipated security conference in Australia. This annual event held in Queensland’s Gold Coast is hosted by the Australian Computer Emergency Response Team.

The theme for AusCERT2011 is overexposed which is a reflection of the increasing exposure to information security risks that people, business and society face.

The conference will explore facets of these risks and bring together experts from Australia and around the world to provide insight and solutions to deal with these challenges.

Visit Astaro at booth G4 with WhiteGold Solutions.

More information

Social media marketing tips for VARs

Bob Darabant — Wed, 20 Apr 2011 21:05:50 +0000

The advent of email and electronic communication changed the way both B2B and B2C businesses marketed. Overtime, direct mail postcards and cold calling became a practice of the past while sending out mass emails and invitations to webinars was the new “it” way to reach your target audience. Today these methods seem passé and are often ignored. While email marketing still has its place and can be effective if done properly, marketing methods have evolved along with technology. Today, marketers can reach a more targeted audience through social media. But how can VARs who often have limited marketing resources make the most out of these new platforms? The key is to understanding the type of audience that each attracts and creating content that appeals to these audiences.

LinkedIn
Possibly the most ‘professional’ of all the social media sites, LinkedIn offers VARs some unique ways to reach your target audience. One way would be to start a professional group within LinkedIn that encourages members to initiate discussions and post news about that particular topic. For example, there is a marketing professionals group on LinkedIn where members share ideas about new marketing techniques, share stories and even pose questions about their own ideas and ask for opinions or suggestions for improvement. Creating this type of group would position your company as an expert in your area. If a group already exists which is a good match for your company; join the group and become an active member. Have a designated person start discussions and respond to others. It will only help elevate your company’s profile.

Facebook
Many business people view Facebook as the toy of the social media world. However, even business to business organizations like VARs can use Facebook as a marketing tool. Facebook is widely popular so why not use a tool that people are already using?

One way is to start a “fan page” that Facebook members can “like”. Then post links to industry news, post company news and events and again start conversations about topics you customers would find interesting. This keeps your company connected to your customers, potential customers and industry enthusiasts. Your company can also “like” the fan pages of the vendors you work with so your information is linked to theirs, increasing your exposure.

A second way to use Facebook is to create highly targeted pay-per-click ads. These ads work much like Google AdWords but instead of targeting keyword search terms they target a person’s profile information. So if you sell network infrastructure technology you can have your ad shown only to people who have IT in their job description. If you only operate in a certain area you can add qualifiers to better target your demographic using information supplied by the potential customer. Ads are relatively inexpensive and can run as long or a short a period as you desire. You can use Facebook to drive registration for an upcoming event or advertise a new product that you now offer.

Twitter
Many businesses have a difficult time finding the appropriate way to use Twitter. The character limitations along with its social nature lead some to believe the tool is better left to celebrities and teenagers. Once again, with a proper strategy Twitter can be successfully used for marketing and PR campaigns. The key is to use key terms people are following or trending terms.

For example, if your company is attending a tradeshow, tweeting about what is going on at your booth and using a hash-tag (#) along with the name of the conference will alert people looking for information about the conference you are there.

As your company’s account gains followers you can post links to new blog posts, promotions, news stories and so on. As long as your twitter feed doesn’t become overly promotional people will continue to follow you.

YouTube
At one point 75% of all searches on Google brought back video results from YouTube. These videos are often entertaining but they can also be informative. Posting short videos about your company’s services or products they offer can be a great way to get to the top of the search pile for a particular term. Also, you can link to these videos in marketing materials and embed them in your website create a more interactive experience for those looking for information about your company.

One caution: many companies salivate at the idea of creating a viral video and hold focus group and brainstorming sessions to come up with the corporate version of “squirrel on a skateboard” video. This is against the nature of viral videos, they tend to be spontaneous, entertaining or even gag inducing. If you are trying to make a viral video that is really an advertisement ask yourself if this is something you would normally forward to your friends.

With a little creativity, patience and thought any VAR can use these tools to help improve their marketing and increase their organization’s visibility.

Celebrate the Mail Archiving iPhone App and join our contest!

Kathrin Moeschle — Tue, 12 Apr 2011 15:52:12 +0000

Celebrate the Mail Archiving iPhone App and join our contest!

Our new iPhone App for Astaro Mail Archiving is now available for download in the iTunes App Store - for free, no strings attached. With this app, users of the Astaro Mail Archiving Service have easy access to their Astaro e-mail archive from their iPhone. You can see your archived e-mails, conduct searches and edit e-mails just like working in your inbox while on the go.

If you are a user of Astaro Mail Archiving, have a try and download your iPhone App now! Or read more on our website.

Spread the word – and get your reward! Tell the world about Astaro Mail Archiving and the iPhone App and take part in our lottery to win one of three iTunes vouchers worth 50 USD! You can redeem it for apps, music, games or videos from the iTunes and App Store.

What you need to do: Tell people about Astaro Mail Archiving and the iPhone App by writing a blog article, posting to your community, commenting on your website, shooting and publishing a video, sharing photos, or, or, or – just be creative. But please include this line: “iPhone App for Astaro Mail Archiving now available in the App Store.” Then, send us your posting (with a link and screenshot) to feedback@astaro.com until 30th April 2011. The three best entries win! We keep our fingers crossed and wish you good luck!

General terms and conditions (PDF) apply.

6th Annual 2011 Hot Companies and Best Products Awards

Jessica Pozerski — Thu, 07 Apr 2011 18:32:27 +0000

Astaro has been named a finalist for the 6th Annual 2011 Hot Companies and Best Products Awards in five categories. The winners will be announced on May 10, 2011 in Las Vegas during the Interop Conference. Hundreds of technology companies are nominated for these awards and only a few are selected as finalists. A special congratulations goes to the support team for being finalists in two categories!

Astaro is a finalist in the following categories:

Cloud Computing/SaaS – Astaro Mail Archiving
Security Software – Astaro Security Gateway V8
Wireless Solutions – Astaro Wireless Security
Best Support Initiative or Program of the Year – Astaro Support Program
Best Support Team of the Year – Astaro Support Team

6 Tips on How To Make Your Wireless Networks Unbreakable

Gert Hansen — Sun, 03 Apr 2011 15:08:48 +0000

Wireless networks are present in most homes and businesses, but the convenience they offer can open unsecured paths into your network. Late last year the Google WiFi issue made people aware of how carelessly they treat their data on a day-to-day basis. The Street View cars simply collected data that was, metaphorically speaking, ‘floating around in the air’ anyway, and that, in theory, was also accessible to everybody else - they did not hack into any of these networks. Anyone with a reasonable grasp of technology can collect WiFi data these days, so it is important to strengthen your wireless network’s protection.

Here are 6 easy tips on how to do that - whether it is a home or business WLAN:

Use WPA2 encryption – Older security options like WEP can be broken in moments without special equipment or techniques using something as simple as a browser add-on or mobile phone application. WPA2 is the latest security algorithm which is included with virtually all wireless systems, and should be selected from the configuration screen.

Have a password longer than 10 characters – Even newer encryption schemes like WPA2 can be compromised using attacks which employ an automated process to try billions of possible passwords. Longer passwords don’t need to be hard to remember. Using a phrase like “makemywirelessnetworksecure” instead of a shorter, more complex password like “w1f1p4ss!” offers far more security, as the computing power to test and break such a long key cannot be realized.

In your password, add numbers, special characters and use upper and lower case characters – Complex passwords increase the amount of characters which must be considered when performing password cracking. For example, if your password consists of 4 digits and you only use numbers, there will be 10 times 4 (10,000) possibilities. If you additionally use the alphabet in only small cases, you will get 36 times 4 possibilities (1,6 million). Forcing a cracking program to choose from 104 characters times 11 digits results in 15,394,540,563,150,776,827,904 possibilities. This increases the time needed to crack such a password from seconds to millions of years.

Don’t use standard SSIDs – Many wireless routers ship with a default wireless network name (also known as the SSID) like “netgear” or “linksys” which most users do not bother to change. This SSID is used as part of the password by the WPA2 encryption. Not changing this allows hackers to prepare password look-up lists for common SSIDs (rainbow tables) which speed up the password cracking process drastically, enabling them to test millions of passwords per second. Having a custom SSID drastically increases the work and time needed to attempt to compromise your wireless network.

Leave personal information out of your SSID – You don’t want to give hackers a way to know that your network is worth trying to compromise. Putting “John’s House” as the SSID provides information which might be useful to a nosy, tech-saavy neighbor or someone targeting your business. Don’t give hackers a way to see whether a wireless network is yours, or the one of the shop around the corner, use something vague which doesn’t identify you or your location.

Tune the range of the radio – Modern access points have multiple antennas and transmit power, letting their signal reach far beyond the walls of the places they are providing access to. Some products let you adjust the transmission power of the radio using menu options. This provides a way to limit how far outside your location someone can pick up your wireless signal and work on compromising your network.

For companies, however, the tips above are a good start, but of course they have a greater challenge to master and business oriented wireless security solutions are generally still inflexible, expensive and complex. It would be fatal though to fall back on consumer products as they naturally provide a much lower level of security than enterprise solutions! If you are searching for a wireless networking solution for your business that is secure and easy to deploy, check out Astaro Wireless Security.

Do you really understand cloud computing?

Jessica Pozerski — Sun, 03 Apr 2011 15:43:20 +0000

Cloud computing has become a phrase we are all accustom to hearing, yet there are still aspects of this phenomenon that many struggle to understand. Part of the reason is the jargon that emerged along with cloud computing. Terms like "CDN", "cloud broker", "cloud sourcing" and others have no parallel outside of cloud computing and thus can cause some confusion.

During the Interop conference in Las Vegas Astaro's Jack Daniel will present "Cloud Definitions you’ve been Struggling to Understand". In this presentation Jack will explain common cloud computing terminology and discuss some common misconceptions about cloud computing as well as highlight some interesting cloud technologies you and your business may not even know exist.

The presentation will take place on:
Tuesday, May 10th at 10:15 a.m.
Mandalay Bay Room J.

Use registration code CNYKNL01 when registering to receive a free expo pass or 25% off a conference pass so you can see this informative presentation. Then visit Astaro at booth #960.

Astaro Log Management in Beta Status

Kathrin Moeschle — Thu, 31 Mar 2011 08:47:52 +0000

I’m happy to announce our new Log Management service which will be available at the end of June with the ASG V8.200 update. You may like to bridge the gap and test the ASG Beta version which also includes Log Management – for free, of course!

With Astaro Log Management, you are able to search all logs across all your systems with a single click, reducing troubleshooting time by up to 80%. The system can automatically alert administrators to repeated failed logins, application errors etc., so they are able to fix IT issues before users even notice. Additionally, it will help organizations comply with PCI standards and other regulations..

» How To Get Your Astaro Log Management BETA

During the ASG V8.2 Beta period, which will run until approximately late June, we would like to encourage you to post your impressions, feedback, bug reports and all the associated issues you like (and don't like) in our user forum. At the end of the beta, we will reward our most active contributors with great prizes!
You can find more information such as our datasheet and 2 Minute Explainer video on Log Management on our website.

I'm looking forward to your feedback. Enjoy testing!

Kathrin Möschle
Product Marketing Manager

Getting the most out of your vendor relationship

Bob Darabant — Fri, 25 Mar 2011 15:18:52 +0000

As a reseller, VAR or managed service provider vendors will contact you to discuss how you can improve your business by offering their products. You may think that deciding which products to offer is the most important part of developing your business but this is not the case. The most important point in the process of developing a successful business comes after you’ve evaluated your options and decided on which partner program to join. This is when you develop and strengthen your vendor relationship and partnerships truly grow. Below are some tips for getting the most out of your vendor relationships.

Train yourself, or get trained
All vendors should offer courses to partners to get them up-to-speed on their products and services. These trainings can be a combination of in person, on demand, videos, or even full day courses. These training session can help you better understand the products you are now offering and in some cases offer advice on how to attract particular types of customers that you may wish to target. Whatever the vendor offers you should take advantage of it.

Talk to other members of partner program
When joining a new partner program it is wise to get to know the other members of the program. They will offer insight into the vendor’s practices and policies as well as tips on how to be successful with this vendor. If you chose your partner program wisely the vendor won’t be over distributed so other partners won’t view you as a threat or as competition. Instead you will be able to collaborate with other partners on a consistent basis and work with one another for mutual success. Start getting to know other partners when you first join the program and you will make valuable business contacts that will help your business thrive in all different aspects.

Become an expert on how products serve particular vertical
It is not enough to understand how a product works; successful partners also know how the products solve specific problems. If your company already has a specific vertical expertise, ask the vendor if they have messaging or information about their product satisfying the needs of that vertical. Customer success stories are another great resource. Ask if they have any customer stories that can be shared and talk to the partners you are developing relationships with to determine if they have any customer references you can talk to so you can understand their needs and how this product satisfied them.

Take advantage of marketing dollars and resources
And finally, once you join a partner program ask to set up a meeting with the marketing department to discuss what kinds of programs they offer. Events, email marketing campaigns, co-op dollars and other programs designed with you in mind will only serve to help you find more customers. Take advantage of these opportunities and watch your business grow faster.

Review: Astaro at CeBIT 2011

Monika Schraft — Thu, 17 Mar 2011 11:25:54 +0000

What an incredible week! Even the train strike on Friday could not stop visitors coming to our booth. We had some very busy, but absolutely exciting days. We were happy to welcome partners accompanied by their customers as well as new faces who were interested to learn more about Astaro. At some times, the capacity limit of our booth was definitively reached, and people queued at each presentation terminal!

In order to present what is new at Astaro, we not only had demonstration terminals that had preview versions of all new solutions to come in 2011 (Astaro Application Control, Astaro Log Management and Astaro Endpoint Security), but also workshops on the second level of our booth four times a day! Judging by how many interested participants came for every session, our news as well as the older solutions seem to be creating much excitement! Also, the feedback we received from partners and customers whenever we talked about the Astaro Security Wall was very encouraging: Our strategy is what they are looking for.

At the end of each day, partners and customers were invited to join us for the traditional Orange Hour, to sit together over some beer and finger food. Those Orange Hours could have gone on all nights, as we had a great atmosphere and even further technical discussions and demonstrations, but at some point, you have to cut it – when the food is empty.

We are looking forward to seeing all again at the next tradeshow!

RSA Summary and Coverage

Jessica Pozerski — Tue, 08 Mar 2011 16:36:45 +0000

Once again Astaro attended the annual RSA conference in San Francisco. During the event we introduced Astaro Log Management, Astaro Application Control and Astaro End Point Security. The booth was busy as we had many great conversations with potential customers and partners as well as press and analyst interviews. We conducted 10 press interviews at the booth. A summary of the resulting coverage can be accessed below.

In addition to our booth activities Astaro was nominated for several awards from SC Magazine and the 7th annual Info Security’s Global Product Awards. In all we were a finalist in 7 categories between the two award programs and took home the first prize in the category Best Integrated Security/UTM product for the Astaro Security Gateway V8 in the Info Security’s Global Product Awards.

Astaro Awarded 5 Stars by SC Magazine for Web Content Filtering

Jessica Pozerski — Tue, 08 Mar 2011 16:38:57 +0000

Astaro was recognized with a 5 star review by SC Magazine for our web content filtering technology. The full review can be read here: Web Content Management.

What is most impressive about the review isn’t the spectacular comments regarding the technology it is what they have listed as the negative: nothing. There was only one other company that didn’t have any negatives listed but their product was a purely web content management product.

Up2Date 7.510 Released

Angelo Comazzetto — Mon, 07 Mar 2011 16:01:04 +0000

The main reason for this release is to make our "One-Touch Update to V8 for Appliances" available to all valid remaining ASG installations; notably those with Wireless Security enabled via Full Guard licensing and Stand-Alone licenses. Cluster and HA environments using ASG appliances can also now use this feature. In addition, we will use the opportunity to issue a few fixes.

As promised, we have updated the landing target of the appliance migration process; those making use of this one-touch operation will now land at ASG V8.102. More details are below.

UpDate 7.510 Details

Remarks:

Configuration will not be upgraded
System will be rebooted

News:

Enabled upgrade to V8 for Wireless and HA/Cluster systems

Fixes:

[14097] HTTPS scanning only applies for the first network in list
[14594] After update to v7.506, German online-help is not reachable any more
[16088] No entries in the Packetfilter Log (HA/Cluster Mode) during some situations

Download Information
Manual Link: ftp://ftp.astaro.de/pub/ASG/v7/up2date/u2d-sys-7.510.tgz.gpg
Size: ~45 MB
MD5: 326a5c779dba1d83ef734470db61b30b

Astaro Up2Date technology makes it easy to upgrade your Astaro Security Gateway to the latest version. There are two ways to apply an Up2Date package to the system:

Log on to WebAdmin, navigate to Management >> Up2Date >> Overview and use Update to latest version now to install the Firmware Up2Date. Click on the "Watch Up2Date Progress in new window" and an extra browser window will show the progress of the Up2Date installation. (The System administrator will receive a notification email once the Up2Date process has finished.)
Download the Up2Date package from our HTTP or FTP Server and install it under Management >> Up2Date >> Advanced:

Astaro ASG Up2Date Download Mirrors:

Feedback

If you want to provide feedback or want to discuss any of the ASG features you should post it on our User Bulletin Board. Please indicate the version you are using (e.g. "[7.510] One-Touch Upgrade").
If you have any feedback on our help, manual, or any documentation (Online Help) please send it to docu@astaro.com.

Regards,
Angelo Comazzetto
Astaro Product Manager

Better Archive Your E-Mails – Because E-Mail Outages Do Happen!

Eric Begoc — Wed, 02 Mar 2011 08:16:53 +0000

Well, luckily I’m not one of the 0,02% of Google Mail users that where affected by Monday's massive outage, resulting in empty mail accounts. After a software storage update, Google’s Gmail service lost e-mails of roughly 38,000 users.

Luckily one-third of them have their data restored already, but the remaining users will most probably have to wait for another 12 hours to get their e-mails back.

Ok, most Gmail users have their account for private purposes – but still: Imagine being cut off from your inbox for two days – and not only from your inbox but from virtually every e-mail you have ever received. And now imagine how such a loss would affect your business and please be honest – don’t just say that this could never happen to your systems.

True, if you backup your data (and yes, you always should) you will have at least something to restore from and get back all your data. But again, restores are time consuming and complex.

However, if I would be affected by an outage of my e-mail system, Astaro Mail Archiving would save my day. With my Archive Client (whether using a web-browser, MS Outlook or even an iPhone) I always have access to every e-mail I ever received or sent - whether from yesterday, last month or even years back.

Obviously, archiving solutions are mainly built to focus on business needs like optimizing workflows, helping e-mail management processes and complying with legal requirements. But if all goes wrong with your e-mail system, Astaro Mail Archiving just shows another built-by-design feature: Rock-solid, reliable access from everywhere to your most valuable communication data - your e-mails.

iPhone App for Astaro Mail Archiving – now available

Kathrin Moeschle — Wed, 02 Mar 2011 16:18:43 +0000

As announced recently: with our new app you gain access to Astaro Mail Archiving from your iPhone. And tataaaa: it is now available for download.

Please just search the Appstore for “Astaro Mail Archiving” and download the app to your iPhone or follow this link.
From now on you can use your iPhone to run searches and process your e-mails just like you are used to from your Outlook plugin or the Web frontend. It is free of cost but please be aware that you need an Astaro Mail Archiving license to really use the app.

You don’t know Astaro Mail Archiving yet? It is a hosted mail archiving solution meeting all requirements in terms of legal compliance, data protection, easy handling for users and administrators topped by transparent pricing. The service is set up in less than 15 minutes and instantly provides customers with endless storage for an unlimited time. Please feel free to try: www.astaro.com/ama

We would like to show you the new iPhone App live and invite you to join our demonstration webinar.

To follow the webinar on Tuesday 15th March 2011

in German language at 11am CET please register here
in English language at 4pm CET please register here

Astaro at CeBIT 2011 - Three new product previews

Monika Schraft — Tue, 01 Mar 2011 11:00:39 +0000

Participation at the CeBIT has always been mandatory for Astaro, and this year, we are of course present again in Hanover. Today is the first day of the fair, and we had a really good start – only two hours after the CeBIT opened its gates, our booth was buzzing with visitors.

We are excited to welcome partners, customers and journalists at our booth and to introduce our upcoming innovations: Astaro Application Control, Astaro Log Management and Astaro Endpoint Security. We also see a lot of new faces, system integrators as well as end users, wanting to learn more about Astaro and our UTM solutions! Judging by how every single table is occupied with interested customers, our news seems to be creating much excitement!

For all those who cannot visit us in Hanover, you may find some impressions of the event below. Alternatively you can follow us on Twitter to receive the latest news from the CeBIT in realtime.

Security Pattern Updates

Sven Wurth — Tue, 01 Mar 2011 07:37:11 +0000

This is a complete list of modified, newly added or deleted rules for the latest Astaro IPS Pattern Up2date. Our IPS Pattern Up2dates are automatically executed on your appliance if you have applied this rule via your WebAdmin.

We suggest that you set the pattern download and installation intervals to 15 minutes, which is the default. This option can be found under the following path: Webadmin >> Management >> Up2Date >> Pattern download/installation interval.

If this has already been set, there is no need to make any further adjustments.

Date: 2011-02-10

New rules:
18458 <-> BOTNET-CNC Night Dragon initial beacon (botnet-cnc.rules, High)
18459 <-> BOTNET-CNC Night Dragon keepalive message (botnet-cnc.rules, High)
Updated rules:
15357 <-> WEB-CLIENT Adobe PDF JBIG2 remote code execution attempt (web-client.rules, High)

Date: 2011-02-08

New rules:
18336 <-> BLACKLIST USER-AGENT known malicious user-agent string gbot/2.3 (blacklist.rules, High)
18337 <-> BLACKLIST USER-AGENT known malicious user-agent string iamx/3.11 (blacklist.rules, High)
18338 <-> BLACKLIST USER-AGENT known malicious user-agent string NSISDL/1.2 (blacklist.rules, High)
18339 <-> BLACKLIST USER-AGENT known malicious user-agent string NSIS_Inetc (blacklist.rules, High)
18340 <-> BLACKLIST USER-AGENT known malicious user-agent string ClickAdsByIE 0.7.5 (blacklist.rules, High)
18341 <-> BLACKLIST USER-AGENT known malicious user-agent string UtilMind HTTPGet (blacklist.rules, High)
18342 <-> BLACKLIST USER-AGENT known malicious user-agent string NSIS_DOWNLOAD (blacklist.rules, High)
18343 <-> BLACKLIST USER-AGENT known malicious user-agent string WSEnrichment (blacklist.rules, High)
18344 <-> BLACKLIST USER-AGENT known malicious user-agent string FSD (blacklist.rules, High)
18345 <-> BLACKLIST USER-AGENT known malicious user-agent string Macrovision_DM_2.4.15 (blacklist.rules, High)
18346 <-> BLACKLIST USER-AGENT known malicious user-agent string GPRecover (blacklist.rules, High)
18347 <-> BLACKLIST USER-AGENT known malicious user-agent string AutoIt (blacklist.rules, High)
18348 <-> BLACKLIST USER-AGENT known malicious user-agent string Opera/9.80 Pesto/2.2.15 (blacklist.rules, High)
18349 <-> BLACKLIST USER-AGENT known malicious user-agent string Flipopia (blacklist.rules, High)
18350 <-> BLACKLIST USER-AGENT known malicious user-agent string GabPath (blacklist.rules, High)
18351 <-> BLACKLIST USER-AGENT known malicious user-agent string GPUpdater (blacklist.rules, High)
18352 <-> BLACKLIST USER-AGENT known malicious user-agent string PinballCorp-BSAI/VER_STR_COMMA (blacklist.rules, High)
18353 <-> BLACKLIST USER-AGENT known malicious user-agent string SelectRebates (blacklist.rules, High)
18354 <-> BLACKLIST USER-AGENT known malicious user-agent string opera/8.11 (blacklist.rules, High)
18355 <-> BLACKLIST USER-AGENT known malicious user-agent string Se2011 (blacklist.rules, High)
18356 <-> BLACKLIST USER-AGENT known malicious user-agent string random (blacklist.rules, High)
18357 <-> BLACKLIST USER-AGENT known malicious user-agent string Setup Factory (blacklist.rules, High)
18358 <-> BLACKLIST USER-AGENT known malicious user-agent string NSIS_INETLOAD (blacklist.rules, High)
18359 <-> BLACKLIST USER-AGENT known malicious user-agent string Shareaza (blacklist.rules, High)
18360 <-> BLACKLIST USER-AGENT known malicious user-agent string Oncues (blacklist.rules, High)
18361 <-> BLACKLIST USER-AGENT known malicious user-agent string Downloader1.1 (blacklist.rules, High)
18362 <-> BLACKLIST USER-AGENT known malicious user-agent string Search Toolbar 1.1 (blacklist.rules, High)
18363 <-> BLACKLIST USER-AGENT known malicious user-agent string GPRecover (blacklist.rules, High)
18364 <-> BLACKLIST USER-AGENT known malicious user-agent string msndown (blacklist.rules, High)
18365 <-> BLACKLIST USER-AGENT known malicious user-agent string Agentcc (blacklist.rules, High)
18366 <-> BLACKLIST USER-AGENT known malicious user-agent string OCInstaller (blacklist.rules, High)
18367 <-> BLACKLIST USER-AGENT known malicious user-agent string FPRecover (blacklist.rules, High)
18368 <-> BLACKLIST USER-AGENT known malicious user-agent string Our_Agent (blacklist.rules, High)
18369 <-> BLACKLIST USER-AGENT known malicious user-agent string iexp-get (blacklist.rules, High)
18370 <-> BLACKLIST USER-AGENT known malicious user-agent string Mozilla Windows MSIE (blacklist.rules, High)
18371 <-> BLACKLIST USER-AGENT known malicious user-agent string QvodDown (blacklist.rules, High)
18372 <-> BLACKLIST USER-AGENT known malicious user-agent string StubInstaller (blacklist.rules, High)
18373 <-> BLACKLIST USER-AGENT known malicious user-agent string Installer (blacklist.rules, High)
18374 <-> BLACKLIST USER-AGENT known malicious user-agent string MSDN SurfBear (blacklist.rules, High)
18375 <-> BLACKLIST USER-AGENT known malicious user-agent string HTTP Wininet (blacklist.rules, High)
18376 <-> BLACKLIST USER-AGENT known malicious user-agent string Trololo (blacklist.rules, High)
18377 <-> BLACKLIST USER-AGENT known malicious user-agent string malware (blacklist.rules, High)
18378 <-> BLACKLIST USER-AGENT known malicious user-agent string AutoHotkey (blacklist.rules, High)
18379 <-> BLACKLIST USER-AGENT known malicious user-agent string AskInstallChecker (blacklist.rules, High)
18380 <-> BLACKLIST USER-AGENT known malicious user-agent string FPUpdater (blacklist.rules, High)
18381 <-> BLACKLIST USER-AGENT known malicious user-agent string Travel Update (blacklist.rules, High)
18382 <-> BLACKLIST USER-AGENT known malicious user-agent string WMUpdate (blacklist.rules, High)
18383 <-> BLACKLIST USER-AGENT known malicious user-agent string GPInstaller (blacklist.rules, High)
18384 <-> BLACKLIST USER-AGENT known malicious user-agent string Install Stub (blacklist.rules, High)
18385 <-> BLACKLIST USER-AGENT known malicious user-agent string HTTPCSDCENTER (blacklist.rules, High)
18386 <-> BLACKLIST USER-AGENT known malicious user-agent string AHTTPConnection (blacklist.rules, High)
18387 <-> BLACKLIST USER-AGENT known malicious user-agent string dwplayer (blacklist.rules, High)
18388 <-> BLACKLIST USER-AGENT known malicious user-agent string RookIE/1.0 (blacklist.rules, High)
18389 <-> BLACKLIST USER-AGENT known malicious user-agent string 3653Client (blacklist.rules, High)
18390 <-> BLACKLIST USER-AGENT known malicious user-agent string Delphi 5.x (blacklist.rules, High)
18391 <-> BLACKLIST USER-AGENT known malicious user-agent string MyLove (blacklist.rules, High)
18392 <-> BLACKLIST USER-AGENT known malicious user-agent string qixi (blacklist.rules, High)
18393 <-> BLACKLIST USER-AGENT known malicious user-agent string vyre32 (blacklist.rules, High)
18394 <-> BLACKLIST USER-AGENT known malicious user-agent string OCRecover (blacklist.rules, High)
18395 <-> BLACKLIST USER-AGENT known malicious user-agent string Duckling/1.0 (blacklist.rules, High)
18396 <-> WEB-CLIENT Windows Hypervisor denial of service vfd download attempt (web-client.rules, High)
18397 <-> MISC HP DDMI Agent spoofing - command execution (misc.rules, High)
Updated rules:
3535 <-> WEB-CLIENT GIF transfer (web-client.rules, Low)
3551 <-> WEB-CLIENT .hta download attempt (web-client.rules, Low)
3633 <-> WEB-CLIENT bitmap transfer (web-client.rules, Low)
4194 <-> WEB-CLIENT multipacket CBO CBL CBM file transfer start (web-client.rules, Low)
4678 <-> WEB-CLIENT quicktime movie file transfer (web-client.rules, Low)
5740 <-> WEB-CLIENT Microsoft HTML help workshop file .hhp download attempt (web-client.rules, Low)
5741 <-> WEB-CLIENT Microsoft HTML help workshop buffer overflow attempt (web-client.rules, High)
6688 <-> WEB-CLIENT PNG file transfer (web-client.rules, Low)
9845 <-> WEB-CLIENT M3U File Download Detected (web-client.rules, Low)
13465 <-> WEB-CLIENT Microsoft Works file download request (web-client.rules, Low)
13515 <-> WEB-CLIENT Quicktime user agent (web-client.rules, Low)
13584 <-> WEB-CLIENT csv file download request (web-client.rules, Low)
13801 <-> WEB-CLIENT RTF file download (web-client.rules, Low)
13911 <-> WEB-CLIENT Microsoft search file download attempt (web-client.rules, Low)
13982 <-> WEB-CLIENT Microsoft Powerpoint file download attempt (web-client.rules, Low)
13983 <-> WEB-CLIENT Microsoft Office eps file download (web-client.rules, Low)
14017 <-> WEB-CLIENT MPEG Layer 3 playlist file request (web-client.rules, Low)
14018 <-> WEB-CLIENT PLS multimedia playlist file request (web-client.rules, Low)
14086 <-> BACKDOOR Adware.Win32.Agent.BM runtime detection 1 (backdoor.rules, High)
14087 <-> BACKDOOR Adware.Win32.Agent.BM runtime detection 2 (backdoor.rules, High)
15123 <-> WEB-CLIENT Rich Text Format file request (web-client.rules, Low)
15184 <-> CHAT MSN messenger http link transmission attempt (chat.rules, High)
15294 <-> WEB-CLIENT Microsoft Visio file download request (web-client.rules, Low)
15426 <-> WEB-CLIENT MAKI file request (web-client.rules, Low)
15463 <-> WEB-CLIENT Microsoft Excel file request (web-client.rules, Low)
15464 <-> WEB-CLIENT Microsoft Excel file request (web-client.rules, Low)
15471 <-> WEB-CLIENT asp file upload (web-client.rules, Low)
15516 <-> WEB-CLIENT AVI multimedia file request (web-client.rules, Low)
15586 <-> WEB-CLIENT Powerpoint file download request (web-client.rules, Low)
15587 <-> WEB-CLIENT Word file download request (web-client.rules, Low)
15865 <-> WEB-CLIENT MP4 file request (web-client.rules, Low)
15921 <-> WEB-CLIENT Microsoft media format file download request (web-client.rules, Low)
15922 <-> WEB-CLIENT mp3 file download request (web-client.rules, Low)
15945 <-> WEB-CLIENT RSS file download request (web-client.rules, Low)
16143 <-> WEB-CLIENT Microsoft asf file download (web-client.rules, Low)
16219 <-> WEB-CLIENT Adobe Director file format transfer (web-client.rules, Low)
16425 <-> WEB-CLIENT request for Portable Executable binary file (web-client.rules, Low)
16473 <-> WEB-CLIENT Microsoft Windows Movie Maker project file download request (web-client.rules, Low)
16474 <-> WEB-CLIENT Microsoft Compound File Binary v3 file download (web-client.rules, Low)
16475 <-> WEB-CLIENT Microsoft Compound File Binary v4 file download (web-client.rules, Low)
16476 <-> WEB-CLIENT Microsoft .MSProducer file download request (web-client.rules, Low)
16477 <-> WEB-CLIENT Microsoft .MSProducerZ file download request (web-client.rules, Low)
16478 <-> WEB-CLIENT Microsoft .MSProducerBF file download request (web-client.rules, Low)
16691 <-> WEB-CLIENT PLF playlist file download request (web-client.rules, Low)
17116 <-> WEB-CLIENT asx file download request (web-client.rules, Low)
17229 <-> WEB-CLIENT Tiff file download - little-endian (web-client.rules, Low)
17230 <-> WEB-CLIENT Tiff file download - big-endian (web-client.rules, Low)
17241 <-> WEB-CLIENT Microsoft wmv file download request (web-client.rules, Low)
17259 <-> WEB-CLIENT .mov file request (web-client.rules, Low)
17314 <-> WEB-CLIENT OLE Document file download (web-client.rules, Low)
17359 <-> WEB-CLIENT xbm image file download request (web-client.rules, Low)
17366 <-> WEB-CLIENT Microsoft Help Workshop HPJ OPTIONS section buffer overflow attempt (web-client.rules, High)
17394 <-> WEB-CLIENT GIF file download request (web-client.rules, Low)
17426 <-> WEB-CLIENT RAT file download request (web-client.rules, Low)
17491 <-> SPECIFIC-THREATS Microsoft Word mso.dll LsCreateLine memory corruption attempt (specific-threats.rules, High)
17547 <-> WEB-CLIENT Apple Quicktime SMIL transfer (web-client.rules, Low)
17552 <-> WEB-CLIENT Adobe Pagemaker file request (web-client.rules, Low)
17600 <-> WEB-CLIENT .xul document retrieval (web-client.rules, Low)
17751 <-> WEB-CLIENT OpenType Font file download request (web-client.rules, Low)
17809 <-> WEB-CLIENT quicktime movie file transfer (web-client.rules, Low)
18196 <-> WEB-CLIENT Microsoft Internet Explorer CSS importer use-after-free attempt (web-client.rules, High)
18240 <-> WEB-CLIENT Microsoft Internet Explorer CSS importer use-after-free attempt (web-client.rules, High)
18243 <-> SPECIFIC-THREATS Microsoft Windows 7 IIS7.5 FTPSVC buffer overflow attempt (specific-threats.rules, High)
18265 <-> WEB-CLIENT Microsoft Office thumbnail bitmap invalid biClrUsed attempt (web-client.rules, High)
18335 <-> WEB-CLIENT Microsoft MHTML XSS attempt (web-client.rules, High)

Date: 2011-02-01

New rules:
18321 <-> WEB-ACTIVEX SonicWall Aventail EPInterrogator ActiveX clsid access (web-activex.rules, High)
18322 <-> WEB-ACTIVEX SonicWall Aventail EPInterrogator ActiveX function call access (web-activex.rules, High)
18323 <-> WEB-ACTIVEX SonicWall Aventail EPInstaller ActiveX clsid access (web-activex.rules, High)
18324 <-> WEB-ACTIVEX SonicWall Aventail EPInstaller ActiveX function call access (web-activex.rules, High)
18325 <-> WEB-ACTIVEX Image Viewer CP Gold 6 ActiveX clsid access (web-activex.rules, High)
18326 <-> FTP ProFTPD mod_site_misc module directory traversal attempt (ftp.rules, High)
18327 <-> SCADA Kingview HMI heap overflow attempt (scada.rules, High)
18328 <-> WEB-CLIENT Adobe Flash Player dwmapi.dll dll-load exploit attempt (web-client.rules, High)
18329 <-> WEB-ACTIVEX Microsoft WMI Administrator Tools Object Viewer ActiveX function call access (web-activex.rules, High)
18330 <-> NETBIOS Adobe Flash Player dwmapi.dll dll-load exploit attempt (netbios.rules, High)
18331 <-> WEB-CLIENT Microsoft Office Visio DXF variable name overflow attempt (web-client.rules, High)
18332 <-> WEB-CLIENT Mozilla Firefox JS Web Worker arbitrary code execution attempt (web-client.rules, High)
18333 <-> WEB-MISC phpBook date command execution attempt (web-misc.rules, High)
18334 <-> WEB-MISC phpBook mail command execution attempt (web-misc.rules, High)
18335 <-> WEB-CLIENT Microsoft MHTML XSS attempt (web-client.rules, High)
Updated rules:
1324 <-> EXPLOIT ssh CRC32 overflow /bin/sh (exploit.rules, High)
1325 <-> EXPLOIT ssh CRC32 overflow filler (exploit.rules, High)
1326 <-> EXPLOIT ssh CRC32 overflow NOOP (exploit.rules, High)
1327 <-> EXPLOIT ssh CRC32 overflow (exploit.rules, High)
17416 <-> ORACLE Database Intermedia Denial of Service Attempt (oracle.rules, Medium)
17417 <-> ORACLE Database Intermedia Denial of Service Attempt (oracle.rules, Medium)
18241 <-> WEB-ACTIVEX Microsoft WMI Administrator Tools Object Viewer ActiveX clsid access (web-activex.rules, High)
18242 <-> WEB-ACTIVEX Microsoft WMI Administrator Tools Object Viewer ActiveX function call access (web-activex.rules, High)

Date: 2011-01-25
New rules:
18303 <-> SPECIFIC-THREATS Microsoft Internet Explorer script action handler overflow attempt (specific-threats.rules, High)
18304 <-> WEB-CLIENT Microsoft Internet Explorer span tag memory corruption attempt (web-client.rules, High)
18305 <-> SPECIFIC-THREATS Microsoft Internet Explorer span tag memory corruption attempt (specific-threats.rules, High)
18306 <-> SPECIFIC-THREATS Microsoft Internet Explorer span tag memory corruption attempt (specific-threats.rules, High)
18307 <-> SPECIFIC-THREATS Microsoft Internet Explorer frameset memory corruption attempt (specific-threats.rules, High)
18308 <-> WEB-CLIENT Adobe Acrobat Reader icc mluc interger overflow attempt (web-client.rules, High)
18309 <-> WEB-CLIENT VML fill method overflow attempt (web-client.rules, High)
18310 <-> SMTP Microsoft Office RTF parsing remote code execution attempt (smtp.rules, High)
18311 <-> WEB-MISC Novell iManager getMultiPartParameters unauthorized file upload attempt (web-misc.rules, High)
18312 <-> EXPLOIT Subversion 1.0.2 get-dated-rev buffer overflow over http attempt (exploit.rules, High)
18313 <-> SPECIFIC-THREATS Microsoft Internet Explorer createTextRange code execution attempt (specific-threats.rules, High)
18314 <-> SPECIFIC-THREATS NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarLookupSids lsa_io_trans_name heap overflow attempt (specific-threats.rules, Low)
18315 <-> NETBIOS DCERPC NCACN-IP-TCP wkssvc NetrValidateName2 overflow attempt (netbios.rules, High)
18316 <-> SPECIFIC-THREATS NETBIOS DCERPC NCACN-IP-TCP wkssvc NetrValidateName2 attempt (netbios.rules, Low)
18317 <-> SMTP RCPT TO IPSwitch proxy overflow attempt (smtp.rules, High)
18318 <-> WEB-MISC TLSv1 Client Change Cipher Spec message (web-misc.rules, Low)
18319 <-> SPECIFIC-THREATS NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarLookupSids lsa_io_trans_name heap overflow attempt (specific-threats.rules, Low)
18320 <-> SPECIFIC-THREATS WINS association context validation overflow attempt (specific-threats.rules, Medium)
Updated rules:
6584 <-> NETBIOS DCERPC NCACN-IP-TCP rras RasRpcSubmitRequest overflow attempt (netbios.rules, High)
8925 <-> NETBIOS DCERPC NCACN-IP-TCP wkssvc NetrAddAlternateComputerName overflow attempt (netbios.rules, High)
10603 <-> NETBIOS DCERPC NCACN-IP-TCP dns R_DnssrvUpdateRecord2 overflow attempt (netbios.rules, High)
10900 <-> NETBIOS DCERPC NCACN-IP-TCP dns R_DnssrvEnumRecords overflow attempt (netbios.rules, High)
12220 <-> EXPLOIT IBM Informix Dynamic Server long username buffer overflow attempt (exploit.rules, High)
12269 <-> WEB-ACTIVEX Microsoft Visual Basic 6 TLIApplication ActiveX clsid access (web-activex.rules, High)
12270 <-> WEB-ACTIVEX Microsoft Visual Basic 6 TLIApplication ActiveX function call (web-activex.rules, High)
12271 <-> DELETED WEB-ACTIVEX Microsoft Visual Basic 6 TLIApplication ActiveX function call access (deleted.rules, High)
12272 <-> DELETED WEB-ACTIVEX Microsoft Visual Basic 6 TLIApplication ActiveX function call unicode access (deleted.rules, High)
12417 <-> WEB-ACTIVEX Microsoft Visual FoxPro ActiveX clsid access (web-activex.rules, High)
12424 <-> RPC MIT Kerberos kadmind rpc RPCSEC_GSS buffer overflow attempt (rpc.rules, High)
12450 <-> WEB-ACTIVEX Microsoft Agent Control ActiveX function call access (web-activex.rules, High)
15670 <-> WEB-ACTIVEX Microsoft Video 6 ActiveX clsid access (web-activex.rules, High)
15671 <-> WEB-ACTIVEX Microsoft Video 6 ActiveX function call (web-activex.rules, High)
15904 <-> DELETED WEB-ACTIVEX Microsoft Video 6 ActiveX function call access (deleted.rules, High)
15905 <-> DELETED WEB-ACTIVEX Microsoft Video 6 ActiveX function call unicode access (deleted.rules, High)
15930 <-> NETBIOS Microsoft Windows SMB malformed process ID high field remote code execution attempt (netbios.rules, Medium)
16499 <-> DELETED NETBIOS DCERPC NCACN-IP-TCP dns R_DnssrvUpdateRecord2 overflow attempt (deleted.rules, High)
16500 <-> DELETED NETBIOS DCERPC NCACN-IP-TCP dns R_DnssrvEnumRecords overflow attempt (deleted.rules, High)
16523 <-> POLICY PDF with click-to-launch executable (policy.rules, Low)
17047 <-> DELETED NETBIOS Microsoft Windows DNS Server RPC management interface buffer overflow attempt (deleted.rules, High)
17326 <-> EXPLOIT Citrix Program Neighborhood Client buffer overflow attempt (exploit.rules, High)

Astaro Security Gateway 8.200 Public Beta

Angelo Comazzetto — Mon, 28 Feb 2011 14:18:50 +0000

Following months of planning and development, today I am happy to announce we have started a public Beta of our upcoming 8.200 release of Astaro Security Gateway. This is shaping up to be one of our biggest releases ever. You will find major new features like Application Visibility and Control to give you absolute dominion over your Internet connection, new Web Security reporting with custom reactive filters and email subscription lists for distribution, and a user authentication client which adds detailed per-user reporting and control. You are invited to test out this version and participate in our dedicated 8.200 Beta Forums to share your feedback, impressions, and report any bugs. Several members of our various teams will closely interact with the participants of this forum to ensure the best possible polish and quality of 8.200 for the GA release at the end of June.

We also reward our testers! Several of the top contributers and testers will receive great Astaro swag for their efforts! You can win access points, Astaro RED's, and your own ASG appliance for personal home use. For all the details of the 8.200 Beta program, and information on the release itself, read on!

How to be a Beta tester:
No forms, no pesky emails or submission process with a bunch of information to provide. We know that's not fun. To test ASG 8.200 Beta, just download the latest Beta ISO image via our forums (first version is 8.160), burn it to a CD and install it to your ASG software installation or appliance. Please be sure to download the appropriate ISO for your intended use platform. Once you are using the 8.200 Beta, you can continue to use Up2Date and install the next Beta releases for 8.200 without needing to re-install again. Just restore your backup file and you are up and running for the entire 8.200 Beta. So as to make your life even easiser, we will release a final Up2Date package at the end of the 8.200 Beta which will take your installation to the GA release of 8.200, saving you a re-install and restore once again.

How you can contribute:
During the period of the Beta for 8.200 (which will run until approximately late June), we would encourage you to post your impressions, feedback, bug reports, and all the associated things you like (and don't like!) in our offical 8.200 Beta forums. At the end of the Beta, we will reward our most active contributors; there are great prizes and rewards to be had!

Astaro Beta 8.200 Download Information:
For the first release of the Beta, version 8.160 is the version we'll start with. Future updates and releases will be communicated soley through the forums and not via this blog, so check there often for all the updates and news around the 8.200 release! You will find many answers to early questions, test license downloads, and general Beta information can be found in the launch overview for 8.200 here.

Initial Beta 8.200 Links (V8.160):

ASG ISO for Software/Virtual appliances (Your own hardware):
Download: ftp://ftp.astaro.de/pub/ASG/v8/beta/asg-8.160-7.1.iso
ISO size: 466Mb (489097216 bytes)
ISO md5sum: 8c9a113d75159bef1484b6339a577090
ISO sha1sum: a33ed194e0d25f2f0641c5f9c09536e40648d8be

SSI ISO for Astaro Hardware appliances (eg. an ASG 220):
Download: ftp://ftp.astaro.de/pub/ASG/v8/beta/ssi-8.160-7.1.iso
ISO size: 468M (490358784 bytes)
ISO md5sum: de678b45f2e289d54e180943b779e51f
ISO sha1sum: a60c3c2c85bb457ad1571e29c5f627fbf0dabbcb

8.200 Beta Feature Quick-Overview*
*Note that the Beta is subject to have features re-worked or changed, entirely new things may be added at anytime, and features which are not up to our standards may be delayed. There will always be new things and changes to test throughout the Beta.
Major New Things

Network Visibility and Application Control (Layer 7 Classification/Next Generation Firewall)
New Web Security Reporting
User Authentication (Windows Client) for Policies and Reporting

Minor New Things

3G/UMTS USB modem interface
KVM virtio support
WiFi improvements
Web Application Security improvements
Integration of Log Management cloud service
IPv6 support for SMTP proxy and HTTP proxy in "full transparent" mode
Packetfilter optimization (IPSet)
HTTP proxy multi-threading performance optimization

8.200 Beta Extended Feature Overview*
*Extended documentation with feature descriptions, along with Release Notes, will be posted for the GA release.

Network Visibility and Application Control (L7 classification)
Also known as "Next Generation Firewall", this new classification engine analyzes all network traffic and determines which "Application" this traffic is for. "Application" in this context can simply be a protocol (e.g. SSH, DNS, Bittorrent), but in many cases will be quite specific, like HTTP (Web) traffic will be classified in fine-grained way for Web Applications like Facebook or various Google Apps.
You can enable this at Web Security >> Network Visibility. This information will be used (so far) for:
    Web Security >> Network Visibility >> Application Control Rules: Block/Log application usage.
    Reporting >> Network Usage >> Accounting: Top Apps, Top Categories, Top Users.
    Interfaces & Routing >> Quality of Service: Shape traffic per application.
    Dashboard: Enhanced Bandwidth monitor (Show User/Hostname/Apps)

-This is a superset of the functionality offered of the old IM/P2P classifier and thus completely replaces it.

New Web Security Reporting
The Web Security Reporting was completely overhauled to give a better user experience tailored with how you expect to see data and get the information you are looking for easily.

Reactive filtering (filters build as you click)
Save custom filters, subscribe to periodical mail reports based on saved filters
Everything clickable, sortable, no dead ends
Search Engine report (search terms, users)

User Authentication (Windows Client) for Policies and Reporting
With the new Astaro Authentication Client (AAC) for Windows users can directly authenticate to the ASG.
This has two advantages:

Reporting will display user names instead of raw IPs if possible
You can use User Network and Group Network objects in e.g. packetfilter rules and they will only match for logged in users

(You can get similar benefits from a combination of static DHCP and DNS mappings, but with probably much more effort)
See Users >> Client Authentication for the configuration. You can also download the client there or via the User Portal.
You can also use this authentication for the HTTP proxy. Choose Transparent Client Authentication as the operational mode.

WAS (Web-Application Security) Improvements:

Form Hardening
Form hardening will check HTML form data submitted by clients. It ensures that clients do not submit fields they weren't offered, will make basic sanity checks of the submitted values according to their HTML specification.

Reputation-based Client blocking
The Web Application Firewall can now check clients against certain blacklists.
Block clients with bad reputation will currently block open proxies by using certain DNSBLs.
Block anonymizer proxies uses a static list updated by the pattern mechanism.

Sitemap-XML Support
If you have a Google Sitemap you can now use it in your Web Application Firewall profile to specify valid entry pages for URL Hardening. You can either upload the file or tell the ASG to download it from a given URL. In the latter case the ASG can also check the URL periodically for updates.

UMTS Modem Interface
Support for 3G/UMTS modems is now official (it was already present in 8.100 but not officially supported and only visible if you had a modem connected). Configure as usual over Interfaces & Routing >> Interfaces, type 3G/UMTS. For now, newly plugged-in modems will only be detected during boot-up, so you need to reboot your ASG if you connect a new one.

KVM performance optimization
When run in KVM, ASG now has support for VirtIO devices (disks/NICs), which results in increased performance for I/O operations.

Wireless Improvements
Firmware-side:

New WLAN driver, uses an Open-Source driver now instead of a proprietary vendor driver
802.11r Roaming
Rebootless reconfiguration (for majority of cases)

ASG-side:

SSID-to-AP Group Matrix
Ability to group APs
Push configuration without disconnect
Perform key negotiation only when confirming AP

Integration of Log Management Service
Astaro has a new cloud-based Log Management service, which is integrated with ASG 8.2. A preview version of this service is available and can be used free of charge with this beta. Currently the Log Management service is planned to be included with any ASG subscription.
See Log Management and more information can be found here.

IPv6 Improvements

IPv6 support for SMTP proxy
IPv6 support for HTTP proxy in "full transparent" mode
ICMPv6 service definitions

Packet filter optimization (IPset)
Packet filter rules that contain list of networks/IPs, either explicit (via network/DNS groups) or implicit (via lists in WebAdmin) now use IPset (IP sets) to reduce the number of generated iptables rules. This should improve memory consumption and performance.
This affects both user-generated packet filter rules (Network Security >> Firewall) and auto-generated rules (e.g. via Allowed Networks for services or Auto packet filter rules for VPNs).

Fixed Issues
Of course we also fixed a few bugs in this release. Here a list of the some of the most prominent current ones:
    [14019] SMTP relay attempts shown as webadmin logins
    [14073] WAF: SSL support for multiple DNS names (subjectAlternativeName certificates)
    [14186] WebAdmin last failed session count doesn't match executive report
    [14782] UTF-8 characters in realname of imported keys are not displayed correctly
    [14820] Virus uploads don't get blocked if XSS or SQL Injection filter (mod_security) is enabled
    [15438] Sortable tables and Batch-Operation use same GUI element
    [15440] Improve input validation for advanced bridge settings
    [15654] Packets mislabeled as connections in reporting
    [15972] Exceptions do not work for Cross Site Scripting, SQL-Injection or Cookie Signing
    [16103] missing table header at NAT and SNAT/DNAT
    [16153] Radius secret containing backtick character (`) doesn't work
    [16255] Exception for Certificate Trust Check does not work in transparent mode
    [16438] Self signed certificate in chain and an exception for all requests going to this category will not work for some banking sites

Enjoy the 8.200 Beta, we look forward to working with you throughout it.

Angelo Comazzetto
Astaro Product Manager

Astaro Command Center Up2Date 2.202 Released

Angelo Comazzetto — Fri, 25 Feb 2011 00:40:02 +0000

ACC Up2Date 2.202 has been released today. This is purely a maintenance release designed to enhance the stability and reliability of your Astaro Command Center installation. In March, we will provide information about V3 of our Command Center. Stay tuned! Read on for extended details of this Up2Date.

Details
Remarks:
* Your system will reboot after installation is complete.

News:
* This is a maintenance release

Fixes:
[15306] ACC-Daemon takes up to 100% CPU, no connection to any AxG-devices

Details:
Link: ftp://ftp.astaro.de/pub/ACC/v2.1/up2...-2.202.tgz.gpg

Download Information:
   Link: ftp://ftp.astaro.de/pub/ACC/v2/up2date/u2d-sys-2.202.tgz.gpg
   Size: ~41MB
   Md5 : 9a57c0e05608281585b9ceeb7781ead5

Astaro ACC Up2Date Download Mirrors:

Feedback

If you want to provide feedback or want to discuss any of the ACC V2 features you should post it on our User Bulletin Board. Please indicate the version you are using (e.g. "[2.202] Using Central Object Definitions").
If you have any feedback on our help, manual, or any documentation (Online Help) please send it to docu@astaro.com.
There are also demo servers for public use anytime at http://demo.astaro.com

Enjoy,

Angelo Comazzetto
Product Manager

Serious Security Issues with DNS Software BIND – Astaro Products Not Affected

Gert Hansen — Fri, 25 Feb 2011 14:20:27 +0000

The Internet Systems Consortium (ISC) and US-CERT have issued a vulnerability warning which concerns BIND, the most widely used DNS software. The affected versions are 9.7.1-9.7.2-P3. This could cause the DNS server to stop processing further requests.

More information is available at http://www.isc.org/software/bind/advisories/cve-2011-0414.

Astaro products are not affected by this issue however. Our vision as a company has always been to deliver products with the highest level of security. One aspect of this concept is minimalism: We only integrate applications, libraries, components and modules which are absolutely necessary. Everything else is not used. In this way, we significantly decrease the probability of our products being affected by security issues.

NEW CASE STUDY: Diebel Speditions GmbH archives e-mails with Astaro

Kathrin Moeschle — Tue, 22 Feb 2011 14:25:44 +0000

Diebel Speditions GmbH was looking for an e-mail solution that would be easy to manage. Ideally they wanted to set up a centrally controlled solution in their headquarters in Kassel capable of backing up data from their site in Spain as well as other branches in Germany.

„Astaro Mail Archiving is a specialized solution for archiving e-mails which is more than perfect for the job. No special, expensive hardware is required and our employees find it as easy and self-explanatory as using Outlook," explains Stefan Haake, Head of Accounting and Finance.

In our interview he described what he likes most about Astaro Mail Archiving:

Self-explanatory user interface
Fast search function
Minimal maintenance and administration requirements
Optimal adaptability to existing systems

By using Astaro Mail Archiving Services, Diebel Speditions GmbH saves on hardware and energy costs whilst at the same time fulfilling all legal requirements regarding archiving and data protection.

Please read the complete article here: http://www.astaro.com/resources/astaro-success-stories/hosted-mail-archiving-hassle-free

iPhone App for Astaro Mail Archiving – coming soon

Kathrin Moeschle — Fri, 18 Feb 2011 11:20:23 +0000

Good news for all iPhone users! We have just sent our brand new Astaro Mail Archiving iPhone App for review to Apple. As soon as everything is “apple-proof” you can download your iPhone App from the Appstore. For free!

But please be aware that you need an Astaro Mail Archiving account to really benefit.

With this App you can access your e-mail archive from your iPhone and see the newest e-mails, search the archive, view attachments and run favorite (saved) searches. Quick and easy. Just like you are used to from your Outlook plugin or Web frontend.

We will keep you posted as soon as the iPhone App is ready for download. Stay tuned!

PS: You don’t have an e-mail archive yet? It is never too late to test. The easiest way is to order a free 30-day-trial here: www.astaro.com/ama.

New ASG V8.102 Hardware, Software and Virtual Images

Angelo Comazzetto — Fri, 18 Feb 2011 16:04:48 +0000

As indicated last week, we have released updated images for Hardware, Software, and VMware virtual appliances. These allow you to install fresh Astaro Security Gateways at our most current production version of ASG V8.102. We have also added a VMware vSphere 4 image which includes new tools and support for VMware's latest ESX V4.x platforms. Direct download links and further information are inside.

Astaro provides many options for installing on our own official hardware, your provided hardware, or your virtual VMware installation. Please be sure you get the correct image for what you are wanting to install on/with. For example, there are three 8.102 ISO images for ASG Hardware appliances, one normal ISO (for burning to CD or using in a non-VMware virtualization product), and one for each version of the Astaro Smart Installer which allows you to install images using a special USB drive that contains a CD-Rom emulation chip.

*Please note that the Astaro Smart Installer is not a normal USB stick and you will not be able to burn one of those images to a non-ASI device.

ASG 8.102 Images
ASG Hardware Appliances
General CD
Link: ftp://ftp.astaro.de/pub/ASG/v8/hardware_appliance/iso/ssi-8.102-2.1.iso
Size: ~468MB
MD5: 159b7e7f63e8841e99e68f3aacc9dcd7

Astaro Smart Installer V2
Link: ftp://ftp.astaro.de/pub/ASG/v8/hardware_appliance/smart_installer/v2/ssi-8.102-2.1-ASI-V2.zip
Size: ~451MB
MD5: 0a27b1a8227d934129cf0d2db2c430a4

Astaro Smart Installer V1
Link: ftp://ftp.astaro.de/pub/ASG/v8/hardware_appliance/smart_installer/v1/ssi-8.102-2.1-ASI.zip
Size: ~459MB
MD5: ad043851da4cd7fd2bbb990b7f318049

ASG Software Appliances
General CD
Link: ftp://ftp.astaro.de/pub/ASG/v8/software_appliance/iso/asg-8.102-2.1.iso
Size: 458MB
MD5: d172544961b4e0f9591e81324b550a67

Astaro Smart Installer V2
Link: ftp://ftp.astaro.de/pub/ASG/v8/software_appliance/smart_installer/v2/asg-8.102-2.1-ASI-V2.zip
Size: 441MB
MD5: a1dbf74566563263754ca7d1a1154540

Astaro Smart Installer V1
Link: ftp://ftp.astaro.de/pub/ASG/v8/software_appliance/smart_installer/v1/asg-8.102-2.1-ASI.zip
Size: 440MB
MD5: 72f9c40023f48969744da9ab3e6bb949

VMware Appliances
VMware ESX4
Link: ftp://ftp.astaro.de/pub/ASG/v8/virtual_appliance/asg-8.102-esx-v4.zip
Size: ~1.1GB
MD5: 4de250f19e55164fc05fa7959bdd962f

VMware ESX3
Link: ftp://ftp.astaro.de/pub/ASG/v8/virtual_appliance/asg-8.102-esx-v3.zip
Size: ~1.1GB
MD5: 5c3806606651fb7ba496922d5c442fb9

VMware Player
Link: ftp://ftp.astaro.de/pub/ASG/v8/virtual_appliance/asg-8.102-vmware.zip
Size: ~1.1GB
MD5: 9adf8ff07a85af28779e0093ab2c10fd

If you have any questions on using these images you can make a post in our forums at www.astaro.org or open a support ticket with your Astaro Partner or support contact.

Introducing Three New IT Security Products for 2011

Monika Schraft — Wed, 16 Feb 2011 09:05:37 +0000

Continuing our approach of developing a more comprehensive approach to protecting company networks, we will add solutions for Next Generation Firewalling, Log Management and Data Leakage Prevention to our portfolio.

Network configurations and the threat landscape have become increasingly complex, making it necessary for organizations to consolidate their IT security. As we announced in our latest press release, 2011 will see Astaro Application Control, Astaro Log Management and Astaro Endpoint Security supporting our goal to take consolidation of IT security to a higher level.

Here you can find out more >

Astaro at the RSA - live and in color!

Jessica Pozerski — Tue, 15 Feb 2011 08:17:24 +0000

The RSA Conference in San Francisco is the event where we decided to exclusively unveil our new innovations for 2011: Astaro Next Generation Firewall, Astaro Endpoint Security and Astaro Log Management.

Interest at the Astaro booth (#2251) has so far been overwhelming and we hope that it continues to be so. We have set up a live stream, so you can see how much is going on for yourself.

Please note: The stream will only be on air during show times.

Video chat rooms at Ustream

Up2Date 8.102 Released

Angelo Comazzetto — Mon, 14 Feb 2011 21:50:23 +0000

We have released Up2Date 8.102 today for all ASG installations. This Up2Date is a stability release designed to enhance the reliability of your Astaro Security Gateway. Tomorrow, we plan to issue new ISO images along with brand new Virtual Appliances for VMware which use the vSphere 4 architecture, followed by updated ISO's for the Astaro Smart Installer. Read on for extended details of this Up2Date.

Details
Remarks:
* Your system will not be rebooted
* Configuration will not be upgraded

News:
* No news for this release

Fixes:
[16590] Exceptions without a configured source network that are in 'AND' mode are ignored by http proxy

Download Information:
   Link: ftp://ftp.astaro.de/pub/Astaro_Security_Gateway/v8/up2date/u2d-sys-8.102.tgz.gpg
   Size: ~2.6MB
   Md5: d42dcde436ea73776cce1e39b31bcd42

The ASG V8.000 release notes can be found here, 8.100+ release notes (here) are/will be located on the Astaro Support KB.
Astaro Up2Date technology makes it easy to upgrade your Astaro Security Gateway to the latest version. There are two ways to apply an Up2Date package to the system:

Log on to WebAdmin, navigate to Management >> Up2Date >> Overview and use Update to latest version now to install the Firmware Up2Date. Click on the "Watch Up2Date Progress in new window" and an extra browser window will show the progress of the Up2Date installation. (The System administrator will receive a notification email once the Up2Date process has finished.)
Download the Up2Date package from our HTTP or FTP Server and install it under Management >> Up2Date >> Advanced:

Astaro ASG Up2Date Download Mirrors:

Feedback

If you want to provide feedback or want to discuss any of the ASG V8 features you should post it on our User Bulletin Board. Please indicate the version you are using (e.g. "[8.102] Configuring Astaro AP30 Wireless Product").
If you have any feedback on our help, manual, or any documentation (Online Help) please send it to docu@astaro.com.
There are also demo servers for public use anytime at http://demo.astaro.com

Enjoy,

Angelo Comazzetto
ASG Product Manager

With new acquisitions UTM major Astaro can take on Pointsec, Aladdin and Utimaco

Cheryl Tuquib — Fri, 11 Feb 2011 12:19:01 +0000

At a time when Germany’s UTM (Unified Threat Management) appliance major Astaro has intensified its operations across the globe including India, the acquisitions of two of Europe’s leading security companies, Romania’s ‘CoSoSys’ and Denmark-based ‘InspektOnline’ by it has paved the way for the emergence of yet another holistic security firm.

Read more from India's Digital Edge article here.

IPS Pattern Updates

Sven Wurth — Thu, 10 Feb 2011 13:11:21 +0000

The Microsoft Active Protections Program (MAPP) is a program for security software providers.

Members of MAPP receive security vulnerability information from the Microsoft Security Response Center (MSRC) in advance of Microsoft’s monthly security update. By sharing vulnerability information prior to the public release of a security update, Microsoft enables security software providers who operate at the application and network layer to offer protection to our mutual customers in a timely manner.

This means, Astaro as a MAPP partner receives vulnerability information earlier. We can provide updated patterns for our Intrusion Prevention Systems (IPS) at the same moment as Microsoft releases their patches. Before the launch of MAPP, security software providers had to wait until the public release of a security update before building protections.

December

Microsoft Advisory:	Applicable Rules:

MS10-090	3:18197 3:18198 3:18199 3:18216 3:18217 3:18218 3:18221
MS10-091	3:18219 3:18220 3:18233
MS10-092	Not Applicable
MS10-093	3:18210 3:18211
MS10-094	3:18222 3:18223 3:18224 3:18225 3:18226 3:18227
MS10-095	3:18208 3:18209
MS10-096	3:18204 3:18205 3:18206 3:18207
MS10-097	3:18202 3:18203
MS10-098	Not Applicable
MS10-099	Not Applicable
MS10-100	Not Applicable
MS10-101	3:18215
MS10-102	Not Applicable
MS10-103	3:18212 3:18213 3:18214 3:18230 3:18231
MS10-104	3:18238
MS10-105	3:18200 3:18201 3:18229 3:18235 3:18236 3:18237
MS10-106	Not Applicable

November

Microsoft Advisory:	Applicable Rules:

MS10-087	3:18063 3:18067 3:18068 3:18069
MS10-088	3:18065 3:18066
MS10-089	3:18070 3:18071 3:18072 3:18073 3:18074 3:18076

October

Microsoft Advisory:	Applicable Rules:

MS10-071	3:17766 3:17767 3:17768 3:17769 3:17770 3:17771 3:17772 3:17774
MS10-072	3:17766 3:17767
MS10-073	Not Applicable
MS10-074	Not Applicable
MS10-075	3:17753
MS10-076	3:17747
MS10-077	3:18064
MS10-078	3:17752 3:17765
MS10-079	3:17754 3:17755 3:17756
MS10-080	3:17757 3:17758 3:17759 3:17760 3:17761 3:17762 3:17763 3:17764
MS10-081	Not Applicable
MS10-082	Not Applicable
MS10-083	3:17773
MS10-084	Not Applicable
MS10-085	3:17750
MS10-086

September

Microsoft Advisory:	Applicable Rules:

MS10-061	3:17252 3:17253
MS10-062	3:17242
MS10-063	3:17256
MS10-064	3:17251
MS10-065	1:17103 3:17254 3:17255
MS10-066	Not Applicable
MS10-067	3:17250
MS10-068	3:17249
MS10-069	Not Applicable
MS10-070	3:17428 3:17429

August

Microsoft Advisory:	Applicable Rules:

MS10-046	1:17042 1:17043
MS10-047	Not Applicable
MS10-048	Not Applicable
MS10-049	Not Applicable
MS10-050	3:17135
MS10-051	3:17133
MS10-052	3:17117
MS10-053	3:17115 3:17129 3:17130 3:17131 3:17132 3:17136
MS10-054	3:16577 3:17125 3:17126 3:17127
MS10-055	3:17128
MS10-056	3:17119 3:17120 3:17121 3:17122 3:17123 3:17124
MS10-057	3:17134
MS10-058	Not Applicable
MS10-059	Not Applicable
MS10-060	3:17114 3:17118

July

Microsoft Advisory:	Applicable Rules:

MS10-042	Not Applicable
MS10-043	3:16222
MS10-044	3:17037 3:17038 3:17039
MS10-045	3:17034 3:17035 3:17036

June

Microsoft Advisory:	Applicable Rules:

MS10-032	Not Applicable
MS10-033	3:16661 3:16663
MS10-034	1:16635
MS10-035	3:16637 3:16658 3:16659
MS10-036	Not Applicable
MS10-037	Not Applicable
MS10-038	3:16638 3:16639 3:16640 3:16641 3:16643 3:16644 3:16645 3:16646 3:16647 3:16648 3:16649 3:16650 3:16651 3:16652 3:16653 3:16654 3:16655 3:16656 3:16657 3:16662
MS10-039	3:16560 3:16660
MS10-040	Not Applicable
MS10-041	3:16636

May

Microsoft Advisory:	Applicable Rules:

MS10-030	3:16595
MS10-031	3:16593

April

Microsoft Advisory:	Applicable Rules:

MS10-019	3:16530
MS10-020	3:16531 3:16532 3:16539 3:16540 1:16287 1:16453 1:16454
MS10-021	Not Applicable
MS10-022	Not Applicable
MS10-023	3:16542
MS10-024	3:16534
MS10-025	3:16541
MS10-026	3:16543
MS10-027	3:16537
MS10-028	3:16535 3:16536
MS10-029	3:16533

March

Microsoft Advisory:	Applicable Rules:

MS10-016	3:16472
MS10-017	3:16461 3:16462 3:16463 3:16464 3:16465 3:16466 3:16467 3:16468 3:16469 3:16470 3:16471
MS10-018	3:16503 3:16504 3:16506 3:16507 3:16508 3:16509 3:16510 3:16511 3:16512

February

Microsoft Advisory:	Applicable Rules:

MS10-003	3:16416
MS10-004	3:16409 3:16410 3:16411 3:16412 3:16413 3:16421
MS10-005	3:16422
MS10-006	3:16417 3:16418
MS10-007	3:16414
MS10-008	3:16419 3:16420
MS10-009	3:16405 3:16408
MS10-010	Not Applicable
MS10-011	Not Applicable
MS10-012	3:15009 3:15124 3:15453 3:15847 3:16395 3:16396 3:16397 3:16398 3:16399 3:16400 3:16401 3:16402 3:16403 3:16404
MS10-013	3:16415
MS10-014	3:16394
MS10-015	Not Applicable

January

Microsoft Advisory:	Applicable Rules:

MS10-001	3:16366
MS10-002	3:16367 3:16369

What differentiates an archive from a backup?

Kathrin Moeschle — Wed, 02 Feb 2011 16:00:30 +0000

Even though both terms seem clear – at least in IT – they still get mixed up from time to time. Surely everybody regularly backups data. But do you also archive? And if not – why?

First of all we need to be aware why we do backups: a backup aims at copying the entire storage device to protect your company from data losses if the medium gets destroyed or lost. In that case you are prepared to simply restore the original data.

However, an archive is more than just a “bunch of data”. All files within an archive are tagged and retrievable. You don’t need to recover a complete tape for example in order to access one specific document.

This is also the reason why backups don’t meet legal requirements for archiving. Apart from national differences in details they all have one principle in common: it must be possible to retrieve a certain document (or proof that it does not exist) within an acceptable timeframe. In contrast to a backup system a compliant archive adds control features and impedes the deletion or modification of files or at least tracks changes.

By the way, best practice shows that you also simplify daily work routines when granting access to the archive for colleagues. Then, they can benefit from quick search functionality and retrieve old (or even newer) e-mails within less time than before.

ASG Appliances Now Shipping with V8

Angelo Comazzetto — Thu, 27 Jan 2011 18:27:29 +0000

Greetings! The success of ASG Version 8 continues. We released 8.100 last week, and in December flew past the 15,000 production-installs mark for V8 (in just a few short months). I am pleased to report that our factories have now fully switched over to ASG V8 for all currently-shipping ASG appliances.

This means customers taking delivery of new ASG orders will soon see them arriving with our latest and most feature-packed version already installed. Remember that 8.100 also includes support for our popular Wireless Security. The final release step will be 7.510 sometime in February which will allow existing Wireless Security and Full-Guard licenses running V7 to make use of the one-click upgrade-to-V8 feature.

As Version 8 proceeds further into the product life-cycle, we'd like to inform you at this time that V7 should be considered end-of-sale now. Further, we will officially end product support for V7 at the end of the year in 2012. Note that our ASG demo servers at http://demo.astaro.com are seeing increased usage, and we have plans to bring more online so they remain snappy and responsive. Note these now run ASG Version 8 exclusively.

Acquisitions and Record Growth in 2010

Jan Hichert — Thu, 27 Jan 2011 13:40:10 +0000

Last year was exceptionally successful for us: Astaro as a company grew over 30% during 2010 and more than 50% in the fourth quarter. This we did not accomplish on our own, as it is the continuous support and engagement of our partners that has brought us this far, and we highly appreciate it.

In 2009, we started our expansion and investment strategy, broadening our portfolio to deliver a complete suite of IT security solutions. In order to continue this strategy and to lift the consolidation of IT security and UTM to the next level, we made two acquisitions of cutting edge technology companies in 2010. In both cases, we took over and will carry on all business.

The first is Romania-based CoSoSys, which offers mobile data protection solutions for both PC and Mac. Although there are lots of different solutions on the market to secure endpoints, their complicated, decentralized management leads to only fragmentary protection. In 2011, we will release Astaro Endpoint Security as an integrated part of the Astaro Security Gateway, allowing central security management, no matter where the endpoint is located. With the integration of the complete CoSoSys staff into our team, Astaro gains an experienced development team that will take care of the further development of Astaro Endpoint Security.

Our second acquisition is the Denmark-based company InspektOnline, which drastically simplifies log management with its hosted service. Not only is log management important when trying to achieve compliance with different standards like PCI-DSS, but also for security monitoring and troubleshooting. Astaro Log Management will offer automated archiving, consolidating and reporting, providing administrators with a better overview of what is going on in their network.

During the economic crisis, many technology companies decided to hold back investments. Already in 2009, we decided to take the opposite approach and started the development of three completely new products that were released in 2010: Astaro RED, Astaro Wireless Security and Astaro Mail Archiving. We gained significant market share and grew faster than the market, and this allowed us to further invest in the expansion of our product portfolio in 2010. This year, we will launch amongst others:

Astaro Application Control / Next Generation Firewall: Helps to gain visibility of your Internet usage, blocks unwanted apps like Facebook or Ultrasurf while prioritizing internet bandwidth for business use.
Astaro Endpoint Security: Manages endpoints at any location by using a centrally deployed security agent to prevent data loss from removable devices.
Astaro Log Management: Centrally stores and analyzes log data from all your systems and applications to easily track errors, meet policies, and speeds up troubleshooting.

From our partners and customers, we learned that that it is time to consolidate security products on a higher level. In 2011, we will continue our investments in further functionality of our UTM core products and new technology areas like endpoint protection and log management. This is going to be an exciting year and I am really looking forward to it.

Up2Date 8.101 Released

Angelo Comazzetto — Thu, 27 Jan 2011 18:05:06 +0000

Following the release of the 8.100 GA last week, we have released 8.101 with some final tweaks and fixes. This release is designed to enhance the reliability and stability of your Astaro Security Gateway installation. Read on for the details regarding this Up2Date package.

Next week during the beginning of February we will issue new ISO images for hardware and software appliances, along with new vSphere4 virtual machine images for the latest VMware virtualization support.

Details
Remarks:
* Your system will be rebooted

News:
* Updated: WebAdmin localizations for Chinese, French, Korean

Fixes:
    [16184] FTP doesn't work via HTTP Proxy
    [16203] WebAdmin login broken in case of remote authentication
    [16229] ACC Device Agent dies when RED Split DNS is configured
    [16500] Content Filter request does not honour parent proxy settings
    [16515] Only HTTP keytab entries are created by default, host entries are missing
    [16519] Incoming RED reply packets are dropped

Download Information:
   Link: ftp://ftp.astaro.de/pub/Astaro_Security_Gateway/v8/up2date/u2d-sys-8.101.tgz.gpg
   Size: 67Mb
   Md5: 310bbf0671a7b10a80358f8c84deff72

Log on to WebAdmin, navigate to Management >> Up2Date >> Overview and use Update to latest version now to install the Firmware Up2Date. Click on the "Watch Up2Date Progress in new window" and an extra browser window will show the progress of the Up2Date installation. (The System administrator will receive a notification email once the Up2Date process has finished.)
Download the Up2Date package from our HTTP or FTP Server and install it under Management >> Up2Date >> Advanced:

Astaro ASG Up2Date Download Mirrors:

Feedback

If you want to provide feedback or want to discuss any of the ASG V8 features you should post it on our User Bulletin Board. Please indicate the version you are using (e.g. "[8.101] Using WAN Link Balancing with 3G/UMTS Modems").
If you have any feedback on our help, manual, or any documentation (Online Help) please send it to docu@astaro.com.
There are also demo servers for public use anytime at http://demo.astaro.com

Enjoy,

Angelo Comazzetto
ASG Product Manager

CeBIT invitation mail: sent!

Sebastian Fiene — Sun, 23 Jan 2011 23:00:00 +0000

The first CeBIT invitation mail was sent out today and the ticket requests are coming in steadily. Due to the high demand, there may be a slight delay with the send out of the respective codes - so please be patient. But don't worry, we still have enough tickets for everyone!

Astaro Security Gateway Version 8.100 Released

Angelo Comazzetto — Thu, 20 Jan 2011 22:10:03 +0000

I'm pleased to announced that Astaro Security Gateway Version 8.100 has been GA-released and is being distributed via our Up2Date infrastructure. The main focus of this release is our Wireless Security products; 8.100 brings official support for our much-sought-after Astaro Access Points to the Version 8 platform. Version 8.100 also introduces more flexibility for Astaro RED deployments, improvements to SMTP profiles and WAN link balancing, and many usability improvements based on your feature submissions and feedback.

A summary of new features and functionality for ASG 8.100 follows, for a more in-depth list, please see the official 8.100 release notes (now hosted in our KnowledgeBase for easier reference in the future).

ASG 8.100 Feature Summary:
Wireless
The Astaro Access Points (Astaro Access Points) are now supported for use with ASG V8. There are no major differences in functionality between V7 and V8 in this area.

RED Transparent/Split Modes
RED Appliances now support a third operating mode: "Transparent / Split". In this mode, the ASG is not responsible as the gateway for the remote network behind the RED device (eg. it does not provide a DHCP server and is not the default gateway). Instead, all traffic per default goes transparently through RED through the existing Internet connection at the branch; only traffic for the destined for the networks at the main office behind the ASG (remote networks) will be redirected to the ASG. At RED Managment >> Deployment helper you can find a setup form for RED devices which gives a bit more context and help instead of the standard Add RED form, in a wizard-style approach.

Usability Improvements:

Improved Object Tables: Certain actions (delete, enable, and disable) can now be applied to multiple selected objects. Also, object tables can now be sorted by different attributes of objects.
Dashboard Links: Various parts of the Dashboard now allow you to directly jump to the relevant page in WebAdmin via the green arrows in the head lines. Also all the topics in "Current system configuration" are now linked to the respective page.
SMTP Profiles Redesign: SMTP profile configuration has been redesigned to be more in line with the rest of WebAdmin.
Streamlined Interface Setup: When creating or editing an interface object, per default not all the options are shown anymore. Some of the more advanced settings or rarely-used options are hidden by default.
Uplink Balancing Mixed Mode: In uplink balancing you don't have to choose anymore between either full multipath or failover. You can now define a default set of multipath interfaces and still define one or more fail over interfaces which will be activated if all the default interfaces fail. This can be useful if you have one line that is much slower or expensive than the others and should only be used as a very last resort, and gives more combinations as to how multiple connections can be used by the admin based on their specific needs.
HTTP Parent Proxy Routing: You can now define more than one parent proxy for the HTTP proxy at Web Security>>HTTP/S Profiles>>Parent Proxies. Each parent proxy can be limited to a list of hosts. At Web Security>>HTTP/S>>Advanced you can define the list of enabled parent proxies and the order in which they should be matched. This feature is useful if various destinations require different upstream proxy points, such as in Schools or Government environments.

Astaro 8.100 Information:
Customers which have a license that enables Wireless Security, (or a Full Guard Bundle) are not able to one-touch upgrade their appliances to Version 8 just yet. However, in the coming weeks we will release Version 7.510 which will advance the "landing" version of the upgrade process from 8.003 to 8.101. At this time, all elligible ASG appliances will be able to update using the one-touch process. We will have more information on this for you very soon.

Remarks:
Configuration will not be upgraded
System will be rebooted

News:
Added Wireless support
RED Transparent/Split Modes
RED Deployment helper
German and Japanese language support
Usability Improvements
Uplink Balancing Mixed Mode
HTTP Parent Proxy Routing
Licensing change: DNS Routing available with any subscription
Open sources update to SLES11SP1 + latest vulnerability patches

Fixes:
[15938] Issue when using RED with QoS

Download Links:
Below is the link for the Up2Date package from 8.003 to 8.100. Next week, we will update this posting with individual ISO images for Hardware and Software applainces, along with corresponding ISO downloads for use with the Astaro Smart Installer. We will also include new VMware vSphere4 virtual appliance images.

Up2Date Package:
ftp://ftp.astaro.de/pub/ASG/v8/up2date/u2d-sys-8.100.tgz.gpg
ISO size: 156M
ISO md5sum: 34df23040999104fd32205ac5dbf4880

Astaro Up2Date technology makes it easy to upgrade your Astaro Security Gateway to the latest version. There are two ways to apply an Up2Date package to the system:

Log on to WebAdmin, navigate to Management >> Up2Date >> Overview and use Update to latest version now to install the Firmware Up2Date. Click on the "Watch Up2Date Progress in new window" and an extra browser window will show the progress of the Up2Date installation. (The System administrator will receive a notification email once the Up2Date process has finished.)
Download the Up2Date package from our HTTP or FTP Server and install it under Management >> Up2Date >> Advanced:

Astaro ASG Up2Date Download Mirrors:

Feedback

If you want to provide feedback or want to discuss any of the ASG V8 features you should post it on our User Bulletin Board. Please indicate the version you are using (e.g. "[8.100] Wireless Security Question").
If you have any feedback on our help, manual, or any documentation (Online Help) please send it to docu@astaro.com.
There is also a demo server for public use: http://demo.astaro.com

Angelo Comazzetto
ASG Product Manager

We will be there!

Sebastian Fiene — Wed, 19 Jan 2011 09:56:36 +0000

Astaro will be present at the CeBIT 2011! We will have the same stand location as last year (Hall 11, Stand B36), so you can find us easily! We are looking forward to having personal discussions with you about your projects.

3 reasons why you need to archive your company e-mails

Kathrin Moeschle — Thu, 13 Jan 2011 08:31:16 +0000

There are three good reasons for introducing an e-mail archiving solution:

Mail server offloading – especially relevant for IT administrators, but also for users suffering from mailbox quotas
Instant discovery – the ability to discover e-mails and attachments within seconds
Compliance – archiving e-mails is a legal requirement in many countries

In my experience, searching for old e-mails can be a hard task. I am always afraid to delete any e-mail as I might need it in the future and thus have collected many over the years. Until recently, digging through my folder structure could cost me my valuable time. Even through using a localized search engine, locating what I wanted to find took a while and used up a fair bit of system resources – my time was better spent getting a cup of coffee in the meantime. My e-mail had inadvertently slipped into a different folder whilst sorting, and locating the mail took up the best part of an hour.

And this is only the user side – not even taking the efforts and daily mail-related workload of IT administrators into account. They certainly don’t wait for me to ask for a recovery…

It always rings hollow when promoting one’s own products. But I’m just proud and happy that with Astaro Mail Archiving I can now retrieve a – say 4 year old – email within seconds. Even though having an excuse for an extended coffee break is not always a bad thing…

I recommend further reading and administrators can see how they also simplify their daily routines with an e-mail archiving solution: http://www.astaro.com/products/astaro-mail-archiving

Updated product datasheets now available!

Amir Khawaja — Tue, 04 Jan 2011 11:26:35 +0000

The Astaro product datasheets have been updated. Make sure you have the latest versions!

You may access the repository here: www.astaro.com/resources/product-information-pdfs. Please use the language selector at the top of the page to jump language as the PDF files are available in English (A4 and letter), German, French and Italian.

View all Datasheets

Who do you trust

Jack Daniel — Tue, 04 Jan 2011 15:44:16 +0000

I have been fortunate enough to attend several Security BSides events this fall, I have seen a lot of good talks and been engaged in several great conversations. Two talks, one at BSides in Dallas/Ft. Worth and one the following week in Ottawa touched on similar issues that really resonated with me. At the Dallas/Fort Worth event Nick Selby discussed his ideas for “Creating an Abstraction/Translation Layer Between InfoSec and Law Enforcement” (slide deck available here). In Ottawa, Adrien de Beaupré presented a talk on the need for CERTs or CIRTs in Canada (Computer Emergency Response Teams or Computer Incident Response Teams). Both talks spawned great conversations, some of which are still ongoing. While they are two different issues, the talks and discussions had some key similarities, especially around needing to know who to turn to for help, and the need to build relationships and trust before a crisis strikes.

Nick’s focus is on helping organizations communicate effectively with law enforcement when they suffer a breach or have other reasons to turn to law enforcement. Making the leap from traditional police work to investigating and prosecuting computer crime isn’t easy, and both sides of the conversation could often use some help- that is what Nick is trying to facilitate.

Adrien’s objective is more broad, he is trying to drive creation of a Canadian response team or teams to help organizations deal with a variety of computer incidents, and to foster information sharing.

At some level, both of these goals boil down to “who do you call when things get ugly?” which in turn really boils down to “who do you trust?” The time to ask (and more importantly, answer) these questions is not during a crisis. If you are in a large enterprise, internal security and incident response teams should already have contacts in the corporate legal office as well as in regional and national law enforcement. In smaller organizations, you may not have anyone who knows who to turn to if (when) something bad happens.

Where can you turn to start building your web of trust so you know who to call in a crisis? Every organization and situation may be different, but here are some suggestions.

1) Start with your existing personnel, ask who has resources and recommendations, and share the information. If your organization uses an external incident response company, ask them for advice.

2) Think about the groups and organizations you belong to (or should). Local ISSA, NAISG, InfraGard or other groups are great places to start this discussion. The groups may be Information Security related, or may be specific to your industry. You may also meet people at conferences or other industry events who can help you. Just make sure you solidify contacts before a problem happens, sending an email to a mail list trying to find “that guy I met in Las Vegas- we talked about data breaches” is not the best way to react to a crisis. Keep in mind that your organization’s management and legal counsel should be consulted before you take any action or set policies.

Don’t wait until you have a crisis to think about who you can turn to. And make sure others in your organization have the information, too- because emergencies may happen when you are not available.

Note: if you are interested in either of the projects mentioned above and you would like an introduction to either Nick Selby or Adrien de Beaupre, please send a message to me at jdaniel at astaro.com and I will be happy to connect you.

More than 50% of all companies are vulnerable to lose important e-mails

Kathrin Moeschle — Mon, 20 Dec 2010 13:57:35 +0000

The American Association for Information and Image Management (AIIM) published an interesting survey. It was conducted among 629 members and revealed a disastrous mindset when handling e-mails in many companies.

26 percent of all companies questioned delete EVERY e-mail and do not ensure they retain it neither for the legally defined period nor for the simple benefit of keeping knowledge and information. Another 31 percent do not have an e-mail policy in place or do not actively enforce it. Thus, nobody can be sure whether important e-mails are archived or not. I can only hope that these results may have performed better had the survey been run in Europe. But realistically, I do not assume this would be true.

However, it would be very easy to achieve compliance with federal laws concerning e-discovery and retention. A sophisticated yet easy to use archiving system like the hosted Astaro Mail Archiving service would solve all issues. The good thing is that it simultaneously ensures that no e-mails will get lost: even if an employee’s computer hard drive crashes - and thus locally stored PST files get deleted as a result.
Learn more

Up2Date 7.509 Released

Angelo Comazzetto — Thu, 16 Dec 2010 17:00:23 +0000

A few security vulnerabilities have been posted which require us to make an update to our V7 installations. Since we do not put our users at extended risk by following a scheduled update window, we are releasing this special Up2Date immediately. This V7.509 Up2date is soley issued in order to patch two components, and no new features are introduced. If you have been awaiting the release of ASG V7.509 so that you may migrate to V8.100 on your ASG appliance via our one-touch process, note that this is still on schedule but will be released under the V7.510 label. For some more dates around the GA release of V8.100 and the subsequent 7.510 click on "Read More".

Currently V8.100 is in soft-release, we plan to issue the GA Up2Date push on approximately January 11th. Following that, we'll soft-release the 7.510 Up2Date during the week of January 20th. This will then provide all qualifying ASG appliances with a one-touch upgrade to V8.100.

UpDate 7.509 Details
This Up2Date should be applied as soon as possible. Note that in most cases you do not need to manually download this, as the Up2Date will be pushed over our distribution system. The ASG Soft-Release process is not used for Up2Dates which are for security patching, for obvious reasons.

Remarks:

Configuration will not be upgraded
System will be rebooted

News:

Address exim vulnerability
Address clam vulnerability

Fixes:

[ID15938] - Issue when using RED with QoS

Download Information
Manual Link: ftp://ftp.astaro.de/Astaro_Security_Gateway/v7/up2date/u2d-sys-7.509.tgz.gpg
Size: 42.14 MB (44,182,585 Bytes)
MD5: d9c59e861b3363f0c2f1b165e57dc55d

Astaro Up2Date technology makes it easy to upgrade your Astaro Security Gateway to the latest version. There are two ways to apply an Up2Date package to the system:

Log on to WebAdmin, navigate to Management >> Up2Date >> Overview and use Update to latest version now to install the Firmware Up2Date. Click on the "Watch Up2Date Progress in new window" and an extra browser window will show the progress of the Up2Date installation. (The System administrator will receive a notification email once the Up2Date process has finished.)
Download the Up2Date package from our HTTP or FTP Server and install it under Management >> Up2Date >> Advanced:

Astaro ASG Up2Date Download Mirrors:

Feedback

If you want to provide feedback or want to discuss any of the ASG features you should post it on our User Bulletin Board. Please indicate the version you are using (e.g. "[8.100] Astaro Wireless AP30 Question").
If you have any feedback on our help, manual, or any documentation (Online Help) please send it to docu@astaro.com.
There is also a demo server for public use: http://demo.astaro.com

Regards,
Angelo Comazzetto
Astaro Product Manager

Tips for providing (hopefully) secure access to web application servers

Bill Prout — Tue, 14 Dec 2010 13:39:12 +0000

Last week we discussed why retail organizations must consider web application security when hosting an ecommerce site. Now I would like to provide some tips on how to provide secure access to web application servers.

Layered Defense

Firewalls and IPS systems still have their place and can help guard against simple exploits and Denial of Service attacks. To properly protect valuable web application servers though, an actual Web Application Firewall should also be used. A WAF works by examining the application layer to protect against common web server attacks such as cross site scripting and SQL injection attacks. These types of attacks are not caught by standard firewalls and IPS solutions, and most WAF's also function as a reverse proxy. This has the added benefit of making sure traffic from the Internet is not just 'passed' through to your servers, but is instead stopped at the WAF where a new connection is made on its behalf. This has the additional benefit of allowing for other advanced features such as malware scanning, and SSL offloading. Note that if credit cards numbers are processed on your web server you probably fall under PCI regulations, and may be required to have either a Web Application Firewall, or a code review to ensure you're not susceptible to common exploits.

In addition to having a WAF you can also try to protect your web servers using a few other techniques such as:

Separation of resources
Install web application servers in a protected DMZ which has no access to the local LAN or internal users. This prevents opening up the entire organization to threats should a successful exploit occur.

Know your network and how it appears to others
Review what information is available to would be attackers. The less unintended information available, the better. Review public DNS records to ensure only valid corporate information is available and no personal employee information is listed. Attackers may use public information about an organization and its employees to help launch a socially engineered attack. Check web server responses to make sure information about Operating System, application used, etc. are not available. Review error pages to ensure no useful information is given out such as local machine name or directory structure.

Limit responses to probes/errors
Eliminate bad requests instead of just responding to them. This cuts down on the information provided, and helps to avoid filling up logs which could result in a resource issue or downed server.

Vigilance
Monitor logs and reports for signs of anomalies, attackers, etc... Are the same IP's constantly probing your system? Do you constantly see the IPS reporting ISS exploits? Knowing what others are doing is important so you can ensure your defenses are sufficient. It may also help you spot things you missed in your network review.

Active Review
User NMAP and other tools ensure only allowed ports are available. Understanding what ports are open on web servers, and what IPs are visible via the internet is important in understanding your environment. Ideally you want to deny all traffic and only allow specific ports/applications to and from your servers.

Honey-pots/Misdirection
Another tactic may be to use probing information to your advantage. Using decoy names and information in public records and for error messages are 2 examples. If you find someone trying to contact that fake name or attacks are launched based on that misleading info, it can confirm when someone is probing your defenses. Deploying a honey-pot is another method so that you can further analyze intrusion attempts. Be careful with this method though as it may invite more aggressive attacks when attackers find out they've been fooled.

From Bedroom to Underground - The Evolution of Hackers

Markus Hennig — Wed, 08 Dec 2010 13:46:07 +0000

In its original meaning, the term “hack” stood for the re-configuring or re-programming of a system so it worked in ways not meant by the owner, administrator, or designer. More generally, a hack is a quick and clever solution to a problem. One of today’s most famous pieces of malware inherited its name from an invention that could be considered the very first hack: The Trojan Horse that was created by the Greeks to breach the impregnable Trojan city walls. Moving to more modern times, in 1822 Charles Babbage began working on what he called the difference engine, made to compute values of polynomial functions – the first computer. And in 1939, British cryptologists worked on a device called the Bombe in order to help decrypt German Enigma-machine-encrypted signals during World War II. These examples demonstrate that the original meaning of the term hack had little to do with Internet security and was not always tied to malicious activities. Later on, with the birth of the Internet, the possibilities for system hacking increased – and so did the number of people dedicating their time to this activity.

The term hacker is difficult to describe as it has so many different meanings and connotations. It was first used at MIT (Massachusetts Institute Technology), which held the first courses in computer programming and computer science. A group of students started to call themselves hackers because they were able to create code that made computer programs perform actions that were not originally intended. In the beginning, hackers were driven by something like a spirit of adventure. There was this new technology, this World Wide Web evolving quickly, and people wanted to discover what was possible. They wanted to test their own limits, create chaos or simply destroy property. The reason to do something was “because I can”. The first malwares crashed PCs, deleted hard disks and let Pacman appear on the screen. Their victims helplessly watched as the hackers demonstrated their abilities by inflicting damage while staying incognito, at least outside the hacker scene. This was the era of script-kiddies using simple malware coded by others in their bedroom.
But soon, the motivation for hackers started to change. What began as a recreational activity was then and still is driven by commercial goals as hackers realized that they could actually make money with their abilities and knowledge. A real market had developed, offering several ways of making money. Depending on which way they chose, hackers can be classified in several categories. The best known classification refers to classical western movies: the white and black hat.

A white hat hacker uses his know-how for non-malicious purposes, for example by working as a penetration tester within a contractual agreement or by searching for vulnerabilities in operating systems or applications and selling them to the vendor. On the other hand, black hat hackers break computer security or use technology like a computer or a mobile phone for credit card fraud, identity theft, piracy, or other types of illegal activities that earn them money. Or they offer their method for renting or leasing, e.g. if they “own” a strong botnet and have others pay for spam floods or targeted denial of service attacks, which is also often preceded by blackmailing.

The most important difference between the money earning hacker of today and the script kiddie in the past is that the former does not want to be noticed. Back then, hackers wanted fame (for their hacker alias). They felt their capabilities should be recognized or even feared. Today, hackers attempt to stay invisible and want their hacks to remain unnoticed as well. Often weeks or even months go by until their victims realize something is wrong. Modern malware is installed unnoticed and works in the background of a system. The reason is: The longer it takes to detect an infection, the more money can be earned.

We are now at the edge of a third evolutionary step. In summer 2010, the term cyberwar became popular in the media, and the discussion was fueled by the discovery of Stuxnet, the first known worm that spies on and reprograms industrial systems. The actions of hackers now have a new motivation besides the longing for fame or money: Political motivation. There are hackers that follow their own political interests and views, like the hacker Jester, who claims to be responsible for the DDoS attacks on wikileaks that brought down their internet connection – Jester stated that wikileaks endangered “the lives of our troops, ‘other assets’ and foreign relations”.

Other hackers sell their abilities and resources like botnets to political players, whether they are political organizations or even governments. Some nations are suspected to have set up dedicated departments for cyber espionage or sabotage, while other nations are known to have set up dedicated departments to defend themselves against this new threat, e.g. the Pentagon’s Cyber Command (Cybercom) that is responsible for safeguarding the American military network. It is easy to imagine that those departments hire hackers– hackers, who see themselves as kind of cyber mercenaries, working for the political party that pays the most, or who dedicate their skills to a cause in which they believe, and operate in stealth. It is rumored that Stuxnet was a first shot in the dark by an unknown party, aiming at sabotaging not only production plants, but even nuclear power plants.

But still, there are also the good guys: The security industry, engaged software vendors, white hats and non-profit organizations like CERT, SANS or MITRE and more. There are and always will be hackers that deliberately put on the black hat, for fun, money or politics, but there are and always will be those wearing the white hat. As the bad guys develop, so do the good guys. This is a cat-and-mouse game, with no model or theory telling us that there will be a final winner instead of an ongoing race.

Make your own choice!

Markus Hennig — Wed, 08 Dec 2010 17:31:38 +0000

Blocking access to certain resources in the internet is always a controversial topic. Usually there are good reasons to do so: Security and productivity are the most important ones.

Within the Astaro Security Gateway (the Astaro flagship product) come efficient but granular policies that restrict or allow access to network resources. This starts with packet filtering rules and IPS, continues with security and productivity settings for e-mail (think about spam!) and ends with elaborated settings for web security. This also includes remote offices connected via RED as well as mobile clients connected via WLAN.

For example, let’s choose "wikileaks" (http://twitter.com/#!/wikileaks), a web site which has existed since 2006, but which has just recently gained massive attention.

There are people who think wikileaks is a criminal, or even a terrorist organization. Others praise it for releasing classified documents of governments, institutions and associations that try to keep them secret and non-public for various reasons, therefore increasing transparency.

The ASG gives you the option to make your own choice. For example, if wikileaks is classified into a blocked category within your profile, you are able to disagree by doing one of the following:

Clicking in Version 8 on Unblock URL (will be logged) and authorize yourself to get access
Adding "wikileaks.*" to Web Security >> HTTP/S >> URL Filtering >> Always allow these URLs/sites
Creating a new exception list under Web Security >> HTTP/S >> Exceptions, adding "wikileaks.*" and marking URL Filter as check that shall be skipped
Adding "wikileaks.*" to Web Security >> HTTP/S Profiles >> Filter Actions >> Always allow these URLs/sites, if you manage different profiles

For every rule, there is at least one exception. It is up to you to make the choice!

Don’t let a web server attack ruin your holiday spirit – or your online revenue

Bill Prout — Mon, 29 Nov 2010 19:02:58 +0000

What gadgets are on your wish-list this year? Doing some or all of your shopping online to take advantage of great deals or save time? You’re not alone, and according to some estimates more than 60% of people in the U.S. now shop online. As online shopping continues to grow each holiday season so do the network security threats that businesses need to guard against (and consumers need to worry about). Attacks against websites and online ordering systems are growing in sophistication and complexity. The reported incidents should serve as a warning to all businesses to review the systems that protect their websites to make sure they’re up to date, and up to the challenge that the increased holiday shopping creates.

Most businesses these days recognize the value in using web proxies to protect their users and to scan and control web content. These tools and procedures protect users from malware, SPAM, and other types of threats, and protect business owners from financial loss which could result in liability issues relating to stolen data or inappropriate content. Business owners understand that investing in web security tools is necessary to protect both their users and their businesses from the many threats on the web today.

As an integral part of the business Web servers deserve at least the same level of protection due to the sensitive information they often hold such as credit card numbers and customer data. Protecting valuable resources like web servers is often done through a combination of location (a secure DMZ), firewall rules and IPS scanning. These tools help guard against some attacks, but may not be sufficient protection against sophisticated attacks such as SQL injections, cross site scripting, and may not protect a site from malware and viruses.

These types of attacks are increasingly seen in the news, and it’s not only small companies with overworked technical staff that are affected. High profile attacks on companies such as AT&T, and Heartland payment systems show that all types and sizes of businesses are vulnerable, and the results can range from bad publicity (which can scare away potential customers) to loss of market share and lawsuits. Nothing spoils the holiday season like finding out that your credit card number was used to buy someone else’s nice gifts. While there is never a good time to suffer a web server breach, the holiday shopping season is a particularly bad time as this is when most consumer shopping is done. You don’t want people to be wary about shopping on your website because of a past breach.

Properly defending a web or application server is best done by using an actual Web Application Firewall which can act as an inbound proxy, and which prevents clients from directly connecting to your web servers. This separation not only provides protection, but can also provide application load balancing and SSL offloading. Common security tools such as malware scanning can be augmented with advanced protections such as URL hardening and cookie signing, and these tools can help protect even an improperly configured web server against attacks.

Online commerce is serious business and so it requires serious protection. Until recently these tools were available only to larger organizations which had the technical knowhow and financial resources to implement them correctly. New offerings from many UTM providers (such as Astaro) are making these invaluable tools available to businesses of all sizes.

So as the holiday shopping season begins don’t let your web server fall victim to an attack or you may find your online revenue shrinking when it should be growing.

Astaro Receives 4 Star Review from SC Magazine for VPN

Jessica Pozerski — Tue, 23 Nov 2010 18:56:32 +0000

SC Magazine published their reviews of IP Security (IPsec) VPN solutions. The Astaro Security Gateway faired very well in this test, earning a 4 star review. The Astaro Security Gateway was one of four products tested and was the only UTM devices included in the review.

More information about this can be found here: http://www.scmagazineus.com/astaro-security-gateway-v8/review/3348/

IT security theses on a high-quality level during the CAST event

Markus Hennig — Tue, 23 Nov 2010 09:21:42 +0000

Last Thursday I visited an event of the “Competence Center for Applied Security Technology for IT security” (CAST) in Darmstadt, where CAST awarded the best IT security final paper of bachelor, diploma and other qualified students in Germany, Switzerland and Austria. With Astaro sponsoring part of the CAST IT security competition, I was one of the jurors who got to read five entries. After what I’ve seen, I have to say: there really have been some outstanding IT security thesis papers this year! The ten best award entries presented their ideas at the event on Thursday. The quality of the speeches was amazing and exceeded all my expectations. Especially winner Lucas Vincento Davi from the Ruhr University in Bochum with the topic “Return Oriented Programming Attacks” as well as Felix Gröber with the topic “Automatic Identification of Cryptographic Primitives in Software” captured my full attention.

After spending eight hours of listening to the various projects, I am absolutely thrilled with the results and the ideas the students came up with. I honestly don’t know how they managed to squeeze everything into one final paper. But it showed me once again that it is definitely worth for us to support this CAST competition project because in the end we will be awarded with exceptionally interesting results by very talented IT people.

Next year we will need to put a strong focus on getting more students to participate in this award competition. We have so many young hidden IT security talents at our universities; it would be a shame if we could not get their researches and ideas to be as appreciated as they ought to be. For Astaro as an IT security provider it is our duty to support and help the CAST organisation actively with this – now and in future.

IT security will become more and more important. Hence, the potential of this event offers huge possibilities for upcoming technology developments and security approaches. So am I happy with the event on Thursday? Yes, I most certainly am!

End of Sale Announcement For Astaro Report Manager

Angelo Comazzetto — Wed, 17 Nov 2010 09:00:15 +0000

This is a general notice that Astaro Report Manager (ARM) will no longer be sold beginning December 31st, 2010. Customers can still continue to receive support for ARM with their ASG V7 installations until the end of 2011. More details, along with information about alternatives for your reporting needs, follow in this article.

As Astaro Report Manager is not supported with Version 8, ARM will be end-of-sale at the end of 2010. In researching how ARM is deployed and which features are used, we are hard at work in offering its functionality both within the ASG itself and in the Astaro Command Center. Beginning with ASG 8.20 (which will be released in the first half of 2011) we will re-design the Web Security reporting of ASG with many next-generation features. Customers can look forward to building their own customized reports, saving them for future reference, and subscribing users to them via email distribution lists. The reporting itself will also undergo significant changes, offering a new navigation with reactive filtering which can be used to view data in many new ways by clicking through reports using data paths which change dynamically as you navigate. Enhanced reporting per-user, reporting by department and category, and other reports like search engine activity are all in development.

For aggregated reports, the Astaro Command Center (ACC) offered Network, Web, and Mail Security reporting across multiple connected sites beginning in ACC 2.1, and more enhancements were introduced in ACC 2.2 during the summer. Our developers are hard at work to deliver even more centralized reporting options for future versions; more announcements will follow on what is to come in ACC 3.0.

As mentioned, support will continue for ARM with V7 installations throughout 2011 until the end of the year, at which point ARM will be end-of-support. We are excited to unveil all the new reporting features we are working on soon, stay tuned!

L2TP with DHCP in Version 8.000-8.003

Angelo Comazzetto — Tue, 16 Nov 2010 16:40:03 +0000

This is a bug notice for Version 8.000-8.003 regarding L2TP with DHCP. If you are planning to use Version 8 - either with the appliance upgrade button or an ISO install + restore of your backup file, this configuration will cause problems. You also should not push the "one-touch upgrade button" introduced in 7.508 if you use L2TP with DHCP in V7.

The middleware will crash and restart in a cycle. If you have already moved to V8 and are experiencing this bug, Astaro support can help you by disabling the DHCP assignment and/or using the pool instead for L2TP.

We have already fixed this bug in the 8.100 Beta, and will shortly publish a fix in 8.004, which will also be the new landing version for the appliance upgrade process.
Apologies if you are of one the very few customers affected by this bug. (based on your configuration.) If you have specific questions, please contact our support.

Up2Date 7.508 Released - Upgrade Appliances to Version 8

Angelo Comazzetto — Mon, 15 Nov 2010 09:59:15 +0000

This morning, ASG version 7.508 has been released. The focus of this package is a one-touch upgrade from ASG version 7 to version 8 for ASG appliances, along with some final polish to accommodate the GA-release of our Wireless Security products. The appliance upgrade process provides an easy migration from V7 to V8 without the need to manually re-install the AstaroOS and restore from a backup file. Once the appliance upgrade has started via the Up2Date section, ASG V8 will be installed and all configuration will be imported. We have also improved the IPS engine and added outbound spam scanning into the V7 platform like V8. Read on for more details about the appliance migration process and other notes.

Appliance Upgrade Process Overview:
This V7 to V8 appliance upgrade will retain all configuration and settings, including the current contents of the spam quarantine. Note that log files will be cleared and reports will begin anew, so customers should be sure to first download and archive their old logs using the various methods provided in WebAdmin. This will be one of the final content updates for ASG V7 with only maintenance patches planned for the future.

Important things to note about the appliance upgrade process:

After the upgrade process is complete, the ASG will be at version 8.003. The target landing version will change over time to land upgraders at newer versions (like 8.100) once they are released.
The one-touch upgrade process is only available to ASG appliance users. Software installations have various hardware configurations and the viability of an upgrade without the hardware detection process of the installer cannot be guaranteed. Software installations however can still easily move to version 8 by installing the ISO image and restoring a V7 backup file from version 7.507 or greater.
Customers with Wireless Security on their license will not be able to perform a one-touch upgrade for now, since Wireless functionality is not yet in the stable release version 8.003. If you attempt to perform an upgrade where Wireless is licensed, an error message will be displayed and the upgrade will not continue. When 8.100 is GA released near the end of November, the landing target will be updated afterwards and this condition will be removed at that time. Note that Wireless Security is present within Full Guard license bundles as well, regardless of whether it is being used.
To ensure quality and stability, customers using High Availability or Clustering configurations will not be able to one-touch upgrade their appliances. These installations can de-configure their nodes and then upgrade them each in turn or install Version 8 via the ISO image.
Old revisions of the ASG 110/120/220 with 512 megabytes of memory do not meet the minimum hardware requirements (1 Gigabyte) for ASG Version 8, and are not able to one-touch upgrade as a result.

UpDate 7.508 Details
Remarks:

Configuration will be upgraded
System will be rebooted
Connected REDs will perform firmware upgrade (do not reboot them during this process)
Connected APs will perform firmware upgrade (do not reboot them during this process)

News:

Added Wireless Security support (GA)
Added option to one-touch upgrade to V8 for hardware appliances
Introduced outbound spam scanning support
Improved IPS engine

Fixes:

[ID11371] - eDirectory authentication may stop working when no BaseDN is specified
[ID11932] - WAN connectivity hangs when changing the "daily reconnect" time on a PPPoE interface
[ID12449] - ASG conflicts when using special character ")" in PPPoE password
[ID12539] - Pushed dns servers are randomly not used
[ID13085] - HTTP Proxy restarts in a loop
[ID13126] - Link status of LAG interfaces terminology changes
[ID14089] - Antispam daemon restarts frequently during certain scenarios
[ID14654] - Blank Executive Report
[ID14404] - UDP flood protection blocks RED traffic

Download Information
Link: ftp://ftp.astaro.de/Astaro_Security_Gateway/v7/up2date/u2d-sys-7.508.tgz.gpg
Size: 175 MB (183,690,474 Bytes)
MD5: 9fdff2f4bf185b1b71d4c17f6594606f

Astaro Up2Date technology makes it easy to upgrade your Astaro Security Gateway to the latest version. There are two ways to apply an Up2Date package to the system:

Log on to WebAdmin, navigate to Management >> Up2Date >> Overview and use Update to latest version now to install the Firmware Up2Date. Click on the "Watch Up2Date Progress in new window" and an extra browser window will show the progress of the Up2Date installation. (The System administrator will receive a notification email once the Up2Date process has finished.)
Download the Up2Date package from our HTTP or FTP Server and install it under Management >> Up2Date >> Advanced:

Astaro ASG Up2Date Download Mirrors:

Feedback

If you want to provide feedback or want to discuss any of the ASG features you should post it on our User Bulletin Board. Please indicate the version you are using (e.g. "[8.003] Web Application Security Question").
If you have any feedback on our help, manual, or any documentation (Online Help) please send it to docu@astaro.com.
There is also a demo server for public use: http://demo.astaro.com

Regards,
Angelo Comazzetto
Astaro Product Manager

Up2Date 8.003 Released

Angelo Comazzetto — Fri, 12 Nov 2010 04:38:08 +0000

An Up2Date was released today for Astaro Security Gateway Version 8. This Up2Date is designed to improve the stability of your V8 installation, offers some security patches, and acts as the new target landing version for appliance users who one-touch upgrade to ASG V8 via the 7.508 Up2Date which will be released next week. At that time full details around the appliance upgrade process will be published, and we'll have an update on the progress of the 8.100 Beta & GA as well.

8.003 provides some fixes for those who will upgrade to ASG V8 from V7, and another set of fixes to address some security advisories in bzip2 and ClamAV.
*Note: Users of a previous, pre-GA "soft-release" of this 8.003 should re-apply this Up2Date to resolve issues with Anti-Spam daemon restarts and importing V7 backups into V8 installations which have HA configured. (See the forums if you need help with this)

Details
Remarks:
* Your system will be rebooted

News:
* Fixed: bzip2 vulnerability (CVE-2010-0405)

Fixes:
ID15395: UTF-8 Characters in IPSec PSK kill MiddleWare
ID14710: installation of customer license failed without a error
ID15480: Astaro: DiskCache::set() dies if key contains wide characters
ID15243: Update ClamAV

Download Information
MD5Sum: 0087e2c97e42c17f36b62987ad682ca8
Size: 24,270,749 Bytes (24MB)
Link: ftp://ftp.astaro.de/Astaro_Security_Gateway/v8/up2date/u2d-sys-8.003.tgz.gpg

The ASG V8.000 release notes can be found here.

Astaro Up2Date technology makes it easy to upgrade your Astaro Security Gateway to the latest version. There are two ways to apply an Up2Date package to the system:

Log on to WebAdmin, navigate to Management >> Up2Date >> Overview and use Update to latest version now to install the Firmware Up2Date. Click on the "Watch Up2Date Progress in new window" and an extra browser window will show the progress of the Up2Date installation. (The System administrator will receive a notification email once the Up2Date process has finished.)
Download the Up2Date package from our HTTP or FTP Server and install it under Management >> Up2Date >> Advanced:

Astaro ASG Up2Date Download Mirrors:

Feedback

If you want to provide feedback or want to discuss any of the ASG V8 features you should post it on our User Bulletin Board. Please indicate the version you are using (e.g. "[8.003] Web Application Security Question").
If you have any feedback on our help, manual, or any documentation (Online Help) please send it to docu@astaro.com.
There is also a demo server for public use: http://demo.astaro.com

Regards,
Angelo Comazzetto
Astaro Product Manager

New Astaro Certified Trainings Dates Available for the Germany & Austria Regions

Amir Khawaja — Thu, 11 Nov 2010 11:05:05 +0000

Astaro certified trainings are intended for network administrators responsible for the installation, administration and maintenance of Astaro's security solutions.

Although the remaining 2010 dates are now all fully booked, new dates have been added for the early 2011 schedule for Germany and Austria.

View the updated schedule here and secure your place in a classroom training session.

View Training Schedule >

New Whitepaper Available on Compliance & Requirements in E-Mail Archiving

Kathrin Moeschle — Fri, 05 Nov 2010 08:12:05 +0000

As we are often questioned by potential customers and partners on compliance regulations and the reasoning behind archive solutions, we have created a whitepaper explaining the legal basis which makes archiving a requirement.

Besides compliance issues, the whitepaper also highlights productivity advantages through archiving:

Offloading your mail server makes maintenance routines easier and quicker
Backups are simplified as all mail data is stored centrally – and not locally in pst-files
Retrieving emails within seconds is a huge day-to-day benefit for all e-mail users
Much knowledge is only stored in emails – so prevent it from getting lost
In case an employee leaves the company: knowledge transfer (in form of old email transactions) is easily possible

You can download your copy of the whitepapers here:

Regards,
Kathrin Möschle
Product Marketing Manager Astaro Mail Archiving

Astaro at Infosecurity.nl in Utrecht, the Netherlands

Monika Schraft — Fri, 05 Nov 2010 16:12:04 +0000

Together with our distributor Contec, we were showcasing our solutions at this year’s Infosecurity.nl, which took place from 3rd to 4th November. We are very happy as we could welcome so many visitors at our booth and as we had lots of interesting stuff to show and discuss with them.

We had a nice little idea to create attention among the Dutch reseller community, sending them empty Astaro Security Gateway boxes in the days before the event, which only contained a note inviting them to come by and get to know what should be in the box. Seems mankind is curious by nature. :)

Also, we had the pleasure to meet some press representatives.

Check out CRN’s website to read on

Canada’s First Security BSides Event in Ottawa

Jessica Pozerski — Wed, 03 Nov 2010 13:59:54 +0000

Jack Daniel, Astaro’s Community Development Manager, will speak at the upcoming Security BSides conference.

Daniel is an active participant in the organization, planning and promoting the BSides events throughout the United States and Canada. This is the first Security BSides event to take place in Canada and will feature prominent Canadian security experts.

For more information about the event, please see the official press release.

Astaro at sixth EC2ND 2010

Markus Hennig — Fri, 29 Oct 2010 09:57:18 +0000

The sixth European Conference on Computer Network Defense (EC2ND) was held at the Technische Universität Berlin on October 28/29 and Astaro sponsored that event this year.

Beside the scientific aspirations of the conference was a very interesting talk from Felix 'FX' Lindner about the hackers view on the academic science business. To mention some other very interesting talks, I would pick the analysis of the Chuck Norris Botnet from Pavel Celeda and the “HTTPreject”-project about handling overload situations from Joerg Schneider and Sebastian Koch. Thx to Konrad Rieck for organizing it, I look forward for the seventh EC2ND.

Astaro sponsors OWASP AppSec Germany Conference 2010

Micha Lenk — Wed, 27 Oct 2010 13:38:05 +0000

The OWASP conference began with a social gathering in the “Barfüßer” brewery in the center of Nuremberg. Around 100 participants enjoyed the reunion of sorts, with cold beers drafted directly on the dining table, pretzels and an opulent Franconian meal.

Sebastian Klipper's keynote comprised of a convincing plea for more competency not in but for the OSI layer 8. In plain text, users are not the cause of IT security issues, but simply the general inability to understand and communicate IT security as a problem solving tool.

The second keynote provided by Tom Brennan presented the history and facts of the OWASP community. He also covered the current state of web application security.

The next session was offered in two parallel tracks. The first track was dedicated to the OWASP project itself, such as Dirk Wetter's speech on the development of the OWASP Top 10 as a tool for risk management. The second track was dedicated to hands-on web application security topics. Sascha Herzog demonstrated in his session how easy it is to use XML external entity attacks (XEE) to exploit a server-side XML parser, to deliver confidential data via file inclusion or to perform server-side port scans.

Side channel attacks are usually known only in cryptography context. Sebastian Schinzel showed us how to use side channel attacks to reveal private information on a web application by pure passive observation of the network traffic. This should be considered as a alternative attack vector in the case that the usual penetration tests fail to expose any other vulnerabilities.

Andreas Schmidt presented the Web Application Toolbox: WATABO. This application tries to bridge the gap between the easy to script commercial and the more transparent and traceable free penetration test tools.

Alexander Meisel's Session on the development of large distributed applications in the context of service oriented architectures made the conference perfect in my opinion. These applications cause an increased demand on distributed web application firewalls (dWAF) that are capable to defend against novel threats “out of the cloud”.

Overall the OWASP AppSec Germany 2010 Conference offered plenty opportunities to catch up on new trends of web application security and to socialize with the OWASP community. As a venue for the web application security industry, this year's conference was a raving success. The next OWASP AppSec Germany is expected to take place next year once again in Nuremberg.

Out Now: Commtouch Internet Threats Trend Report Q3/2010

Monika Schraft — Mon, 25 Oct 2010 07:39:15 +0000

Commtouch just published their latest Internet Threats Trend Report. Here you can find the highlights at a glance:

Spam levels averaged 88% of all email traffic throughout the third quarter, peaking at over 95% in mid-September with 198 billion spam/phishing messages per day. Q2 spam levels averaged only 80% of all email, with 179 billion spam/phishing messages per day.

Approximately 339,000 zombies were activated daily, almost 30,000 more per day than in the previous quarter.

The most popular spam topic this quarter (59% of all spam) was pharmacy.

For the third quarter running, pornography/sexually explicit material is the website category most likely to be compromised with malware.

India keeps its title for the second quarter in a row as the country with the most zombies – 14%.

Streaming media/downloads continues to be the most popular topic for blog creators in the Web 2.0 sphere of user-generated content.

Download the Commtouch full report here (PDF).

Astaro at the it-sa 2010 in Nürnberg, Germany

Monika Schraft — Mon, 25 Oct 2010 11:31:40 +0000

After the "Grande Dame" of ICT fairs in Germany, the SYSTEMS, closed forever in 2008, the IT security expo it-sa moved to Nürnberg as independent trade show, having been the IT security orientated part of the SYSTEMS all along.

From October 19th to 21st 2010, the it-sa opened its doors for the second time as dedicated IT security fair, and we at Astaro took part as an exhibitor. We were very impressed with what we saw and experienced! Our booth was buzzing with visitors, who all had immense interest in IT security with their own projects to discuss.

Congratulations to the fair for having established itself as THE German IT security fair in such a short space of time.

More information on the it-sa can be found here.

Astaro RED Elates Visitors of Security Solution 2010 in Japan

Monika Schraft — Fri, 22 Oct 2010 09:23:12 +0000

From 18th to 20th October 2010, Astaro was present as exhibitor in the “UTM Zone” at Security Solution 2010, taking place in Tokyo.

Loads of visitors checked by to learn more about Astaro RED and Astaro Wireless Security – we had a lot of exciting talks. We introduced our new solutions also to the press and received encouraging echo, read more here.

Astaro RED Earns IT Product Of the Year 2010 Award

Amir Khawaja — Fri, 22 Oct 2010 06:15:34 +0000

Computerworld, a leading Czech IT publication, recently made a list of the best new products to hit the IT security space this year with their 2010 round-up. The branch office security innovation, Astaro RED, was awarded with their coveted "IT Product 2010" award.

Astaro RED uses a revolutionary approach to offer protection for external branch office locations. Through a centrally located Astaro Security Gateway at the head office, complete unified threat management security can then be cascaded down remotely as if there were an Ethernet cable connecting the two devices.

The unconfigured Astaro RED device needs only be shipped to the location and plugged in. The local office will only need to communicate the serial number to the head office and plug in three connections: Internet cable, computer and the mains supply. Everything else will follow automatically, eliminating the need for local technical IT staff.

Management, logging, troubleshooting and reporting are all centralized through the Astaro Security Gateway, reducing the total cost of ownership by up to 80% - compared to any other method.

Find out how you can easily secure your branch office locations with Astaro RED.

The Big Picture at the Astaro Roadshow 2010

Monika Schraft — Thu, 21 Oct 2010 15:43:58 +0000

Our European partner roadshow 2010 led us through 11 European cities, from Amsterdam to Zurich. We are happy to have welcomed more than 400 participants!

Many thanks to everybody who took part – we are grateful and highly value your feedback regarding Astaro Security Gateway Version 8 and our new strategy and roadmap. Furthermore, congratulations to all those who won Astaro RED appliances and Access Points in our quiz!

In the future, you will hear more about “Pragmatic IT Security by Astaro”, our approach that offers a complete view on what is needed to be done to protect a company infrastructure, company data and employees and that fights the increasing complexity of IT and IT security. In this approach, we combine our 10 years of experience with your expertise as consultants and service providers.

Below you can find a few images from the closing event of the DACH tour in the Bavaria film studio in Munich.

The Lucky Winner of the Cyberchampion Award 2010

Markus Hennig — Wed, 20 Oct 2010 13:46:17 +0000

For the eighth time in a row, Astaro sponsored the yearly Cyberchampion award. Organized by Cyberforum, Germany’s largest network for IT companies, the award ceremony is presented during the "Hightech Enterpreneur Congress" to up-and-coming companies. This year, the event took place on 12th October 2010 in Karlsruhe, Germany.

This year, the winning slot in the category "High Potential" was awarded to Lumo Graphics for their outstanding work in the field of 3D visualization. Back in 2005, Astaro was the winner in the same category, which we considered a fine compliment and incentive for our progression over the years. We now feel it is important for us to engage with others, to bring forward their innovative ideas and to exchange them.

Founded in 1997 as a private-public partnership in Karlsruhe, the non-profit organization "CyberForum e.V." is, with over 800 members, the largest and most successful regional network for high-tech entrepreneurs in Germany. Under the motto "From the network for the network" experience, ideas and business knowledge are exchanged, discussed and implemented.

Astaro Between the Protagonists of ICT Security 2010

Monika Schraft — Wed, 20 Oct 2010 09:50:16 +0000

Much excitement and success was generated through the 2010 edition of the ICT Security event organized by Soiel. The event took place in four Italian cities: Rome on January 28th, Milan on February 16th, Bologna on May 19th and finally Padova on September 28th.

Astaro participated in all of the roadshow locations with a booth and a keynote speech during which, Gabriele Minniti, EMEA Presales Engineer at Astaro, introduced the Astaro RED and explained how this device can simplify VPN processes. This aroused great interest from many attendees.

Astaro is also due to participate at the ICT Days event in Soiel which will be held in southern Italy, in Bari, on the 16th and 17th November 2010.

Located in Italy, Soiel International regularly realizes congresses, seminars and workshops dedicated to security, targeting at end users, public administration representatives and system integrators.

Astaro 8.100 Beta Begins

Angelo Comazzetto — Tue, 19 Oct 2010 03:04:12 +0000

With the success of the ASG V8.000 launch, we will begin today the open Beta program for users which want to test the upcoming 8.100 release. The main focus of this version is to introduce the Wireless functionality of Astaro Access Points and Wifi controller into the V8 platform, along with other features and improvements. You are invited to test this version in your environement, and participate in our dedicated 8.100 Beta Forums to share your feedback, impressions, and report any bugs. Several Astaro staff will closely monitor and interact with the participants of this forum to ensure the best possible polish and quality of 8.100 for the GA release.

Several of the top contributers and testers will receive prizes for their efforts! You can win your own access point, Astaro RED device, or even an ASG appliance for personal home use. For all the details of the 8.100 Beta program, and information on the release itself, read on!

General Beta Information
Why Participate?
To try the latest features and new things before they are generally available! By installing our Beta software, you get the chance to see upcoming features and test new functionality a bit earlier than the general customer-base. In return, we gain valuable insight into various areas of the release which might not otherwise be uncovered during normal QA lab testing or via our own private test installations. This lets us offer releases with the quality you have come to expect from Astaro, and also lets us hear your impressions of our latest offerings so that we can continue to build the best products which our customers want to buy.

How to be a Beta tester:
It's simple. Just download the latest Beta ISO image via our continually updated forums post, burn it to a CD and install it to your ASG software installation or appliance. Please be sure to download the appropriate ISO. Once you are using the 8.100 Beta, you can continue to use Up2Date and install the next Beta releases for 8.100 without needing to re-install again. Just restore your backup file and you are up and running! We also plan to release a final Up2Date package at the end of the 8.100 Beta which will take your installation to the GA release of 8.100 without having to re-install again.

How you can contribute:
During the period of the Beta for 8.100, which will run until approximately late November, we would encourage you to post your impressions, feedback, bug reports, and all the associated things you like (or don't like!) in our offical 8.100 Beta forums. We will closely monitor and reply to threads and comments in this forum for the duration of the Beta. At the end of the Beta, we will reward our most active contributors; there are great prizes and rewards to be had!

Astaro Beta 8.100 Download Information:
For the first release of the Beta, version 8.050 is being made available. Future updates and releases will be communicated soley through the forums, so check there often for updates and news around the 8.100 release! You will find many answers to early questions, test license downloads, and general Beta information can be found in the launch overview for 8.100 here.

Links:
ASG ISO for Software/Virtual appliance installation:
ftp://ftp.astaro.de/pub/ASG/v8/beta/asg-8.050-36.1.iso
ISO size: 398M (416995328 bytes)
ISO md5sum: 37bb40b4a0673eeb18fab4496e4268d3
ISO sha1sum: ccbf74256a52e331ad21de6807a2f4c0f646b283

SSI ISO for Hardware appliance installation:
ftp://ftp.astaro.de/pub/ASG/v8/beta/ssi-8.050-36.1.iso
ISO size: 408M (427395072 bytes)
ISO md5sum: 8ca84673484f17bd8555dbc036637baa
ISO sha1sum: f6f20f428ec66cab1d932b41362001d4883df9f4

Feature Details:
Wireless
The Astaro Access Points (Astaro Access Points) are now supported in V8. There are no major differences in functionality between V7 and V8 in this area.

RED Transparent/Split Modes
RED Appliances now support a third operating mode: "Transparent / Split". In this mode, the ASG is not responsible as the gateway for the remote network behind the RED device (eg. it does not provide a DHCP server and is not the default gateway). Instead, all traffic per default goes transparently through RED through the existing Internet connection at the branch; only traffic for the destined for the networks at the main office behind the ASG (remote networks) will be redirected to the ASG. At RED Managment >> Deployment helper you can find a setup form for RED devices which gives a bit more context and help instead of the standard Add RED form, in a wizard-style approach.

Various Usability Improvements:

Improved Object Tables: Certain actions (delete, enable, and disable) can now be applied to multiple selected objects. Also, object tables can now be sorted by different attributes of objects.
Dashboard Links: Various parts of the Dashboard now allow you to directly jump to the relevant page in WebAdmin via the green arrows in the head lines. Also all the topics in "Current system configuration" are now linked to the respective page.
SMTP Profiles Redesign: SMTP profile configuration has been redesigned to be more in line with the rest of WebAdmin.
Streamlined Interface Setup: When creating or editing an interface object, per default not all the options are shown anymore. Some of the more advanced settings or rarely-used options are hidden by default.
Uplink Balancing Mixed Mode: In uplink balancing you don't have to choose anymore between either full multipath or failover. You can now define a default set of multipath interfaces and still define one or more fail over interfaces which will be activated if all the default interfaces fail. This can be useful if you have one line that is much slower or expensive than the others and should only be used as a very last resort.
HTTP Parent Proxy Routing: You can now define more than one parent proxy for the HTTP proxy at Web Security>>HTTP/S Profiles>>Parent Proxies. Each parent proxy can be limited to a list of hosts. At Web Security>>HTTP/S>>Advanced you can define the list of enabled parent proxies and the order in which they should be matched. This feature is useful if various destinations require different upstream proxy points, such as in Schools or Government environments.

Enjoy the 8.100 Beta!

Angelo Comazzetto
Astaro Product Manager

Astaro at the GITEX in Dubai

Monika Schraft — Tue, 19 Oct 2010 11:32:13 +0000

This week, we are on location at the GITEX TECHNOLOGY WEEK in Dubai which runs until 21st October 2010. The event is one of the world's most dynamic and influential ICT exhibitions and the platform for international professionals who do business across the Middle East, Africa, India and the South Asian markets. This year, GITEX is celebrating their 30th successful year – congratulations!

Astaro and our innovations are turning heads in the Zabeel Hall (booth ZL-B2) as are three of our partners and distributors. To get an overall impression of our engagement at the event, please view the image slideshow below. We have already discussed many interesting new projects with new visitors and look forward to the remaining days to come.

Wireless Security at the Athens Digital Week 2010

Amir Khawaja — Wed, 13 Oct 2010 10:42:54 +0000

In association with our Greek Distributor, Networks Systems Security (NSS), Astaro participated at the Athens Digital Week between 7th and 10th October 2010.

The Athens Digital Week is one of the biggest technology events in Greece which sees thousands of visitors yearly. The event is not only devoted to digital technology, but also showcases important innovations from around the world. Astaro presented it's new wireless security solution and also provided complete unified threat management protection for all wireless clients throughout the exhibition hall via the placement of seven AP 30 devices.

View the event slideshow below which includes a short video showing a flying drone controlled by an iPhone via the Astaro access points.

CLICK TO VIEW SLIDESHOW >

Please visit our website for more information about Astaro Access Points and Wireless Security.

The Best Security Suites for 2011

Jessica Pozerski — Wed, 06 Oct 2010 06:51:04 +0000

The latest edition of Astaro Security Gateway, version 8, has already been recognized by PC Magazine as one of the best security suites for home users in 2011. Our home use firewall is a fully equipped software version of the Astaro Security Gateway, available at no cost for home users - no strings attached.

Astaro Security Gateway features full Network, Web, Mail and Web Application Security with VPN functionality and protects up to 50 IP addresses. Read the full article here.

Astaro Security Gateway can do many things for your home network such as:

Increase your Internet Bandwidth - You can make easy use of multiple Internet connections at the same time, giving your home more bandwidth.
Protect your Kids Web Surfing Habits - Use Web Filtering to stop sites from infecting you with viruses and spyware, keep your kids from surfing to bad sites, and get full reporting on the activity in your home.
Solve your Spam Mail Problems - Use Mail Filtering to clean up your inbox and reduce the amount of spam you have to sift through using any POP3 or SMTP setup.
Access your Home Network from Anywhere - Dial in using Roadwarrior VPN access to securely use Remote Desktop, transfer files, and even print, from anywhere in the world, even from your iPhone.
Connect to Work or Friends - Create a permanent tunnel to other ASG devices, linking you with a friends network, or having the perfect encrypted link to your office Astaro to work from home!
Stop Viruses in Web and Email - Dual Scanning Engines stop viruses in file downloads, email attachments, and embedded in web sites. Astaro catches them at the gateway, before they can get in to assault your computers.
And a lot more...

Get your free home use version here!

Don’t Let Your Web Server Fall Victim to Sophisticated Malware

Gert Hansen — Tue, 05 Oct 2010 09:46:11 +0000

Recently, the micro-blogging service Twitter was a victim of different cross-site scripting (XSS) attacks. Malicious code had been distributed without the knowledge of its users via their accounts. Many people think such exploits are only a problem for large international companies, but the simple truth is that only incidents at large or well-known companies hit the media channels.

This does not mean that big companies are preferable targets for such attacks. Small and medium sized companies are easier targets, because they lack the necessary budget and know-how in order to protect themselves against sophisticated malware.

While today every company protects itself against attacks via e-mail, their web servers remain mostly unprotected. This aspect makes this type of vulnerability very interesting for hackers. In principle, every company that operates a web server and uses forms on their website, such as a contact form, is vulnerable.

What does it mean to be a victim of such an attack? The consequences can be severe. You may lose confidential customer and business partner data or infect visitors of your site with malicious code - just imagine your website giving out a virus to visitors for weeks without detection. Thus, immense damage can be caused to a third party - and you would have been responsible. In these cases, Google could detect the hack before you do, and mark your website as potentially dangerous in the search results. As a consequence, your corporate image will be damaged and you may lose much trust in your customer relationships.

Companies cannot afford to take no action against the vulnerabilities present in their web server. However, there are only two possibilities for a solution:

You personally learn how such attacks work and how to protect web applications against malware. Then try to make your web server and applications more secure. However, this is very time consuming and expensive, and also requires ongoing training.
You invest in a web application firewall, and place it in front of your web server. This is the faster solution, and it also requires less effort in the future.

Web servers already are popular targets for hackers, and this will only increase further with time.

Gert Hansen,
Vice President Product Management, Astaro

Up2Date 8.002 Released

Angelo Comazzetto — Fri, 01 Oct 2010 08:25:00 +0000

Today we have released ASG Up2Date 8.002. The main purpose of this release is to address the majority of the outstanding bugs which have been reported since 8.001, increasing the stability of your ASG V8 installation. For those still using Version 7, the 8.002 Up2Date will also act as the destination "landing" version for the upcoming one-touch V7-->V8 Hardware Appliance Upgrade which will be available as part of the ASG 7.508 Up2Date release in October. We will have more information on the appliance upgrade process for you at that time. Read on for the full details of this Up2Date.

The 8.002 release also adds a feature for having SMTP Footers which are configurable per-profile, allows for ASG to communicate with two Astaro Command Center installations simultaneously, and adds some new options and tweaks for Web Application Security (reverse proxy). The ACC feature is something many partners have asked for, since each ACC server can have different management permissions. In this way, partners can retain full management control of installations for their customers, while still letting the customer see and interact with their sites in a lesser way with reduced permissions (or vice-versa) using a second Astaro Command Center.

Lastly, for those anxiously awaiting the 8.100 Beta which will introduce V8-support for our newly released Wireless Access Points, this is currently planned to start near the end of October. Stay tuned for more information!

ASG Up2Date 8.002 Details

News:

Feature: SMTP Mail footer now configurable per-profile
Feature: Allow for two WAS SSL frontends with same (wildcard) SSL certificate to share a port
Feature: Option to pass the HTTP Host header through WAS untouched
Feature: Allow configuration of second ACC server (with different permissions)
Added: Support for Agere Systems ET-131x PCI-E Ethernet Controller

Remarks:

System will be rebooted
Configuration will be updated

Fixes:

[ID14416] ASG cannot join a Windows 2008 server domain when server is specified in WebAdmin
[ID14564] Packetfilter rule using Single Time Event does not get created
[ID14627] Local IP addresses counted for license check
[ID14699] Interface MTU settings not set correctly on HA slave
[ID14706] Packetfilter breaks if a rule used a big service group
[ID14712] ip-win32 dynamic option in the SSL Client Conf doesn't work with Linux, BSD, MAC OSX.
[ID14736] Email confidentiality footer gets injected in unsuitable email parts
[ID15119]: Fix Acc-Agent includes for IPSecSite2Site.pm
[ID15131]: Adapt ACC Single Sign-On to two ACC Servers

Download:
Link: ftp://ftp.astaro.de/pub/Astaro_Security_Gateway/v8/up2date/u2d-sys-8.002.tgz.gpg
Md5sum: 28f548cc270a392d063255e416cb7c42
Size: 106.764.278 bytes (Approx. 102 MB)

For the ASG 8.0 Release Notes click here.

Astaro Up2Date technology makes it easy to upgrade your Astaro Security Gateway to the latest version. There are two ways to apply an Up2Date package to the system:

Log on to WebAdmin, navigate to Management >> Up2Date >> Overview and use Update to latest version now to install the Firmware Up2Date. Click on the "Watch Up2Date Progress in new window" and an extra browser window will show the progress of the Up2Date installation. (The System administrator will receive a notification email once the Up2Date process has finished.)
Download the Up2Date package from our HTTP or FTP Server and install it under Management >> Up2Date >> Advanced:

Astaro AxG Up2Date Download Mirrors:

Feedback

If you want to provide feedback or want to discuss any of the ASG V8 features you should post it on our User Bulletin Board. Please take care to add always(!) the version you refer to (e.g. "[8.001] Web Application Security Question").
If you have any feedback on our help, manual, or any documentation (Online Help) please send it to docu@astaro.com.
There is also a demo server for public use: http://demo.astaro.com

(All Up2Dates are GNUPG-signed!)

Regards,

Angelo Comazzetto
ASG Product Manager

Why Stuxnet Is Special

Gert Hansen — Thu, 30 Sep 2010 09:25:00 +0000

The Stuxnet Trojan was a specifically targeted attack on computer control steering systems. It is presumed that the aim of the attacker was to spy on steering designs in addition to modifying their controls. We have been following the increase in espionage attacks over the last few months, differing from regular vandalism due to their intelligence and clear purpose, which are targeted not only against large companies, but also against our SMB customers.

Stuxnet uses four previously unknown exploits in Windows, not all of which have been patched by Microsoft to this day. To find even a single flaw in Windows requires immense know-how, time and effort, and hackers will happily invest their free time in these projects since such a Zeroday exploit is estimated at a quarter of a million Euros on the black market. The fact that the developers of Stuxnet detected four previously unknown exploits at once shows that we are not dealing with recreational hackers, but with people who have know-how and resources at hand – a dangerous combination.

The control systems in question that are targeted by Stuxnet are often not or insufficiently protected, as they have no connection to the Internet and work independently. Today however, we have to act on the assumption that any computer can be infected. Even if a computer has no direct access to the internet, as is often the case with control computers for production plants, it is still part of a network and connected to other systems. What is really clever with Stuxnet, is that the Trojan enters the corporate network at one point and then spreads further through its own initiative via the network using different methods. This process continues until it locates a computer that has installed the required software - in this case the WinCC.

A further problem is that manufacturers of industrial plants are on the same level in terms of security as Microsoft was ten years ago. Back then, Microsoft hardly paid attention to security. For industrial plants, their focus is on uninterrupted operation and security is secondary. An example: Even after learning about the Stuxnet infection, Siemens advised its customers not to change the default passwords in the system, as this could affect the ongoing operation of critical systems.

The security of a company is only as strong as its weakest link. Since divisions and sub networks are interconnected, it is not enough to look at parts of a company or to introduce different measures for different segments. For example, a minimum requirement is a company-wide password policy, which forbids the use of default passwords for the current operation.

Wireless Security without the Cutbacks!

Martin Becker — Thu, 30 Sep 2010 12:52:43 +0000

The use of wireless LANs has many advantages when compared to wired networks. For example, they allow employees to access important information via different mobile devices such as laptops and smart phones from anywhere within the organization, supporting their efficiency and productivity. Despite those advantages, many organizations are reluctant to invest in a wireless network infrastructure, as existing solutions are difficult to secure and complex to manage.

The most important aspect with the deployment of wireless networks is to make sure that the chosen solution fits seamlessly into the infrastructure in place, especially with firewalls and other security systems in mind. Otherwise, a company would make itself extremely vulnerable, because wireless networks don’t stop at the company’s gates. The list of possible attack scenarios is long, ranging from unauthorized connections with neighboring access points, simple electronic eavesdropping on insufficiently encrypted wireless signals through to denial-of-service attacks. All wireless LAN solutions used in the business environment must be able to respond to these problems.

The other important issue is manageability. As companies usually need more than one access point to offer wide-ranging wireless networking capabilities, each Wi-Fi solution needs to be checked for whether a high number of individual devices can be quickly and simply configured. In the recent past, so-called wireless LAN controller solutions have proven to do this job best. When taking this approach, the access points are no longer configured in the devices themselves, but in a central instance known as the wireless LAN controller. The controller authenticates the access points and gives them a suitable configuration. This enables the wireless LANs to be conveniently configured by a central location and any configuration changes simultaneously affect all access points.

Having had all of these requirements in mind, we came up with Astaro Wireless Security, which is an extension to Astaro Security Gateway, combining the comprehensive security of a UTM appliance with the benefits of a wireless LAN. Technically speaking, Astaro Wireless Security is a combination of a built-in wireless LAN controller that is integrated in Astaro Security Gateway and a new product line of Astaro access points, AP 10 and AP 30, which both support the latest wireless standard 802.11n and are suited for different office environments.

Astaro Wireless Security, which requires a valid wireless security subscription and will be available for the upcoming ASG version 7.508, protects all wireless clients and all wireless zones with the same high level of UTM security that is in place for devices connected via a wired LAN. The entire wireless traffic is forwarded to the Astaro Security Gateway, where it can be filtered for inappropriate content or scanned for viruses or other malicious software. Complete configuration, logging and troubleshooting of all wireless zones are performed within the Astaro Security Gateway; it even offers a central view of all connected wireless clients. And, as a special goody, setting up wireless guest Internet access is quite easy: a special wizard allows you to automatically create a wireless guest network with only a few clicks, providing Internet access to guests or visitors of your company without the risk of compromising the integrity of your internal network.

The Astaro access point appliances are now available. For more information, please click here.

Winners of the Astaro Orange Summer Photo Competition 2010

Monika Schraft — Fri, 24 Sep 2010 13:36:44 +0000

When we started our photo competition this summer for the first time, we were curious about what kind of pictures would be submitted. In retrospect, finding out about where and how the Astaro community spends their Orange Summer did not disappoint!

The community was invited to vote for their favorite picture in our gallery of submissions and the voting session closed on 22nd September 2010.

The Winning 5, who have each won a pair of RayBan sunglasses, can be seen below:

Click here to see the full gallery.

Thank you to all participants who shared their Orange Summer. We hope you enjoyed assembling your pair of original Astaro sunglasses and for producing some really innovative images for everyone to enjoy. Thanks also to all those who supported the participants by placing their votes. We are already looking forward to the Astaro Orange Summer 2011!

New product datasheets now available!

Amir Khawaja — Thu, 23 Sep 2010 11:49:40 +0000

Download the latest Astaro datasheets from our product information repository. Not only do we now have individual datasheets for each Astaro Security Gateway hardware model, but also a new PDF covering our Essential Firewall.

View all Datasheets

Seamless, Stressless, Wireless

Tim Cronin — Wed, 22 Sep 2010 14:41:45 +0000

It may be premature to see before December, but lately there have been some articles and forum posts across the Internet in which people debate how we haven’t really seen large advancements technology over the previous decade. The 60s had a cultural revolution and the Cold War, spawning the moon landings, ARPANET’s development and various leaps in technology. In the 70s the first general microprocessor was released and C was born. The 80s showed that home computing was possible along with the advent of GUI systems. The 90s showed that the internet was a huge player in commerce and mobile computing began with cell phones and Palm Pilots. What has this latest decade shown other than gizmos and gadgets?

The past decade was highly evolutionary. Everything became smaller and was packed with more software driven features. Because software is used on all sorts of gadgets, software security became a very big topic and one that we continue to explore. And of course, any device worth using daily is worth networking - wirelessly. Specifically, most multi-use devices will connect to wireless LANs. Add all of that together and we have a lot of wireless LANs that are in need of proper security. It is no longer enough to simply make a password for your access point and use some kind of encryption.

Security infrastructure must now be aware of wireless infrastructure and the two should be working together to provide a secure and useful wireless experience for the user. Enterprises have been at the forefront of this for a while, but it usually requires many routers, switches and access points (at least!) communicating properly. This adds a lot of overhead and manpower to installing, configuring and maintaining the entire infrastructure. This, in and of itself, is not a problem. However, the more complex a network becomes, the higher the likelihood that there is a misconfiguration that can cause a security incident. This is why it is important to have one device aware of the entire network, rather than relying on separate systems that control many different functions.

Most systems will have either a standalone access point/router or will have a wireless infrastructure system that centrally manages multiple access points. You then have to use a separate device to do your routing and firewalling and perhaps even a third (or more) to do proxying. Our flagship Astaro Security Gateway is about to get another great feature. It will act as a central wireless control point. You would now be able to configure your wireless devices and integrate them directly into your security configuration seamlessly. If you add this on with our new RED system, you can even centrally manage many sites’ wireless and security infrastructure from one system. This will greatly reduce the overhead incurred by having to learn multiple systems, install and maintain them. In a word, it becomes easy.

In the end, history will tell us what this past decade’s milestones truly were. Perhaps we will look on the decade and remember getting our hands on our first touch screen device. Maybe it will be about mass marketing gadgets rather than full computing platforms. I know that I will be remembering how wireless technology began to take off. I will also remember being part of a team that helped make it easier on everybody.

“Why blame Google? Anyone can collect WiFi data these days!”

Gert Hansen — Mon, 20 Sep 2010 14:37:51 +0000

An opinion piece regarding Google collecting WiFi data by Astaro's Gert Hansen was published in SC Magazine:

Google data collection scandal reveals careless approach to security at WiFi access points

The news that Google saves unencrypted content from WiFi networks as it collects data for its Street View mapping service is creating an uproar among the public. More and more data protection specialists are leveling harsh criticism at the company. Wrongly so, what is so alarming about the Google WiFi scandal is not the fact that data was collected. The central problem lies elsewhere. There are numerous unprotected WiFi networks in the United States and the Google issue has made people aware of how carelessly they treat their data on a day-to-day basis. The fact is Google did not ‘hack into’ any of these networks, nor did it access this data through illegal methods. The Street View cars simply collected data that was, metaphorically speaking, ‘floating around in the air’ already. In any case, the company did no more with this data than save it. Anyone with a reasonable grasp of technology can collect WiFi data these days!

Easier for private households
It is not difficult to protect wireless access points. In recent years, many manufacturers have marketed secure consumer solutions aimed specifically at private households, which can be configured at the touch of a button. However, it is not so simple for businesses. They have different requirements and enterprise wireless security solutions are generally still inflexible, expensive and complex. As a result, companies either forego WiFi altogether, despite its business benefits or they rely on cheaper consumer solutions. This can be dangerous, as these versions naturally provide a much lower level of security than enterprise solutions.

One size doesn't fit all
An enterprise solution should be able to do more than manage an access point centrally, for example. It should also be able to support strict authentication in relation to Active Directory, for instance. Secure, convenient guest access is also a standard feature of an enterprise solution. If a company opts for a consumer product, there is no guarantee that it can be securely integrated with the operating environment and the security policy. It is particularly important to ensure that a WiFi security solution fits seamlessly into the security infrastructure in place, including features such as the firewall, VPN, and content filter.

There are means of securing WiFi access points. The next few months will see major progress in the development of simple, affordable enterprise solutions. For instance, in the third quarter, we plan to release Astaro Wireless Security, a plug-and-play WiFi security solution that is quick to install, can be managed centrally, and provides all the necessary security functions.

From a security perspective, it is less important to ask whether Google was right or wrong to collect data. Instead, WiFi users should ask themselves whether they wish to continue to leave their poorly protected or even unencrypted data ‘lying around’ or whether they would rather take action to prevent others from accessing it.

For some – working from home is a requirement not a benefit

Jack Daniel — Wed, 15 Sep 2010 15:55:38 +0000

For many employees working from home is a perk. Their employer allows them to work from home 1-3 days a week reducing their commuting costs and removing the hassle of going into the office five days a week. In return the employer is said to receive higher productivity from the employee, reduced real estate and utility costs.

It is much too early to determine what the recession has done to telecommuting but the conventional wisdom is that it has greatly increased telecommuting. In 2009 27.5% of US employees were able to work remotely 1-3 days a week. This number is far from the majority but has grown from 25% the previous year.

Some employers are still resistant to allowing their employees to work from remote offices – far from the eyes of management. For many managers the concept of telecommuting conjures images of employees in their pajamas doing dishes and laundry and only periodically checking email so they appear to be working. For companies with managers who have this point of view, remote working will never become a reality.

While telecommuting may be a bonus benefit for some employees, there are some professions where working from home isn’t a benefit or even a privilege but a requirement above the normal 40 hour work week. Doctors, attorneys and other professionals who put work a full week in the office often have to take work home with them in order to keep up with flow of work. Doctors do paper work at home so they can see more patients during the day and lawyers are judged on how many billable hours the work so they often work even when at home.

Just like organizations that allow employees to work from home as a perk, healthcare facilities and law offices must provide doctors and lawyers with a secure connection to the office. For the occasional telecommuter a VPN connection is sufficient. However a simple VPN connection may not be enough o connect and secure a doctor’s or lawyer’s home. Actually, one could argue that it is even more important for these professions to have secure connections due to the sensitive and private information they work with. As educated and intelligent as most doctors and lawyers are, many of them do not have the technical expertise or the time needed to set up and then manage a Unified Threat Management device at their home. They simply aren’t security experts, nor should they have to be.

This is where products like Astaro RED come in. South Carolina Law Firm Turner Padget Graham & Laney was able to overcome the challenge of having lawyers connect from remote locations to the main office by using Astaro RED. You can read more about this here.

To learn more about Astaro RED and other product from Astaro (like Astaro Mail Archiving, Astaro Wireless Security and Astaro Security Gateway) visit booth #629 at Interop.

ASG V8 Appliance Upgrade Date

Angelo Comazzetto — Wed, 15 Sep 2010 20:23:20 +0000

Greetings. In some previous postings and communcations for Astaro Security Gateway Version 8, we indicated that we would make available a one-touch upgrade for ASG Hardware Appliances. This feature allows existing installations to easily move from Version 7 to the new Version 8 without the need to re-install manually. For the information of our customers and partners, this feature will very shortly be made available. We will first release ASG V8.002 as a soft-release* on Thursday, September 16th. Read on for the rest of the dates and details.

Full distribution of 8.002 is scheduled for September 30th. After 8.002 is made available, 7.508 will then be issued. Soft-release will be on September 30th, with Up2Date generally available on approximately October 7th. This release, (amongst other things), will add the one-touch upgrade to V8 for all ASG V7 Hardware Appliance installations. More information will follow as the Up2Date packages are made available.

*Our soft-release process sees Up2Dates posted on our FTP for manual installation, followed by the GA "push" via our Up2Date infrastructure approximately 1-2 weeks later. The UBB at www.astaro.org is where soft-release announcements are made).

How to Use Social Networks at Schools

Jessica Pozerski — Wed, 08 Sep 2010 19:42:58 +0000

Facebook, Twitter, email and other online social networks play a major part in the lives of today’s youth. Students as young as kindergarten have cell phones that can access the Internet and students expect to have access to this online world at all times. Technology, especially social network sites, can distract students from classroom activities; however they can also be used for educational purposes.

Finding the right balance between acceptable use and what is unacceptable use in schools can be a difficult task for school administrators. However, technologies designed for network security can help schools take advantage of these technologies while ensuring students aren’t districted while in class.

Educators across the country have done their best to both curb the use of distracting technologies while in class and to find ways to integrate the Internet into their curriculum all while shielding students from the more unsavory aspects of this technology. Nowhere is this delicate balancing act tested and more difficult than with social media sites. These sites do have value in the classroom, but they can also be a forum for inappropriate discussions and a classroom distraction. The question is; how can school administrators walk the line between using these tools for education and making sure students aren’t using them inappropriately?

It is clear social media sites like Facebook and MySpace should be blocked at school during class hours – but what about after and before school hours? Should teachers and administrative staff be allowed to access these sites while students are blocked? The answers to these questions are less clear. Perhaps educators have a legitimate educational use for Facebook or MySpace. Teachers can post new assignments and educational information on their pages for students to reference when they are home. Administrative staff can post school closings and events on their school Facebook group page. These are both reasons why staff should have access to social networking sites while on campus. Engaging students has always been a challenge, but in today’s world where students crave constant stimulation it has become even more difficult. Since most students have access to social networking sites at home, using social networking sites can help engage students by using a medium they already trust and want to use. However, these sites can be distracting to students when they are in computer labs or using computers in the classroom. For this reason it is wise to block student access to social networking sites on campus, while allowing faculty and staff to use these tools. If a school does not feel comfortable using social networks in this way, that is fine. The most important thing a school can do is set up clear policies and make sure everyone, students and faculty alike, are aware of what is considered acceptable use.

In addition to acting as a potential distraction, social networking sites also have the potential to harm a school’s network. Reports show that most network breaches originate from social networks. As human beings we are programmed to trust others and children are the most trusting people of all. Over the years we have learned that unsolicited emails may contain viruses or phishing attempts so we are less likely to fall for these scams than we once were. But social networking is relatively new compared to email. Additionally, the concept behind these sites; free information, creating a worldwide community of people interested in similar topics, connecting to friends, means we are more likely to let our guard down. We will click on links about “making money from home” if it is posted on our friend’s profile. Thus, allowing access to these useful and fun sites can put a school’s network at risk, while restricting access can limit opportunities to connect with students.

So what is the answer? Using content filtering technologies schools can create user groups and allow access to these sites based on what is appropriate for each group. For example, schools can ensure that student access to these sites is limited to acceptable times of day, such as before or after school hours. At the same time, schools can provide teachers and administrative staff with access based on their needs as educators so they can utilize these tools for educational purposes. To combat the threat of malicious content on these sites, these same content filtering technologies can block access to URLs that users may try to access that have suspicious code or are known to have malware.

Content filtering technology will prevent access to social networking sites when it isn’t appropriate and help prevent network breaches. But schools shouldn’t end their preventative measures there. With the ubiquity of the Internet it is in schools best interests, and perhaps partially their responsibility, to teach students Internet safety. Technology or science classes should include Internet safety into their curriculum or schools should invite experts to speak to students, and teachers, about how to avoid the types of threats they may encounter online. Because students are often more technology savvy than even their teachers, administrators and faculty at schools should also have periodic updates about the latest threats and trends on these sites.

The combination of content filtering and education will help schools and students use social media to increase their educational opportunities while continuing to protect students, teachers and the network from the dangers of the Internet.

Astaro IPsec Client V10.23 released

Udo Kerst — Tue, 07 Sep 2010 14:24:01 +0000

This new release adds FIPS certification and provides some bug fixes.

New Features

The new release V10.23 of the Astaro IPsec Client offers the following major new features against the Astaro IPsec Client version 10.22 (and against version 9.22 of the Astaro Secure Client):

FIPS inside
The IPsec Client has a cryptographic algorithm according to the FIPS standard. The embedded cryptographic module is validated according to FIPS 140-2 (certificate #1051).

FIPS compatibility is always given if the following algorithms are used for set up and encryption of the IPsec connection:

DH Group: Group 2 or higher (DH starting from a length of 1024 Bit)
Hash Algorithms: SHA1, SHA 256, SHA 384, or SHA 512 Bit
Encryption Algorithms: AES with 128, 192 and 256 Bit or Triple DES

Fixes
With Windows 7 data could not be exchanged via a VPN tunnel if the internet connection was using UMTS or mobile broadband but had not been established by the Astaro IPsec client. This has been fixed.

---------------------

IMPORTANT NOTE:
Starting with Release 10.22 the following features are no longer included with the Astaro IPsec Client:

Connection to 3rd party gateways (except Astaro)
Integrated Dialing and Wi-Fi support
Pre-Logon, Logon Options
Hotspot-Logon
Integrated dynamic Personal Firewall
Link-Firewall
EAP
IPsec compression
Configurable UDP-encapsulation options
Budget Manager
Tips of the day

How to update your client software

There are two ways for updating your client:

Start the Astaro IPsec Client Monitor on your desktop. On the menu select "Help -> Search for New Updates". Click "Next" on the upcoming "Software Update Wizard" window. The client will now automatically search for new updates. If a newer version is found, you can click on the "Next" button to start the automatic installation immediately.
Use MyAstaro to download the new client software from our HTTP or FTP Server. When installing the new software an already existing version will be recognized and updated accordingly.

If you want an evaluation copy of Astaro IPsec Client, go to MyAstaro and complete a short form to create a MyAstaro account. You will then be taken to a screen where you can download a 30-day evaluation version of Astaro IPsec Client.

License information

For using the new features you either need to have a valid V9.2 or V10.2 license.

If your license has a lower version number then you can upgrade it to a V10.2 license by purchasing a one-time update license, which allows updating of an existing license by one or two releases. When purchasing the license you'll receive an activation key which must be applied to your existing license within MyAstaro. You'll then be offered a new file for download including the key that needs to be entered into your client.

For more information please visit our website.
Your Product Management Team

Meet the |Bloggers!|

Amir Khawaja — Fri, 03 Sep 2010 22:00:00 +0000

The Astaro Blog is updated regularly by our team of engaged enthusiasts, who are specialists in their particular area. Learn more about our bloggers below.

Jan Hichert, Sr. Vice President & General Manager, Network Security

has led Astaro since the company was founded in early 2000. Before Astaro, Jan consulted with software vendors and internet service providers on IT security and open source business models. Jan studied business at the University of St. Gallen and computer science at the Technical University of Karlsruhe before becoming an entrepreneur.

Gert Hansen, Chief Software Architect, Network Security

co-founded Astaro in early 2000. He was previously with the Internet service provider Plannet Systems and also co-founded the web development company Timenet, collecting extensive experience in both technology and entrepreneurship. Gert studied computer science at the Technical University of Karlsruhe. At Astaro, Gert is responsible for product strategy and software design.

Markus Hennig, Chief Technology Officer, Network Security

co-founded Astaro in early 2000. Markus has over ten years of experience in open source and network security and is an active member of the Linux community. In his previous career, he was Chief Technology Officer of the Internet service provider Plannet Systems where he built up the company's managed security business. Markus studied computer science at the Technical University of Karlsruhe. At Astaro, Markus is responsible for research, new technologies and new products.

Udo Kerst, Sr. Product Manager,

joined Astaro in 2005 and is responsible for the coordination of Astaro's Product Management activities. Udo has over 20 years experience within the IT industry. Before joining Astaro, Udo held various management roles within solutions marketing, systems engineering and consulting at Nortel Networks, Bay Networks and Retix. Udo studied Computer Science at the Technical University of Karlsruhe.

Angelo Comazzetto, Product Manager,

has spent the last years educating customers on the best ways to apply Astaro technology to their networks. With over 12 years of technical experience and a strong speaking background, Angelo specializes in ensuring that customers get the most out of their Astaro products. He can be found speaking at various events, and also crafts videos and technical publications found online. Angelo holds Bachelor's of Science Degrees from the DeVry Institute of Technology in Business Information Systems and Business Administration.

Eric Begóc, Product Manager,

is with Astaro since beginning of 2008. He was previously with the security provider GROUP Technologies collecting extensive experience in e-mail security and archiving technology. With more than 15 year of project and product experience in the IT business, Eric today is responsible for the Astaro Mail Archiving product.

Joerg Schindler, PR Manager,

is the Public Relations Manager for Astaro in EMEA. Within this role, he coordinates communication topics such as social media, press releases and interviews. Moreover, he manages the internal communication strategy and information flow among the international offices via the headquarter location in Karlsruhe. In his previous jobs, he gained experience as editor in chief for a Consumer Software trade magazine and PR Manager in the Interactive Entertainment industry.

Jessica Lavery-Pozerski, Marketing Manager,

is the Public Relations Manager for Astaro in the United States. In this role she is responsible for the development and execution of Astaro’s US communications strategy both internally and externally. Her main areas of interest include the use of social media and emerging communication tools for the use in corporate communications. Jessica holds a Bachelor of Arts in Corporate Communications from Newbury College.

Kathrin Moeschle, Marketing Manager,

started with Astaro in September 2010. In her previous job, she gained a deep insight into marketing hosted solutions. At Astaro, her key responsibilities are to ensure that the new, online based service, Astaro Mail Archiving, enters the market smoothly and also to conduct partner and customer targeted marketing activities.

Bill Prout, Sales Engineer,

is responsible for speaking with potential customers to help determine their exact network security needs. He got his start in Information Security more than 15 years ago while serving with the United States military. Since that time he has held a variety of technical positions in network security and architecture, and has worked with organizations such as EDS, Thompson Financial, Merrill Lynch and the City of New York. Bill serves as a product expert for Astaro’s partners and customers, and is a frequent speaker at security events.

Charles Tracey, Sales Engineer,

presents and supports Astaro Security Gateways. Charles joined Astaro in 2007 after 10 years as a network manager for a manufacturing company where he managed a WAN area network that included separate firewalls, web filters, spam filters and intrusions protection devices. He has recently been involved in rolling out the Astaro Command Center, a central management tool. He started in IT connecting Engineer Departments to Ethernet networks for large files transfers after the floppy shuffle became less than popular.

Status Update - Software error in old Astaro versions

Richard Walford — Mon, 30 Aug 2010 22:00:00 +0000

As previously communicated, on Friday August 27th we released a pattern which includes a fix for the y2k38 issue for all "old" versions (ie earlier than 7.507 and 8.001).

This fix was applied successfully by the pattern script, but the script had the unwanted side effect of removing a directory on the disk. This directory contains some temporary data used internally by the Astaro system and also, on version 7 systems, it contains a copy of some system libraries. These libraries were replaced by another pattern which was delivered approximately 2-3 hours later (depending on the version running).

Most customers and systems should not have experienced any issue. The system was correctly patched and the y2k38 problem has be circumvented.

However, the loss of temporary data meant that HA systems appeared to have lost the link between master and slave. In fact, they have not and the HA system is working normally, but WebAdmin does not show the correct status. This issue has, in almost most cases, been resolved either by rebooting the system or by an additional pattern which has been delivered on Monday and Tuesday (depending on the version). Although working correctly, we recommend that HA systems are rebooted at the next available maintenance window.

If a license was uploaded during the 2-3 hour period, then the new license was not recognised (because of a missing library) and the system reverted to a trial license. Uploading a new license once the library was replaced corrected this.

If the system was rebooted during the 2-3 hour period, the Astaro system fails to start. It was then necessary to log on through the console and manually recreate the missing directory and copy the missing libraries.

I and my team are clearly embarrassed to have to report such a situation and we sincerely hope that you have not been too inconvenienced by this issue. I understand that this is not an acceptable level of quality and that you should, and do, expect better from Astaro. We need to earn your trust and have therefore immediately made some changes to our software delivery process to eliminate these mistakes and ensure that in future we do meet your expectations as a partner.

Regards,
Richard Walford

Extended Mail Archiving Trial Still Available!

Eric Begoc — Mon, 30 Aug 2010 06:00:00 +0000

If you are looking for a quick and effective way to archive your business e-mails, then you should take a look at our new hosted solution Astaro Mail Archiving.

Why archive e-mail?
Mailbox servers often suffer from the heavy load of growing e-mail traffic and administrators struggle with mailbox quotas and user storage demands. Employees laboriously sift through their mails sorted in inbox folders, trying to retrieve lost communication.

Astaro Mail Archiving puts an end to these pains:

It seamlessly integrates into existing messaging environments
It is ready to use in 15 minutes
It requires minimal administration

++ Exclusive Mail Archiving Kick-Start Promotion ++

For our existing Astaro customers with a valid license for Astaro Security Gateway, we offer an extended trial license expiring November 30th, 2010 for the use of Astaro Mail Archiving with up to 100 users.

Please register here: http://www.astaro.com/resources/astaro-mail-archiving/register.

Or contact your local Astaro Reseller for more information.

Updated Astaro Command Center Datasheets

Amir Khawaja — Mon, 30 Aug 2010 10:00:00 +0000

The Astaro Command Center datasheet has been updated for the latest version with the newest product information.

Download your copy in our Product Information PDF section of the Astaro website.

View all Datasheets

Software error in old Astaro versions - update required

Gert Hansen — Wed, 25 Aug 2010 03:00:00 +0000

Dear Astaro Partners and Customers,

We work constantly to ensure all our customers' networks are secure and connected no matter what version of the Astaro Security Gateway they are running. This is why we wanted to inform our partners and customers of an upcoming software challenge we have identified that may affect installations using older versions of the Astaro Security Gateway.

Please read below:

What is the issue?
How can this issue be resolved?
What can I do if I have a problem on Sept. 4th?
Detailed "What should I do?" Workflow

In case you have any questions, don't hesitate to contact your usual Astaro representative.

Kind regards,
Your Astaro Team

-----------------------------------

What is the issue?
Astaro products use so called X.509 certificates (think of it as a kind of digital passport - see Wikipedia) internally for VPN, Astaro RED, Mail Encryption, WebGUI and a few more areas. Such certificates are only valid for a limited amount of time and we chose to set the expiration date far into the future (>27,4 years into the future) to be sure that our customers do not experience problems with expiring certificates.

Unfortunately, we now will stumble upon a common problem known as the "Year 2038 Problem" or the "Unix Millennium Bug" (Wikipedia). Starting September 4th, 2010 the expiration date of newly created CA-certificates will be beyond Jan 19th 2038, and therefore will be invalid.

Running installations are unlikely to experience any issues, as only a few very specific and rarely used administrator actions will trigger this issue. But installing new Astaro products with software versions 7.506 and older after Sept. 4th will not work, as the initial setup will fail. Please read the "Detailed Workflow" below for more information.

How can this issue be resolved?
Update to the latest version!

The issue has been fixed with the Up2Dates 7.507 and 8.001 which were released August 13th and all existing customers should update to this version before September 4th in order to be safe. Partners and Customers who still have Astaro Appliances in stock must reinstall them with version 7.507 or 8.001 prior setup or shipment.

All Astaro downloads and un-shipped units in the warehouse have been updated! New installation images can be found here http://download.astaro.com/.

What can I do if I a have a problem on Sept. 4th?
In order to ensure that all Astaro customers receive all the help they need, all Astaro customers are entitled to call the Astaro Support Hotline directly and we are on standby for you over the whole weekend (September 4th / 5th).

If you need help, please contact your nearest location: http://www.astaro.com/support/support-hotline

Detailed "What should I do?" Workflow
Below you find all possible conditions an Astaro installation can be in and a recommendation on what should be done: (The same procedures apply for AWG/AMG/ACC installations)

ASG is running at Version 7.507 or 8.001
These customers have no problems, and do not need to do anything.

ASG is running Version 7.506 or earlier, or 8.000
These customers will experience no issues during "normal" operation, however certain actions after September 4th will trigger the problem:

Performing a factory reset will cause subsequent initial setup process to fail, which leads to no access to WebAdmin. Regenerating a Certificate Authority (like for the HTTP/S proxy, WebAdmin, or VPN/ Remote Access) will cause the problem. Certificates created using that new CA are invalid.
Activating mail encryption or Astaro RED for the first time will cause the problem. Activating the feature will fail.
Solution: Up2Date or reinstall to 7.507 or 8.001 before September 4th.

Customers which re-install their ASG/ACC using an old ISO image
These customers will have an affected installation and be in the same situation as outlined above.

Solution: Reinstall the system with the latest ISO image (7.507+ or 8.001+) which can be found at http://download.astaro.com

Partners with appliances in stock with ASG Versions 7.506 or earlier, or 8.000
These boxes are affected. Installing them after September 4th will cause the initial setup process to fail, which leads to no access to WebAdmin. Solution: Partner must update their ASG Appliances using a CD-Rom or Astaro Smart Installer before shipping to customer.

ACC is running at Version 2.200 or earlier
These customers will experience some issues.
Solution: Up2Date to 2.201, which will be released on or around August 27th.

Installations which are unable/unwilling to Up2Date to 7.507 or 8.001 or 2.201
We recommend upgrading to 7.507 or 8.001, but in case this is impossible we will provide a solution for these installations via our Pattern Up2date mechanism:

1. The unit must be online and connected to the internet
2. The customer needs to have a valid maintenance subscription
3. Pattern download/installation interval setting must not be set to "Manual"

The system searches regularly for updates and installs them automatically. After the pattern has been applied, the issue will be fixed.
All installations using 7.506 or earlier and V8.000 will receive this fix. You can easily check if this fix has been applied to your installation by checking the "Pattern Version" on the ASG dashboard. If the pattern version is greater than or equal to 20,000 than the fix has been applied.

We plan to start distributing the pattern on or around August 26th.
Solution: Do nothing and check the pattern version beginning of September.

In case you have any questions, don't hesitate to contact your usual Astaro representative.

Best regards,
Your Astaro Team

Astaro Command Center Up2Date 2.201 Released

Angelo Comazzetto — Tue, 24 Aug 2010 04:05:00 +0000

Today Astaro Command Center has been updated to 2.201. This up2date will address the UNIX time issue which was previously solved and distributed for ASG, and is the only fix in this release.

For ACC 2.201, we have new ISO images and the Up2Date itself available for download from our FTP and mirriors. Of course, our Up2Date infrastructure will distribute the package to you. New VMware and Astaro Smart Installer images will be available in approximately the next 24 hours.

Official Details

Remarks:

System will be rebooted

News:

This Up2Date should be applied before end of August 2010

Fixes:

Fix [14883] Overflow in certificate creation will cause invalid certificates

Up2Date Package:
Size: 8,147,009 bytes
Md5: db37f0c76df9a4abdd5547c60dc3d675
FTP: ftp://ftp.astaro.de/pub/ACC/v2/up2date/

Software Appliance ISO Image:
Size: 611,086,336 bytes
Md5: 9fa4ee88a8b3e0fd585202e956a2246b
FTP : ftp://ftp.astaro.de/pub/ACC/v2/software_appliance/iso/

Hardware Appliance ISO Image:
Size: 615,235,584 bytes
Md5: a8db4aed5734b8fb874f219517f1b455
FTP : ftp://ftp.astaro.de/pub/ACC/v2/hardware_appliance/iso/

Feedback

If you want to provide feedback or want to discuss any of the ACC V2.2 features you should post it on our User Bulletin Board. Please take care to add always(!) the version you refer to (e.g. "[2.200] World Map Labelling").
If you have any feedback on our help, manual, or any documentation (Online Help) please send it to docu@astaro.com.
There is also a demo server: http://demo.astaro.com

(All Up2Dates are GNUPG-signed!)

Regards,
The Astaro Product Management Team

Interview with Data Integrity Services

Jessica Pozerski — Tue, 24 Aug 2010 00:12:00 +0000

Community Development Manager, Jack Daniel, meet with Sam Heard of Data Integrity Services to discuss their partnership with Astaro.

The resulting interview can be heard here: www.astaro.com/webinars/data-integrity-podcast.mp3

The True Role of Support - not just fixing problems

Jessica Pozerski — Thu, 19 Aug 2010 02:14:00 +0000

I imagine that minutes after the first computer program was created the first support team was born. Over the years the association between support departments and fixing troubleshooting customer issues has become so strong that many (even some in support) believe this is the only responsibility of the support team.

As a result support teams at many technology companies have scored poorly on customer satisfaction surveys. Why? Because they end up only interacting with customers when they are having a problem and are angry. Here are some ways support departments can

Focus on education first
I hate to say it, but a lot of times the issues our customers are having are not because our products didn't work correctly. It is because they were not properly trained on how to set up, configure or maintain the product. This is the support team's responsibility Just as much as it is the sales team or the customer's. Support teams that create ways for customers to educate themselves have a better chance of having customers that rate the support team favorably.

One way Astaro is doing this is by creating a Knowledge base for customers and partners. This Knowledge base will house articles about Astaro product written by Astaro's support team and partners. These articles will explain how to overcome common issues, ways to configure Astaro products and more.

Communication is key
Of course part of education is communication. Support teams should communicate any issues the company's product is having, along with the solution quickly and accurately. Additionally, when product upgrades or enhancements are made, the vendor should create alert systems for the customers along with links to information about the new features.

Like most organizations Astaro has had issues where we needed to communicate to our entire customer base at once. Unfortunately, there wasn't a system in place to do this quickly outside of email. As a result we began developing a unique alert system for our partners using SMS messages. The system is still in the works but we foresee it being a helpful communication tool

Empower your customers
Another way to improve Support services is by empowering them. Make your customers feel as if they have the power to solve their own issues without support, and can to help solve the problems of others. Astaro has a user forum where customers, partners and Astaro employees can discuss issues they are having, talk about unique applications of the product or answer the questions of others. This forum is open to user regardless of their support level status and has a very active community. Even some of Astaro's executives respond to questions from time to time.

Why is this important? It makes your customers feel heard and respected. It also gives them an opportunity to share they knowledge they already have. And when Astaro's Vice President of Product Management responds to your query it lets you know the company is listening.

Keeping these concepts in mind will help organizations understand that if they use their support team for more than just speaking with customers in need of assistance the entire organization will be better off. Support should be a proactive department, just like any other department in your organization.

Up2Date 7.507 Released

Angelo Comazzetto — Fri, 13 Aug 2010 04:10:00 +0000

We have released Up2Date 7.507 for ASG installations to address an issue around Unix Time which can affect the use of certificates, and thus your ASG installation. This up2date package should be applied before the end of August if possible.

ASG uses certificates for different purposes (such as for each user that is created) and CAs (certificate authorities) for signing the certificates mentioned before. When performing the initial setup, some CAs as well as the admin certificate are generated.

When passing a certain point in time the theoretical end-date for our certs and CAs is beyond 19 January 2038 which will cause trouble to the system as the end-date of a cert/CA must not be before the start-date.

*SUMMARY NOTICE*
Any and all systems which have this up2date applied before the end of August 2010 will be completely free from troubles or consequences as a result of this global Linux/Unix issue. If you apply it, you can avoid needing to educate yourself further.

For units which are not updated before then, we will issue a single fix for this bug via a specially crafted pattern Up2Date as well, which will be automatically patched/applied without updating the firmware version.

If you would like more education on this issue, you can read more about it here via Wikipedia's entry: Year 2038 problem.

Official Details

Remarks:

Configuration will not be upgraded
System will be rebooted

News:

This Up2Date should be applied before end of August 2010

Fixes:

Fix [14657] Overflow in certificate creation will cause invalid certificates

Manual Package Download Information

Link: ftp://ftp.astaro.de/pub/ASG/v7/up2date/u2d-sys-7.507.tgz.gpg
Md5: 321e9f87525bc36dcfdd9531a6a1e5a0
Size: 8,147,144 bytes (Approx 8MB)

Astaro Up2Date technology makes it easy to upgrade your installed Astaro Security Gateway to the latest version. There are two ways to apply an Up2Date package to the system:

1) Log on to WebAdmin, navigate to Management >> Up2Date >> Overview and use Update to latest version now to install the Firmware Up2Date. Click on the "Watch Up2Date Progress in new window" and an extra browser window will show the progress of the Up2Date installation. (The System administrator will receive a notification email once the Up2Date process has finished.)

2) Download the Up2Date package from our HTTP or FTP Server and install it under Management >> Up2Date >> Advanced:

Astaro AxG Up2Date Download Mirrors:

Feedback

If you want to provide feedback or want to discuss any of the ASG V7 features you should post it on our User Bulletin Board. Please take care to add always(!) the version you refer to (e.g. "[7.507] Astaro Web Content Filter Profiles Question").
If you have any feedback on our help, manual, or any documentation (Online Help) please send it to docu@astaro.com.
There is also a demo server: http://demo.astaro.com (All Up2Dates are GNUPG-signed!)

Regards,
The Astaro Product Management Team

Up2Date 8.001 Released

Angelo Comazzetto — Fri, 13 Aug 2010 04:52:00 +0000

Our first Up2Date package for the new Astaro Security Gateway Version 8 is ready for distribution. Version 8 has enjoyed significant popularity in the past month, with thousands of new and existing customers experiencing V8's features and stability.

You will find 8.001 available for install via Up2Date on your installation. Mainly a bug fix release, this package will enhance the stability and operation of ASG V8, and addresses an issue with Unix time affecting certificates. Read on for the full details of this Up2Date.

This release fixes some bugs with how Web Application Security handles connections for protection of Outlook Web Access servers, optimizing that communication. We have also adjusted the very popular Country Blocking to ensure traffic can flow to essential Astaro Internet resources (Eg. RED provisioning servers, global email scanning repositories etc.) so that your blocking choices won't interfere with ASG operations. In addition, some other bugs were addressed and some hardware glitches for our software users and their platforms of choice were solved.

On addressing the Unix Time issue:
ASG uses certificates for different purposes (such as for each user that is created) and CAs (certificate authorities) for signing the certificates mentioned before. When performing the initial setup, some CAs as well as the admin certificate are generated.

If you would like more education on this issue, you can read more about it here via Wikipedia's entry: Year 2038 problem.

Official Details

Download Information
Link: ftp://ftp.astaro.de/pub/ASG/v8/up2date/u2d-sys-8.001.tgz.gpg
Size: 81MB
MD5Sum: eaf81f4137425f04fd6a512f7e6285ec

Remarks:

System will be rebooted.
Configuration will be updated.
HTTP Proxy cache will deleted.

News:

This Up2Date should be applied before end of August 2010
Added: HTML rewriting in Web Application Firewall.
Fixed: Country based blocking can no longer block essential ASG functionality.
Added exceptions for spam scanning servers, ACC, notification smarthost, NTP servers, and SNMP trap sinks.

Fixes:

[14688]: UNIX Epoch ends in 9999 days, so certificates cannot last longer
[14364] ASG does not use ESMTP for "Skip TLS negotiation hosts"
[14400] WAF disabled in predefined reverse proxy profiles
[14427] No successful boot with Perc H200
[14469] Country Blocking blocks essential services
[14519] GRUB fails to install properly on some HP servers
[14637]: Bridge interface gets unresponsive after change of IP addresses
[14735]: ASG 625a with versions 8 and 8.001 recognizing NIC order wrong
[14759]: Setting system time forward causes WebAdmin to get unresponsive for a while

For the ASG 8.0 Release Notes click here.

Astaro Up2Date technology makes it easy to upgrade your Astaro Security Gateway to the latest version.

There are two ways to apply an Up2Date package to the system:

2) Download the Up2Date package from our HTTP or FTP Server and install it under Management >> Up2Date >> Advanced:

Astaro AxG Up2Date Download Mirrors:

Feedback

If you want to provide feedback or want to discuss any of the ASG V8 features you should post it on our User Bulletin Board. Please take care to add always(!) the version you refer to (e.g. "[8.001] WAN Link Balancing Question").
If you have any feedback on our help, manual, or any documentation (Online Help) please send it to docu@astaro.com.
There is also a demo server for public use: http://demo.astaro.com

(All Up2Dates are GNUPG-signed!)

Regards,
The Astaro Product Management Team

Building successful (business) relationships

Regina Grieco — Tue, 27 Jul 2010 07:00:00 +0000

There has never been a better time to be a professional woman. Most organizations strive to treat men and women employees equally and fairly. Yet, in the technology industry there is still a slight prejudice towards women, making it difficult to foster strong relationships with partners.

During my career as a channel manager and director I've encountered partners who were reluctant to create a professional relationship with a woman simply because they assume women are not as adept with technology as men. While this assumption is unfair, it is a reality all women in technology must deal with an overcome. Here are some tips for creating strong professional relationships with your organization's partners - no matter what your gender.

Earn respect
No matter what your gender is, if your partner doesn't respect you, your relationship is doomed to fail. They won't return your calls promptly, they'll marginalize your advice and basically the partnership won't work. To earn your partners' respect begin by behaving in a professional manner upon your first meeting. Demonstrate your knowledge of the market they operate in and your company's technology. This will show your partner that you know your stuff and that you have advice worth listening too. Be sure to dress professionally to project your professionalism by your appearance. And of course speak confidently, even if you are feeling self conscience - remember the old adage, 'fake it 'til you make it". Even when you feel you aren't being respected behave as if you should be.

Deliver on promises
When you are discussing margins, marketing ideas or any other topic be sure to know what you can actually deliver for your partner. It will take just one failed promise to make your partner distrust your advice or worse, you in general. If you promise your partner additional margins if they sell a certain volume or your product, be sure they receive it when they deliver on their end of the bargain. Failure to do so will mean they will distrust your promises in the future and stop working hard for you. Let's put it this way, if a friend told you they would give you $10 for picking their child up from school and then never paid you, would you be as willing to pick up their child again? In the end it isn't about the $10, it is about being respected. If your partner feels you don't respect them, they won't respect you.

Listen more than you talk
What do you partners need to succeed? What do they hope to get out of this partnership? What are the challenges they are facing? If you don't know then you aren't asking enough question and you aren't listening enough. Creating a successful relationship requires you to understand your partners but you can't do that if you aren't listening to their needs. So ask questions, find out how you can help and once again deliver.

Keep it professional...
Your partner doesn't need to know about your wild weekend in Vegas or your fight with your mother. They come to you for technical, business or sales advise and believe you are incapable of helping them if they see you as a party girl, immature or just plain crazy. The more they know about your personal life the harder it is to get them to respect you as a professional.

But be sure you get to know your partners
That being said, you have to have some level of familiarity with your partners. Relationships, even business relationships are about people. No partner wants to feel like they are working with a robot and no one can be all business all the time. So ask them about their family, talk to them about your weekend at the zoo with your niece and chit-chat about vacation plans or the weather. Short friendly conversations will foster a friendly relationship and a sense of trust. And if your partner likes you your relationship will be stronger.

Know when to bring in the reinforcements
No matter how professional, how confident and how knowledgeable you are, some men will still have a hard time taking a woman in technology seriously or showing her respect. This problem only gets worse if you are young or appear young for your age. So don't be too proud to bring in a trusted colleague to help the conversation progress. At first it may seem like you are deferring to older male co-workers but if you trust your colleague then over time the respect your partner automatically grants him will slowly transfer to you and the relationship will become your own. It may not seem fair, but by slowly gaining respect this way, you will potentially change the attitude of your partner towards young, professional women forever.

New PodCast with Jack Daniel

Jessica Pozerski — Mon, 19 Jul 2010 22:00:00 +0000

Jack Daniel spoke with the Souther Fried Security Podcast group regarding NAISG and BSides events.

To hear the full PodCast interview with Jack Daniel, click here.

Astaro Command Center 2.2 Released

Angelo Comazzetto — Fri, 16 Jul 2010 03:20:00 +0000

We are excited today to inform you that Astaro Command Center 2.2 is available! After a half-year of development followed by a public Beta program, ACC 2.2 is ready for download via our FTP servers. Version 2.2 will be pushed out via Up2Date to all our installations next week.

This release is focused around adding great new abilities like Global configuration of Packet Filter rules and Web Security settings and profiles. We have also other fantastic features to make your life easier when working with ASG. Regardless of if you have one, or hundreds of installations, you are sure to find something that saves you time with ACC!

Astaro Command Center 2.2 Features

HTTP/S Proxy Configuration Support

Build and deploy Web Security profiles and configuration from within ACC!
Lets you centralize your Web Security settings and globally deploy and change policy across some or all connected ASG installations. -Work with Filter Actions, URL Categories, Exceptions, and Proxy Auto-Configuration (PAC) files.

Packet Filter Configuration

You can now make Network Security configuration settings in ACC for packet filter rules, and deploy them as needed to your selection of ASG devices.
Build rules like you normally do in ASG
Craft rule sets composed of your rules for deployment to ASG installations.
Deploy to organizational units, select the position of the deployed rules (Eg. on top of existing rules in the ASG), and view/change/revoke rules with ease.

Auto Deployment of Definitions

Continually updates selected ASG's with new/changed definitions
Removes the need to manually select installations and deploy objects
Keeps multiple installations constantly synced to the latest versions of definitions and other items

New Global Definition Types

To further assist global deployment and true central management, two new definition types can be configured centrally.
Time events can be defined and worked with via Definitions-->Time Events in the Gateway Manager
IPSec policies can be defined and worked with via Configuration-->VPN-->IPSec policies in the Gateway Manager. You no longer need to choose only from pre-defined policies in ACC.

Object Merge Granularity Options

Allows you to choose merge operations when deploying Global Objects which already exist locally on the ASG.
Great for assisting migration from per-box configuration to ACC central configuration
When a definition already exists, choose to overwrite it completely, skip it, or keep the name and just update the data with the Global Objects parameters.
Many powerful uses for assisting the saving of your time across multiple ASG's!

Other Changes and Features

Features accessible to the ACC can be restricted on an ASG (aka privilege restriction). You can configure this from Management-->Central Management in ASG 7.506/V8.000.
Up2Date Cache restricts access to Up2Date servers, and is now ASG V8 compatible
Expired licensing subscriptions will see their impact on monitoring levels decay over time and become less of a factor as a result.
IPSec VPN Configuration can now re-use global network definitions and global/custom IPSec policies.

*More information about the various features of ACC 2.2 can be found in the ACC 2.2 release notes

Requirements
*ACC 2.200 requires at least ASG V7.506 or V8.000 for full compatibility.
**ASG features for allowing communication to two ACC servers and SSO real name pass-through are already implemented in ACC 2.2 and just awaiting ASG 7.507 and 8.002 releases.

Download Information
ACC 2.2 is available initially as an Up2date package from version 2.100 or Beta users at Version 2.180. ISO images are also available for full installations of ACC 2.2. Virtual Machine Images and an Up2Date push for existing installations will be released next week, along with new, detailed release notes for ACC 2.2

------------------------------
ACC Up2Date from 2.100 --> Version 2.2:
URL: ftp://ftp.astaro.de/pub/Astaro_Command_Center/v2/up2date/u2d-sys-2.200.tgz.gpg
Size: 259MB
md5sum: 91842af0d63f67e8d3e0b0d0f26ce185

------------------------------
ACC Software Appliance ISO 2.200
URL: ftp://ftp.astaro.de/pub/Astaro_Command_Center/v2/software_appliance/iso/acc-2.200-100715-3.iso
Size: 578MB
md5sum: 29d47dc87398c61725c0127cb1164455

------------------------------
ACC Up2Date from BETA 2.180 --> Version 2.2:
URL: ftp://ftp.astaro.de/pub/Astaro_Command_Center/v2/beta/u2d-sys-2.180-200.tgz.gpg
Size: 22MB
md5sum: 969963597aa2408028e19a411634f1b3

Astaro ACC Download Mirrors:

If you want to provide feedback or want to discuss any of the ACC V2.2 features you should post it on our User Bulletin Board. Please take care to always(!) add the version you refer to (e.g. "[2.2] HTTP Proxy Profile Push Question").

If you have feedback to our documentation (Online Help) please send it to docu@astaro.com. There is also a demo server which will run ACC Version 2.2 shortly: http://accdemo.astaro.com

Regards,
- Your Astaro Product Management Team

Up2Date 7.506 Released

Angelo Comazzetto — Wed, 14 Jul 2010 00:33:00 +0000

We are releasing ASG Up2Date 7.506. The primary purpose of this release is to prepare V7 installations for the launch of our new Wireless Security solution.

As well, the ASG installations will receive some updated files for support of the next point-release of Astaro Command Center V2.2. We also take the opportunity to fix a few small bugs.

This will be pushed out via our Up2Date infrastructure, however if you would just like to manually download it you can do so here. Otherwise read on for the details.

This version is focused around introducing the necessary options and menu items for our new Wireless Security solution. There is a new WebAdmin section called "Wireless Security" which contains an overview and controls. More details on the public wireless beta and the products themselves will be made available shortly. Changes and updates were made to the Astaro Command Center agent as well to prepare it for the upcoming GA release of ACC V2.2.

Official Details

Download Information
Link: ftp://ftp.astaro.de/pub/ASG/v7/up2date/u2d-sys-7.506.tgz.gpg
Size: 132.9MB (139,362,483 bytes)
Md5 : 614a8436398437c64cb7900c3b23601b

Remarks:

Configuration will be upgraded
System will be rebooted

*BETA Testers: Your connected access points will perform a firmware upgrade after 7.506 installs on the ASG. As with most firmware "flashing" operations, please do NOT power off your Access Point(s) while the LED's are blinking furiously during their patching process, or you might be left with a non-working unit!

News:

Added Wireless Security support and WebAdmin area in preparation for upcoming public Beta phase (stay tuned!)
Added support for upcoming ACC 2.2 release
Added support for updated/renamed "Astaro IPsec Client"
Improved Online help for ASG

Fixes:
Fix [12668]: FTP directory listing over HTTP Proxy may not work correctly
Fix [14025]: Site-to-Site SSL Server fails to add routes when bounced quickly

For the ASG 7.5 Release Notes click here.

Astaro Up2Date technology makes it easy to upgrade your installed Astaro Security Gateway to the latest version. There are two ways to apply an Up2Date package to the system:

2) Download the Up2Date package from our HTTP or FTP Server and install it under Management >> Up2Date >> Advanced:

Astaro AxG Up2Date Download Mirrors:

Feedback

If you want to provide feedback or want to discuss any of the ASG V7 features you should post it on our User Bulletin Board. Please take care to add always(!) the version you refer to (e.g. "[7.506] Astaro AP 30 Question").
If you have any feedback on our help, manual, or any documentation (Online Help) please send it to docu@astaro.com.
There is also a demo server: http://demo.astaro.com (All Up2Dates are GNUPG-signed!)

Regards,
The Astaro Product Management Team

First Podcast - Interview with a partner

Jessica Pozerski — Mon, 05 Jul 2010 22:00:00 +0000

Astaro's Community Development Manager, Jack Daniel spoke with Frances Poeta, a long time Astaro partner at the recent New York Partner Road Show.

Here is the recording of their converstation about Astaro's partner program and the security industry.

URL: www.astaro.com/podcasts/astaro-insider-frances-poeta-interview.mp3

Announcing release of Astaro Security Gateway Version 8

Angelo Comazzetto — Thu, 01 Jul 2010 00:30:00 +0000

Today the next version of our flagship product is available; Astaro Security Gateway Version 8.000 has been released. Over 2 years in the making, we have collected feedback from you - our customers, partners, and distributors, and listened intently to the entire market and what it asked for in a security solution.

Our open approach to feature requests set a new standard for visibility into our planning and allowed us to listen while we provided constant feedback and updates to you.

Today, we continue the success enjoyed by ASG Version 7. You will find a fresh WebAdmin GUI and improved auditing and compliance features. New features like VPN reporting, WebAdmin change tracking, new rights & roles abilities for multiple administrators, and the ability to print out the entire configuration for auditing or record keeping have been introduced. Support for IPv6 and a new 64-bit kernel have been implemented, along with many convenience features such as an easy way to search through all of WebAdmin and country blocking to prevent all communication with entire countries or regions.

Focusing on usable technology, our teams worked hard to make sure our product is easily configurable to solve real problems faced by businesses without the need for months of specialized training in how to use ASG features.

This post provides an overview of Version 8, how to get it, how to get using it, and the key dates and other information you need in order to begin using or selling this fantastic new release. Read on for full details and download information!

As this is a major new version, you will likely have questions about various areas. I'd like to invite you to first review this post for the answers you seek. If you require additional help or information, your Astaro partner or sales contact will happily assist you. Remember you can always check our website or ask for help from our community at www.astaro.org.

About Astaro Security Gateway Version 8
This new version includes the following new features. Presented here is a general overview; for extended information and descriptions (and the full list of all changes in Version 8) please see the accompanying ASG Version 8 release notes. You may also wish to look in the V8 WebAdmin for the new manual (Support-->Manual) and online help (click the "?" icon anywhere).

What's New? Highlights of Major New Things

Updated WebAdmin - New colors, fonts, and visuals make WebAdmin more easily readable with crisper overall presentation
IPv6 - Support has been added for the next iteration of IP addressing throughout ASG
New Kernel and Base System - Provides 64-bit support, massively increased hardware compatibility, and better performance
Country Blocking - Deny communications to/from any combination of countries and/or regions
Web Application Security - A new subscription has been added to our protection portfolio which protects your web servers from modern attacks, hackers, viruses and data theft
Flash-Based Reporting - Reporting data can be displayed via animated charts which add strong visual representations to how the data is presented
WebAdmin Rights & Roles - Let multiple administrators or auditors share duties by separating access permissions; for example giving someone the ability to work only with the Mail Quarantine
Configuration Change Tracking - Aid compliance and accountability efforts by identifying what was changed by an administrator on a forensic level
Printable Configuration - Save the contents of the entire system as an XML file to aid compliance efforts and record keeping
New Online Help - Improved layout coupled with new feature set updates this reference to be faster and more useful in retrieving information on demand
VPN Remote Access Reporting - Displays usage graphs for the various types of user connections, along with historical data for examining session information
WebAdmin Menu Search - Instantly filter the menu to show sections of WebAdmin based on a search query box; great for locating an option or feature quickly
Web Content Filter Override - Allow configured users and groups to bypass URL filtering block pages by providing credentials and entering a reason, all of which can be tracked using new override reports

Other Features and Changes

New installer for software appliances with improved navigation and troubleshooting options
Custom certificates support lets you remove browser warnings when accessing WebAdmin or the UserPortal
Windows Server 2008 R2 domain controller authentication support
Reverse DNS for creating reverse mappings in static DNS
Uninterrupted Intrusion Protection updates keep traffic flowing when new patterns are introduced
Rule numbering is preserved during search queries, making it easier to locate the resulting rules and where they sit in the configuration order
Exceptions improvements for HTTP/S and IPS now allow the use of granular "and/or" operators
Site-to-Site VPN's using PSK may now have different keys using PSK probing when configured as respond-only
Multiple syslog servers are supported which allows logging data to be sent to multiple locations simultaneously for preservation
Dozens of other usability improvements and minor feature additions!

"How Do I Get Version 8?"
ASG Version 8 gives you some options in how to begin using our latest version. Again, the release notes have detailed instructions for the available processes but summary information is below. Be aware that while existing licenses and their subscriptions are valid, if you have not already done so you need to login to MyAstaro and upgrade your license to our new on-demand format introduced back in February, as Version 8 will only accept this license style.

Depending on factors such as if you currently use ASG V7 and what your needs are you will have certain requirements which will be met via the following key dates:

June 30th - ASG V8 ISO Images Available
For ASG appliances or installations using ASG software on their own platforms, download the ASG V8 ISO image (see below), make a backup, install with USB CD-Rom or Astaro Smart Installer and restore your configuration via the backup. *NOTE* Beta testers of V8 are able to Up2Date to the GA V8.000 release without needing to re-install. Check the Up2Date section your existing Beta installation and install the GA Up2Date package to move to the GA release.

August 15th - ASG V7 Appliance Upgrade Option
Approximately in mid-August, we will publish an Up2Date for V7 which will add a button which automatically migrates your appliance and configuration from V7 to V8. As in the past, for quality assurance and hardware compatibility reasons, it will not possible to one-touch upgrade non-ASG appliances (software installations on custom hardware) using this method.

October 1st - Appliances ship pre-installed with V8
Until this time, new appliances will ship with Version 7 installed. Customers who purchase new appliances and wish to use ASG Version 8 can install the ISO image or have their partner assist them with this. Astaro Support can also answer questions on how to image your new appliance with Version 8. *Note* In addition, throughout this period, Up2Dates for V8.00x will be released as planned/required.

Download Information

ASG Hardware Images

ASG Hardware Appliance ISO Image
(for use on official ASG appliances)
Link: ftp://ftp.astaro.de/pub/ASG/v8/hardware_appliance/iso/ssi-8.000-7.1.iso
Size: 348 MB (378179584 bytes)
Md5 : 84cdb87909167e0915b01eafca153c09

ASG Hardware Appliance ISO for Astaro Smart Installer
(for using V1 of the ASI product to install ASG on official appliances)
Link: ftp://ftp.astaro.de/pub/ASG/v8/hardware_appliance/smart_installer/v1/ssi-8.000-7.1-ASI.zip
Size: 348 MB (365,686,141) bytes
Md5 : ab6b709c2dd258fbe1a5748ab485636c

ASG Software Images

ASG Software ISO Image
(for use on your own hardware)
Link: ftp://ftp.astaro.de/pub/ASG/v8/software_appliance/iso/asg-8.000-7.1.iso
Size: 350 MB (368021504 bytes)
Md5 : 5bf91962005658df789b071036ed5501

ASG Software ISO Image for Astaro Smart Installer
(for using V1 of the ASI Product to install ASG on your own hardware)
Link: ftp://ftp.astaro.de/pub/ASG/v8/software_appliance/smart_installer/v1/asg-8.000-7.1-ASI.zip
Size: 339 MB (355587451 bytes)
Md5 : 49cd6d861ceea9c7c28fae86b7ad206c

ASG Virtual Images

ASG ESX Image
(for use with VMware ESX/i)
Link: ftp://ftp.astaro.de/pub/ASG/v8/virtual_appliance/asg-8.000-ESX-v3.zip
Size: 884 MB (927819047 bytes)
Md5 : db739b848493d34178992de49ba1e29d

ASG VMware Image
(for quick-use with VMware Player/Server/Workstation)
Link: ftp://ftp.astaro.de/pub/ASG/v8/virtual_appliance/asg-8.000-vmware.zip
Size: 859 MB (901489426 bytes)
Md5 : 91fbb2ffd084b03cbf5dcbd2c7835459

*Customers with the new "Version 2" of the Astaro Smart Installer, you will be able to use it with V8 images shortly, check the FTP site for when they are available.

Feedback

If you want to provide feedback or discuss any of the Version 8 features you should post it on our User Bulletin Board. For best responses, it helps to add the version to which you are referring in the the title of your post for example: "[8.000] - Question about IPv6".

If you have feedback to our documentation like the manual, online help or WebAdmin explanations please send it to docu@astaro.com.

There is also a demo server coming that allows you to try and see Version 8 anytime. You will find it at http://demo.astaro.com shortly.

All Up2Dates are GNUPG-signed! Enjoy our new release.

Regards,
The entire Astaro team

Astaro featured in MPLS Experts blog

Jessica Pozerski — Wed, 30 Jun 2010 08:22:06 +0000

The MPLS-Experts Blog posted a great article about Astaro and Astaro RED today.

Follow this link for the full article: http://www.mpls-experts.com/blog/

Security BSides -Community and Communication

Jessica Pozerski — Thu, 10 Jun 2010 08:00:00 +0000

It started as a little idea, but it has grown into the Next Big Thing. About a year ago a few people received notices that their proposals for presentations at BlackHat had been declined and they expressed their disappointment on Twitter. After seeing some of the great talks that were turned down, someone suggested holding an alternate event that would give speakers an opportunity to give their talks and let people to hear them.

A great deal of scrambling and a few short weeks later, Security BSides Las Vegas happened during the week of BlackHat and DefCon, and it was amazing. A core group of people, assisted by a large group of volunteers, speakers and sponsors put together a two-day event which offered great presentations on a wide mix of topics, a fun environment, and encouraged conversation and participation. Before Security BSides Las Vegas ended, plans had begun for Security BSides San Francisco, to run parallel to the RSA Security Conference, and the BSides phenomenon took off from there. Security BSides conferences are about the community, they are run by and for the participants, and provide a venue for talks and presentations which might not "fit" in other venues. BSides events are also free to attend, so they are a great way to get security education on a tight budget. Each BSides event has its own feel and style, some run parallel to larger events, others are stand-alone, and most are run by members of the local security community. As it says on the Security BSides website:

"Each BSides is a community-driven event built for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of space and time. It creates opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening."

There have now been BSides events in Las Vegas, Mountain View (CA), Austin and Boston. There are several BSides events happening this summer and fall:

June 18 BSidesDenver "Mile High Security"
July 28-29 BSidesLasVegas - coinciding with Black Hat / Defcon
- This will be a huge event, the venue is amazing: http://www.2810vegasestate.com
- The speaker lineup will include both "headliners", and new speakers, covering a wide variety of topics- many that you will not hear anywhere else.
September 17 BSidesKC (coinciding with an InfraGard supported Cyber-RAID CyberWarefare event)
September 24-25 Brussels, Belgium, coinciding with BruCon
October 8 BSidesAtlanta
TBD BsidesChicago
November 6 BSidesDFW "Don't mess with Security"
November 12-13 BSidesOttawa

BSides events are not just a place for experienced speakers, due to the friendly and helpful nature of the community BSides are great places for new or less-experienced speakers to deliver their message in a comfortable environment. The events also strive to provide comfortable spaces for side conversations, or to continue a discussion after a presentation. If you are going to be near any of the upcoming events, please register, attend, and participate.

Why am I writing about BSides events on the Astaro Security Perspectives blog? Well there are a couple of reasons. The first is that education and open discussion is a critical part of securing networks and improving technology in general. How can we solve issues if we don't talk about them? BSides events foster this kind of open and honest communication that mainstream conferences just aren't able to accommodate. Astaro is a supporter of this type of open communications as well as the Bsides conferences and I thought members of our community would be interested in this type of event.

IPS false-positive can block http download of windows executable

Gert Hansen — Thu, 03 Jun 2010 15:18:27 +0000

It has come to our attention that a specific intrusion prevention pattern which is normally used to detect .NET exploits is falsely detecting some windows executable downloads to be malicious. You are only affected if you have the IPS system active, if you enabled the category "Attacks against Client Software" -> "Browser (Internet Explorer, Mozilla)" and set this category to "drop". All other customers are not affected by this issue. We have identified the pattern and are currently analyzing it. Once we are finished, we will run the fixed pattern set through our test procedures and expect to be releasing fixed ips patterns by tomorrow. Read below how to work arround this issue ...

I am affected, what can i do? In order to bypass this rule, log in to WebAdmin and navigate to the "Advanced" tab of the Intrusion Prevention system. There you need to to add a new "rule modification" by clicking on the + sign.

Than set the action "Alert" for rule "15306" like this:

And save it, now it should look like this:

That's it, now the download no longer gets blocked, yet all the .NET exploits will still be blocked.

Best regards,
Gert Hansen

Astaro Command Center 2.2 Public Beta Begins

Angelo Comazzetto — Mon, 31 May 2010 14:19:05 +0000

We would like to invite you to the Public Beta for our next point-release of the Astaro Command Center, Version 2.2. Our developers have been hard at work building and refining new features for our centralized management product, and there are some very powerful new things to see and test.

Astaro Command Center 2.2 will remain a completely free product, and is available as a software appliance ISO which you download and install on the hardware of your choice or run inside a VMware virtual machine (or other virtual solution). From there, you quickly configure your Astaro Security Gateway(s) to communicate with ACC and you then get the ability to configure, get overview information, and generate reports for all connected devices, to name just a few things. This leaves you with a sort of "Throne-Room" for your ASG installations.

This version introduces some great new abilities like Global Packet Filter configuration, central configuration of Web Security profiles, and automatic deployment of Global Objects. Read on for all the details.

IMPORTANT NOTE on Compatibility:

In ACC 2.2, a new device agent is required to use the NEW features being introduced. This agent needs ASG V8 (currently in public Beta) V7.920 which is planned for June 1st. For V7 users, the new agent will be added in version 7.506 which should be released in mid to late June.

ACC 2.2 is however fully backwards compatible with ASG V7.5+, only the NEW features require this updated agent. So for full use of the ACC 2.2 Beta and all it's features, you need either V8 Beta 7.920+ or V7.506+. As with our past community-oriented Beta programs, all comments and discussions around the ACC 2.2 Beta are located can be found here in our Beta forum dedicated to ACC 2.2. There you will find further information on this release, along with details on the Beta contest.

Official Details

Download Information

Link: ftp://ftp.astaro.de/pub/ACC/v2/beta/acc-2.150-100531-3.iso
Size: 569M (596305920 bytes)
MD5: 8ecec0fc5d7680a41332e616f76eb0f2

Remarks

Install Beta ISO and restore your ACC backup to it.
You will be able to Up2Date from the Beta to the GA release of ACC 2.2

News

New Feature: Central Web Security Configuration (Including Filter Actions, URL Categories, Exceptions and Proxy Auto-Configuration)
New Feature: Central Packet-Filter Configuration
New Feature: Auto-Deployment of global definitions based on Organizational Unit
New Feature: Added new global definition types
(Time events & IPsec policies)
Selectable merge granularity when capturing local definitions during deployment of global ones
IPSec configuration can now re-use global network definitions and global/custom IPsec policies
Expired license subscriptions will gradually loose impact on monitoring level
Bug fixes and many other small improvements

But wait, there's more! During the Beta, additional features will be introduced. Added will be the ability to add a second ACC server connection, place some restrictions on the areas of ASG which ACC is allowed to interact with, and Single Sign On real name pass-through.

Enjoy testing this new release, there is a lot to see and use. Remember if you have any questions, or would like to know more about the Beta program for ACC 2.2, please visit our the ACC 2.2 Beta Forum.

Happy testing everyone,
Angelo Comazzetto
Product Manager

I don't need to filter web traffic, I trust my employees

Jessica Pozerski — Wed, 26 May 2010 15:18:11 +0000

I occasionally hear this argument against the use of web content filtering and it is great to hear- but things aren't that simple. Part of the reason managers and employers can trust their employees is that they have built a good working environment, where employees work together and get their jobs done with minimal supervision.

As good as this scenario sounds there are other trust relationships which must be considered:

Your employees trust you to provide a safe work environment, free from hostile or objectionable materials. This can be difficult when even the most innocent Internet searches can return obscene or otherwise offensive content.
Your customers, business partners, and employees trust you to protect their confidential data. The proliferation of web-hosted malicious software has turned web browsing into a dangerous activity, putting your systems at risk of infection or compromise, which in turn puts the information stored on and accessed by those systems at risk.
An ever-increasing number of laws and regulations require you to protect your employees, to protect sensitive data, and to report any data breaches. This magnifies the importance of protecting your employees and your data.

Web content filtering does not need to be overly restrictive to be effective. And there is no need to threaten the trust an organization has fostered with their employees in order to protect your organization, your employees and your clients from malicious content. A strong web content filtering solution will allow you to filter content based on your organizations acceptable use policy so that you can continue allowing your employees free access to the Internet with the exception of inappropriate and dangerous sites.

Astaro RED is here!

Jessica Pozerski — Wed, 26 May 2010 15:24:37 +0000

Astaro RED, (Remote Ethernet Device) is now available. Astaro RED combines VPN functionality and complete IT security for branch offices by automatically connecting with a central Astaro Security Gateway.

The devices can cut the cost of securing and administering a branch office's security by up to 80% by eliminating the need for IT staff and additional security products at the remote office.

More information can be found here: www.astaro.com/news-events/press-releases/astaro-red-simplifying-branch-office-security

Up2Date 7.505 Released

Angelo Comazzetto — Thu, 20 May 2010 08:12:31 +0000

Hello! Up2Date 7.505 has started to push to installations. This version is mainly to update some ASG code in preparation for the imminent GA release of the Astaro RED product. In addition, there are some fixes, stability changes, and we have also released a few new features. Added are support for multiple syslog servers, a read-only WebAdmin role, and XAUTH support in site-site IPSEC Tunnels.

As part of our extending the home user licensing to 50 IP addresses last winter, we now are introducing a small change to the customization ability of installations using ASG at home. Focused around the Web Security block page (and other customization areas), a "home-user only" notice will appear and customizations of these types of pages is now limited. This allows us to continue to offer such a large amount of total protection for free home use without any other limitations. Full details of V7.505 are below...

Official Details

Download Information

Link: ftp://ftp.astaro.de/pub/ASG/v7/up2date/u2d-sys-7.505.tgz.gpg
Size: 142MB
MD5Sum: f75b4cc3ff92996c07f455c9f35fe0f1

Remarks:

Configuration will be upgraded
System will be rebooted
Connected RED devices will perform firmware upgrade
RED USERS: Your device will perform a firmware upgrade (blinking LEDs) - do not power off the RED unit while upgrading, as this can cause firmware problems.

News:

New Feature: Read-only WebAdmin user role
New Feature: Support for multiple syslog servers
New Feature: XAuth Support for Site-Site IPSEC Tunnels
Restricted customization capabilities for Home-User Licensed Installations
For the new things in ASG 7.5 you can view the Release Notes here.

Fixes:

[11239]: New Yahoo messenger not detected by IM/P2P security
[11496]: State of additional addresses remains at DOWN after the daily reconnect
[11621]: Packet filter is dropping own DNS replies
[11780]: IPsec Remote Access Errors
[11844]: Cannot use HTTPS scanning in a profile if HTTPS is not enabled for the global settings.
[11857]: Serial numbers showing up as "MISSING" in the WebAdmin dashboard
[12956]: Static routes missing in back end when activating High Availability
[13690]: Removed debug messages in kernel log on HA/Cluster with IPsec

Astaro Up2Date technology makes it easy to upgrade your installed Astaro Security Gateway to the latest version. There are two ways to apply an Up2Date package to the system:

Log on to WebAdmin, navigate to Management >> Up2Date >> Overview and use Update to latest version now to install the Firmware Up2Date. Click on the "Watch Up2Date Progress in new window" and an extra browser window will show the progress of the Up2Date installation. (The System administrator will receive a notification email once the Up2Date process has finished.)
Download the Up2Date package from our HTTP or FTP Server and install it under Management >> Up2Date >> Advanced:
Astaro AxG Up2Date Download Mirrors:
- Astaro US
- Astaro US2
- Astaro Germany
- Astaro Germany2

Feedback

If you want to provide feedback or want to discuss any of the ASG V7 features you should post it on our User Bulletin Board. Please take care to add always(!) the version you refer to (e.g. "[7.505] Syslog Server Settings ").
If you have any feedback on our help, manual, or any documenation (Online Help) please send it to docu@astaro.com.
There is also a demo server: http://demo.astaro.com (All Up2Dates are GNUPG-signed!)

Cheers,
Your Astaro Product Management Team

Keep students focused: How technology can help students avoid distractions

Jessica Pozerski — Tue, 18 May 2010 13:02:58 +0000

Keeping students focused in the classroom has always been a challenge. Students would find ways to occupy their mind when they did not wish to pay attention in class. In the past these distractions were unexciting (i.e. doodling or daydreaming) and did not last long. However, the prevalence of classroom computers and other devices which offer Internet access has made it even harder for educators to attract and keep their students' attentions.

Trips to computer labs to conduct research, type papers or for other educational purposes often dissolve into game time or involve non-school related web-surfing. The popularity of social networking sites like MySpace and Facebook only add to student's temptations, making it harder for them to remain focused on their lesson or assignment when they have free access to these sites. It is partially the responsibility of educators to monitor student Internet usage during school hours and on school computers.

Implementing guidelines for Internet usage can be affective in curbing access to distracting or inappropriate sites while at school, but these policies are difficult to enforce because students are technology are able to hide their actions well. Often times administrators are unaware what sites are being accessed until after the fact, then it is too late to determine who accessed the site and when the damage is already done. So now that the challenge of keeping students focused during school hours has become even more difficult, what can educators do to ensure their students aren't updating their Facebook page during class time or chatting with friends via an instant messaging service during a lecture?

Perhaps not surprisingly, the answer to helping students avoid the distractions technology create is ... technology. Many educational institutions have some sort of firewall or security gateway to protect their network from malicious content. However, few realize that these products can also help enforce Internet usage guidelines and eliminate the potential for students to be distracted. One such functionality that can help reduce distractions is content filtering technologies.

These tools allow educational institutions to block access to websites that are distracting to the educational processes. This means when a teacher brings students to a computer lab for a lesson they can be confident the students aren't spending the time on Facebook, checking their personal email or chatting with friends online. Higher end security products don't require educators or school network administrators to block each distracting site individually. Instead they can block types of sites such as "social networking sites" "instant messaging programs" or even "game sites" keeping students focused on the lesson or assignment.

Content filtering tools have the added bonus of protecting students and the school's network from inappropriate or malicious content - even when the visiting of these sites is accidental. Almost anyone who has done an Internet search has experienced clicking on inappropriate materials inadvertently and then being shocked when the content was displayed. In this case, even a student who is aware and respectful of the school's Internet usage policy wouldn't be protected from this unsuitable content as they did not intentionally access the website. The potential for accidentally accessing inappropriate sites is magnified the younger a student conducting a search is - as is the potential for parental complaints or even lawsuits. Blocking sites that students should not have access to or that have known malicious content prevents students from even accidently viewing content they should not see.

It is often the case that students are more Internet savvy than most of their teachers. They have grown up with technology and they can figure out most programs almost intuitively. Because of this, some students are aware of programs that circumvent content filtering tools. Again, the more sophisticated tools are aware of these programs and block them as well. But what if students, with their deep understanding of technology, are able to somehow access a distracting website when they should be paying attention to their teachers? Content filtering technologies that are implemented as part of an information security solution also provide reporting tools so that administrators are made aware of attempts to access these sites. This allows administrators to immediately enforce their Internet usage policy and reiterate the policy to students who attempt to distract themselves from their lessons. Sometimes, the types of sites that can create distractions for students can provide educators with valuable teaching tools.

A great example of this is YouTube. YouTube is home to videos about dogs on skateboards and music videos, content that can be very distracting to students. However, it is also home to some educational content. In a history class, for example, a teacher can access clips from documentaries or videos created during a particular time period. These materials can be very engaging for students, elevating their classroom experience. However, students should not have access to YouTube as it is not only distracting when not used appropriately, but it also has content which should not be accessed in schools or by young students in general. To help work around this issue, some content filtering technologies offer educational institutions the ability to set up user groups and filter content according to each groups' needs. So, for example, computers in a computer lab will not have access to YouTube, while teachers' personal classroom computers will. This makes it possible to take advantage of the educational opportunities the Internet presents while continuing to protect students from inappropriate content and keeping them focused on their lessons. The Internet can be a valuable educational tool, but it can also be a great distraction for students.

While content filtering technologies cannot guarantee students will not daydream in class or become distracted in other ways, they can help educators ensure their students aren't focused on web surfing when they should be focused on a lesson, lecture or specific assignment. They also protect students from accidentally accessing websites that are inappropriate for student viewing. Security solutions can do more than just protect your network from viruses; they can keep your students focused.

Email archiving, the cloud and disaster recovery

Bill Prout — Tue, 18 May 2010 15:21:25 +0000

Cloud based email archiving solutions can offer many benefits, including scalable storage options, lower costs and secure data. In addition to these obvious benefits of hosted solutions, hosted archiving solutions can also have a positive impact on an organization's disaster recovery planning.

Section 802 of the Sarbanes -Oxley act requires organization such as financial institutions, government organizations, hospitals and many other types of organizations to archive all records relevant to audits and reviews, including emails, for a period of at least seven years. In fact, not complying with this regulation can result in up to 10 years in prison. As a result, most of organizations have found ways to comply with this regulation even when the information turns out to be embarrassing, as it recently was for Goldman Sachs. Unfortunately, even organizations that intend to comply with Sarbanes-Oxley regulations are sometimes unable to do so. Employees not accustomed to archiving their email messages may fail to do so, and natural disasters can create a situation where archived emails are no longer accessible.

To combat the forgetfulness of employees, organizations elect to deploy solutions that provide automatic archiving, but what can these organizations do to combat a natural disaster? Natural disasters are often referred to as "acts of God" as there is literally nothing any human can do to prevent the disaster. However, there are ways organizations can minimize the impact an event such as a hurricane, tornado, flood, etc. can have on the organization. In the case of complying with email archiving regulations, the answer is hosted or cloud-based archiving services.

Hosted services archive emails "in the cloud" so that the information is accessible even if the datacenter in the office is destroyed. Archiving email in the cloud will not only allow the organization to remain complaint with Sarbanes-Oxley regulations, it will also help the organization begin operating normally sooner. Recovering lost data, including important emails can take time but it is critical to the operation of an organization. When email archiving solutions do not automatically archive emails, messages that employees did not have a chance to archive would then be lost forever. This is why solutions that offer cloud storage and automatic archiving are the best options for organizations. Nothing, in terms of information and messages, will be lost no matter how dramatic the physical damage to the office is.

Email archiving isn't an option so organizations must find ways to comply. By using the same technology intended to facilitate compliance to solve disaster recovery planning, organizations can turn regulatory compliance challenges into an opportunity for increased efficiency.

Challenges of PCI and remote offices

Jessica Pozerski — Tue, 11 May 2010 13:18:05 +0000

While complying with PCI standards does not necessarily mean an organization's network it adequately secured, compliance is still a challenge all companies that accept credit card information must meet. Understanding and then creating policies that ensure compliance can be difficult enough for an organization, but when you add the challenge of complying to these standards at all remote locations a new level of complexity arises.

The very nature of PCI regulations means it will affect organizations with multiple locations, like franchises, retail and wholesale stores, banks, credit unions, as well as restaurants and other consumer facing businesses, because they are the organizations most likely to touch credit card data. It is not enough for these organizations to create security policies and compliance procedures for their main offices or flagship store. These businesses must also circulate these policies, guidelines and efforts among all their branches and then update each branch's policies when a change is made. This can be very time consuming, especially when it comes to PCI compliance.

Adding the headache of keeping all of an organization's branch offices compliant to the already confusing and complicated task of creating PCI compliance rules for an organization makes PCI compliance almost unbearable. It is unrealistic to expect an organization such as a bank or retail store to have dedicated IT staff, let alone a security expert, at each locations. The costs associated with doing so are too high and despite its complexity there aren't enough tasks to sanction having an IT employee at every retail store. Additionally, PCI standards require organizations to regularly "test security systems and processes" as well as "track and monitor all access to network resources and cardholder data". With store fronts and office locations spread across countries and continents regularly testing systems may take a backseat due to budget constraints.

Despite this, all branches must be PCI compliant or they risk a myriad of penalties, the worst of which is losing their ability to accept credit cards as a form of payment - effectively making it impossible to run a business. With ignoring the standards no longer an option, there are two remaining options these organizations have for dealing with PCI standards. The first is to roll out individual security products at each location. This requires sending IT staff to each location to set up and configure the devices. Then each time a new security policy is created, the IT expert must travel to all the sites and reconfigure each device. Of course the business could elect to hire an IT professional at each site for the sole purpose of managing the site's security, but again, in many cases this is not an economical solution.

The second option would be to manage all security through a centralized point (i.e. headquarters) using a single security device and connection points at each office. The challenge there is connecting all branches to the central office -no small task when some offices may be oceans away. Even a distance of a few miles would make connecting the branch office to the headquarters difficult without the right technology.

The right technology will connect and secure the remote locations and provide the IT staff at the headquarters or central office to control PCI related policies as well as all other security policies. This tool would have to be simple to set up so that any employee at a retail store or credit union branch could install the device themselves, eliminating the need for IT staff travel.

Faulty IPS pattern blocks all traffic - How to fix it!

Gert Hansen — Fri, 07 May 2010 09:16:33 +0000

Dear partners and customers,

As you might have noticed, our automated IPS pattern test routine has missed a faulty pattern which lead to the distribution of IPS pattern which blocked all communication through the Astaro Security Gateway. I personally apologize for this fault.

We will analyze this issue to find the root cause of the problem and how it was able to bypass our test procedures and update them accordingly to prevent such incidents in the future.

In the meantime we have found and fixed the pattern and uploaded the fixed one to our up2date servers. But because of the blocked communication, the system will not recover itself automatically. Please find attached a HowTo explaining how to get a system up and running again.

Again, please accept my apology for this incident.

Gert Hansen
Founder and VP Products

---

We have tested that the new IPS patterns on the Up2Date server are fixed and working. If your system is affected there are two ways to get the updated and fixed patterns:

WebAdmin (the preferred way) - login to WebAdmin via https://YOUR_ASG_IP:4444
- go to left menu item "Network Security"
- go to sub menu item "Intrusion Prevention"
- disable the IPS system (if not already done)

- go to the last tab "Advanced"
- click on the green "+" sign under "Modified rules"
- enter under "Rule ID": 15851 and check "Disable this rule"
- click "Save"
- click again on the green "+" sign under "Modified rules"
- enter under "Rule ID": 16576 and check "Disable this rule"
- click "Save"

- go back to the first tab and activate the IPS system again This will fix the problem and install the new IPS pattern.
PLEASE NOTE: Depending on the speed and workload of your ASG it can take a minute!
Command line (only for experienced users)

- login via SSH or local on console
- become "root"
- enter "echo 1 > /proc/net/nf_condition/ips" That's all and will do the following:
* it will bypass completely the IPS system on lowest level (ASG is online then), independent if IPS is activated or deactivated on WebAdmin
* the new IPS pattern will be fetched and installed
* the next IPS pattern update we will provide later today will remove this bypass automatically and the ASG works like configured (with new pattern)

If your ASG uses ACC as an Up2Date cache: do the same above for these ASGs if there are affected. There is no todo on ACC.

If your ASG is not and was not affected, because IPS was turned off last 8 hours or not online and therefore didn't fetch the corrupt pattern then there is no action needed. The old, corrupt patterns are removed from the Up2Date server. It is safe the activate IPS now and set the ASG online again to fetch IPS pattern.

Letter from the CEO

Gert Hansen — Fri, 07 May 2010 16:01:48 +0000

Dear Astaro partners and customers,

I profoundly apologize for the events of today. We issued two malfunctioning pattern updates for our flagship product Astaro Security Gateway which caused many of you significant troubles. I, and everyone at Astaro, understand that our most important asset is the trust of our partners and customers and today was a bad day for us.

Please allow me to share the results of our preliminary investigation into what went wrong.

What happened?

Today at 6:07 CEST our Up2Date servers began distributing Intrusion Prevention System (IPS) patterns (version 12404) which included two rules (numbers 15851 and 16576) that were incompatible with the version of the IPS engine used in ASG 7.5. The IPS stopped working following the update and, on systems with IPS enabled, all traffic was blocked due to the IPS fail-closed policy.

At 9:30 CEST our Up2Date servers began distributing IPS pattern version 12405 which corrected the error and we alerted all of our partners via email about the situation.
Systems with IPS activated could not download the new patterns because all network connectivity was blocked. As is usual, systems with IPS deactivated do not download new patterns either. Immediately our support team began distributing instructions to our partners on how to resolve this problem. After further testing of this solution, we communicated the final instructions on how to resolve the situation to all of our partners via email at 11:44 CEST.

Then, incredibly, at 12:25 CEST our Up2Date servers began distributing Anti Virus (AV) pattern version 12407 which included a signature incompatible with the AV engine our systems are running. On systems with Dual AV Scanning enabled the Web proxy was not working and the Mail proxy was not forwarding email.
Our Up2Date servers began distributing the corrected patterns at 13:20 CEST and the issue corrected itself automatically once the systems loaded version 12410 of the patterns. At 13:15 CEST we notified our partners via the Up2Date Blog about the incident.

How could this happen?

So, after we have had only one such issue in the last two years, how could we incur two within a few hours? Especially since, after the last incident, we have made such significant investments in our team, infrastructure, and processes to ensure we test every update on every platform before we release it?
In this case we manually and automatically tested the patterns, but not on all of the versions of the IPS and AV engines used in the field. Our automated testing framework is in migration right now in order to get it ready for V8, and we lost sight of maintaining full coverage during this period.

What did we learn?

We have relied on a testing framework that was in maintenance and not ready for production use. This is inexcusable and we will never do this again.
No error of any system in the field should prevent it from reaching our Up2Date servers so fixes can be deployed without manual intervention. We will fix this.
We need to define better escalation procedures and inform our partners and customers more quickly using multiple, redundant communication channels. We will implement this.

Once again, I offer my sincere apologies. I sincerely hope that you will accept them and allow us to prove ourselves as a trusted partner to your business going forward. If you have other questions please do not hesitate to contact me by responding to this email.

Best regards,
Jan Hichert Astaro CEO

ASG Version 8 Public Beta Continues

Angelo Comazzetto — Thu, 06 May 2010 15:18:27 +0000

In a little over 1 month since the Beta of our next major ASG Version has been available, hundreds of downloads have occurred and thousands of comments have been posted in the V8 Beta Forum.
We have made some incremental Up2Dates to the Beta so far, and now today are releasing a larger Beta build which adds some hotly anticipated features like Location Based Blocking, Web Application Firewall Cookie Signing, and Custom WebAdmin/UserPortal Certificate support.

It is never to late to test the Beta! If you have been wanting to give it a try, you can do so easily. Read on for information on the new Up2Date, and information on how you can join the Beta if you are not already using ASG Version 8.
Since the first Beta release of ASG V8 (dubbed 7.900) we have had 4 additional Up2Dates. Today we release 7.910 with the usual fixes and improvements from testing and beta feedback. In addition, some new features have been added for you to test out. (For those new to our Beta process, see the original V8 Beta announcement and our V8 Introductory Post).
If you are already using the ASG V8 Beta, you do not need to re-install. The new 7.910 Up2Date will be delivered to you normally and is installed via WebAdmin. As usual however, we have updated ISO's and manual Up2Date downloads for you, along with the release information.

ASG Beta 7.910 New Features

Cookie Signing
You can now enable a new feature in your Firewall Profiles for the Web Application Firewall called Cookie Signing. For each cookie set by the server this will add a signature stored in another cookie so that the WAF can check the signature on return from the client. This prevents tampering with the cookie on the client side.

Specify the WebAdmin/UserPortal SSL Certificate
In Management >> WebAdmin Settings >> HTTPS Certificate you can now select which certificate is used by WebAdmin and User Portal for SSL encryption. As well, if you have an existing CA that you would like to use to sign the certificate currently used by WebAdmin you can do so. This feature can allow for installations that have their own Certificates or CA to take advantage of a WebAdmin/UserPortal login which does not trigger a security warning in the browser when navigating to the login page(s). More information on this feature can be found in the forums.

New WebAdmin Role: "Reviewer"
In addition to the Admin and Auditor roles already in place, we are adding a new one to the Beta called "Reviewer". Reviewers are allowed to see all settings in WebAdmin (unlike the auditor which is limited to Logging and Reporting), but can't change anything. You can give users this role via Management >> WebAdmin Settings >> Access Control. (This feature will also appear in ASG V7.505).

Location Based Blocking
Using a new section at ]Network Security >> Packet Filter >> Location Based Blocking you have the possibility to block ALL traffic to and from IP addresses located in specific countries/regions. Please note that this feature is a a rather blunt instrument without current support of exceptions. While usually quite accurate, it could produce the occasional false positive since tying IP addresses into a physical location is always a technical practice. However this feature is great for preventing traffic interactions with a certain region or country, perhaps for reasons of spam, constant attacks, probing, or simply to due company wishes.

ASG V8 Beta 7.910 Details

Fixes
[12326] Site to Site connection will not be established when SHA 512 is used as IPSec authentication algorithm
[12917] Email subjects with umlauts are not displayed correctly in the mail manager
[13221] Installer doesn't handle UTC option correctly
[13456] HTTP proxy doesn't support "single time events"
[13485] Site-to-site VPN Compression policy not working
[13507] CPU reports showing the same utilisation for both nodes
[13552] Log file download usability/consistency
[13561] Packet Filter Live Log formatting is broken
[13564] Logging --> View Log Files loads very slowly
[13569] Small display problem in info in object table with IE8
[13583] New Mail Security RBL too aggressive
[13602] IPSec "Add Remote Gateway" fails with "VPN ID may not be empty"
[13606] Web Application Firewall can not write audit log files (Permission denied)

Remarks
-Configuration will be upgraded
-System will be rebooted
-New features to test (see above)

Download Information

ASG ISO (for Software/Virtual appliance installation)

Link: ftp://ftp.astaro.de/pub/ASG/v8/beta/asg-7.910-10.1.iso
Size: 345M (362143744 bytes)
MD5sum: e21e04e64e1e961d24d1a6b003b09d6d

SSI ISO (for ASG Hardware appliance installation)

Link: ftp://ftp.astaro.de/pub/ASG/v8/beta/ssi-7.910-10.1.iso
Size: 355M (372389888 bytes)
MD5sum: dfa5eabbe8225d811613c7acc39a9860

Up2Date package (7.904 to 7.910)

Link:ftp://ftp.astaro.de/pub/ASG/v8/beta/u2d-sys-7.904-910.tgz.gpg
Size: 52M (54769352 bytes)
MD5sum: 4c32fc4a6e65a1cb38290ec5c45ac589

Enjoy your testing, and if you have any questions or problems, don't forget to share them in the V8 Beta Forum. We have plans for cool prizes to reward some lucky testers!

Cheers,
Your Astaro Team

Astaro RED is a Best of Interop Finalist

Jessica Pozerski — Thu, 22 Apr 2010 20:26:23 +0000

Astaro RED was selected as a Best of Interop finalist for the security award category, recognizing Astaro's significant technological advancements in this specific category area.

The Best of Interop winners will be announced on Wednesday, April 28 during Interop Las Vegas, happening April 25-29 at the Mandalay Bay Convention Center.

For more information visit: http://www.bestofinterop.com.

What time is it?

Jack Daniel — Mon, 05 Apr 2010 08:30:19 +0000

"What time is it?" seems like a simple question. We take for granted that a glance at our watch, computer, phone, auto dashboard or a myriad of other places will give us a "close enough" answer. What if we REALLY need to know what time it is, with a high degree of accuracy?

Most mobile phones get a signal from the carrier which is pretty good, and sometimes we can rely on our computers, but only "sometimes". When it comes to our computer systems, many people get away with default configurations in Windows and just set the time on various bits of network gear- and it works acceptably most of the time.

Active Directory authentication works as long as the clients and servers are within a few minutes of each other, and many administrators are content with that- at least until something goes wrong and they start trying to compare logs between different systems to correlate events. Even if you are fortunate enough to have a SEIM (Security Event Information Management system) gathering all of the information for you, the time on the individual devices needs to be consistently accurate. For those situations when "close enough" isn't, and "sometimes" isn't acceptable, we need a better system of timekeeping.

Thankfully we have a variety of tools based on NTP, the Network Time Protocol to help us manage timekeeping and synchronization on our systems. The NTP folks also maintain a list of NTP servers you can use, details are at http://www.pool.ntp.org/en/. For most users, getting updates from one of the NTP pools is the best configuration. Simply select the closest regional pool from the list at http://www.pool.ntp.org/zone/@ (for the US, it would be us.pool.ntp.org), this will resolve to an up to date list of servers in your area. Simply enabling automatic time updates isn't enough, however, some thought needs to go into the hierarchy of the network. In simple networks, enabling NTP services on a perimeter device such as router or firewall is probably adequate, the device can retrieve updates from Internet servers and client systems can be configured to retrieve NTP updates from the gateway device. For a little extra redundancy, you can add Internet NTP servers as secondary time sources on your clients, but if you only have a single path to the Internet and it is down, that will not help.

For larger or more complex networks, you will need a distributed NTP infrastructure with some redundancy and fault tolerance built in. If you have multiple Internet access points, configuring routers, firewalls, or other gateway devices on each connection as both NTP clients and servers is a good first step to provide redundancy. Internal servers and network devices can then also be configured as both NTP clients and servers, retrieving updates from a list of gateway NTP servers, and answering NTP queries from client systems inside the network. At the client end of your NTP network, configure client systems to query at least two of the closest internal servers or network devices.

With this configuration, all of your systems should be synchronized and able to maintain synchronization through isolated network outages. In some situations even more may be required, dedicated NTP time sources, peering of local NTP servers, or multi-layer hierarchies, but the above should give most networks stable and reliable timekeeping. NTP is a stable and low network impact protocol, so once set up there should be very little maintenance required.

ASG Version 8 Public Beta Begins

Angelo Comazzetto — Wed, 31 Mar 2010 19:00:58 +0000

Astaro would like to invite you to join us in testing our next major version of our Security Gateway product. Over the past 18 months our developers have been hard at work: Astaro Security Gateway Version 8 introduces a new Kernel, 64-Bit Support, IPv6, a refreshed WebAdmin, New Reports, and many other exciting things designed to solve problems and secure your network. A Public Beta of ASG V8 is available immediately, allowing you to test our current progress of this release and refine/shape its development during the next months along its path to General Availability.

At Astaro, our goal is to build products that people want to buy, and have features our customers actually use. We listen to the feedback of our community, and ASG V8 is designed with your requirements in mind. Throughout this process, you can contribute, read the comments of others, and keep up-to-date on the latest Beta happenings at our New V8 Public Beta Forum. There you will find full details and ongoing discussions and news about the ASG Version 8 Public Beta.

The V8 Beta program will have some different details compared to our past Betas; it isn't quite feature-complete yet. Rather than bake everything to an almost-done state and unleash it all on you to test at once, we are starting this Beta a bit early and will add a few more things to it during the next few months leading up to release. Anyone can test out the V8 Beta, if you would like to know more about how get the Beta Version and contribute your findings, just read on!

For the best Beta experience, a list of the new things, and other useful information, you should read this forum post in its entirety.

We'll start with a small disclaimer - ASG V8 is a BETA and not final, production-ready software. This is a work-in-progress; there will be bugs, broken areas of functionality, and parts where things just do not work as expected or planned. If you decide to use this someplace in production and it causes things to go horribly wrong, well...you were warned. By offering you the chance to test the product early you need to be aware that you will see stability and completeness issues.

We use this opportunity to discover and quash bugs that we might not have otherwise discovered during our own testing. We also greatly appreciate your feedback and comments and will use them to further shape our product. The V8 Beta is also not yet complete, there are still features and areas of functionality we are working on which are not yet ready for you to test, we will make additions and add more to play with as the Beta progresses! Being a Beta, be aware that much of the documentation and associated collateral's, online-help, language translations, and other written support information are not yet available.

ASG V8 Summary Feature Overview

Here is a summary list of new things currently in the V8 Beta. For all the details about this Beta release and a description of these new features, you should please visit the overview posting here.

Major New Things

New Kernel
New Hardware Compatibility (take a look at our new HCL and Knowledge Base here)
New Installer
IPv6 Support
HTTP Reverse Proxy/Web Application Firewall
Updated WebAdmin
WebAdmin Change Tracking
VPN Remote Access Reporting
Web Content Filter Override

Minor New Things

WebAdmin Menu Search
WebAdmin Error Handling
Flash-Based Reporting Charts
Syslogging
Reverse DNS
IPSec VPN PSK Enhancements
Intrusion Prevention Exceptions
Intrusion Prevention Updates
Updated Online Help

Download Information

The first public Beta release dubbed V7.900 is available for both ASG Appliances and your own hardware. If you were using a past release of the V8 alpha, you will notice your installation has the 7.900 available as an Up2Date. To use the V8 Beta ISO image, you need to download it, burn it to a CD, and install it, then restore a backup or build anew.

V8 Image for ASG Software on your own machine

ftp://ftp.astaro.de/pub/Astaro_Security_Gateway/v8/beta/asg-7.900-7.1.iso
ISO size: 303MB (317517824 bytes)
ISO md5sum: b621d6a8aaeeea919b1ce3daff8e50df

V8 Image for ASG Hardware appliances

ftp://ftp.astaro.de/pub/Astaro_Security_Gateway/v8/beta/ssi-7.900-7.1.iso
ISO size: 304MB (318775296 bytes)
ISO md5sum: 2625200d209d336a070dc73627eae0c0

To accommodate testing throughout the Beta period, we have made available full-featured testing licenses for the software ISO here and all ASG appliances here. They are also available via the V8 Beta Forums overview post. ASG Version 8 will only support the new licensing model from Astaro.

Cheers,
Myself and the entire Astaro team.

Social media = email (At least when it comes to network security)

Jack Daniel — Tue, 30 Mar 2010 12:26:10 +0000

Social media sites such as Facebook, Linkedin and others have become parts of our everyday lives. People announce their engagements on Facebook and network without ever leaving the house. They play games and even discuss political arguments right on the 'wall' of their personal profile pages. According to a study done by The Nielsen Company back in December 2009, consumers around the world spend an average of five hours and 35 minutes during the month on social media sites.

This translates into billions of hours logged onto sites like Twitter. With so many people spending so much time on social media sites these sites have become the most dangerous part of the Internet. Or at least that is what many security bloggers or reporters would have you believe. We read stories about Facebook users being targeted with spam and Social Media as a tool for Phishers and that most breaches now originate from social media. We are also told that we need new methods for combating this problem. But I ask why? While social media has made it possible to easily connect with and follow the daily actions of your best friend from kindergarten, it has also made us complacent. We assume that because a link was posted by a "friend" that the link must be safe.

We assume everyone on Twitter has good intentions and that the information we post online won't be used against us. Of course, none of this is true, but this does not mean we need new technologies or new tactics for keeping our computers and networks safe from malicious content on social networks. What we need to do is treat social media like email - albeit very public email. Almost everyone with an email address knows not to click on the link sent by a Nigerian prince. They know not to open files that are sent from people you don't know and they know they should not use 123456 as their email password. People, of course, still do, but at least most people are aware they should not. Yet somehow, when they log onto Facebook all this common sense disappears.

The person who wouldn't dream of opening an attachment in an email from an unknown source is suddenly downloading games off of Facebook. Bill Brenner of CSO wrote some great tips to "Smarten Up" about social network sites. While the tips about not posting when you are going on vacation are unique to social networking, they are also unrelated to network security and focus on personal security.

However, there are some great tips for avoiding a security breach as well so it is worth posting here. When it comes to network security the best way to stay safe is to treat social media sites like they are your email accounts. It is estimated that somewhere between 80%-90% of all email messages are actually spam and we all know many spam messages can be dangerous. I would argue that many of the postings on social media sites are also spam. How else would you classify a complete itinerary of someone's day, or the lyrics to the song which best describes how sad a person is about a recent breakup?

While this isn't dangerous it still falls in the bucket of spam. So when you see a message on a social media site about making $500 a week working from home assume it is spam - even if your "friend" posted it. The threats and tactics aren't new - it is just the medium that is different. So continue to use the same common sense you use when opening emails, and the same content filtering you use to block sites with known malicious content, and you'll be fine on social media sites - as long as you don't post the times and dates of your next vacation.

Anti-Virus Scanner Announcement for Older ASG Versions

Angelo Comazzetto — Thu, 25 Mar 2010 21:08:00 +0000

Astaro Security Gateway has dual, separate Anti-Virus Engines from different providers for all installations using Web or Mail Security. Customers have their choice to run in "single scan" mode which currently uses the Enterprise scanner from Avira, or in "dual scan" mode which then adds additional scanning from the Open Source ClamAV engine.

ClamAV has upgraded their core engine with a new version which is mandatory in order to support their patterns going forward. To accommodate this, we will make a change to the AV scanning behavior of ASG which our users should be aware of.

As of March 29th, 2010, installations running Astaro Security Gateway 7.400-7.405 will have their ClamAV scanning engines upgraded via a special "Pattern" Up2Date. These installations will then have the latest ClamAV engine for continued use of Dual Scanning mode. (ASG installations running 7.500+ are already compatible and upgraded, so no changes will occur if your installation is kept updated to the latest version.).

While keeping your ASG installation Up2Date to the latest version is always the most reliable way to have the strongest protection, please note that if your installation of ASG has not been updated in 13 months or longer and is currently using 7.200-7.306, it is not upgradeable to the newest ClamAV engine.
For these customers who are using Web or Mail Security with Dual Scanning, on April 12th, 2010 the mode will be switched to "Single Scan" automatically. For customers using these older versions, if dual scanning engines are important to you, please update to the latest ASG version.

Note: Versions 7.0xx and 7.1xx are not covered and should be upgraded to a higher version before April 15th. If you are running a version older than 7.400 and have further questions, or require help in updating to the newest revision of ASG V7, please open a support ticket or contact your Astaro partner for assistance.

Eradicate Time Wasting Activities from Your Network

Tim Cronin — Wed, 24 Mar 2010 09:00:44 +0000

While it may seem like a story your grandmother would tell you to scare you it is true. At one point the Internet did not exist. Yes, there were rudimentary "email" programs but the Internet as we know it today, with news sites, social networking and online games did not exists a mere 20 years ago. Back then when an employee wanted to waste time they would gather at the water cooler or kitchen area and gossip.

Because this form of time wasting was highly visible employees were forced to self-limit the amount of time they spent socializing at work or risk having their supervisors labeling them a slacker. Among the many activities the Internet has made easier is wasting time at work. Employees can now spend as much time as they want surfing the web and because they are at their desks looking at their computer screen any passerby would believe they are working. With the Internet the only thing stopping most employees from spending hours online wasting time is their own work ethic and sometimes, pressing deadlines. Boston.com published a list of the Top 9 Time Wasters at work. Of the nine activities employees engage in during the work day instead of working five of these activities involved using the web. Here is a brief summary of what the Boston.com article included:

Number 1 - Internet Use Respondents to a survey indicated they spend more than two hours a day simply surfing the web instead of working.
Number 3 - Shopping online During the holiday season the average employee planned to spend the equivalent of two full work days shopping. The survey also said that one in ten employees sinks as much as 30 hours a year into online shopping.
Number 4 - Social networking According to a 2009 study from Nucleus Research, productivity drops 1.5 percent when workers are able to access Facebook at work. This study also states that 61 percent of employees use the site at work for an average of 15 minutes a day.
Number 6 - Email Basex, a New York Consulting firm, reports that half of all workers receive 50 or more email messages a day and 55 percent respond or read the messages immediately. With more than 80% of messages being spam this is a huge time waster.
Number 8 - Looking for jobs One in four employees with a computer admits to searching for jobs while at work.

So with all these time wasters damaging employee productivity what can an organization do? As we've stated in past posts - employee productivity can be improved using the same tools organizations use to protect their networks from Trojans, botnets and other malicious content. First of all they can reduce the number of emails employees receive by deploying a spam blocker. This way the emails they receive will at the very least be (mostly) work related. Next, the value of content filtering tools cannot be understated. To preserve employee moral while protecting productivity companies can create Internet usage policies using this very same technology.

Instead of banning social networking and news sites all together you can allow employees to access these sites at certain times (at the beginning of the day, during lunch etc.) This way, employees still get the break from work they need to recharge without over doing it. If blocking access to websites isn't your organizations "style" these tools can be used to monitor web-usage instead. Then the administrator can talk to only those employees who abuse the right to surf the web freely, or even create a user group of just these employees.

When you aren't all in one place - Securing your distributed workforce

Tim Cronin — Mon, 15 Mar 2010 13:35:16 +0000

The workplace is changing. It was once the norm for a small or medium sized organization, or even a larger enterprise, to operate out of only one building. Even global organizations tended to have a single headquarters with perhaps one or two other buildings in the continents in which the organization operated.

Today this has all changed. Technology has made it possible for businesses of all sizes to have multiple locations throughout the world. This means employers can hire the best employees regardless of their location. Also high gas prices and the desire for a flexible work environment has caused many organizations to offer flex spaces and create connected work policies. As a result, we are seeing a more distributed workforce in companies large and small. The ability to have employees work from anywhere has been beneficial to most organizations.

According to a recent study done by Link Resources, allowing employees to telecommute or work out of remote offices closer to their homes can improve productivity by up to 20%. Factors such as increased flexibility, reduced stress resulting in sick days, and the fact that minor health ailments will not impact an employee's ability to work are all contributing factors to the increased productivity. When working from home or at an office closer to their home employees tend to add the time they would have spent commuting to their work day, increasing the number of hours they will spend working a week and thus increasing their output. Connection is only first step - then you need security So what is the catch to this distributed workforce? - ensuring connectivity and security.

Basic technologies such as a telephones, instant messengers (with or without video capabilities), email and mobile devices allow your employees to stay connected to the office no matter where they are. However, in order to make having office locations worthwhile it is critical for each location to be secure. Deploying separate security devices at each office location can ensure each office is secure, however this creates a huge administrative burden. I know of one company that has eight offices with a combined workforce of less than 100 employees. The time it would take the network administrator to install, maintain and update eight separate security appliances would negate many of the benefits of having a distributed workforce to begin with.

Despite the simple set up and configuration of some security products it is still necessary to have an individual with a technical background manage the initial deployment. With a distributed workforce this means extensive travel just to connect an office, creating a financial hurdle to having remote offices. There are only two ways to avoid spending valuable dollars on travel to connect and secure remote office: 1) don't open remote offices or 2) select security products that can be deployed by anyone - even non-technical employees. This still leaves management as an issue.

This can be combated if the network administrator is able to maintain or update the security solution remotely or from the central office. Having multiple offices in spread out locations is a reality of the business world today but so is the need to secure your network. When an organization's network is distributed across multiple locations it can be a challenge to ensure their security but new technologies are making this possible. An example of this type of technology happens to be from Astaro. Information can be found here: http://www.astaro.com/landingpages/en-worldwide-innovations-2010

Up2Date 7.504 Released

Angelo Comazzetto — Tue, 09 Mar 2010 18:41:35 +0000

Today we release the 7.504 Up2Date for our Astaro Security Gateway product. This version has a few new features, and adds WebAdmin support for our new product RED. RED (Remote Ethernet Device) acts as a long Ethernet cable to a branch office, requiring no configuration or management. It just "brings" the small remote site directly into the connected ASG as an Interface, which is a totally new way of working with remote locations.

RED is in limited BETA now and will be available soon for all to purchase. You can find out more about Astaro RED here.

More 7.504 details are available by reading on...

This release has a few new features, such as the ability to totally remove (de-proxy) sites from the HTTPS filter using new functionality for exceptions (thus passing them out the packet filter). You can now make exceptions for Web by Category! This is quite powerful when used in combination with the new HTTPS exceptions ability above, such as for not HTTPS inspecting for privacy reasons any sites categorized as Financial/Banking. Also new are the support for hosting of a Proxy PAC file, and another for privacy - the ability to remove some HTTP events completely from logging (and subsequently reporting). Rounding out the new things are an Uplink monitor/action feature and wildcard SMTP routing support. There are also dozens of bugfixes, tweaks, and stability changes.

Official Details:

Download Information

Link: ftp://ftp.astaro.de/pub/ASG/v7/up2date/u2d-sys-7.504.tgz.gpg
Size : 177.662.729 bytes
Md5sum: 670c1eb0996b3f38d79f0a9ca66d8364

Remarks

Configuration will be upgraded
Your system will be rebooted
*IMPORTANT* - RED devices will perform a firmware upgrade after first connect
For testers of RED: Your device will perform a firmware upgrade (blinking LEDs) - do not power off the RED unit while upgrading, or you can corrupt the flash!

New

Added WebAdmin support for RED devices
Added Internet connection monitoring
Added HTTP Proxy PAC file hosting
Added HTTP Proxy exception options for SSL and logging
Added option to skip HTTP Proxy checks based on categories
Added option to configure HTTP Proxy authentication realm
For the new things in ASG 7.5 you can view the Release Notes here.

Bugfixes

Fix [11235]: "ICMP Fragmentation needed" packets are not handled correctly when using Multipath
Fix [11420]: Cannot log archive to windows share when windows password contains a percent sign (%).
Fix [11425]: Classic base licenses no longer allows basic SMTP usage
Fix [11453]: Virus pattern updates may conflict with HTTP Proxy
Fix [11531]: You must specify a route target (internal server) error message on SMTP profile systems
Fix [11660]: Directory listing for FTP folder over HTTP proxy is empty
Fix [11760]: Reporting Exceptions missing from AWG and AMG Appliances
Fix [11807]: MIME blocking inspects HTTP body not working
Fix [11837]: Prefetch of an AD user fails if the mail address is case-sensitive
Fix [11871]: IPS logging can cause root partition fillup
Fix [11987]: Can't dissolve bridge or remove bridge ports
Fix [12176]: PPTP routing is broken if PPTP pool is part of the internal network
Fix [12338]: Snort SID link in IPS notifications is invalid
Fix [12466]: HTTP Proxy may not recognize new eDir users logging in
Fix [12596]: AMG/AWG backup import to ASG not possible

Astaro Up2Date technology makes it easy to upgrade your installed Astaro Security Gateway to the latest version. There are two ways to apply an Up2Date package to the system:

Log on to WebAdmin, navigate to Management >> Up2Date >> Overview and use Update to latest version now to install the Firmware Up2Date. Click on the "Watch Up2Date Progress in new window" and an extra browser window will show the progress of the Up2Date installation. (The System administrator will receive a notification email once the Up2Date process has finished.)
Download the Up2Date package from our HTTP or FTP Server and install it under Management >> Up2Date >> Advanced: Astaro AxG Up2Date
Download Mirrors:
- Astaro US
- Astaro US2
- Astaro Germany
- Astaro Germany2

(All Up2Dates are GNUPG-signed!)

Feedback

If you want to provide feedback or want to discuss any of the AxG V7 features you should post it on our User Bulletin Board. Please take care to add always(!) the version you refer to (e.g. "[7.502] Real Time Bandwidth Monitor ").
If you have feedback to our documentation (Online Help) please send it to docu@astaro.com.
There is also a demo server to try: http://demo.astaro.com

Astaro introduces three new products

Jessica Pozerski — Wed, 03 Mar 2010 17:00:34 +0000

This morning, Astaro announced three new products that will be available in 2010. Each product will allow organizations to connect their network while remaining confident in its security and ensuring access to information. Also in development is version 8 of the Astaro Security Gateway. This next generation security platform will include a new user interface and support for IPv6.

Astaro RED is the first security solution to offer complete and centrally managed Unified Threat Management for branch offices. It empowers organizations to connect their remote locations to a central location (headquarters) within minutes and without onsite technical expertise. For more information about Astaro RED watch this short video here: http://www.astaro.com/landingpages/2min-explainer-red

Astaro Mail Archiving is a hosted service that is set up within 15 minutes. The service provides unlimited storage and users can find archived email quickly and easily through a convenient Microsoft Outlook plug-in. For more information about Astaro Mail Archiving watch this short video here: http://www.astaro.com/landingpages/2min-explainer-ama

Astaro Wireless Security offers secure and uninterrupted WiFi signal throughout an office location through secure plug & play thin access points (802.11n). Astaro Wireless Security allows users to create guest Internet access without complicated configuration. Security is managed centrally with the Astaro Security Gateway web interface. For more information about Astaro Wireless Security watch this short video here: http://www.astaro.com/landingpages/2min-explainer-wifi

In addition to the three new products, Astaro is currently developing version 8 of the Astaro Security Gateway. The new version will include support for IPv6, a reverse proxy - Web Application Firewall, admin change tracking and an updated interface.

Many of the new features found in version 8 were suggested on the Astaro Feature Request Site, a site that was developed by Astaro product management to receive feedback on current and future offerings from Astaro's partner community and customers. Find more information on the three new members of Astaro's product family on www.astaro.com/innovations-2010 and register for e-mail updates to receive latest information on them

Massachusetts' MA 201 CMR 17.00

Jack Daniel — Mon, 01 Mar 2010 09:05:08 +0000

Massachusetts' MA 201 CMR 17.00 data protection regulations go into effect on Monday, March 1, and that is a huge step forward for the protection of personal information.

Breach disclosure laws are old news, but 201 CMR 17.00 is different, it prescribes data protection specifics, and it is not limited to those in Massachusetts: "201 CMR 17.01 (2) Scope The provisions of this regulation apply to all persons that own or license personal information about a resident of the Commonwealth." Yes, all persons (which includes companies and organizations), regardless of where they are located, are covered if they: "Owns or licenses, receives stores, maintains, processes, or otherwise has access to personal information in connection with the provision of goods or services or in connection with employment."

This is a big deal, for two key reasons. First, it is leading the way in state regulation of the protection of data. There have been other regulations covering protection of data, but I believe this is ground breaking and will be followed by other states. Second, it has a very broad reach, it is not industry-specific, and it applies to a large number of organizations which have never had regulatory requirements on their IT system before.

Specifically, it applies to: "Person, a natural person, corporation, association, partnership or other legal entity, other than an agency, executive office, department, board, commission, bureau, division or authority of the Commonwealth, or any of its branches, or any political subdivision thereof." There is an exclusion for Massachusetts government, but they are covered under Executive Order 504, which mandates similar protection of data for them. This regulation can put a significant burden on businesses which do business with Mass residents, and I believe that small businesses face the biggest challenges. (The burden is to do what they should already be doing, but are not; that doesn't mean it will be easy).

Small businesses are the least likely to have dealt with regulation before (except in specific regulated fields), and they are the least likely to have the knowledgeable personnel and financial resources required to comply. Those organizations in the 40-200 user size are probably going to have the hardest time (as they often do), they're too big for doing everything manually, and not big enough to justify the enterprise tools to help manage some of the tasks at hand. You can find a PDF of the regulations at: http://www.mass.gov/Eoca/docs/idtheft/201CMR1700reg.pdf

Up2date 7.503 Released

Angelo Comazzetto — Tue, 16 Feb 2010 20:04:55 +0000

We are in the process of delivering Up2Date 7.503 to our installations. It will appear soon for installation via your WebAdmin. This is a small bugfix update which addresses an incompatibility when using the Web Security subscription with the new Astaro licensing model. It does not require a restart of the system. You can read on for more information and the manual download link.

Details:

Download Information

ftp://ftp.astaro.de/pub/ASG/v7/up2date/u2d-sys-7.503.tgz.gpg
Md5sum: 1f2f158633edfb6a768958745c26acb3
Size: 5.12 Megabytes

Remarks

Configuration will not be upgraded
Middleware will be restarted
Existing connections will be reestablished

News

This package addresses a licensing issue only
For the new things in ASG 7.5 you can view the Release Notes here.

Bugfix

[ID12695] HTTP Proxy content filter does not work properly with new license model

Astaro Up2Date technology makes it easy to upgrade your installed Astaro Security Gateway to the latest version. There are two ways to apply an Up2Date package to the system:

Log on to WebAdmin, navigate to Management >> Up2Date >> Overview and use Update to latest version now to install the Firmware Up2Date. Click on the "Watch Up2Date Progress in new window" and an extra browser window will show the progress of the Up2Date installation. (The System administrator will receive a notification email once the Up2Date process has finished.)
Download the Up2Date package from our HTTP or FTP Server and install it under Management >> Up2Date >> Advanced: Astaro AxG Up2Date Download Mirrors:
- Astaro US
- Astaro US2
- Astaro Germany
- Astaro Germany2
(All Up2Dates are GNUPG-signed!)

Feedback

If you want to provide feedback or want to discuss any of the AxG V7 features you should post it on our User Bulletin Board. Please take care to add always(!) the version you refer to (e.g. "[7.502] Real Time Bandwidth Monitor ").
If you have feedback to our documentation (Online Help) please send it to docu@astaro.com.
There is also a demo server to try: http://demo.astaro.com

Astaro introduces new licensing model

Jessica Pozerski — Tue, 16 Feb 2010 14:48:59 +0000

At the beginning of the month, Astaro announced our new licensing model to the world.

This model is designed to better meet the needs of our partner community and our end-users. Below you will find the details of the new licensing model. We rearranged the former Base License: Out of the advanced network security features we created a dedicated subscription called "Network Security" while our free "Essential Firewall" contains basic networking and network security features. We also adjusted the maintenance and support.

We decided to update our licensing model to create a more flexible licensing; now customers can buy exactly what they need. With this new model the clustering and user upgrades processes are much easier. This new model also includes a more competitive price point for smaller appliances. This will make it easier for our partners to initiate conversations with prospective customers with smaller budgets.

Additional information can be found here: http://www.astaro.com/news-events/press-releases/astaro-redefines-utm

Bank Sues Customer Over Intrusion That Led to Theft

Tim Cronin — Tue, 02 Feb 2010 14:20:59 +0000

Brian Krebs is reporting that Texas bank PlainsCapital is suing Hillary Machinery, a customer of PlainsCapital. This is significant because to this point it is common for customers to bring suit against a bank over lax security, but this is a rare case of a bank bringing suit against a customer. Details can be found at Krebs' blog.

There are hazy details about the case. I don't want to take sides on the litigation, but I do want to point out that both parties could have prevented the actual breach.

Bank's fault
There was one detail that I picked up on. PlainsCapital did not issue a statement, but there does appear to be a memo that was made public. In this memo it outlines the details of the intrusion as reported by Sam Roark, vice president of delivery channels. The bank uses some common methods of authentication in order to gain access to the system and make transactions. Specifically, you need to know your username (public information) and your password (private information). Once you sign in, it will send an email to you before you can make any transactions and you must then click a link. The memo states the following about this process: "This is known as multifactor authentication." It is not my intention to pick sides. In fact, I would place most of the blame elsewhere.

However, I would like to use this example to make the concept of multifactor authentication clear. Multifactor authentication uses a combination of something that a user knows, something that a user has and something that a user is. In order for the multifactor authentication to be more secure than single factor, you need at least two of the three categories. Think about your ATM authentication for instance. You must insert your card and enter your pin.

This is something you have and something you know. The bank uses two instances of something you know (your username and password and then your email account's username and password). This is not any more secure than single factor and indeed is not considered multifactor authentication. If this was a phishing attack from the intruder, then the user could unwittingly give up both pieces of information and the attack would be successful because the attacker doesn't need to kidnap (something you are) or steal a physical item (something you have). It is incorrect to say that the Bank was using multifactor authentication for this reason. Had the bank really been using multifactor authentication (with a secure token or something similar for instance) then this attack would not have been successful. Banks should consider this in future litigation and policy making.

Customer's Fault
The customer is the actual target of the attack. The customer is responsible for the privacy of their security credentials. Unfortunately, these credentials have been known to be easy to leak. There is no detail about how they were leaked but there are a couple of possibilities. The most obvious is a phishing attack. A user within the bank was simply asked to give the attacker the information that he was looking for. Probably believing that the attacker was a trustworthy individual, the user gave the credentials. After this and the lack of actual multifactor authentication there was no barrier to a successful attack. The way that the customer could have prevented this is to make sure that anybody that has access to the banking information is well aware and vigilant not to give the credentials to anybody. This is user training and is often a goal of any security strategy.

The more sophisticated route would be a fully technical breach. If the attacker(s) were able to gain access to an internal system that had the authentication credentials in an accessible place, then this is all that is necessary for the attack to work. There are mitigations that give you a reasonable expectation you are not going to be breached, but these technologies are never 100% effective. There are always 0-day attacks and obfuscation techniques to hide the presence of a breach. Technologically, the customer would have to make a risk based assessment as to when enough security is enough. This attack may have been more sophisticated than the security measure put in place. Currently, Hillary machinery has not released information about the measures they have in place. It is entirely possible that the state of their network security was woefully insignificant. However, the assumption that it was insignificant cannot yet be made.

Put It Together
All in all, both parties had an opportunity to stop this breach. In the end, the customer is responsible for keeping their credentials secure. The bank should have policies in place that would stop a breach if credentials are stolen, though. Neither party is fully responsible for the breach but neither party can claim that they aren't responsible. Of course, this is now a legal issue, and we'll have to see how the legalities work out.

Astaro will host partner events in US

Jessica Pozerski — Tue, 26 Jan 2010 15:54:22 +0000

Astaro has made a commitment to helping our partners grow their businesses. This is why we began offering our partner community advanced training sessions, implemented organizational and business process improvements and why we are hosting a series of events in the early part of 2010.

These events will feature information regarding Astaro's product roadmap, the security industry, competitive messaging information and technical demonstrations as well as an opportunity to network with other members of the Astaro partner community. The first two events will be held in Miami and Orlando on March 10th and 16th respectively.

We encourage all partners in the area, as well as those considering joining the Astaro partner community, to attend an event. For more information about dates, times and locations and to register for an event click here. We hope to see you there!

New Zero-Day exploit - Astaro blocks that!

Markus Hennig — Wed, 20 Jan 2010 18:23:21 +0000

Dan Goodwin recently reported that a new Internet Explorer exploit has been released into the wild. The exploit, known as CVE-2010-0249, attacks a known vulnerability in Internet Explorer and was most notably used to compromise Google. Luckily, networks with an Astaro Security Gateway are protected against this threat.

Astaro is connected to the Microsoft Active Protection Program and therefore it is possible for the product's IPS to recognize and block attacks before other vendors are able to do so.

According to the Goodwin article, this attack has been in existence and remained undetected for almost nine years. Obviously this attack is "highly sophisticated" and the only reason we are aware of the exploit now is because a very prominent company (Google), was targeted and compromised. It is important to note that Internet Explorer version 8 and Windows 7 were both able to withstand this attack- once again confirming the importance of updating your software.

Microsoft is encouraging Internet Explorer users to upgrade version 8, a move that will help protect users from other known vulnerabilities. I believe the Google compromise is just the tip of the iceberg. Just because we are now aware of this exploit does not mean all networks and systems are fixed. Now that the vulnerability in Internet Explorer has been publicized we can expect more attacks looking to take advantage of the vulnerability until a patch is made.

The next patch is scheduled for February 9th, however there is speculation a patch may be issued prior to the scheduled patch date. A final thought about this exploit is how it transcends international borders. The cyber-criminals who created this exploit are from China but used the global reach of Internet Explorer to gain access to email accounts of users who trust Google from all over the world. We truly live in a global world.

Astaro featured on MSPTV

Jessica Pozerski — Tue, 19 Jan 2010 15:09:37 +0000

On January 15th, Business Solutions magazine hosted a webinar featuring Jim Roddy, Business Solutions, president and Gennifer Biggs, security storage and managed services editor.

The webinar, titled: "Products To Leverage For Your Own Economic Recovery", discussed pitfalls to avoid in the economic recovery, product financing support for IT companies ramping up for the recovery and basic business advice for 2010.

The webinar featured a guest speaker, Astaro partner Dean Wescott, CMO of Kincaid Network Solutions. During his segment, Dean discussed his experiences leveraging the Astaro Security Gateway Essential Firewall Edition and how it will help VARs and managed services security providers gain momentum in 2010.

Programs learn to play in their own sandbox

Tim Cronin — Mon, 18 Jan 2010 15:17:20 +0000

Among all of the New Year's normal ebb and flow, predictions for the upcoming year are ubiquitous. More than a couple of these predictions proclaim that 2010 will be "The Year of the Sandbox". While I think this is a sensationalist way of putting it and that it would be hard to pin down any timeframe for such a technology to become the norm, I do agree that the sandboxing of processes is becoming popular.

In fact, if you look at the technology as a whole, virtualization can be thought of as macro-sandboxing - that is, making sure that one set of processes (the guest) cannot interact with another set (another guest). Virtualization has taken off and now sandboxing is headed towards stopping individual processes from communicating with things it shouldn't.

The Theory
Sandboxing is not a new idea and is a simple idea. Basically, if you limit the access that a running computer process has, then it limits both good and bad things. If you design a program to work properly under normal circumstances while limiting the access it needs to other data, then you have created a sandbox. Then, if this program is used in a manner which was not intended, the effects are also limited. On top of this, the portions of the program that are intended to interact with other resources (such as the operating system or other processes) are hardened with the most strict security practices possible.

The end result is a recipe for success.

Harbingers of technology
Google's Chrome browser is already sandboxing itself. According to Google's Chromium Blog all of the Javascript and HTML processing is sandboxed in what is known as the renderer class. Each plug-in is separate from the renderer. As a result, Chrome runs in several OS processes, one for each tab and plug in. On top of this, the renderer is hardened using the most stringent OS security. If there is a vulnerability in one of these processes, it cannot interact with other processes, including your hard drive. This is unlike other browsers that have no separation.

If there is a vulnerability in older-style browsers, it can still interact with anything running in the current single browser process, including crashing your entire browser session or interacting with other system resources.

Just Web Browsing?
This does not limit itself to browsers. This method applies to all processes running on the system. If there is a process that is allowed to interact with other processes, then it stands to reason that it can be used for malicious purposes. Enter another utility: Sandboxie (http://www.sandboxie.com/). Sandboxie is a great utility that allows any process to run in a sandbox. If there is a vulnerability or crash in the process that Sandboxie is running, it acts in a similar manner to Chrome's renderer, it won't interact with other processes to cause wider damage.

You can close the Sandboxie process along with the misbehaving process and start over. With this (lack of) power, it is no wonder that developers are leaning on this technology to help make computing safe for the masses again. It won't be impossible to mount a successful attack, but it will be much more difficult. The downside? Look for phishing to become more popular as it will be easier to use it as a tool than to exploit the actual system. What do you think about Sandboxing when it comes to creating programs?

Basic Security tips part 3 - update your software

Tim Cronin — Mon, 11 Jan 2010 14:17:17 +0000

It has become more and more difficult to identify malicious links and content on the Internet. URL shortners, ads on legitimate websites , virus downloads posing as anti-virus software and of course fake e-cards all make it harder to know where you should and should not click Having a strong network security product in place will of course prevent the installation of malicious code on our computer even if you click on one of these links.

But there are other ways to make sure you are protected from these hard to identify scams. The simplest way is to make sure your software is up to date. I am not taking about your security software (but keeping that up to date makes sense too). I am talking about the regular software you use every day. The Waldec virus, a virus that spreads through fake new years' e-cards, attacks known vulnerabilities in programs like Adobe Flash, Adobe Reader and Internet Explorer. How can they successfully attack known vulnerabilities?

It isn't that Adobe and Microsoft ignored the vulnerabilities and didn't create patches. Instead, the Waldec virus depends on the fact that many people do not update their software with the latest patches and more often than not this is the case. So, one important step towards protecting your computer and your network is to update your software when new patches come out. If the company that created the software is aware of the vulnerability, you can be sure cybercriminals not only know about it, but already created a program to exploit it.

Which brings me to a secondary tip - Do not open e-cards or emails if you don't know the source. You can spot fake e-cards because they typically have subject lines like "a friend sent you an e-card" while real e-card services will personalize the subject line to say something like "Bob send you an e-card". Microsoft security patches can be found here: http://www.microsoft.com/security/updates/bulletins/default.aspx Adobe security patches can be found here: http://www.adobe.com/support/security/

Why Retail and Consumer Goods Organizations Need Security

Jessica Pozerski — Thu, 31 Dec 2009 09:00:00 +0000

Retail, wholesale and consumer goods organizations face unique security challenges. Each new transaction adds information into the organization's database that can be stolen. Storing personal information such as credit card numbers, addresses and even social security numbers creates a tempting target for cybercriminals.

A security breach at a retail, wholesale or consumer goods organization damages the organization's reputation and could cause customers to shop elsewhere. Additionally, government, and trade organization regulations such as PCI standards require these organizations to secure this data to prevent the loss of data and indentify theft. Because these organizations often have multiple locations in addition to a corporate headquarters securing data can be a difficult task.

One solution is to deploy an information security product that at each location that allows for central management at the home office. This will reduce the amount of time it takes to administer these products will protecting the entire network. Protecting an organization from external threats is crucial; however, retail, wholesale and consumer goods organizations need to protect themselves from internal breaches as well. The majority of breaches originate from accidental downloads of malicious content by employees.

Content filtering capabilities allow organizations to block access to websites with malicious content and prevent threats from being downloaded in the first place. If a computer on the network somehow becomes infected, a strong information security product will provide proactive notifications and quarantines of network traffic breaches and infections so network administrators at retail institutions can react to breaches before infections spread to the entire organization - protecting customer data and your organization's reputation.

Here are some examples of how retail, wholesale or consumer goods companies have protected their networks: Kauffman Tire Hannoush Jewelers

Cybercrime and its affect on e-commerce

Jessica Pozerski — Tue, 29 Dec 2009 15:46:59 +0000

The past year saw an increase in the number of virus attacks, phishing attacks, spam messages and other cyber-crime. According to a recent article in CNN, this cyber crime poses a threat to ecommerce. This article suggests that the ubiquitous nature cyber-attacks and the constant coverage of breaches like the Heartland breach will keep consumers from shopping online.

I disagree with this theory and believe the only people who won't shop online because of these attacks are the people who aren't shopping on line anyway, thus ecommerce will not feel a significant impact from these threats. The trends seems to be moving towards doing more and more business online rather than in stores and banks.

Many banks offer incentives for "going paperless" and for setting up automatic bill payments. Reports of these attacks may hurt smaller online shops that have sites full of ads, but for the average consumer, they will continue to trust name-brand sites like amazon.com or even ebay. Most educated consumers don't care about privacy issues, web hacks, or even user ID theft. They know their credit card companies protect them from fraudulent claims and are even willing to risk having their credit card information stolen on sites they haven't heard of before for the right price. If their information is stolen they will just call their credit card company and have the charges removed.

I am curious if my opinion was on track with others so we are conducting an informal poll on our Facebook fan page. We asked: Are you less likely to shop online because of reports of data breaches (like the Heartland breach)? Respond to the survey by visiting Astaro's Facebook fan page (http://www.facebook.com/business/dashboard/#/pages/Astaro/107041096353?ref=mf) and leaving a comment, or leave a comment on this blog post.

We will post the results on our blog after the new year.

Why we need hackers

Jack Daniel — Mon, 28 Dec 2009 09:04:07 +0000

In the US the term "hacker" carries a negative connotation. It conjures an image of a dark room filled with computers and a lone man attempting to break into bank or credit card networks to steal as much personal information as they can.

While there are plenty of "black-hat" hackers engaging in criminal activity for their own gain, the term hacker has an entirely different meaning. . A hacker is simply a programmer for whom programming is reward enough. They tend to be curious individuals who test the limits of what is possible in computing. Unfortunately, the term has become synonymous with "cyber-criminal" and now that this image is etched into the conscience of American society there isn't much this unorganized group of people can do to restore their reputation.

Articles like this one also make it difficult for ethical hackers to shed this image. Strict interpretations of DMCA, EULAs and other laws or regulations have made criminals out of white-hat hackers whose only goals are to test the bounds of computing. The truth is we need hackers. Hackers are some of the most computer savvy individuals and their unique knowledge can be helpful in all kinds of scenarios. For example, an organization can hire a hacker to find possible vulnerabilities in their network, or a network security company can hire a hacker to help create a more secure firewall or other security devices. While hiring true cybercriminals to may not be advisable in all cases, to say that someone who was convicted of a cybercrime could never be trusted is laughable. Criminals reform, and these cybercriminals posses knowledge that possibly no one else has.

Why not use their expertise to create a safer Internet environment? Other countries understand the distinction between cybercriminals and hackers. Some even create college programs that teach hacking techniques. Why? Because at the very least those who develop our network security solutions should understand how cybercriminals operate on a practical and technical level.

Security and employee productivity

Tim Cronin — Thu, 24 Dec 2009 09:00:55 +0000

Many organizations view Internet security as a necessary expense and nothing more. They realize it is crucial to secure their network and select security products that will block malware and filter spam.

While recognizing the need for security is a positive step, many of these organizations are missing out on an opportunity to improve their business operations by using these same tools. The most useful security products aren't simply roadblocks for hackers; they also help contribute to an organization's bottom line. Here are some ways security solutions can help improve business operations by improving productivity.

Spam Filters
Employee productivity can be difficult to measure but is an important part of creating a successful business. All organizations want their employees to be as productive as possible, but constant distractions sap productivity. Employees are bombarded with email all day long, and many of these messages are useless (and dangerous) spam messages. In fact, it has been reported that, depending on the source, somewhere between 80% - 90% of all emails can be classified as spam. Also spam costs the average medium sized company upwards of $185,000 a year in lost productivity - and that doesn't even include the costs of cleaning off a network if the spam message has malware, spyware or a virus on it. With so many messages to wade through, classify and then delete manually, spam has a significant impact on productivity. Security solutions that posses strong spam filtering capabilities eliminate the majority of spam in employees' inboxes, preventing the productivity drain.

Content filtering
Content filtering capabilities prevent lost productivity due to inappropriate or excessive web surfing. It also helps reduce the risk of being labeled a hostile work environment by preventing employees from accessing sites that are considered offensive. Properly filtering content can help keep your business's network safe from spyware as malicious sites are blocked from the network. This also preserves your networks performance as it isn't bogged down with spyware or malware, nor is bandwidth being eaten up by non-work web usage.

Working from home
Offering your employees the ability to work from home can increase employee morale and productivity. Employees who have access to the network from remote locations are more likely to work outside the office, and to contribute to the business outside regular business hours. As more and more businesses offer work at home policies and have mobile workers, remote access to the corporate network from any location will become a business staple. Setting up VPN clients on individual machines his a huge administrative hurtle to offering VPN connectivity.

Internet security products do more than just protect your network from viruses and other malware. They improve productivity and increase

You wouldn't buy a car without test driving it first - would you?

Jessica Pozerski — Wed, 23 Dec 2009 09:00:00 +0000

As we get closer and closer to the end of 2009 businesses are beginning to reevaluate their security products. When evaluating products most companies have a clear picture of the features they want. So they look for products that offer those features. This seems logical but when you think about it, this method is actually one of the worst ways to select a product. Let me use the analogy of a car. When you are in the market for a new car there are certain features you must have.

You'll want an engine, four tires, power windows, anti-lock brakes etc. Now what if all you did was find a car that had all these features? You might end up with an engine that floods, tires that go flat, windows that don't work when it is cold or brakes that have cracked brake pads. Of course when you are looking for a car you are going to look at the quality of each feature not just if the feature is present.

Why then do IT administrators simply use a simple feature check list when purchasing a security (or other technology) solution? When evaluating any purchase, be it a car or a network security product, customers should try to understand the depth or quality of the features each prospective purchase has. What is the best way to do this? Sticking with the car analogy here are a few ways to evaluate a security product effectively. Industry reports/news items When you begin your search for a new car one of the first things you should do is look for news items related to the industry.

Have there been any serious recalls or safety problems? Is there a new model of a brand you like? You can do the same when searching for a security product. Google "network security" and look on the news pages and press release pages of the products you are short listing. This will give you an idea of what is going on with the companies and products you are looking at. Customer References Next you should talk to others you know who drive the type of cars you are interested in buying. Finding customer references may be easier with cars than with security products as you can easily determine what someone drive (just watch them get in their car), but companies don't advertise the security solution they are using on their website.

Ask other IT administrators you know what they use and what their opinion of this product is, look on network security forums to see what people are saying and check out the companies web page - more than likely they have a library of customer success stories telling you how the product solved the customers problems. Awards and Certifications Car companies know awards matter.

This is why so many car ads include information about what awards they have earned. Industry awards and certifications normally have clear guidelines for who will be recognized so if having a strong IPS is important to you, look for companies that have received awards for having a high performing IPS. Test Drive Of course all the research in the world can't replace a test drive.

Once you've seen the awards, heard the customer success stories and read the industry or analyst reports you'll want to test the product yourself. If the vendor doesn't allow for a free trial ask yourself why? What are they hiding? A company that is confident in their products' feature depth as well as its breadth should have an issue with you testing their product for a given amount of time. How else would you know if you will like how the product drives?

Astaro Updated Astaro Command Center

Jessica Pozerski — Mon, 21 Dec 2009 15:22:48 +0000

Astaro has officially announced the availability of the Astaro Command Center version 2.1.

The newest version of the free central management tool includes updated and new functions that enable Astaro partners to offer managed security services. To register for a personal license key of the Astaro Command Center version 2.1 visit: http://www.astaro.com/download/acc

More information can be found here: http://www.astaro.com/news-events/press-releases/astaro-command-center-version-2-1 And here: http://up2date.astaro.com/2009/11/astaro_command_center_21_relea.html

Having your computer compromised could cost more than your personal information

Tim Cronin — Thu, 17 Dec 2009 15:07:18 +0000

At this point most people who use the web understand what can happen if their computer is infected by a virus, spyware or other malicious content. The malware can track key strokes, or turn your computer into a zombie. This can lead to the loss of privacy and ultimately identity theft.

If the computer happens to be connected to a business' network then the infection can cause a serious data breach, slow down the network connection hurting productivity or even crash the network. Most of us know about these risks and we or our employers take the necessary precautions to protect the networks we use. However, there are still organizations and individuals who neglect security. When a business decides to forgo security products it is often because they feel their network is too small to be a target. When an individual decides to go without security on their computer it is because they feel the worst that can happen is their credit card information is stolen.

When this happens they just call their credit card company's fraud department and the fraudulent charges are dropped. What these individuals don't realize is the consequences of not properly securing a network and a computer can be much worse than some fraudulent credit card charges. David Kernell, the alleged hacker who gained access to Sarah Palin's personal email account learned this the hard way.

Kernell's defense claims his computer was infected by a virus that took control of his computer and he was unaware it was being used to reset Sarah Palin's password and steal personal information. In other more serious cases, malware has been used to download child pornography on an infected computer so the hacker can view the illegal material and the victim is framed as the offender.

There have been cases where innocent men and women are convicted and spend time in prison simply because the virus wasn't found in time to clear them of the offense. Even after they are cleared their reputations are sullied and their lives turned up-side down. As the Examiner article points out, there have been cases where the "my computer was infected with a virus" defense has succeeded, but is this a chance you are willing to take?

Only time will tell if Kernell is an innocent victim himself or if his claims are false, either way he will have to go through a lengthy trial will potentially cost him thousands of dollars and his personal reputation. It isn't enough that Internet users and businesses have to worry about identity theft and the loss of sensitive data, now we all have to worry about being framed for a serious crime. With the right Internet security solution innocent victims could avoid the frustration of being falsely accused of a crime.

Astaro Secure Client V9.2 released

Udo Kerst — Thu, 17 Dec 2009 11:44:00 +0000

This new release adds Windows 7 support, 64 bit optimization, support of new Intel Wi-Fi drivers, Tip of the day and many additional minor enhancements.

New Features

ASC V9.2 offers the following major new features, among others:

Windows 7 Support
Fll support is provided for the new Microsoft operating system Windows 7 from version 9.2 onwards. In general the following Windows desktop operating systems are now supported:
* Windows XP (32/64 Bit)
* Windows Vista (32/64 Bit
* Windows 7 (32/64 Bit)
Additionally, the Secure Client supports the new Intel Wi-Fi drivers, starting from version 12.4.0.21, and it is compatible to the mobile broadband support in Windows 7.
Important notes:
* Installation of the Astaro Secure Client under Windows 7 demands a license key of version 9.20.
* In case of an update from Windows Vista to Windows 7, the monitor of a Client version 9.2 , licensed with a license key 9.1, can only be started in order to enter a license key of version 9.2.
* All other new features as described below can also be used with a 9.1 license key under Windows XP and Windows Vista
* The support for Windows 2000 has been discontinued, starting with Astaro Secure Client version 9.2.

Wi-Fi-Roaming
If the laptop is moved within the range of several access points with the same SSID, the system automatically switches to an access point with higher field strength in the case of low Wi-Fi reception. Applications communicating via this VPN tunnel are usually not affected by the change of access point. This allows the user to move across the corporate campus (e.g. with a laptop), without the need to set up new Wi-Fi connections.

State Display during Wi-Fi Scans and Connection Set Up
If "Wi-Fi" is activated, a periodical scan for Wi-Fi networks is run. During scanning the respective icon is animated. Connection set up to an access point is displayed with a blinking yellow ball on the left hand side of the selected SSID of the Wi-Fi network. A green ball indicates the established connection to a Wi-Fi access point. If several Wi-Fi access points use the same SSID, a small red triangle is displayed next to the SSID.

Wi-Fi GUI with Tray Icon
If "Wi-Fi" has been activated, the affiliated tray icon appears in the taskbar. This icon shows the current connection state, the field strength and the mode of encryption. Clicking on the tray icon, all available Wi-Fi networks are displayed. Selecting one of the Wi-Fi networks either starts connection set up or the Wi-Fi profile wizard, if no Wi-Fi profile has been configured for this Wi-Fi network. The Wi-Fi profile wizard shortens profile configuration and automates connection set up to a new Wi-Fi network. The encryption mode (WEP, WPA...) is now automatically detected.

Tip of the day
With each start of the monitor, a new tip of the day (title) appears next to the corporate logo. Clicking on the tip title opens the affiliated HTML page in the default browser explaining the complete topic. The order of the tips is set in the daytips_en.ini within the installation directory \tips. The tips can also be hidden via the view menu of the Client Monitor.

Profile Export and Import
The profile settings offer the feature to export the selected profile and to import it to another client. Through this feature the same VPN profile can be easily transferred from one computer to another. Certificates, however, have to be imported separately.

Revised 3G Configuration
In the profile settings, a new parameter folder has been introduced for the communication medium GPRS / 3G. Three modes of 3G configuration are available:
* Provider list (default setting): By selecting the provider, the APN and the dial-up number is being suggested.
* APN from SIM card: The APN is read out of the SIM card. (This only works if an APN is configured on the SIM card.)
* User-defined: The user is free to configure all dial-up parameters manually. The provider list can be expanded via the file APN.ini in the installation directory.

Budget Manager History for the Previous Twelve Months
The "Budget Manager History" in the connection menu item records and displays either as tabulation or as chart the data volume over a maximum time span of the previous twelve months (provided line management is activated).

Vodafone Web Sessions Support
After setting up a VPN tunnel by clicking on "Connect", the user can log on to Vodafone web sessions and establish a VPN tunnel.

Integration of the Firewall State in the Windows Security Center / Action Center
The Windows Security Center/ Action Center display the availability of the ASC firewall. Since Microsoft has not yet implemented the affiliated API for Windows 7, this service is not available for Windows 7 at the moment Additional feature and installation information as well as the most current documentation can be found on the Astaro Knowledgebase at http://www.astaro.com/kb/ under Section Astaro Secure Client - Manuals and Guides.

How to update your client software

There are two ways for updating your client:

Start the Astaro Secure Client Monitor on your desktop. On the menu select "Help -> Search for New Updates". Click "Next" on the upcoming "Software Update Wizard" window. The client will now automatically search for new updates. If a newer version is found, you can click on the "Next" button to start the automatic installation immediately.
Use MyAstaro to download the new client software from our HTTP or FTP Server. When installing the new software an already existing version will be recognized and updated accordingly.

How to upgrade your license

If you have upgraded your system to Windows 7 you need to upgrade your ASC license to a V9.2 license by purchasing a one-time update license, which allows updating of an existing license by one or two releases. When purchasing the license you'll receive an activation key which must be applied to your existing license within MyAstaro. You'll then be offered a new file for download including the key that needs to be entered into your client.
Free License Upgrade
If you have purchased your existing ASC Version 9.1x license after May 1st 2009 and activated the license after 1st July 2009 (or if the license key has not been used yet) you will receive a new version 9.2 license free of charge by following these steps:
- Download the new Astaro Security Client software version from http://www.astaro.com/download/asc and install it on your PC. Alternatively you may upgrade your client directly via the "Help / Search for Updates" menu point within your current ASC client monitor.
- Reboot your PC.
- After starting the Astaro Secure Client Monitor, you will be notified that a V9.2 license is required. Click "OK".
- The window "License Data" will appear. Click on "Activation".
- Select "Online-Activation" and click on "Next".
- You will see a form presenting the license key. Click on "Next".
- If you are not connected to the internet yet, please connect now. Click on „Next".
- The Astaro Secure Client will now connect to the activations server and will retrieve a new activation key.

For more information please visit our website.

Your Product Management Team

Partnering with the right tech companies for success in 2010

Jessica Pozerski — Wed, 16 Dec 2009 14:22:09 +0000

According to a recent survey done by TechTarget, 2010 IT budgets are expected to be 2% less than they were in 2009. This is the first time in approximately 10 years that TechTarget has reported a decrease in IT spending.

Even last year, at the beginning of the economic collapse, IT budgets were expected to rise, albeit only slightly. With IT budgets continuing to tighten, what does this mean for technology partners? On the surface it appears that technology vendors and their partners are in for a tough year. However, TechTarget also reports that only 13% of those surveyed plan on reducing overall spending. This indicates a move towards spending on strategic initiatives as well as necessary items (new laptops etc.).

What to look for in a partner
To set your organization up for success in 2010, VARs should look to partner with companies that offer technologies that are considered must haves. Even with tight IT budgets, organizations in all verticals will need network security. The myriad of phishing attacks, botnets and, spam and other Internet threats means the risks of going without network security outweigh the potential costs. As long as cybercriminals continue to make money from these attacks new and more sophisticated attacks will be developed. Because of this, organizations of all sizes, in all industries will continue to purchase network security products to protect their networks.

Which security product/which vendor?
VARs searching for a potential partners will find that there are many network security vendors to choose from. Which one is the right one? They key is to find a security company whose products offer a balance between functionality, ease-of-use and reliability. End-users will look for products that provide more than network protection. They will want a product that helps improve productivity and even helps save money. The best way to determine which vendor will offer you the best sales case you should read customer testimonials and talk to other VARs. The best indicator of whether or not a company's product will create a good opportunity for your organization is how happy current customers are.

Do they talk about time and cost savings? Happy customers that can point to specific metrics on why they are pleased with a product will help you demonstrate the product's value to potential customers. Having this information before deciding which vendor to partner with will help you make a solid decision that will help your organization be successful in 2010 and beyond. It is becoming clear the economy is starting to turn around. Despite this, IT budgets will remain tight.

When trying to determine which vendors to partner with look beyond factors such as margins. High margins are important but so are a demand for the product, a product that helps save time, and a vendor who has a personal relationship with each of its VARs. When looking for a vendor to partner with, don't just look at the normal metrics. Think about what types of products will be in demand and then for the most reliable vendor in that space.

Astaro is SC Magazine Award Finalist

Jessica Pozerski — Tue, 15 Dec 2009 14:11:01 +0000

Earlier this week SC Magazine published the list of finalists in the SC Magazine Reader's Choice and Excellence Awards Program.

Astaro was named a finalist in three Reader's Choice categories and as an Excellence Award finalist for the Best SME Security Solution category.

For the full list of finalists visit: http://www.scmagazineus.com/scawards2010-finalists/section/1309/

Up2Date 7.502 Released

Angelo Comazzetto — Mon, 14 Dec 2009 15:16:44 +0000

Up2Date V7.502 has been made available to solidify your Astaro installation. It is currently being distributed via our Up2Date system, and contains some new fixes and improvements. Continue reading for all the details. This release offers an updated version of the SSL VPN client, and we have also changed the HTTP proxy option for handling encrypted zip files to be consistent with other areas of WebAdmin. The checkbox option now says "Block unscannable content" (as it did in versions before 7.501), instead of "Pass unscannable content".

Note: The feature remains the same, we've just changed the way the option is presented to the user. Your existing configuration behavior will not be changed; if you are already blocking these files they will stay blocked, if you are not blocking them, they will continue to pass.

Up2Date 7.502

Download Information

Manual Download: ftp://ftp.astaro.de/pub/ASG/v7/up2date/u2d-sys-7.502.tgz.gpg
Mirror: ftp://ftp.astaro.com/pub/ASG/v7/up2date/u2d-sys-7.502.tgz.gpg
MD5sum: 71848b77d87ede7b4947beb4f3adc811
Size: 106.7MB (111901959 bytes)

Remarks

Configuration will be upgraded
System will be rebooted

News

Improved SSL VPN client
Improved loading of news feed display
For the new things in ASG 7.5 you can view the Release Notes here

Bugfixes

ID [08361] HTTP Proxy not working for VLANs on top of a bridge
ID [11070] All CA's listed in CA authorities will be added as signature
ID [11236] Bridge setup without an IP is not working
ID [11379] Missing fields for WebAdmin settings
ID [11407] For inline PGP encrypted emails only the attachment is decrypted
ID [11411] File downloads via ftphelper may be corrupt
ID [11430] SMTP work queue filled up after fail over which causes delay in delivery
ID [11524] Wrong aua connection count for transparent proxy
ID [11532] Handling of encrypted zip files is inconsistent
ID [11538] HA slaves can not connect to the internet via dynamic interfaces
ID [11544] Default gateway will not be set with SSL VPN client 1.5
ID [11620] DNS resolution problem through SSL VPN connection
ID [11753] Incoming mails with inline PGP encryption can cause problems

Astaro Up2Date technology makes it easy to upgrade your installed Astaro Security Gateway to the latest version. There are two ways to apply an Up2Date package to the system:

Log on to WebAdmin, navigate to Management >> Up2Date >> Overview and use Update to latest version now to install the Firmware Up2Date. Click on the "Watch Up2Date Progress in new window" and an extra browser window will show the progress of the Up2Date installation. (The System administrator will receive a notification email once the Up2Date process has finished.)
Download the Up2Date package from our HTTP or FTP Server and install it under Management >> Up2Date >> Advanced:
Astaro AxG Up2Date Download Mirrors:
- Astaro US
- Astaro US2
- Astaro Germany
- Astaro Germany2

(All Up2Dates are GNUPG-signed!)

Feedback

If you want to provide feedback or want to discuss any of the AxG V7 features you should post it on our User Bulletin Board. Please take care to add always(!) the version you refer to (e.g. "[7.501] Real Time Bandwidth Monitor ").
If you have feedback to our documentation (Online Help) please send it to docu@astaro.com.
There is also a demo server to try: http://demo.astaro.com

The Astaro Team

Why do government agencies need network security?

Jessica Pozerski — Thu, 10 Dec 2009 20:24:54 +0000

Government and municipalities are especially vulnerable to Internet attacks and face a complex set of challenges--protecting the security of data transactions, complying with regulatory mandates such as FISMA and guarding against malware and viruses, all while providing the benefits of web and network communication to employees.

Attacks on smart-grids, government agencies and local municipalities demonstrate the vulnerability of government networks. In addition to protecting themselves from cybercriminals, government organizations also require technologies that allow IT administrators to create VPN connections and set up content filtering rules. Often times these organizations are understaffed, thus they require technologies that are easy-to-use and cost effective.

Benefits of security for government institutions
No government agency or municipality can afford to overlook network security. As security breaches become more common it has become even more critical for government agencies to secure their networks using network security technologies. Government agencies should look for products that protect while enhancing employee productivity.

Because government agencies tend to operate on a small budget compared to private companies it is important for these institutions to look for integrated, easy-to-use network protection, web filtering, and email security for protection from service attacks, port scans, worms, Trojans, botnets, and application exploits.

Protecting government institution from external threats is crucial; however, government organizations also need to protect themselves from internal breaches. The majority of breaches originate from accidental downloads of malicious content by employees. Content filtering capabilities allow government organizations to block access to websites with malicious content and prevent threats from being downloaded in the first place.

Having a product that also provides quarantines of network traffic breaches and infections will help network administrators at government institutions as they can react to breaches before infections spread to the entire organization.

Small Business should be more worried about cyber-crime

Tim Cronin — Wed, 09 Dec 2009 14:10:21 +0000

It seems like there is a new headline almost every day describing how some large, well known company suffered a cyber-attack of some kind. Often these stories site the millions of dollars the company lost, or the customer information that was stolen.

These stories make headlines because they are exciting and somewhat shocking - how could a company that large be hacked? - we ask ourselves. However, the articles often leave out an important fact: In most cases, cyber-criminals don't target specific companies because they are large and well recognized; these may simply be the most publicized incidents. This would be way too time consuming. The hacker would have to spend weeks or even months circumventing the organization's firewall and other security solutions. This reduces the amount of return on the attacker's investment (of time and effort).

Instead of dedicating all their time looking for a way into a single specific network, hackers create programs that spread out across the Internet in search of security vulnerabilities. Once a weakness is found, the program exploits it, and then uses that network as a jumping point to infect other networks. If these trolling, malicious programs are able to periodically infect the networks at large companies, imagine how much more often smaller companies (who have less resources) are infected - and we never hear about it?

It is important for small and medium sized companies to secure their network just like large companies. Your security breach might not make headlines, but I am sure it will cause just as many headaches as a larger company's.

A conversation on email archiving and compliance

Eric Begoc — Tue, 08 Dec 2009 15:56:11 +0000

More and more industries are being asked to archive their e-mail communication due to legal or industrial compliance regulations. As organizations begin to examine e-mail archiving there are a few questions they should ask about compliance before selecting a product.

How will mandatory archiving affect organizational costs in terms of storage space?
The first issue with storage costs is predicting the space your company will require in the future. This is hard to do as e-mail storage is growing quickly (still). There is also a huge difference, depending on the archiving solution used on how much storage will be needed. Today, we can distinguish three types of archiving solutions: - On-premise software solutions that can be pure e-mail archiving products or part of a deployed DMS.

On-premise hardware solutions of an appliance type.
Hosted solutions offering off-site archiving in a cloud based approach.

From a cost perspective, on-premise solutions usually lack scalability, leading to high costs and a complex process to extend the archiving system once storage limits are reached. Also, it's very likely that storage costs per GB will continue to drop in the future, but on-premise solutions don't benefit from these reductions as they are always sized and licensed for a several years upfront.

Hosted solutions in contrast can offer storage resources that are continuously growing with the customer's requirements, virtually offering unlimited and automatic scalability. In general hosted solutions are often more predictable and flexible in costs as you have practically no upfront investments and pay for what you get - also benefiting for example from future price reductions for storage. In that, even not archiving at all also can lead to increasing storage and hardware costs: Usually email servers will quickly reach storage limits as email volumes are skyrocketing. This often requires new email server storage systems or even new email server - along with backup systems that meet the growing storage capacities.

How does email archiving assist in disaster recovery efforts in the event of an emergency?
While there are archiving solutions also offering special disaster recovery features let's keep one thing in mind: Having a good day-to-day backup and recovery strategy is a mandatory goal for every IT infrastructure. An archiving solution, whether on premises or off-site, should never be a substitute for this approach. That said and as a last resort, an e-mail archiving solution, especially when hosted off-site, can save you when everything else goes wrong.

For many companies, e-mail is a big asset still growing in importance. In case of a devastating incident not only tearing down your email servers but also you backup systems, even an on-site archive could be useless. In this case having your entire company's e-mail communication safely archived in a datacenter and instantly accessible from any web browser over the Internet can really make the difference! To close the circle, having an off-site e-mail repository in case of a disaster, can also be important from a compliance standpoint - at least in the future, as some indications can be found, that upcoming compliance regulations will make an off-site archive mandatory.

Yet another kind of a "disaster" may be the closure of a business. In this event it is also possible that for compliance reasons e-mails have to be maintained for years - even if the business premises together with the whole IT infrastructure and email servers don't exist anymore! In this case, a hosted email archive will maintain compliance - even better: this may come at no annual, additional cost!

Other benefits of email archiving
While legal compliance often is considered necessary evil, there are other good reasons for deploying an e-mail archiving solution, too. The implementation of an archive solution can have an instant and very welcome impact on a company's e-mail infrastructure:

As older e-mails no longer need to be stored on the e-mail servers, valuable disk space can be recovered.
With lower storage consumption, system backups will run faster, too.
As more and more end-users will rely on the archive to search and retrieve information, the load and traffic resulting from accessing the servers will also be distributed, freeing even more e-mail server resources.

Speaking of end-users, they will experience a new and convenient method in managing their e-mails. They don't need to care any longer about accidentally deleting e-mails or slow and cumbersome searches through countless, diligently created folder structures in their e-mail client. An e-mail archive can ensure that all e-mails are securely stored never mind if the user deleted them from his inbox or not. And with strong full-text search engines it's a matter of seconds to find and retrieve e-mails with a simple, Google-like search. One of the biggest challenges administrators have to face when managing e-mail storage space so far is the uncontrolled creation of PST files.

PST files are local archives end-users can create on client PCs or even network shares. The motivation to use this feature in MS Outlook is mainly related to mailbox quotas: When confronted with a storage limit on his personal mailbox the end-user is easily tempted to use these simple archive files to circumvent the limitations. However, the risks of data leakage or loss are very high - central management nearly impossible. With an e-mail archive where all data is stored in one central, always accessible archive, PST files are dispensable. Even better: Many archiving solutions allow the assimilation of e-mails stored in existing PST files.

Ensuring emails remain secure
When archiving e-mails off-site through a hosted email archiving service, several areas must be considered to maintain privacy and secure storage of email messages. The first topic to look at is the way emails are transferred to the archive. As in a hosted service the data is usually transferred over the public internet they should be encrypted during transit. Once arriving in the archive however, the data should also be stored encrypted - only accessible by the customer himself.

That's an important point as some existing hosting solutions don't offer an encrypted storage or when offered only encrypt the whole archive but not individually for each customer. Together with the high availability and security standards of a datacenter where the emails are stored, the level of security reached by a hosted solution is often considerably higher than for example an SMB on-premise solution where suitable server rooms with according cooling, uninterrupted power supply and access control are often missing.

How cloud computing will play into email archiving
Summarizing the above, from a cost perspective as well as scalability and planning point of view it's a excellent alternative to traditional on-site solutions. That is especially the case where a complex and long deployment but also daily maintenance and monitoring efforts can't be accepted - e.g. for SMBs. Also, future legal requirements will probably make off-site compliance archiving mandatory.

How often should email be archived and saved? What happens between saves? Is there a way to automatically archive emails in real time?
Compliance regulations as well as simple day-to-day business needs, for example to reproduce an important e-mail communication, require that all e-mails that are business relevant are archived. There are different approaches to achieve this. Traditional archiving solutions often leave the choice of what to archive to the end-user. While this can have advantages as for example the ability to classify or categorize e-mails upfront, it has the critical disadvantage that important e-mails potentially do not get into the archive at all! For compliance standpoint so, manually archiving e-mails is not acceptable. The solution here is to use so-called journal archiving.

This is a built in capability offered by most e-mail servers which transfers a copy of all e-mails to a special archiving location automatically as soon as it is sent or received. While automatically archiving all e-mails is the best choice to comply with internal or legal regulations, critics often argue that this can result in archiving large amounts of spam messages. In fact this is a very important point. Therefore, it is recommended to put e-mail archiving into the context of the whole corporate messaging strategy: With an appropriate e-mail security solution that potentially even integrates with your archiving solution, this concerns can easily be overcome.

Key to success is strong partnerships

David Rogers — Mon, 07 Dec 2009 15:08:57 +0000

I'm often asked what separates Astaro from other network security and UTM vendors. Of course the underlining technology separates the Astaro Security Gateway from other products but this alone is not what separates Astaro from other companies. What makes Astaro stand apart are our partnerships and how we approach the partner relationship. Below are some tips for nurturing strong partnerships that have helped Astaro create a successful partner program.

Partnerships are about more than sales
While the ultimate goal of any business partnership is creating sales opportunities, there is more to a successful partnership than sending potential leads to your partners. Vendors should know that developing a knowledgeable channel and providing support are a key part of creating a successful partnership.

Offer training
Ensuring your partners possess a deep understanding of your company's products is crucial, yet not enough to create a successful partnership. They need to understand the industry, the specific needs of target markets and how your technology solves those needs as well as know the differentiators between your products and your competitors'. Most companies provide new partners with basic product information, collateral and some key facts that will aid in the sales process when organizations become a partner but this initial education is not enough. Vendors should create periodic product and sales training sessions to ensure partners have a deep understanding about changes in the industry, products and even competitive messages. Among these training sessions should be a session regarding the sales processes and tactics. The sales training sessions should discuss tactics for selling to particular industries as well as responses to common objections.

Offer REAL support
In addition to sales training, marketing and public relations support will help foster a successful partnership. Many partners do not have the resources to dedicate towards creating collateral, marketing emails, press releases and other marketing/public relations materials. The vendor organization can help their partners be more successful by offering marketing and public relations services.

Of course offering such services is mutually beneficial. For example, if the vendor was to issue a press release about a new customer a partner signed this would benefit both the partner and the vendor by providing name recognition and demonstrating that the product the partner is trying to sell is used by organizations in a particular industry. The same goes for marketing materials. Providing partners with emails to be used in marketing efforts allows the partner to focus on selling products rather than marketing them.

In the end providing these services is win-win. The vendor should also provide dedicated partner sales support. When the partner is having difficulty closing a deal or needs information to help initiate a conversation with a potential customer they should be able to call the vendor and speak to an individual they have an ongoing professional relationship with. This will create a better relationship and thus a more successful partnership.

Astaro Command Center 2.1 GA Released

Angelo Comazzetto — Thu, 03 Dec 2009 15:57:15 +0000

Completing the release of the Astaro Command Center 2.1, today we have released the GA/Final version. It is available as an Up2Date for existing installations, a full set of ISO images for installing on your own hardware or ACC appliances, and we have Virtual images as for VMware ESX/i and VMware Player.

Release Notes and a new 2.1 Demo server are also available. Read on for the links and additional notes. For the outline of this Version, please see our ACC 2.1 soft-release announcement.

If you are already running a Version of ACC, you do not need to manually download anything, as the Up2Date will be distributed to you via our Content Distribution Network for installation.

Download Information

ACC Software ISO: (For use on your own Hardware)

URL: ftp://ftp.astaro.de/pub/ACC/v2/software_appliance/iso/acc-2.100-091127-2.iso
Size: 528M (553,324,544 bytes)
MD5sum: c6c7b8aa754cfe9e9b3d9dd22d7925b4

ACC VMware ESX3: (For use in commercial VMware environments)

URL: ftp://ftp.astaro.de/pub/ACC/v2/virtual_appliance/acc-2.100-ESX-v3.zip
Size: 1.13GB (1,215,546,591 bytes)
MD5sum: a8bf1531ae966f79d551282a7d0afddb

ACC VMware Player: (For use in by the casual VMware user)

URL: ftp://ftp.astaro.de/pub/ACC/v2/virtual_appliance/acc-2.100-vmware.zip
MD5sum: 284239a3d7b1dbc8dd492917753f0e91
Size: 1.10GB (1,181,297,856 bytes)

Up2Date Package: (For Version 2.000 to Version 2.100)

URL: ftp://ftp.astaro.de/pub/ACC/v2/up2date/u2d-sys-2.100.tgz.gpg
MD5sum: 097a33c385a1fd9b384b09b43e37664d
Size: 291MB (304,640,462 bytes)

ACC U2D (2.070-100): (For users of the BETA 2.070 to Version 2.100)

URL:ftp://ftp.astaro.de/pub/ACC/v2/beta/u2d-sys-2.070-100.tgz.gpg
Size: 43MB (44,622,440 bytes)
MD5sum: 5dd4d9c778616bcd2dc34546058f3498

If you want to provide feedback or discuss any of the V2.1 features, please post it on our User Bulletin Board for ACC. Please take care to always add the version you are referring to (e.g. "[2.1] Global Objects Push..."). For feedback on our documentation (Online Help) please send it to docu@astaro.com.

There is also a demo server which runs the latest version of ACC at: http://accdemo.astaro.com

Regards,
Your Astaro Product Management Team

Dispelling the myths of open source

Jessica Pozerski — Wed, 02 Dec 2009 14:32:40 +0000

The concept of open source solutions remains daunting to those who do not understand this area of development, yet the massive community of open source developers have created some truly remarkable tools.

Open source solution providers, particularly those in the security industry, face tough challenges combating some of the common misconceptions and myths surrounding this highly adaptable and effective development method. Astaro published a white paper dispelling the myths associated with open source.

Check it out - it may help when dealing with push back about open source. http://www.astaro.com/content/download/3208/28303/file/AstaroOrangePaper_OSS_Myths_en.pdf

P2P Law

Bill Prout — Mon, 30 Nov 2009 14:30:07 +0000

A new bill in Congress could put an end to the use of popular P2P (peer-to-peer) programs on all federal computers according to Federal Computer Week (Bain, 2009). This ban would be the result of a number of high profile incidents where sensitive government documents were leaked from government pc's using P2P software.

The leaks were discovered during a Congressional investigation (Moscaritolo, 2009) and have prompted lawmakers to consider prohibiting these programs from not only all government owned computer systems, but also from all computers used by government contractors and telecommuters. P2P applications are just one of the new challenges that network administrators face, and controlling them with older security equipment can be difficult or impossible. P2P programs allow users to connect to other remote P2P computers and share files which can lead to legal as well as security issues. Copyrighted material, malware, and sensitive information can all be transferred by these programs without the administrator being aware.

Additionally, these P2P programs often have little or no security and if incorrectly installed could result in users sharing their most sensitive documents without their knowledge either. P2P programs are often designed to go undetected and will use sophisticated protocols as well as encryption and tunneling to create connections through firewalls. These design features make it difficult for network administrators to detect the usage of these programs which of course means that they're unable to stop them. These issues combined with the new P2P bill could spell trouble for organizations that do not have the proper security equipment in place. Companies that want to do business with the government will need to show they can identify and stop these programs from transferring files.

To do this they will need to use special P2P aware application controls such as the Astaro Flow Classifier (AFC) which is found in the Astaro Security Gateway. The AFC allows for the detection and classification of the protocols these programs use, and provides administrators the ability to block their usage and identify machines that have them installed. This new bill highlights the need for a flexible security solution that can be adjusted to meet the changing needs of business. Organizations of all sizes need the proper tools to not only provide security but also to remain compliant with new laws and standards. Bibliography Bain, B. (2009, November 18). Bill would make P2P software a no-no for fed systems.

Retrieved from Federal Computer Week: http://www.fcw.com/Articles/2009/11/18/Web-federal-P2P-ban-bill.aspx Moscaritolo, A. (2009, October 05). Army Special Forces document leaked on P2P network. Retrieved from SC Magazine: http://www.scmagazineus.com/army-special-forces-document-leaked-on-p2p-network/article/151309/

ACC 2.1 Licensing

Angelo Comazzetto — Mon, 30 Nov 2009 14:44:16 +0000

With the official GA Version 2.1 of the Astaro Command Center, we will be adjusting the licensing process for the product. Astaro Command Center will remain a free product, however users will now be able generate and use a personalized key for their ACC installation.

This is in contrast to the common key which was shared by all users in the past. The existing "free" ACC license key will expire at the end of 2009, and we will take this opportunity to provide both new and existing users with their own key. To obtain your new ACC license key, please visit this page and fill out the registration form, at which point an activation key will be sent to you for use in the myastaro.com portal.

Note that every installation of the Astaro Command Center comes fully licensed for 30 days by default. The existing common key used in the past (which was obtained from our web site) will be shortly removed and replaced with a link to this posting.

Enjoy Astaro Command Center 2.1!

Astaro Command Center 2.1 Released

Angelo Comazzetto — Fri, 27 Nov 2009 17:25:11 +0000

Astaro has today made available the soft-release of the next Astaro Command Center (ACC) version - our tool for centrally managing Astaro devices. Whether you have two or two-hundred+ installations, ACC gives you a central point for monitoring, configuring, and reporting.

Today's release will allow anyone at Beta Version 2.070 or Stable Version 2.000 to Up2Date to ACC 2.1 via manual FTP download. Beta Testers will also be able to Up2Date normally via the ACC WebAdmin, as if you are running the Beta the 2.100 Up2Date will be pushed to you.

Release Schedule

At the end of next week, we will have a full release of ACC 2.1 via an Up2Date push to installed locations, along with full installation ISO's images and VMware images for download. This is one of our most exciting releases yet, and Astaro Command Center remains free of charge as a software or virtual appliance, and running on various official Astaro appliances for a nominal hardware fee. Read on for the full details! Building on Version 2.0 of the Astaro Command Center which introduced the ability to configure and work with site-to-site VPN tunnels, Version 2.1 offers new and evolved features to make the administrators life easier.

You will find a brand new Global Definitions feature, allowing Network and Service objects to be defined within ACC and then pushed to multiple Astaro installations instantly. The administrator can push, update, revoke and work with the in dozens of ways, even sharing objects between separated companies managed by the same ACC installation. We have a new Organizational Unit structure which allows the same ACC installation to manage different companies using multiple devices each, all with different levels of administrators and their employees.

We then took the time to add in a new central reporting and aggregation section, so you can see lots of detailed information about surfing, network usage (and over 20 other reports!) and even combine reports from multiple devices together to view aggregated results and totals. For those that like to have their realm graphically displayed, the ACC Worldmap has had new features and visuals added so you can see all your devices around the globe on an interactive map in real-time.

Astaro Command Center 2.1 Features

Organizational Unit Structure

Encapsulate devices and objects (Such as customer-specific containers)
Gives Partners many options for client and device management
Elevates the multi-client capabilities of ACC to new heights with almost limitless combination's
Improves overview, scalability and eases ACL handling

Global Definitions Capability

Make once, use many approach
Centrally manage and roll-out Network and Service Definitions
Automatic re-synchronization of deployed definitions when updated
Merge existing local definitions with their new central counterparts
Use "shared" Global Definitions on devices in separate Organizations

Device-based Reporting

At-a-glance graphical reporting of daily hardware (resource), network and security status
Historical reporting of weekly, monthly and yearly time-frames
Capability for zooming-in, comparing and sorting of reporting graphs
Eliminates having to visit devices manually to view reports

Aggregated Reporting

Generate reports of combined data from any desired number of devices
Choose from pre-defined time frames or define a custom duration
Print reports, drill-down to precise details, and use sorting and comparison features
Create reports per managed organization or other flexible criteria such as by region
Covers Accounting, Network Security, Web Security and Mail Security aspects
More than 20+ reports are currently/already available, with more planned for the future!

Licensing

Astaro Command Center remains a FREE product
Personalized ACC keys will be made available next week

Requirements

The new features in ACC V2.1 require an Astaro Installation at 7.501+

Download Information

This new release is being made available initially as an Up2date package from Stable Version 2.000 or Beta Version 2.070, which must be manually loaded into WebAdmin. ISO's, Virtual Machine Images, and an Up2Date via our Content Distribution Network will be released next week.

ACC Up2Date from Stable 2.000 --> Version 2.100:

URL: ftp://ftp.astaro.de/pub/ACC/v2/up2date/u2d-sys-2.100.tgz.gpg
Size: 291M (304.640.462 bytes)
Md5sum: 097a33c385a1fd9b384b09b43e37664d

ACC Up2Date from BETA 2.070 --> Version 2.100:

URL: ftp://ftp.astaro.de/pub/ACC/v2/beta/u2d-sys-2.070-100.tgz.gpg
Size: 43M (44.622.440 bytes)
Md5sum: 5dd4d9c778616bcd2dc34546058f3498

Astaro ACC Download Mirrors:

Note: These may take some time to synchronize.
- Astaro US
- Astaro US2
- Astaro Germany
- Astaro Germany2

If you want to provide feedback or want to discuss any of the ACC V2.1 features you should post it on our User Bulletin Board. Please take care to always(!) add the version you refer to (e.g. "[2.1] Global Objects Push..."). If you have feedback to our documentation (Online Help) please send it to docu@astaro.com.

There is also a demo server which will run ACC Version 2.1 shortly: http://accdemo.astaro.com

Regards,
Your Astaro Product Management Team

Why do financial institutions need security?

Jessica Pozerski — Wed, 25 Nov 2009 14:21:50 +0000

No bank or other financial institution would consider using a regular pick up truck and forgo security guards for the transport of their money. Yet many financial institutions are doing the technological equivalent by not implementing enterprise level network security solutions.

The regulatory framework that affects all financial institutions makes it essential that privacy is protected and that the security of network transactions can be demonstrated and verified. In the US FFIEC guidelines require online banks to have a minimum level of security, and many other countries around the world have similar guidelines in place. The fully integrated approach of the Astaro Security Gateway ensures single-point administrative control and accountability for network transactions an essential requirement for ensuring compliance with financial regulations No financial institution can afford to overlook network security.

As security breaches become more common, the public and to some extent the government has begun holding banks accountable for these breaches. Financial institutions need network protection, web filtering, and email security as well as Intrusion Prevention Protecting financial institution from external threats is crucial; however, financial organizations also need to protect themselves from internal breaches.

The majority of breaches originate from accidental downloads of malicious content by employees. Content filtering capabilities allow financial institutions to block access to websites with malicious content and prevent threats from being downloaded in the first place. If a computer on the network somehow becomes infected. Proactive notifications and quarantines of network traffic breaches and infections allow network administrators at financial institutions to react to breaches before infections spread to the entire organization.

Botnet Mitigation

Tim Cronin — Tue, 24 Nov 2009 16:09:56 +0000

If you are infected with a botnet, don't worry, it is not the end of the world. The capabilities of botnets range from nothing to complete takeover of a machine. Most botnets are far towards the "nothing" side, allowing you to continue to use the system, but take a small section of resources for things like producing spam.

If you suspect an infection (slow computing experience, "strange" network behavior, etc...), the first thing you should do is simply unplug any network connection. Then, scan the PC with your anti-malware scanner of choice. Once you are confident that you are not infected or that you have disinfected successfully, reintegrate the system onto the network. Of course, this doesn't work if you never suspect a system of infection. If this is the case, then you have to look at some proactive controls.

First, You will want to make sure that you have a tuned IPS/IDS on your network. The IPS system will alert you to any suspicious activity. Make sure that it is tuned, though, so that when you get an alert, you know that it is not likely to be a false positive. Then you can investigate any alerts that you receive and it will assist with bot hunting.

Second, you will want to ensure that your firewall is blocking outbound traffic that is not necessary to business continuity. Often, an administrator will assume that any outbound traffic is ok and makes a wide-open rule to allow all traffic to travel outbound. This is how command and control systems will update the zombie computers, so make sure that you aren't assuming too much about your outbound traffic.

Finally the ubiquitous security mantra, "update, update, update". An updated system does not give you extra security, per se, but it does reduce the attack vectors available to an attacker. A skilled attacker will likely have some experience in gaining access to systems that are up to date. However, the not-so-skilled will have a much more difficult time as they rely on previously disclosed and well understood security holes. If your system is up to date, the chances of a known security hole existing that a not-so-skilled attacker can use is very limited. Reduce the attacker pool and the likelihood that you will be attacked by updating.

Astaro Security Gateway's IPS Successfully Blocks Attacks

Jessica Pozerski — Mon, 23 Nov 2009 16:20:44 +0000

Logansport Savings Bank was using the Astaro Security Gateway to block attacks and spam at their Indiana office when it was suggested that the Astaro did not have an effective IPS (intrusion prevention system).

Although they were happy with the Astaro's performance they decided it was better to test the Astaro against a competitor to ensure they had the right product for their network. "As a financial institution we can't take any chances with our security so although we felt the Astaro Security Gateway was effectively protecting our network we wanted to make sure," said Mike Thompson, Compliance Officer at Logansport Savings Bank.

When the test results came back it was apparent that the Astaro IPS was able to keep Logansport's network secure and that they had made the right chose when selecting the Astaro Security Gateway.

For more information about this test, please read the press release here: http://www.astaro.com/newsroom/press_releases/astaro_security_gateway_s_ips_successfully_blocks_attacks Or the case study here: http://www.astaro.com/references/case_studies

Astaro's David Rogers meets with TMC's Rich Tehrani

Jessica Pozerski — Mon, 23 Nov 2009 20:34:26 +0000

David Rogers, vice president, Americas, Astaro discusses the Astaro Security Gateway Essential Firewall Edition with TMC's Rich Tehrani Astaro.

You can see the video here: http://www.tmcnet.com/tmc/videos/default.aspx?vid=1723

Enterprise Technology Podcast

Jessica Pozerski — Fri, 20 Nov 2009 14:42:05 +0000

Astaro's Gert Hanson meet with ETM's Ali Klaver to discuss the importance of small and medium businesses, the challenges they face and how the Astaro Security Gateway Essential Firewall edition will benefit these organizations.

You can download the podcast here: http://www.astaro.com/content/download/6774/59877/file/Astaro-Podcast-Essential-Firewall.mp3

Don't let Cyber Monday ruin your productivity

Bill Prout — Thu, 19 Nov 2009 14:54:50 +0000

Over the past few years Cyber Monday has become a profitable marketing tool for retailers. At the same time it has become a productivity drain for businesses. Employees, still full from gouging themselves on Thanksgiving and hunting for deals they missed on Black Friday meaning they will spend much of their time on November 30th shopping online.

Last year sales spiked 15% on Cyber Monday and Forrester predicts that despite the poor economy and less shopping going on in general that online shopping will increase by 8% this year on Cyber Monday. Declare November 30th a holiday! No, that won't help anything as this will only move Cyber Monday to Cyber Tuesday. One reason employees wait until the Monday after Thanksgiving to shop online is precisely because they are at work.

They are sitting in front of a computer with high speed Internet access. The temptation is just too great. So it may seem like there is nothing your organization can do to plug the productivity drain from online shopping that will begin on November 30th and go all the way until December 24th at midnight - but there is something these organizations can do. If the company already has security products in place the first thing you should do is to reexamine the company's content filtering rules. Make sure retail sites such as Amazon.com and other popular Cyber Monday websites are blocked so access to these sites is prohibited.

This will be an unpopular move as many people are probably planning on shopping on Monday, but who is going to complain - to do so would admit you weren't planning on working much today. However, it may be a good idea to allow some online shopping to avoid an all out mutiny. Some content filtering tools (like tools from Astaro) allow you to create time based filtering rules.

Not only can you block inappropriate sites all the time, but you can select blocks of time (ex: lunch time, first thing in the morning, after hours etc.) where select sites such as shopping sites can be accessed. Providing some time where these sites are available will create good will with your employees while protecting your organization's productivity during the weeks before the holidays.

Astaro Command Center 2.1 BETA Release Candidate

Angelo Comazzetto — Thu, 19 Nov 2009 18:34:38 +0000

As we move towards a GA version of our new Astaro Command Center 2.1, today we have released a Release Candidate which is very close to the final version, currently slated for release in mid-December if the development and testing schedule continues on course.

For this release, numbered ACC Beta 2.070, we have both an Up2Date for existing V2.060 installations and a full 2.070 ISO image. For our users of ACC who did not want to re-install in order to use the new ACC 2.1 BETA features like aggregated device reporting, new central objects support, and improved role management, we also have an Up2Date package for moving from our production ACC V2 to BETA V2.070. Read on for details and download links!

Note:

We have issued TWO Up2Dates this time, one for existing BETA testers and one for users of the production/stable ACC V2. Please be sure you download the correct package!

Changes:

Usability enhancements for new Aggregated Reporting feature
Bug fixes based on UBB feedback and Internal QA testing
Updated online-help(s) and manual(s) for both Gateway Manager and WebAdmin GUI
Updated Installer and Kernel

Download Information

ACC ISO (Software Appliance on your own X86 Hardware):

URL: ftp://ftp.astaro.de/pub/ACC/v2.1/beta/acc-2.070-091119-1.iso
Size: 534M (558.931.968 bytes)
MD5sum: c91bda9e7e22df9d7dbc1c49c0c8ed82

ACC Up2Date (2.000-2.070 for users of the existing production ACC version):

URL: ftp://ftp.astaro.de/pub/ACC/v2.1/beta/u2d-sys-2.000-070.tgz.gpg
Size: 287M (300.767.414 bytes)
MD5sum: 722d6438ad248f77473f91ae6ae33b19

ACC U2D (2.060-070 for existing BETA testers)

URL: ftp://ftp.astaro.de/pub/ACC/v2.1/beta/u2d-sys-2.060-070.tgz.gpg
Size: 111M (116.374.572 bytes)
MD5sum: f70ff6a191eee0d9941dabb15ba18b1d

Feedback

For the original ACC 2.1 Beta announcement, please read here. Please post all Beta feedback (no matter how big or small) and discuss any of the ACC 2.1 features on our Beta Forum for this Version.

Testing Rewards
Your feedback is important to us. You catch things we might miss. You use the product in ways we might not have considered. And the more eyes we have on a version, the better the chance we are able to identify and resolve something early. It allows us to deliver a final product to you of the highest quality for use in a production network. As a result, participants in our Beta Program for ACC V2.1 will have the chance to win one of three Amazon Gift Cards totaling over 600 dollars. Please qualify by actively posting and participating in discussions on our Beta version forum. At the end of the test, we will award prizes to the top participants.

Regards,
-Your Astaro Product Management Team

What is a botnet?

Jessica Pozerski — Wed, 18 Nov 2009 15:00:28 +0000

Since the Internet has become a staple of businesses and homes we've become familiar with the term "virus" and what it means from a technology perspective. In recent years viruses have evolved into more powerful 'botnets'. While we've discussed the effects of botnets several times in this blog we've never defined the term.

Botnet is the term used for a group of malicious software that runs autonomously and automatically. Infected machines create a network of zombie computers that can be controlled by the botnet creator, or bot-maker. These bot-makers use the zombie machines to infect additional computers and take advantage of vulnerabilities in other networks. They often sell the rights to this "dark cloud" of zombie computers to cyber-criminals who then steel personal information from individual users or customer data from business networks.

How to avoid a botnet
The best way to avoid accidentally downloading malicious content on your network is to have a properly configured firewall and spam-blocking technologies. Another technique would be to remember to never download anything if you don't know what the source is - especially if you received a file or item in your email. Spam is the most common way for viruses to spread. We cannot completely stop the spread and creation of botnets - it is too profitable a business - but we can protect our networks with strong network security tools.

Why using technology in business meant for personal use is a bad idea

Bill Prout — Tue, 17 Nov 2009 14:39:53 +0000

Technology is necessary in order to run almost any business imaginable. Even the smallest organization, such as an auto repair shop or a flower stand, has website to attract new customers and the larger the organization the more technology the company needs.

Word processing tools, accounting software, payroll software and security software are all necessary to operating a successful business. Many small businesses chose to use software or tools designed for home users in place of enterprise technologies in order to save money. They use excel spreadsheets to keep track of their bills or instead of using payroll software they simply write checks and keep track of their finances using a basic spreadsheet. This can be a dangerous practice. As a business starts to grow it becomes more and more difficult to keep track of their finances using a basic spreadsheet and it becomes necessary for these organizations to upgrade from the technology meant for home use.

Nowhere is this truer than with security products. A company may be able to get by with an excel sheet for their accounting, but simple virus scanners and security solutions meant for home use will not protect a business network properly. Business networks may not be any more vulnerable than home networks because hackers tend not to target specific networks (instead they create botnets or viruses that look for any vulnerability and take advantage of it). However, business networks have more users and more to lose from a security breach than home networks.

If a home user has a security breach on their network they may lose some personal information or even have their computer become a botnet zombie. I don't want to minimize the damage this can do to an individual but they can avoid these mistakes by not clicking on links from unknown sources etc. Also, the only one hurt is the individual and hopefully their virus scanner will eventually notice the problem.

Businesses on the other hand can lose customer data and a breach can severely hurt the organization's reputation, possibly forever. Also, they organization has more users on the network so the odds of an individual visiting a site with malware or accidently downloading malware are greater. Business networks need business level security. Virus scanners are not enough. These organizations need strong firewalls, content filtering capabilities and more.

Free Astaro Security Gateway Essential Firewall edition available

Jessica Pozerski — Mon, 16 Nov 2009 17:34:04 +0000

This morning, Astaro announced the availability of the free Astaro Security Gateway Essential Firewall edition.

The Essential Firewall edition includes basic, yet critical functionality that all organizations need to secure their networks and operate a successful business.

Features included in the Essential Firewall edition:

Networking: Internet Router, Bridging, DNS server & proxy, DynDNS, DHCP server & relay, NTP support, automatic QoS
Network Security: Stateful Packet Inspection Firewall & Network Address translation (DNAT/SNAT/Masquerading)
Remote Access: PPTP and L2TP over IPSec support (including iPhone support)
Logging/Reporting: Full logging on local hard drive, searching, real-time reports for hardware, network usage and network security, daily executive reports
Management: Web-based GUI in local languages, setup wizard, configuration backup & restore, administrator notifications, SNMP support, centralized management via Astaro Command Center (also free of charge)

Astaro offers the Astaro Security Gateway Essential Firewall edition as an easy-to-install download:

Software Appliance: www.astaro.com/en/essential_firewall
Virtual Appliance: www.astaro.com/en/essential_firewall_vmware

For more information on this offering you can read the press release here: http://www.astaro.com/newsroom/press_releases/astaro_offers_free_edition_to_help_secure_business_networks

Risks of forgoing security outweigh the cost savings

Bill Prout — Fri, 13 Nov 2009 13:37:59 +0000

When operating a small or even a medium sized business there are certain technologies your business can not do without - no matter what market your business is in. However, because of their size, many organizations forgo purchasing these essential business functions due to budgetary reasons.

Depending on the type of technology, the organization may be able to get by without these tools, but there are technologies that no organization can do without. Because of the prevalence of viruses, botnets, Trojans and other Internet threats, networks security solutions are one of these essential business tools. Given that most network security breaches originate from employees' actions and most internal breaches are accidental it is logical to say that companies must have security solutions in place to combat the accident breaches.

Accidental or not, security breaches can do serious and sometimes irreparable damage to an organization's reputation, productivity and most importantly their bottom line. Security breaches at smaller organizations may not receive the same media attention as breaches at larger well known companies but they can still damage an organization's reputation. Many times it is necessary to send notices to your customers or clients that a breach has occurred and that their personal information was compromised.

Offering credit monitoring services or new account numbers only marginally mitigates the damage this can do to your organization's reputation. Smaller organizations are already perceived as less secure than their larger counterparts and news of a breach will only reinforce this perception causing some customers or clients to leave and possibly influencing the decisions of potential customers. Each time a virus or other infection makes its way onto your organization's network it saps productivity.

Employees must wait while individual computers are "cleaned" and IT administrators have to spend time disinfecting the machines instead of doing more productive, revenue generating activities. The risk of a network security breach can be minimized by implementing basic security functions, yet many small to medium sized businesses can't implement businesses level protection on their network. So, they either implement nothing or implement products meant to protect individual computers.

These consumer products are effective at protecting a home computer but cannot realistically secure an entire network. Small and medium sized organizations should begin to take a hard look at how they are protecting their networks and ask themselves if there is a better way. It may be tempting to save a few dollars upfront, but the overall cost of leaving their networks vulnerable will greatly outweigh these savings.

Astaro Mail Archiving Service Open BETA Launched

Eric Begoc — Mon, 02 Nov 2009 10:33:45 +0000

I am pleased to annoucne that the BETA for the first release of our new Astaro Mail Archiving Service is now available. Participation in the open BETA program is free for all interested end customers and partners.

As a thank you for your active participation we will provide active participants with a free 6 months subscription to the archiving service!
Discover the advantages of our hosted e-mail archiving solution:

Offload your Mail Server
Regain valuable resources back from your messaging server by reducing the storage occupied by e-mails with a reliable and secure way to transfer them to the hosted archiving service.

Eliminate PST Files
The high risk of data loss and inefficient e-mail management implied by the use of PST files can be solved by eliminating the need for them in the first place and providing the means to consolidate existing PST files into one single corporate archive.

Archive Revision-Safe
In many countries, businesses are obliged to archive e-mails for several years due to legal requirements. Astaro Mail Archiving Service lets you decide what needs to be archived and for how long. Discovery tasks can be fulfilled with special auditor privileges.

Locate E-Mails in Seconds
Astaro Mail Archiving Service provides a new experience to the user because messages can be found in seconds no matter whether the search terms are part of subject, body or attachment of an e-mail. Whenever it comes to storing data within a hosted environment, data privacy is a crucial point. Therefore, all messages archived during the BETA period are at no point accessible by third parties, are encrypted before storing them in the cloud and are deleted after the trial period.

Start today - register here.

Red Flag Guidelines and Small Business

Tim Cronin — Wed, 28 Oct 2009 17:38:13 +0000

It's no surprise that as the scope of the Internet and the services it provides the public grows that national legislators are behooved to pass laws to ensure public safety and security online. One such piece of legislation is the Fair Credit Reporting Act (15 U.S.C. 1681m(e)), also known as the "Red Flag Guidelines" (RFG).

The RFG states that creditors and health care practices that hold "covered accounts" must detect and identify warning signs (or red flags) of identity theft. There have been regulations in place since 2003, but the US House of Representatives recently passed a new bill that amends the original law (H.R. 3763). This amendment will go into effect on November 1, 2009. The largest change to the rules is that exemptions have been put in place for some small organizations:

(A) a health care practice with 20 or fewer employees
(B) an accounting practice with 20 or fewer employees
(C) a legal practice with 20 or fewer employees
(D) any other business, if the Commission determines, following an application for exclusion by such business, that such business
i. knows all of its customers or clients individually
ii. only performs services in or around the residences of its customers; or
iii. has not experienced incidents of identity theft and identity theft is rare for businesses of that type.

This has huge implications on small firms. First, Small firms no longer have to shoulder the same burdens that larger firms do. This will allow your business to stay flexible and focus on growing. Small firms' owners should be ecstatic about this legislation as it will make any small firm much more competitive.

There is one key point that managers of the exempted organizations should keep in mind. If you don't take some initiative to ensure data privacy of customers, consumers will notice and choose a bigger business that is forced to do so. You may or may not be able to bring in business with claims of "just as secure as the big guys", but if you have one data leakage incident, you can't recover as easily as the big guys, if at all. Small businesses that are exempt should still hire a competent security expert to enter the business and give advice on the different options that are available.

Using a UTM with robust logging and reporting can handle the majority of the task and will still keep you competitive. Picking and choosing different parts of the UTM will also work. Take the time to fully understand the challenges that are unique to your business. Then make decisions accordingly. Your customers will thank you with more business.

More reading on the subject of Red Flag Guidelines:

AxG 7.501 Up2Date Released

Angelo Comazzetto — Tue, 27 Oct 2009 16:31:16 +0000

Following our successful launch of 7.500, there is now Up2Date 7.501 released which addresses a few bugs and adds some backend adjustments for compatibility with the new Astaro Command Center 2.1, which is currently in open Beta testing. You can read on for the specifics of this minor Up2Date.

This is a stability release designed to strengthen your installation by addressing bugs and improving system operation. We also took the opportunity to update the Astaro Command Center device agent for better compatibility with the current 2.1 Beta of that free product.

Up2Date 7.501 Details

Remarks

Existing configuration will be upgraded without change/impact. *NOTE*: System will be rebooted

News

Add support for upcoming ACC 2.1
In regards to the new features and benefits of AxG 7.5, please read the V7.5 Release Notes PDF.

Fixes

Fix [7641]: NIC autonegotiation not working in all cases
Fix [10909]: Middleware problem after restarting the service
Fix [11257]: Auto packetfilter rules missing for special traffic in HTTP Proxy
Fix [11259]: IP counting in bridge configuration not working in all cases
Fix [11299]: Unreachable Astaro news feed can break the dashboard
Fix [11302]: SSL VPN not starting correctly
Fix [11359]: SMTP proxy is not usable any longer if no mail subscription is installed
Fix [11383]: Cluster distribution enabled on HA systems
Fix [11424]: While email-subscription is missing, scanning of outgoing/incoming mails remains active.

Up2Date Package Details

Size: 76.486.158 bytes (72.94 MegaBytes)
Md5sum: 14df9e04c1d9873f59edc86ffaadcd85

The Astaro Up2Date technology makes it easy to upgrade your installed Astaro Security Gateway to the latest version. There are two ways to apply an Up2Date package to the system:

Log on to WebAdmin, navigate to Management >> Up2Date >> Overview and use Update to latest version now to install the Firmware Up2Date. Click on then Watch Up2Date Progress in new window and an extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server and install it under Management >> Up2Date >> Advanced:
Astaro AxG Up2Date Download Mirrors:
- Astaro US
- Astaro US2
- Astaro Germany
- Astaro Germany2
(All Up2Dates are GNUPG-signed!)

Feedback

If you want to provide feedback or want to discuss any of the AxG V7 features you should post it on our User Bulletin Board. Please take care to add always(!) the version you refer to (e.g. "[7.501] Real Time Bandwidth Monitor ").
If you have feedback to our documentation (Online Help) please send it to docu@astaro.com.
There is also a demo server: http://demo.astaro.com

The Astaro Team

Apples can be infected too!

Tim Cronin — Wed, 21 Oct 2009 13:40:10 +0000

One of the Apple's marketing lines for Macs has been that they do not suffer from the same virus infections that PCs have. This clearly has nothing to do with Macs being more stable than PCs, it is because fewer people own Macs than own PCs.

Cyber-criminals are looking to infect as many machines as possible because this is how they create profit. It only makes sense that they would create viruses and other malware specifically designed for the Windows operating system. There are more Windows users, so there are more potential cyber-victims and more profit to be made out of attacking Windows users. But that tide seems to be shifting.

Depending on what source you read, Apple's market share has begun to grow. At the beginning of the year it was reported that Apple's market share was growing while Window's was declining and that Apple then had 9.93% of the market. More recently Net Applications, a company that tracks operating system and market share by looking at results from search engines reports that Apple's market share is now closer to 4.87%.

Either way, it is clear that Macs are gaining in popularity, and as their market share grows so will the number of attacks created for Apple's operating system. Already there are reports of hackers paying for hijacked Macs and one has to ask themselves why? We've already discussed why spam is so dangerous, and in this post my colleague Angelo explained that spammers (like all hackers) are playing a numbers game. Spammers know that only 1% of their messages will be opened and they will only be able to infect 1% of the people they send emails to. So to infect as many machines as possible they send out millions of messages knowing that if they send out a million messages with viruses they will infect approximately 10,000 systems.

These systems could then be exploited to gain access to personal information (including financial information) and spread the infection maximizing the criminal's profit. In the past it made sense to create viruses specifically designed to infect PCs because the majority of computers ran on Windows. Spammers, and cyber-criminals read the trends too, they know that Macs are becoming more popular. Not only that, I theorize that because Macs haven't suffered from the same onslaught of viruses and other malware that PCs have, Mac users aren't as vigilant at PC users and do not update their virus software as often. Also, demographics come into play. Macs tend to attract older and younger computer users because they are seen as hip or easier to use. These same demographics are more likely to be careless about network and Internet security.

I believe cyber-criminals are aware of this and are starting to create malicious programs targeted at Macs. If they are able to infect one Mac on a college campus (and the college doesn't have good network security technology in place that will quarantine an infection or block it all together), then there is a good chance the infection will spread. If Mac's popularity continues to rise we will see more and more viruses designed to infect Apple's operating system. Eventually, the lack of viruses will no longer be a differentiator for Apple.

Astaro Command Center 2.1 BETA Begins

Angelo Comazzetto — Tue, 20 Oct 2009 21:24:02 +0000

The Astaro Command Center V2 has proven to be a great tool for management of multiple Astaro devices. We have been hard at work adding more features and tools into it for you.

Today we are unveiling the chance for you to download and test ACC V2.1 BETA, which adds the ability to centrally define and use objects like Network and Service definitions, improvements in multi-user/multi-device operations, and a totally new aggregated reporting ability which collects and displays reports from single or multiple installations. Perhaps quite importantly, ACC is currently a FREE offering from Astaro, and doesn't cost anything to use, even in a commercial environment.

So if you haven't yet seen the Astaro Command Center, don't miss out any longer. Read on for how you can help test, and win some Amazon reward money for your efforts! The first iteration of this ACC 2.1 Beta, dubbed Version 2.050, is available as an ISO image only. We may issue an Up2Date package which can be manually applied to your existing ACC 2.0 installation at a later time. ACC is easy, provides great visibility and tools to manage Astaro installations, and has the same look and feel of the AxG product line WebAdmin.

Operational Note

The Astaro Command Center has TWO portals:
HTTPS port 4444 is to setup and configure the Command Center itself,
while HTTPS port 4422 is where you login to work with your connected Astaro devices.

If you haven't yet experienced ACC, to use this new Version, simply download the ISO image and install it on a dedicated X86 platform of your choice, just like you would with an Astaro Security Gateway software installation. Alternatively, you can load the ISO in your virtualization platform of choice, like VMware ESX. (At a later date, we will also update the ACC offerings with updated, purpose-built VMware images).

ACC V2.050 Details

Download Information

URL: ftp://ftp.astaro.de/pub/Astaro_Command_Center/v2.1/beta/acc-2.050-091020-2.iso
Size: 524MB (549.011.456 bytes)
Md5sum: 2a6cdc0a95c2681299485d22038fdc9f
*The underlying base system and framework of this release is AxG 7.501.

Major features

Global definitions/objects support
If you find yourself defining the same things in multiple Astaros, this feature will save you a lot of time. Simply define an object like a Mail Server or other resource once in ACC, and watch it populate to the desired Astaro installations where it can be worked with just like a locally created item. Lots of usefull applications for this one.

Improved Multi-client Support
Since V2 launched, ACC has the ability to create some very specific roles and permissions for users and the connected devices. We have improved this area in many ways, with even more choices in how you configure multiple companies, regions, devices, administrators, and other staff with permissions. ACC is perfect for managing hundreds of devices in a single company, dozens of companies all with a single device, or any profile in between. ACC is used both by single administrators as a throne-room for their operations, or by Partners/MSP's which manage all their separate companies through a single ACC installation. Try it and see what you can do!

Device-based and aggregated reporting
Using this entirely new feature of ACC, connected devices can have their various reports displayed from within ACC. Further, it is possible to select some or all of the devices and view reports as a consolidated total, giving you great insight into multiple installations without having to deal with each site separately.

Other changes

Many usability and monitoring improvements across the ACC GUI.

Bugfixes

[10094] Device name sporadically missing when a new device connects
[10179] Tooltip is cropped when browser window is too small
[10217] Display date and time of last known device connection
[10538] Increase number of available Gateway Manager sessions
[11504] Gateway Manager GUI drag-and-drop functionality in Firefox 3.5 not working

Feedback

Please post all Beta feedback (no matter how big or small) and discuss any of the ACC 2.1 features on our Beta Forum for this Version.

Testing Rewards

Your feedback is important to us. You catch things we might miss. You use the product in ways we might not have considered. And the more eyes we have on a version, the better the chance we are able to identify and resolve something early. It allows us to deliver a final product to you of the highest quality for use in a production network. As a result, participants in our Beta Program for ACC V2.1 will have the chance to win one of three Amazon Gift Cards totaling over 600 dollars. Please qualify by actively posting and participating in discussions on our Beta version forum. At the end of the test, we will award prizes to the top participants.

Regards,
Your Astaro Product Management Team

Astaro Security Gateway voted WindowSecurity.com Reader's First Runner-Up

Jessica Pozerski — Wed, 14 Oct 2009 14:20:52 +0000

Astaro was selected as the first runner-up in the Software-based Firewall category of the WindowSecurity.com Readers' Choice Awards.

WindowSecurity.com is the leading Windows Security resource site and bases its award solely on visitor's votes.

For more information you can read the press release here.

Mid-Americas Overseas reduces administration time by 75%!

Jessica Pozerski — Tue, 13 Oct 2009 13:02:46 +0000

Astaro customer Mid-Americas Overseas was able to reduce IT Administration time by 75%, increase their visibility into Internet usage trends, improve employee productivity and improve network security using the Astaro Security Gateway.

More information regarding their use of the Astaro Security Gateway can be found here and here.

7.500 HA Notice

Angelo Comazzetto — Fri, 09 Oct 2009 18:54:35 +0000

A small issue is present in the 7.500 release which can cause some installations which are using active/passive HA to behave like an active/active cluster. Customers with active/passive HA configurations shouldn't update until 7.501 is released next week.

However, if you have already updated to 7.500 and now experience some surfing issues or erratic behavior with your active/passive HA system, please contact support and they will be happy to apply a small workaround for you, or read on for the fix if you would like to apply it yourself via the command line until 7.501 is officially released.

Update

7.501 has been soft-released which fully fixes this issue. If you apply 7.501 you do NOT need to do any fixes/workarounds as described above for this issue. We'll have a full post on the 27th of October when it is fully launched via our CDN.

For now, if you get this Up2Date package manually (Available here via our FTP) Workaround for ACTIVE/PASSIVE HA systems experiencing surfing issues after up2date 7.500 is applied.
*Note, CLUSTER systems are unaffected by this and should not change their configuration!

Workaround

Login to command line, and super-user up to root privileges:
* Edit /etc/ha/cluster.cf and replace every instance of "auto" with "none"
* Edit /etc/ha/cluster.cf-default and replace "[(CLUSTER_***_DIST)]" with "none"
* Execute "/etc/init.d/ha reload" Remember, this is not required that you do manually yourself.

Your Astaro Support team will happily do this for you if you experience this issue!

Regards,
Astaro

Shift in how we store data may protect credit card information better

Angelo Comazzetto — Thu, 08 Oct 2009 17:34:55 +0000

A recent article in CNN Money titled "Cybercrime: A secret underground economy" discussed the existence of organized crime in cyber-crime and how organized crime has turned cyber-crime into a multi-million dollar a year industry. The article provided some great insight into the black market of cyber-crime. The fact is, most of the organized crime has turned to cybercrime as the next generation of how they make money.

By stealing information and cloning cards with it they drive a massive fraud machine that easily enters the billions of dollars each year. What used to be an exercise in if or how a botnet or worm could be created to steal data and grab the types of information they need, is now a dedicated business which evolves with new techniques and methods almost daily. Make no mistake; botnets are designed to make money, nothing more.

It's no longer about causing someone online-pain or hitting back a company, it's about getting the information they need to conduct their operations and turn a profit. Many of the comments left by readers indicated they feel it is people acting irresponsibly or to use their words, "as morons" which cause the breaches to be successful in the first place. While educating employees is a crucial part of keeping an organization's network secure, I don't believe it is employee negligence which is to blame for the success of this underground economy. This type of breach goes way beyond an individuals or consumers ability to solve - it goes to the core of technology, the way information is stored and what is done to secure cardholder data in the first place. Every credit card company has a fraud and identity theft department. These departments were created to help individuals who are victims of identity theft. Often these victims had their card lost or stolen, or their information was stolen by an individual who wasn't working on a mass scale.

These departments are exactly what victims of this type of identity theft require, but these departments are ill-equipped to handle the theft of thousands or even millions of credit card numbers from a single breach. To add to the complexity, the breaches rarely if ever occur at the credit card company's network. Instead, the cyber-criminals are able to hack the retailer or other vendor to steal the credit card numbers of their customers. So what do we do? Technologies such as the chip-pin technology coming out that seeks to apply an entry code when you use your credit card at a store may protect individuals have this card (unless of course they are shopping online but that is a different post all together) who but they do little to deter hackers.

On the type of scale that hackers are acquiring card numbers even if 10% of all the card numbers they obtain are unusable it is a small enough to deter the criminal efforts as they will still have millions of numbers at their disposal which can be used. PCI regulations are a step in the right direction for protecting small and medium sized business. Though it is slightly generalized, the updates and refinements to specifications and requirements will help to make this type of activity harder. While PCI and other regulations may help SMBs design more secure networks one other solutions for stopping breaches were mass amounts of customer data is stolen would be to centralize and consolidate information. Currently, vendors, often times small to medium sized businesses who traditionally do not have the resources to secure their networks as well as larger enterprises (like credit card companies), are required to save customer data for seven years.

This is where cyber-criminals obtain the credit card information - from the vendors. Instead of requiring the companies to save this information on their individual networks it may be more advantageous for all involved if the information was only stored at the credit card company. Credit card companies already collect and save this information, making vendors' information redundant. If we remove this redundancy we could make it more difficult for hackers to get this data. This approach would absolve vendors from having to hold all this data, but also avoid having to police them all individually with regulations ensuring it is done correctly. Since hackers are targeting the vendors not the credit card companies just think of how many breaches can be avoided if this method was in place. Some may argue that the cyber-criminals will shift their tactics and dedicate their time hacking the credit card companies' networks - and they may be right. But this goes against how hackers work in the first place.

They do not target individual companies, instead they create programs that look for any network weakness and then exploit it, regardless of network size or the value of information available. They can always use the small network they hacked to get into a larger network eventually. However, the lure of millions of credit card numbers and the potential profit they could make may result in a complete paradigm shift when it comes to cyber-crime. That is why all networks (small and large) should use network security technologies to make it more difficult (and in many cases) impossible to access the network through botnets, viruses, worms, spyware or other malicious code.

AxG V7.5 Release Completed

Angelo Comazzetto — Tue, 06 Oct 2009 16:48:55 +0000

Completing our launch process of Version 7.5, we have released the V7.500 Up2Date to our existing installation base. Users will now be able to update to V7.5 from their existing installations.

Two packages have been released, one for the 7.405 users, and another for those still at the last Beta of 7.490. Accompanying this release are updated Virtual Appliance images for VMware ESX3+ and VMware Player/Workstation/Server.

These are found on our FTP Site in the Virtual Appliance directory for the desired product. As a small roadmap announcement, we are working on totally new VMware images that are designed for use with the new VMware vSphere architecture.

Enjoy 7.5!

Astaro releases version 7.5 of the Astaro Security Gateway

Jessica Pozerski — Mon, 05 Oct 2009 14:53:06 +0000

Astaro officially released version 7.5 of the Astaro Security Gateway today.

The new version of the Unified Threat Management product includes several enhancements such as an improved Intrusion Protection Engine, multicast support, and real-time bandwidth monitoring capabilities.

Many of the new features included in this new version were included in the release due to user feedback on Astaro's new Feature request site. More details about the new version can be found in the press release.

Basic Security Tips part 2 - Effective passwords

Tim Cronin — Wed, 30 Sep 2009 12:50:16 +0000

A while back I published a post about locking your computer to make it safe. In this post we will discuss how to create passwords that are hard to crack but easy to remember to keep your personal computer, accounts and company network more secure. In an attempt to remember our work email password, our personal email password, our bank password, our network access password, etc. many people use the same easy to remember combination of letters and numbers.

People also tend to make their passwords as short as allowed (4-6 characters). While this makes their passwords easy to remember it also makes them easy to figure out or hack. Instead of using a single word such as "Astaro01" for example some people believe they are clever and add a symbol into the mix making the password "Ast@ro01". This fools no one, and programs designed to figure out passwords are aware of this "technique". One suggestion for creating easy to remember yet hard to crack pass words is instead of using a single word, try using a short memorable phrase, for example you could use "the ASG 425 is a great Security product". This is a great example because (not only is it true) it has both letters and numbers, capital letters and lower case letters and is easy to remember. Some accounts will not allow you to use this many characters to create a password. In these cases use the first letter of each word so our example would become: "tA4iagsp". This method becomes even more effective if you then select a random symbol to replace a specific letter.

Some common examples are @=a or $=s but try using symbols that are not similar to the letter. So for example #=S making our password "tA4iag#p". Because this combination of letters and numbers seemingly stands for nothing, it is as effective as typing in a completely random combination of characters, but has the added benefit of being easier to remember. This makes the password essentially not possible to crack with a dictionary attack and brute force attacks will need to try for a long time when at least one numeric, alphabetic, one capital alphabetic and "special" character are used. And remember, the more characters you have, the more resilient the password is to brute force. You can also try another technique, called the offset technique. First, take a normal password that's easy to remember, say "Password1!". Normally this password is definitely not to be used. However, with the offset technique you can "offset by 1 left" or "1 up-left" or any other value you can think of.

For "1 left" you would take "Password1!" and shift one key on the keyboard to the left - for keys that don't have another functional key in the offset spot, just use the same key as the original password or wrap to the other side of the keyboard. "Password1!" becomes "Oaaaqies`~" if you use the same key for "a" or "P'aaqies`~" with wrapping. Just remember to check that the password you use has at least 1 of each type of character. These are just a few simple steps that can make your accounts and thus your personal and employer's network more secure. Of course, using a more effective password will not matter if you have spyware on your computer that logs key strokes.

This is why, despite your every effort to have effective passwords and to lock your computer, businesses must also have effective firewall, content filtering and other security products in place. This is just one method for creating effective passwords. Does anyone else have any suggestions for creating effective passwords?

AxG 7.5 ISO Images Available

Angelo Comazzetto — Tue, 29 Sep 2009 15:19:37 +0000

Continuing with our V7.5 release schedule, we have released the ISO images of V7.5 for all Astaro Gateway products. Next week on October 5th, we will distribute V7.5 as an Up2Date to all installations via our Content Distribution Network.

Also released are the SSI Images for the Astaro Smart Installer, a special USB drive which fully emulates the hardware of a USB CD-ROM in a portable form factor at full USB 2 speeds. If you frequently prepare your own hardware or image Astaro appliances, these are very handy to have! Note that you cannot use ASI Images to burn items to an everyday USB drive, you need an actual ASI for this. Read on for the ISO details.

Download Information

Mirrors

In addition to our direct-links below on our main Germany mirror, V7.5 ISO images can be found from any of our three other official FTP Mirrors:

ISO Image Details

We will release new VMware Images next week around October 5th.

ASG Software Appliance Images (For use on your own X86 hardware)

ASG

ISO Image for Astaro Security Gateway Software
ISO-Size : 556.965.888 bytes
ISO-Md5sum: 9d1272a3ae929292db724b11b0773882
ASI Image for Astaro Security Gateway Software
ASI-Size : 510.910.114 bytes
ASI-Md5sum: 8b2be8179a1cbbe02b9794a62dbf424c

AMG

ISO Image for Astaro Mail Gateway Software
ISO-Size : 519.202.816 bytes
ISO-Md5sum: dc94ab8c0a894651baad2c4527ca34a9
ASI Image for Astaro Mail Gateway Software
ASI-Size : 480.915.752 bytes
ASI-Md5sum: 2af75e0ce0e10297307f88a9f6f9031a

AWG

ISO Image for Astaro Web Gateway Software
ISO-Size : 506.411.008 bytes
ISO-Md5sum: 410ccdd058afffbfb94ad19ebd31ec76
ASI Image for Astaro Web Gateway Software
ASI-Size : 468.868.147 bytes
ASI-Md5sum: 03c4295ebd3c56458a2d5b28461e4bea

ASG Hardware Appliance Images

ASG

ISO Image for Astaro Security Gateway Hardware Appliances
ISO-Size : 580.587.520 bytes
ISO-Md5sum: 250f429c70ce618b433f8b03596189b6
ASI Image for Astaro Security Gateway Hardware Appliances
ASI-Size : 468.868.147 bytes
ASI-Md5sum: 03c4295ebd3c56458a2d5b28461e4bea

AMG

ISO Image for Astaro Mail Gateway Hardware Appliances
ISO-Size : 580.587.520 bytes
ISO-Md5sum: 250f429c70ce618b433f8b03596189b6
ASI Image for Astaro Mail Gateway Hardware Appliances
ASI-Size : 491.941.288 bytes
ASI-Md5sum: fc9466834fea6aca6e2a898e9dc5c00c

AWG

ISO Image for Astaro Web Gateway Hardware Appliances
ISO-Size : 523.188.224 bytes
ISO-Md5sum: 9546a155e61d1fc6a3b4608c3718aecd
ASI Image for Astaro Web Gateway Hardware Appliances
ASI-Size : 478.745.894 bytes
ASI-Md5sum: d34a6fe1cfcaf7d024f951b5ec234235

-The Astaro Product Management Team

Knowing is half the battle

Bill Prout — Thu, 24 Sep 2009 13:56:27 +0000

Network security is a daily and complicated struggle for most network administrators who strive to keep on top of the latest virus outbreaks, network intrusion attempts, software patches, and web and email scams. Comprehensive Network security today requires a layered approach so that internal network resources can be properly protected against all the different types of malicious content out there.

Properly designing and maintaining a network to guard against these attacks can be a challenge to even the most seasoned admin. Fortunately there are some excellent network security appliances that are now available for even the smallest organization so that complete protection can be attained at the network perimeter. Newer 'all in one' appliances combine all the necessary protections into one device which can simplify administration and even reduce costs. One thing that all these sophisticated systems are unable to fully address though are employee actions. Internal users are responsible for many of the security breaches that organizations encounter these days and the results can sometimes be quite damaging. Some of these breaches are intentional but many are the result of well meaning employees who are unaware of the results of their actions.

Intentional or not the results can be devastating to an organization and can result in both financial losses and damage to reputations. Many of these issues are a consequence of employees not knowing that their actions may result in serious violations to the company security policy. A common example is an employee that Emails Company documents to a home computer so that they can get extra work done at night. Though they may have meant well this action could result in sensitive data being leaked and many times a copy will be left on the personal computer. This action could also result in malware attaching itself to the file or document and once brought back into the organization could result in a companywide outbreak.

Many security breaches are also the result of social networking scams where users are tricked into giving out sensitive data such as passwords which allow hackers to gain access to resources. Perpetrators of social networking scams often try to gain as much information on a target as possible and with the rise in social network sites this information is often readily available. Four out of Five adults with Internet access use social networks sites such as: Facebook, Twitter and MySpace while at work. Along with purely recreational sites there are also business oriented social networking sites such as LinkedIn.com which allow professionals to keep in touch with colleagues and develop professional networks. The very high volumes of traffic that these sites generate make them attractive to advertisers but also to phishers, SPAM'ers and malware providers.

The recent high profile attacks on Twitter and Facebook caused some businesses to reconsider whether or not they should allow employees to visit these sites while at work due to the risk of malware infection. Products that offer content filtering tools will allow businesses to block purely recreational sites such as facebook and myspace which will help guard against problems on those sites, but blocking these sites will not completely protect companies against malicious attacks since many times they're disguised as something else.

Similarly, technologies that offer Intrusion Prevention, Denial of Service protection, HTTPS scanning and other security functions are a giant leap toward protecting networks but will not entirely secure your network if the attacks are coming from within. Even with the most sophisticated network security products in place organizations are at greater risk unless they educate their employees on proper Internet usage and how to recognize the signs of a possible issue. Since most internal breaches are accidental it leads one to question whether or not individual common sense security practices are as common as we thought. Either employees are not aware of threats and how to avoid them or they believe their actions will not cause a breach. Perhaps powerful network security products have lulled them into believing their networks are impenetrable, but this is not entirely true.

Take, for example, the case of US Banking institutions being subject to phishing attempts via snail mail. It doesn't matter how powerful the banks' firewalls are or how effective their IPS are, if an employee inserts the CD into the CD-ROM then the network is infected. Employees at all banks (and for that matter all institutions) should be educated about this type of threat. Now that even trusted sites are hosts to malicious content it is even more important for organizations to educate their employees on safe Internet usage practices. Regular training sessions that highlight best practices are one way that organizations can help educate their employees. Having employees read and be aware of the organizations security policies can also be effective in highlighting computer do's and don'ts. Reviewing and updating these policies on a regular basis will also help to ensure that as new threats arise that the organization is aware and protected.

While none of these measures alone will completely eliminate threats they can help mitigate security risks if combined with the proper security equipment and a watchful network administrator.

Beginning the compliance process

Jack Daniel — Mon, 21 Sep 2009 15:54:32 +0000

There are some first steps which will help you deal with any compliance initiative, things to do before starting the actual work of aligning your practices and policies with the requirements you must meet. They seem simple, but are often overlooked.

First, read the regulation. All of it. Print it out if you need to or copy it into a form which is easy to mark up- and make notes and questions. Then read it again and polish your notes. After you have seen the requirements yourself and have your own highlighted and annotated copy it is safe to widen your scope. If the regulatory body has provided supporting documents read, highlight and makes notes on them. Note where the supporting materials clarify or contradict the regulations.

Only when you have reviewed the "official" documents yourself is it safe to start listening to the "experts". When you start dealing with consultants and contractors remember that they may come and go but the actual responsibility stays with your organization. If you spend money on your compliance project make sure you spend it wisely. If you disagree with a consultant or don't understand what they are doing (or why they're doing it) ask them. If a vendor makes a questionable claim make them explain themselves. (The phrase "automate compliance" is one which always deserves a challenge).

There is another step to take before you really dig into meeting the regulations; look at projects in the planning or early deployment stages which may be impacted by the regulations and determine if they need to me modified before going live. It is always easier to get things right the first time, and projects on the drawing board are a lot easier to tune than those already in production. You may be able to get a victory or two under your belt with little pain and expense. These are basic and generic suggestions but they can be valuable as you begin almost any compliance project.

Astaro Gateway 7.500 Released

Angelo Comazzetto — Fri, 18 Sep 2009 14:51:54 +0000

We are proud to announce that the General Availability (GA) of 7.500 has been soft-released. 7.500 includes great new features and functions, many of which were requested by our customers. To name just a few, there is a new Intrusion Protection Engine, Real-Time Bandwidth Monitoring, a transparent HTTP proxy mode with captive authentication portal, and the ability to import and export various lists.

This release is for all Astaro Gateway Products. Due to the size and significance of this release, we are rolling it out in phases. Immediately, there are Up2Date packages which will upgrade existing 7.405 and 7.490 installations. Next week, we will release ISO images for all Astaro appliances, and on October 1st, there will be a push of the 7.500 package via our content distribution network to all customers. For the details about our 7.500 release, please read on... As a major point-release, you will find a lot of new capabilities. Reading this post carefully will answer most questions you might have.

What's new in V7.500?

7.500 adds over 50 new features and conveniences (and 700+ individual changes!), most of which are directly a result of submitted features by our partners and customer base. As this post is an overview, for full descriptions and details, please read the 7.500 Release Notes (PDF). I would also like to invite you to visit feature.astaro.com to register/spend your points on what we might do next.

Major New Things

Intrusion Protection Performance

Uses new version of the IPS engine
Scales massively when used with Multi-Core CPU/Appliances

Real-Time Bandwidth Monitor

New Interface utilization bars on Dashboard (setup scale via editing the Interface and filling in new parameters for Upload/Download)
Click for detailed overview as to "whats happening in my network right now"

Import/Export Widget

Gives the ability to work with manual lists for many features/fields
Useful to import a large blacklist (for example) into the URL Blacklist
Can been seen in many user-input boxes in Web, Mail and more. (Green Up/Down Arrows)

Transparent Authentication Support for Web Security

Allows users to authenticate against a Portal-Style page
Allows for username based tracking, reporting, and surfing without changing browser settings
Currently logo can be customized. Text,HTML, and further customizations planned for a later time.
Configurable Timeout via HTTP-->Advanced. (Default 900s)

Clone Objects

Easily duplicate existing objects for quick re-use.
Supported in most places for many objects (Definitions, Services, Certain Profiles/Actions)

Extended Network Security Reporting

Added Detailed Packet Filter/Firewall Reports
Added Detailed IM/P2P Reports

Reputation Support for Web Security

Allows use of the trustedsource.org reputation for Web Filtering
Adds an additional check when allowing sites to be visited based on their degree of evil

DHCP Improvements

Automatically map a current lease to a static assignment
Limit DHCP leases to those with static assignments only
Configurable DHCP lease time
Servers retain configuration when enabled/disabled

Multicast Routing Daemon

PIM-SM Routing support

Other New Things

Windows SSL VPN Upgraded - New Client which supports 64-bit operating systems and configuration file parameters. (Download client again via the UserPortal)
Improved HTTP Caching - Increases hit/usage rates with new logic, making the cache more effective.
Quarantine/UserPortal Usability - Adds navigation to the bottom (supplementing the existing controls at the top), large amounts (250-1000) of displayed items per page, and sorting by subject line.
Default Definition for "Internet" - Created to specify "Internet" as an object which will exclude internal network(s) to aid policy creation (0.0.0.0/0 on Gateway interface) Customizable Shortcuts - Change the default Ctrl+Key assignments to fit your preference
Improved Definition/Services Sidebar - Mouse-over now instantly shows full name and extended info to aid identifying desired object for drag 'n drop, especially for long names
User List shows static IPs - if assigned/configured (no need to edit in order to view)
Live Log Negation - use to filter live logs to not show lines that match "-" entries i.e. -test to remove lines containing "test"
Console/SSH Logins Trigger a notification - provides admin the needed insight when accessed.
Instant Email Backup - Button for every created backup file which allows it to be sent immediately via email to configured addresses
Custom text for notifications - Allows easier identification of which installation is sending the message. Especially useful if managing multiple sites using notifiers.
Test NTP Sync - Button to immediately poll the configured NTP server
Automatic Backup before Up2Date install Configurable Default for Lists - Allows for the amount of items per page (Packet Filter Rules, or anywhere there is a number amounts drop down) to have a larger default view
Cluster/HA Serial Number View - Information on connected units made easier
Schedule Firmware Installation - When an Up2Date for Firmware is available, you can schedule it to auto-install at a certain time (not recurring)
WebAdmin Network Section Split - Now two sections; "Network" and "Network Services" for usability.
Search Boxes Retain Data - No need to re-enter query when returning from a drill down/result click.
System Restart Reason - Allows logging of "why was system restarted" in the notification
Group Tool tips for Members - Easily discern Network/Service Group members without having to edit in order to view
Reporting Exclusions - Used to remove unwanted entries from various reports (such as Google-analytics from Web Security tables
Log Flag for NAT Rules - Similar to packet filter, tells you which NAT rule was matched as part of traffic handling
Masquerading for Additional IP Addresses - Allows the use of Masquerading (vs. just SNAT) for additional IP's bound to an interface
Support for Multiple Authentication Servers - The authentication server section has been redesigned to support fallback/failover in an easier format, with many usability improvements
SNMP MIB - Downloadable via the SNMP section of WebAdmin
Up2date Status Reworked - Clarifies the current status of a Firmware Up2date to avoid confusion regarding the availability, download progress etc...of an issued Up2date.
Up2Date Content Distribution Network - Significantly increases the speed of Up2Date downloads using a cloud-based CDN.
Inline/Snap Report Links - Directly moves the Admin to the relevant details report when browsing the embedded daily reports located throughout WebAdmin
Global POP3 Sender Blacklist - Quarantined as "other" in the QM/EUP
Dashboard RSS Feed - Provides visibility to select Astaro-issued items via WebAdmin
ASG 110/120 WatchDog - Provides auto-restart of ASG 110/120 appliances during rare times of crisis. Since they are often at branch offices or remote locations, this check will auto-restart the unit after most types of any failure (eg. voltage spike)
New German Translation - The online help and other documentation has been updated with a reworked and much more accurate German-language translation
*Various other features, enhancements, and usability improvements

Up2Date Package Information

7.500 is currently offered as an Up2Date package which is manually downloaded and installed. There are 2 packages - one for V7.405->V7.500 and one for Beta testers using V7.490->V.7500. We will have ISO images next week, followed by a push of the 7.500 Up2Date via our Content Distribution Network on October 1st.

7.405 -> 7.500 Up2Date:

Link : ftp://ftp.astaro.de/pub/ASG/v7/up2date/u2d-sys-7.500.tgz.gpg
Size : 252,392,637 bytes (240.7 MB)
Md5sum: d12668b99ca03b97cab7ccfe73d29775

7.490 -> 7.500 Up2Date:

Link : ftp://ftp.astaro.de/pub/ASG/v7/beta/u2d-sys-7.490-500.tgz.gpg
Size: 78,404,495 bytes (74.77 MB)
Md5sum: 272088d0d7794f89606235f52cb496cb

Bugfixes

Fix [07631]: Problem showing logged in remote users after HA takeover
Fix [10027]: Network and service group definitions unordered after 7.400 up2date
Fix [10123]: Dashboard view of RAM incorrectly labeled SWAP on Japanese webadmin
Fix [10181]: Wrong translation (English => German or French) in HTTP-Profiles >> FilterActions
Fix [10195]: Same domain name in request routing and static entries prevents named from starting
Fix [10221]: SSL Site2Site VPN default route to remote site does not work
Fix [10374]: License expiry when BIOS clock resets
Fix [10375]: IPSec local hosts/networks are missing in ASC-Configfile, if you add more than 5 hosts
Fix [10387]: Webadmin AWG and ASG - Translation error in "Filteraktion" of http profiles
Fix [10425]: Slave stuck in status UP2DATE and update was not started on slave
Fix [10708]: VPN connections cannot established on iPhone 3.0 using Cisco VPN client.
Fix [10808]: After update to version 7.403 the remote access menu item is missing

Special Home User Keys

Our Beta Testers of the 7.500 release will shortly (we promise!) receive information about their special Beta Tester Home Use Key, and we will announce the Amazon Gift Card winners then as well.

Feedback

If you want to provide feedback or want to discuss any of the V7 features you should post it on our User Bulletin Board. Please take care to add always(!) the version you refer to (e.g. "[7.500] IPS"). If you have feedback to our documentation (Online Help) please send it to docu@astaro.com. There is also a demo server that will soon showcase all the new shiny things: http://demo.astaro.com

Enjoy the new things!

Regards,
-Astaro Product Management and R&D Teams

Astaro Strengthens Management Team With Former Cisco Executive

Jessica Pozerski — Thu, 17 Sep 2009 15:07:03 +0000

Today Astaro announced the appointment of a new Senior Vice President of Worldwide Sales and Marketing. Günter Junk, who will be based in Germany, will be responsible for Astaro's worldwide sales and marketing strategy as a globally operating vendor for UTM solutions.

During his leadership Swyx was able to become a market leader for IP telephony in Europe. Prior to his tenure at Swyx, Mr. Junk developed the German sales organization at Cisco Systems and was ultimately responsible for all European operations as Vice President of the region.

For more information on this exciting new appointment please read the press release. For a photo and the biography of Günter Junk, please visit: http://www.astaro.com/newsroom/press_kit.

Aligning Compliance and Security

Jack Daniel — Wed, 16 Sep 2009 13:34:49 +0000

Compliance and security aren't the same, but they are often related, and even when they are at odds we need to accomplish both. How to do it effectively - that is the challenge. Starting with the fundamental idea that information security is supposed to "secure information", we first need to determine what information must be protected.

Here regulations may help specify, but there is much more information to protect in your environment than what is required- certainly confidential patient data and customer financial records must be protected; and not just because HIPAA or PCI DSS require it. Your organization may also have trade secrets, marketing campaigns, merger plans or other information which should be protected regardless of regulatory imperatives. A basic rule of protection is that you must know what you have and where it is before you can protect it. It doesn't matter if you need to defend jewelry from theft or credit card numbers from loss, you have to know where they are before you can protect them- so identifying the information you must protect is a logical first step towards both security and compliance.

The information to be secured will vary by organization and change over time and therefore will require a flexible and versatile identification method. One effective approach is to start by asking three questions about the information to be protected:

How does the information enter the environment? - Identify every point of entry for the information. Include the origins of internally created information.
Where is the information stored and accessed internally? Not simply where it is stored but also where it is used
How does the information leave your organization? Map every egress point including submissions to any outside organizations.

Now for the truly informative step: connect the dots. Map all of those entry and creation points to the storage and use points and then to the egress points. You will likely discover paths and storage locations previously overlooked.

You may even need to go back and re-answer the three questions armed with your new insights. With this exercise complete you can begin to build a plan for both securing the information and meeting your compliance goals. Streamlining the information flow and reducing the number of storage points would be a valuable next step. This will reduce your exposure and simplify future security and compliance tasks.

With this foundation you should be better prepared for your next steps towards both security and compliance.

Basic Security Measures We Sometimes Forget to Use - Part 1

Tim Cronin — Mon, 14 Sep 2009 13:54:37 +0000

When talking about network security we concentrate on technologies and tactics network administrators can use to keep their organization protected. While this focus is important, even a company specializing in security can neglect to remind employees and others of some basic security measures.

This post is the first in a series of posts detailing some basic security techniques for keeping your network, your identity and your computer safe. Among these measures include locking your computer when you leave your work station. Many people forget to lock their desktop when they leave their desk, e.g. for a meeting. At smaller organizations where you know most if not all of your co-workers an open desktop might not seem like a threat. However I have heard plenty of stories of people not locking their computer, only to return and find they sent an email offering to purchase coffee for everyone in the office. While this example is rather harmless (and somewhat comical) it demonstrates how vulnerable we leave ourselves when we do not lock (or shut off) our computers. Anyone can access any information you have on your computer.

If you work in an industry with regulations about privacy (such as a hospital or financial institution) of if you possess sensitive information on our hard drive (revenue information, company information that is not yet public) leaving your computer unlocked could cause you to lose your job, tarnish your employer's reputation, require your employer to make monetary reparations (if customer data is stolen) and may even cause a legal battle. As another extreme, someone who has ill will towards your employer could even spread a virus or spyware on your computer and then it would appear as if the malware came from you! Locking your computer is a simple step toward protecting yourself and protecting your company's network. Perhaps the worst thing that would ever happen is you offer to buy lunch for your entire office, but why chance it?

Get into the habit of locking your computer whenever you leave it for more than five minutes and if you forget the computer on a train or someone steals it you at least made it a little more difficult for someone to access your computer. Most operating systems allow you to establish setting that will automatically lock your desktop after the computer is inactive for a certain amount of time. Taking advantage of this setting will ensure your computer is locked even if you forget.

ASG Beta 7.490 Released

Angelo Comazzetto — Thu, 03 Sep 2009 14:47:43 +0000

We have released 7.490 for our Beta testers. This can be considered the 7.500 Release Candidate which will be finalized as the GA in the future. As we move closer to our GA Version, we've taken the time to apply more fixes to the release and prepare it for general use.

This release also fixes some bugs with SSL VPN. We very much appreciate your continued feedback in our ASG Beta Forum. Details are below. It is not too late to join the Beta and qualify for special, extended home-use licenses and some Amazon Gift cards! See our V7.500 Beta contest announcement for details and download links for ISO's and Up2Dates. Happy testing! This release is available Up2Date download package from 7.480. If you wish to join the Beta at this point, you can do so using the ISO images and Up2Date packages from the Beta area of our FTP site.

Please note: If you are already testing the 7.480 Beta release, your installation will automatically download 7.490 and make it available to install via WebAdmin. You do not need to download and install this package manually (unless you wish to).

Details and Download

Up2Date 7.490 Package:

FTP: ftp://ftp.astaro.com/pub/ASG/v7/beta/u2d-sys-7.480-490.tgz.gpg
Size: 240635901 bytes (229.49MB)
MD5sum: f3dedf7bcf61782c30dd8ce56189bc76

Thank you for your continued testing and feedback!

Regards,
The Astaro Team

PCI, Compliance, and Security

Jack Daniel — Thu, 03 Sep 2009 12:57:17 +0000

Some people seem to be confused about compliance- some hate it, a few like it, and some really like to argue about it, especially when it comes to PCI-DSS. PCI-DSS is the much-maligned Payment Card Industry Data Security Standard, a set of requirements for companies which process credit card data. Full documentation is available from the PCI Website.

The standard is currently 72 pages, not a quick read- and that may be part of the problem; an amazing number of people like to argue about it without ever actually reading the beast. I believe the root problem is that many people confuse being compliant with being secure. While they may be complimentary goals, compliance and security are very different. Being compliant with a "security" standard or regulation does not make you secure, and I believe it is approaching the problem from the wrong direction- focusing your efforts on being secure, then aligning with your compliance requirements will result in a more secure, sustainable, and affordable environment. Even people who should know better have been confused by this; recently Heartland CEO Robert Carr said in an interview with CSO Online that he believed PCI compliance meant that Heartland was "secure".

We all learned that Heartland wasn't secure when they suffered the "Largest Data Breach Ever". The reactions to Mr. Carr's comments were strong and swift, Rich Mogull and Mike Rothman were among the many people who took exception to Mr. Carr's statements about compliance and security- but the controversy Mr. Carr's comments sparked only serves to highlight the problem. Part of the confusion comes from the different security postures of organizations before they begin their compliance programs. For a company with poor security and a lack of organizational awareness of security standards, becoming PCI- (or whatever) - compliant can introduce many positive changes and dramatically improve the overall security of the organization.

On the other hand, if an organization already has a well established and effective security posture, becoming compliant should be fairly easy, BUT, it could result in losing focus on security as attention shifts to compliance. Worse still, if an organization has done a thorough risk assessment and focused their efforts accordingly, some regulations may require them to divert resources to addressing requirements that are not aligned with actual risk to the organization, effectively reducing their security.

Another problem with compliance is that while most security professionals understand that the standards define the minimum security standard, many outside of the field believe that compliance is all that you need to do to be secure- thus confusing a security baseline with a finish line. In the absence of standards and regulations it is often easier to grasp that security is a process, not something you "are" or "aren't", and should be tailored to fit the situation. Unfortunately, it is also common for organizations to neglect security unless they are required to comply with some regulations or laws.

Finally, complaining about PCI, HIPAA, or any other regulation doesn't change the fact that we need to comply. Go ahead and work to change the laws or regulations you find onerous- but complaining is no substitute for an ongoing assessment of your environment, securing it as appropriate, and mapping your security posture to meet compliance requirements.

Astaro to offer Free Business Firewall for VMware

Jessica Pozerski — Wed, 02 Sep 2009 16:58:33 +0000

Today, Astaro announced that it will soon offer a Free Business Firewall for VMware to all organizations with virtual environments. The Free VMware Firewall will protect networks from external threats as well as control and monitor communications between virtual machines. The Free Business Firewall for VMware offers the base functionality of the Astaro Security Gateway virtual appliance using a special license key.

The free VMware firewall includes the same functionalities and performance as VMware's vShield Zones, however it is free and offer s the possibility to add additional security features. Astaro is offering the free VMware firewall to fill the gap left by VMware in their free virtualization tool.

This tool, used by many small and medium sized businesses, allows these organizations to create virtual environments but does not offer security functionality. Only the larger virtualization tools offered by VMware include these security features and these installations are often oversized for a small or medium sized business whose virtualization needs are met by the smaller installations. For more information about Astaro's Free Firewall read the press release here.

To register for an e-mail reminder once the Free Business Firewall for VMware is available and for a 30 day free trial of the Astaro Security Gateway Virtual Appliance visit: http://www.astaro.com/en/free_business_firewall_vmware

Up2Date 6.315 Released: ASG Version 6 End-of-Life Reminder

Angelo Comazzetto — Thu, 27 Aug 2009 13:54:01 +0000

As announced last year, on Oct 1st, 2009,Version 6 of Astaro Security Gateway will be end-of-life. At this time, no further Up2Date packages for firmware or patterns will be distributed. For the few remaining customers that are still using Version 6, we have released Up2Date Version 6.315 which fixes a recently announced vulnerability in BIND, and also make some changes to streamline the Upgrade options for you. Read on for the details.

As Version 6 has long been replaced by Version 7, customers still using V6 should immediately move to this version to get the latest features and ensure they are operating a supported and maintained product version. Customers running V6 on an ASG appliance can move to Version 7 via the Up2Date section of WebAdmin by performing an on-box upgrade via the button and prompts. We have altered this process to bring the unit to a more recent Version 7.405.

If administrators would like to cleanly install V7 on their ASG appliances by wiping the existing system (or for those customers who are using V6 on their own hardware platforms), you can make a backup file of your V6 configuration, install Version 7 from ISO image, and then restore much of your configuration into V7 from the V6 backup file. Appliances and/or hardware platforms can be installed using the Astaro Smart Installer or an external USB CD-Rom drive.

Important Note

Version 7's architecture differs massively from the older Version 6 framework. Due to how data is stored in databases in Version 7 vs. flat files in Version 6, some areas of the configuration cannot be "converted" and will have to be rebuilt in V7. For more information on the process of moving to Version 7, please see this Knowledge Base Link. For additional questions and assistance with the V6->V7 Upgrade, your Astaro Partner or Support Team will be happy to help!

Up2Date 6.315 Details

Remarks

Required previous version is 6.314
Existing configuration will not be changed
Middleware will be restarted
Active IP and VPN connections will be restarted
Depending on the speed of the CPU the Up2Date installation will take a few minutes Size: 2.73 Mega Bytes (2861778 bytes) MD5sum: 36fb15fa2162c2a39f26cbed7223c6aa

Fixes

please refer to the final known issue list on http://www.astaro.com/kb
Fixed bind (DNS) vulnerability CVE-2009-0696 All Up2Dates are GNUPG-signed!

The Astaro Up2Date technology makes it easy to upgrade your installed Astaro Security Gateway to the latest version. There are two ways to apply an Up2Date package to the system:

Log on to WebAdmin, navigate to Management >> Up2Date >> Overview and use Update to latest version now to install the Firmware Up2Date. Click on then Watch Up2Date Progress in new window and an extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server and install it under Management >> Up2Date >> Advanced.

Regards,
The Astaro Product Management Team

Astaro's Regina Grieco Recognized as One of the Top 100 Women in the Channel

Regina Grieco — Wed, 26 Aug 2009 12:43:46 +0000

Astaro's Regina Grieco was named one of Everything Channel's CRN Magazine Top 100 Women in the Channel.

Astaro's Regina Grieco was named one of Everything Channel's CRN Magazine Top 100 Women in the Channel. This award honors women in the channel who were able to achieve great results as executives and the amount of influence they wield over the technology channel. The Top 100 Women in the Channel represent a changing trend in a traditionally all male industry. Astaro's Regina Grieco was named one of Everything Channel's CRN Magazine Top 100 Women in the Channel.

This award honors women in the channel who were able to achieve great results as executives and the amount of influence they wield over the technology channel. The Top 100 Women in the Channel represent a changing trend in a traditionally all male industry.

For more information on this award and about Regina Grieco read the article here or read the press release.

Virtualization - basic protection does not withstand modern attacks

Gert Hansen — Wed, 26 Aug 2009 16:49:42 +0000

More and more companies start to use virtualization every day. VMware is aiding companies moving to virtualization by offering two free products to support. Many users start off by using virtualization for evaluation purposes and as they realize the benefits of virtualization they plan to move to production use later.

However, one reason why users are hesitant to virtualize their production servers is the lack of network security in such an environment. By using physical servers you can place dedicated firewalls between the servers and/or the Internet for protection. This has not yet been possible in virtual environments. VMware addressed this need in their new vSphere product by adding "vShield Zones", an integrated, statefull firewall which solves basic network security needs. But this offering has two problems:

First, it is only available in the upper, more expensive vSphere editions, which leaves SMB customers that can only afford the entry editions in the dark. Second, trying to address state of the art malware and attacks with this is like trying to use chainmail to protect police offers in their fight against modern gangs with advanced automatic guns. Basic protection does not withstand modern attacks. In order to protect your IT infrastructure, physical or virtual, you need state of the art enterprise security products to detect and neutralize modern malware, botnets and other attacks.

Besides a statefull firewall, which is a good start, you need a proven Intrusion Prevention system (IPS) as well as malware and reputation filters to protect the common attack vectors of web surfing and email reading - this includes encrypted ones. Especially small and medium sized businesses need an affordable, easy to use yet complete security solution which is able to run within a virtual environment.

The Public Cloud

Tim Cronin — Thu, 13 Aug 2009 16:12:47 +0000

I listen to NPR basically every time I'm in the car. Normally this gives me an ok sense as to what the rest of the world is thinking about. One show I am able to listen to regularly is "On Point". I was somewhat surprised when the topic of the day was "cloud computing".

As usual, the show lined up some very knowledgeable people, but as the term cloud computing is a bit vague and has had more definitions than Merriam's can keep track of, the conversation could have gone in several different directions. I thought that it would be useful to call. Have a listen at their site: http://www.onpointradio.org/2009/08/from-desktop-to-the-digital-cloud. One of the common thoughts about cloud offerings is that "anything accessible over the internet can be called 'cloud'." This line of thought leads to the belief that you need to hand your information to a third party. While there are some very popular offerings that use this method, it is not entirely true.

There is a way to keep an eye on your data while still reaping the benefits of the cloud computing architecture. This is the essence of public cloud vs. private cloud. Cloud Computing is really a "new" architecture for computing in general (new in quotes, because it's "new" like bellbottoms were "new" in the 90s [link: http://en.wikipedia.org/wiki/Centralized_computing] ). Computation is moved to the server, rather than on the client. Often this means that a user will now use a browser to input into a server's processing and get output from the server (instead of entering input into a local application and getting output directly). In terms of security, there are some immediate concerns. First, who handles the information? In terms of public cloud architectures, the vendors will take control of your information.

This opens several legal issues that I should not be considered an authority on, but suffice it to say that the vendor is now legally responsible for your data and can disclose it to authorities under certain circumstances. Also, you must trust their security methods because if they have a breach, you are affected. The private cloud, however, means that you keep control of your information's chain of custody. This is a great benefit for organizations with highly confidential information and highly competent security personnel such as hospitals and financial institutions. Another interesting security topic is that you create a smaller, but more inviting target - but also, you create a smaller footprint to defend. With private cloud, you have one (or a small amount of) server(s) that hold all of your applications and data and are all centrally located. This means that if one system is compromised, there is a lot more damage that can be done to disrupt operations.

With the current model, an administrator has to keep track of a multitude of information on disparate machines on various network segments. If one host was compromised it is a limited disruption, but the entire operation would not grind to a halt. This may seem that there is a security drawback to private cloud but instead you can now focus your efforts on a smaller amount of infrastructure, making it more difficult to compromise a central system, increasing security of your key infrastructure. In my mind, both architectures have their merits and there can be gains if done correctly on both sides. In my opinion, there is no "one size fits all" solution.

Organizations need to find an architecture that suits their needs. As long as all topology chosen is implemented properly and securely then maybe someday we can completely secure the Internet. Isn't that why we are so passionate about security?

ASG Beta Release #4 - Version 7.480

Angelo Comazzetto — Wed, 12 Aug 2009 00:59:29 +0000

Hello! For those who are participating in our 7.500 Beta, we have just released the fourth iteration of the release, which is numbered 7.480. We will now being merging the code and start making it final, and you can expect a Release Candidate probably next week, barring any unexpected developments. From there, 7.500 will be made Generally Available shortly thereafter.

This release of the Beta can now be installed as a manually-added Up2Date package from our stable 7.405 version, so those who are eager to get using all the new things do not need to re-install and import a backup to use this release.

Licensing of Beta

If you are currently using the Beta and are at or past the trial period offered by an earlier Beta license, please use this key for ASG Hardware Appliances or if you are using your own hardware platform then use this key. If you have any licensing questions or problems while testing for us, please let us know on the forums! Read on for links, details, and other awesomeness...

Overview

Based on our own internal testing and a lot of great reports in the UBB Beta Forum for 7.500, we've fixed bugs, tweaked a few features, and applied polish to all areas in order to get it GA ready. It is not too late to participate and qualify for a special home user license with more protected IP's, and a shot at some Amazon gift cards! If you would like some direction in what to keep testing, we are specifically interested in getting feedback from the following areas:

All types of authentication services, especially using the new multiple authentication servers ability.
All types of interface types (DHCP, PPPoE, PPPoA, VLAN, ...)
IPsec VPN Site-to-Site and Roadwarrior connections
IPS detection rate, false positives and overall performance
HTTP/S Proxy configuration and usage
Availability groups used all over the product in creative ways
VMware installations (especially running in vSphere 4)

*Please Read this Carefully*

If you are already testing the 7.470 Beta release, your installation will automatically download the Up2Date and make it available to install via WebAdmin. You do not need to download this package manually! (unless you wish to). However if you are at 7.405 and want to install the beta, it will NOT show up in your Up2Date list automatically, you'll have to retrieve it using the links below, and upload it via WebAdmin to your unit (don't forget to click "apply"! If you have questions on this or need help, please join us on the 7.500 Beta User Forums and we'll happily assist.

Details and Download

The 7.470-780 package will be distributed via our beta update server. All images and updates can be quickly be found at: our Beta area on our primary FTP site

Up2Date 7.480 Package:

Up2Date 7.405-480

*(For those at the current 7.405 stable who wish to now enjoy the beta)
Size: 242924301 bytes (231.67 Megabytes)
Md5sum: 22c3294e61d8bf18b74e60c51f11fd86
European Primary FTP: ftp://ftp.astaro.de/pub/ASG/v7/beta/u2d-sys-7.405-480.tgz.gpg
US Primary FTP: ftp://ftp.astaro.com/pub/ASG/v7/beta/u2d-sys-7.405-480.tgz.gpg

Up2Date 7.470-480

*(For those using the Beta who wish to manually move from 7.470-7.480 without using automatic Up2Date downloads in WebAdmin)
Size: 205012879 bytes (195.52 Megabytes)
Md5sum: 400ccd740740debf4ad7461c6837c16c
European Primary FTP: ftp://ftp.astaro.de/pub/ASG/v7/beta/u2d-sys-7.470-480.tgz.gpg
US Primary FTP: ftp://ftp.astaro.com/pub/ASG/v7/beta/u2d-sys-7.470-480.tgz.gpg

Software image (ASG)

*(Full .iso file for use with your own X86 Hardware platform fresh install)
Size: 537290752 bytes (512.40 Megabytes)
Md5sum: 47e25e65241f952b7f642639dc79d3a5
European Primary FTP: ftp://ftp.astaro.de/pub/ASG/v7/beta/asg-7.480-090811-2.iso
US Primary FTP: ftp://ftp.astaro.com/pub/ASG/v7/beta/asg-7.480-090811-2.iso

Appliance image (SSI)

*(Full .iso file for use with Astaro appliances and the Astaro Smart Installer)
Size: 560902144 bytes (534.92 Megabytes)
Md5sum: 92232d2c8edfff147dcba8d9aacf5045
European Primary FTP: ftp://ftp.astaro.de/pub/ASG/v7/beta/ssi-7.480-090811-2.iso
US Primary FTP:ftp://ftp.astaro.com/pub/ASG/v7/beta/ssi-7.480-090811-2.iso

There are also other mirror sites where you can get the files at:

Europe Secondary Mirror: ftp2.astaro.de
US Secondary Mirror: ftp2.astaro.com

Thank you for your continued testing and feedback!

Regards,
Your Astaro Team

Up2Date 7.405 Released

Angelo Comazzetto — Tue, 11 Aug 2009 15:45:23 +0000

Greetings, In order to apply some essential security patches, we are releasing Up2Date 7.405 now. This Up2Date is purely a security update, with no other changes.

It will spread within minutes to your appliance via our content distribution network. The details of 7.405 continue below. This Up2Date package is to patch a couple areas with essential security fixes. No other changes are included as part of this release.

Up2Date 7.405 Details

Remarks:

Existing configuration will not be changed
This package will be auto-downloaded and made ready for installation
NOTE: *System will be rebooted*

News:

Fixes for possible vulnerabilities
In regards to the new features and benefits of AxG 7.4, please read the V7.4 Release Notes PDF.

Fixes:

[Fix] 11064: Bind Dynamic Update DoS, CVE-2009-0696
[Fix] 11086: Address remaining Pluto vulnerablity to DoS by forged x509 certificates, CVS-2009-2661 (CVE-2009-2185 part 2)

Download Information:

Astaro Main FTP
Size: 3453875 bytes (3.30 Megabytes)
Md5sum: 60fb9753a7c63abeca04c80e035294ed

The Astaro Up2Date technology makes it easy to upgrade your installed Astaro Security Gateway to the latest version. There are two ways to apply an Up2Date package to the system:

Log on to WebAdmin, navigate to Management >> Up2Date >> Overview and use Update to latest version now to install the Firmware Up2Date. Click on then Watch Up2Date Progress in new window and an extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server and install it under Management >> Up2Date >> Advanced:
Astaro AxG Up2Date Download Mirrors:
- Astaro US
- Astaro US2
- Astaro Germany
- Astaro Germany2
(All Up2Dates are GNUPG-signed!)

Feedback

If you want to provide feedback or want to discuss any of the AxG V7 features you should post it on our User Bulletin Board. Please take care to add always(!) the version you refer to (e.g. "[7.405] WAN Link Balancing ").
If you have feedback to our documentation (Online Help) please send it to docu@astaro.com.
There is also a demo server: http://demo.astaro.com

The Astaro Team

Why attack Twitter?

Bill Prout — Mon, 10 Aug 2009 14:44:34 +0000

The recent high profile attacks on social networking sites such as Twitter and Facebook may give us a glimpse into the underground world of spammers, crackers, and those who style themselves as 'bot-herders'. As you're probably aware Twitter is a social networking site that allows users to generate short messages or 'tweets' which are then disseminated throughout the internet to a larger audience.

The service started only a few years ago and since then its usage has exploded partly due to its high profile involvement in such recent events as the Iranian presidential election protests. During this incident detailed, on the ground information was limited due to governmental control which disrupted efforts to contact the outside world. Protesters were able to use Twitter though to broadcast real time details on what was happening to the world at large.

These simple concise messages by people experiencing oppression and violence at the hands of their government were seen in real time by millions of people worldwide. The Iranian government was unable to control the flow of information which proved to be a strong message for proponents of free ideas, and showed how emerging technologies and ideas can be effective tools in the fight against censorship.

Why would someone want to hit Twitter with a denial of service attack? Such a dramatic display has given Twitter a very high profile which makes it an attractive target for those wishing to prove their skills in the world of spam proliferation and cracking. Spam is increasingly tied to guerilla marketing campaigns and organized crime which employ 'bot-herders' to deliver their messages via mass marketed spam messages. The bot program allows the bot-herder to control the machine whenever they wish without the owners' consent. Bot-herders can then sell the services of their zombie army to those wishing to send out large amounts of spam, or it could be used to launch a denial of service attack on a target such as a rival businesses website.

Successfully launching such an attack on a service such as Twitter can give someone instant credibility and may help attract new business opportunities. Most people would probably assume that a company such as twitter is well protected against all known internet attacks but that may not be the case. Internet security requires protection on many different fronts, and due to the constantly evolving methods of attack your tools must be able to adapt to the new threats which will inevitably arise. The Internet and new applications such as Twitter remind us how difficult it is has become to control information and to protect organizations against malicious intents.

Free silent business audit and forensic analysis

Amir Khawaja — Thu, 30 Jul 2009 13:27:19 +0000

Last week we announced an exciting new offer for all businesses in the US - a free silent business audit with forensic analysis.

This service will help network administrators understand how well their current security products are working, improving network security and employee productivity. The silent business audit and forensic analysis will accomplish this by sitting behind an organization's normal firewall and monitoring spam, malware and Internet usage trends to determine what is getting by the firewall and spam filters.

At the end of the 14 day audit period Astaro will provide the organization with a report detailing what malware passed through the firewall. As an added bonus, the appliance will also block the transfer of any malware and spyware that makes it passed the normal web filter to avoid the spread of infections. To register for a silent business audit and forensic analysis click here.

Google Chrome OS and Some Words On Hype

Tim Cronin — Thu, 30 Jul 2009 13:16:05 +0000

THE HYPE
With the announcement of the upcoming Google Chrome OS, Google is adding some hype to the mix. Google is boldly stating that they are "going back to the basics and completely redesigning the underlying security architecture of the OS so that users don't have to deal with viruses, malware and security updates.

It should just work." That is a very lofty goal and a loaded statement. In reality, Google is not too off base here. What it seems they are going to do is make a very small OS. The OS will really only be responsible for basic input and output and run a browser. This means that all of the security holes that go along with the "extras" of modern operating systems will not be a factor. This will have an impact on malware. It means that there won't be any holes in code that doesn't exist.

This will dramatically reduce the security footprint of the operating system. This is true. Generally speaking, when you develop something, it will have errors. The errors can be limited and if there are any vulnerabilities, they can be mitigated. However, if you develop software that is used to interact with other peoples projects, then the security is only as good as the weakest link. In Google's case, they may be developing a light-weight, hardened OS that only runs a browser (for use with Google docs and other web-based applications), but if you use the browser to view a page that is vulnerable then you are still just as insecure.

THE REAL DEAL
Here is a prediction. Google Chrome OS will set out to revolutionize the OS world. They will be successful overall in producing a shift in concepts, but not in the ways they intend on security. There will be exploits that take advantage of the basic input and output. Not only that, but there will be exploits that take advantage of cross-site malware, session hijacking and other browser-only tricks. For instance, Google intends that for productivity you will be using Google Docs.

What would happen if you browse a site that has a cross-site exploit that steals your Google Docs? That's just one thought. I also predict that there will be security updates. Any operating system has the distinct responsibility to be in charge of any input and output of the entire system. Anything that can subvert this is malware and must be dealt with. Any OS is vulnerable just by the nature of being an OS. The advantage to Google's approach is that any holes will be found quickly as there will be a much smaller footprint. Also, you will still need to install some third party drivers and such for input and output. Vulnerabilities can quickly show up here (and although Google can't be held responsible, neither can Microsoft and we all know how we act when something *seems* to be Microsoft's bug).

IF THE HYPE IS RIGHT
If Google is fully successful in securing their code and making an OS that depends on software that exists over a network then this means that Internet security will inherently be much more important. IPS offerings will be in charge of securing your documents rather than client-based AV protection. Security will shift along with the new thoughts on OS technology and application flow. This is an announcement that should live up to the hype, either way.

Advice for the Cyber Czar

Angelo Comazzetto — Thu, 30 Jul 2009 12:56:14 +0000

Yesterday, the Washington Post reported that President Obama is preparing to announce the appointment of a national "'cyber czar,' a senior White House official who will have broad authority to develop strategy to protect the nation's government-run and private computer networks", and that this announcement will coincide with the release of the government's cyber-security initiatives and policies. While I am not holding my breath waiting for a call from the White House, I do have some advice for the new cyber czar.

First of all, it is going to be important for you to be transparent and to quell fears that this is the first step towards an Orwellian world. Let people know you do not plan on being "big brother" and that you in no way plan to censor or shut down the Internet. This might sound silly, but there are some that see the creation of a cyber czar and the potential passing of the CyberSecurity Act of 2009 as a step towards a government run web. Second, take a good hard look at our infrastructure and figure out just how much of it is dependent on the web.

Then determine which networks are the most vulnerable and most likely to be attacked. Are we really worried about our cable stations being hacked by foreign countries? It wouldn't be good, but I think having a virus in our electric grid would be worse. However, let's stop talking and creating reports about how important this role is and why. We all know what's at stake - it's time to take some action. Which brings me to my third and final piece of advice: We should focus on ways to prevent attacks from succeeding, rather than standards for what to do if we are attacked via the Internet.

I realize we need to have a system in place for IF our networks are penetrated, but just like businesses, we should focus on keeping viruses, and malicious code out of our critical infrastructure networks, rather than fixing the mess once we know it is there. This will save our country time, money and possibly even lives. I will continue blogging about the creating of the cyber czar and what the government is doing to protect critical infrastructure's networks, so check beck often.

Choose the battlefield

Tim Cronin — Thu, 30 Jul 2009 13:16:37 +0000

PC World's Jaikumar Vijayan recently reported on the attacks against US government public information infrastructure.

In the article, Karen Evans, a Bush administration Information Systems executive outlined what she thought should be fast-tracked. It includes using TICs (Trusted Internet Connections) for all public infrastructures. This would include making sure that the internet connections for public access are consolidated and then served by only trusted parties. In my calculations, this has many benefits with only one glaring weakness.

What happened?
A single quote of the story stuck out. "the most important lesson learned is that many federal agency security people did not know which network service provider connected their Web sites to the Internet," said Alan Paller, director of research the SANS Institute. "So they could not get the network service provider to filter traffic." That quote takes my breath away. If this is accurate, then the preparedness of network security for the government's infrastructure is simply not up to par. There is not much else that can be said. What are we as a community to do?

Choose the battlefield
Often used as a text of inspiration to security professionals is Sun Tzu's "The Art of War". There are two quotes that are relevant to this discussion. "...And therefore those skilled in war bring the enemy to the field of battle and are not brought there by him." And "The art of war teaches us to rely not on the likelihood of the enemy's not coming, but on our own readiness to receive him; not on the chance of his not attacking, but rather on the fact that we have made our position unassailable."

The lessons of Sun Tzu show that we want to essentially choose the battlefield and lay in wait for an attack. We want to be wise about our battlefield and prepared for the enemy. Using the TIC approach is similar to how the Spartans chose the battlefield for the battle of Thermopylae. They chose a small gorge that a small force could successfully defend and then they put up the biggest fight in history. This is the idea behind the TIC. Secure the path to the prize. When you secure the only way to get to the servers, you secure the servers. At the moment, the servers are too distributed to mount an effective defense.

Weakness?
The only glaring weakness that I can calculate is that this can easily turn into a bureaucratic nightmare resulting in weak TICs. Weak TICs will result in a much wider path to the prize (what if the gorge at Thermopylae was twice as wide?). TICs will have to comply with some standard. Not only that, but likely the TIC will have to be the lowest bidder on the project. So what are the standards? Will they be robust enough? Will the lowest bidder do just enough to get the grant? Will the lowest bidder have qualified personnel? Will there be a process that the TIC and government will need to follow that essentially slows response time? All these are questions that should be answered among many more.

Microsoft's DirectAccess: Reinventing VPN

Tim Cronin — Thu, 30 Jul 2009 13:04:15 +0000

As we know, Virtual Private Networking (VPN) is a technology that allows remote systems to connect to a local system in a secure manner. This is what Microsoft's DirectAccess is setting out to do as well. Microsoft is marketing the new remote access tool as somewhat of a revolution, claiming that you can throw the VPN out with the bathwater. This is not necessarily the case, but DirectAccess may still herald a new generation of VPN technologies.

WHAT IS DirectAccess?
DirectAccess is a technology that allows Vista, Server 2008 and Windows 7 to connect with the office LAN seamlessly, without having to log into any clients. DirectAccess is also being used to remotely manage remote PCs without the PCs needing logged in user (for instance, you can push a new update to an idle PC). This technology comes at a time when there are a multitude of remote technologies to choose from so Microsoft is distinguishing itself by saying that DirectAccess is basically a hands-off technology. The user doesn't need to do anything except get a network connection and log into the machine as normal - the OS takes care of the rest.

HOW IT WORKS
Despite Microsoft's marketing, DirectAccess is a VPN technology with new functionality. For those familiar with configuring VPNs, DirectAccess uses IPSec to tunnel the remote system to a DirectAccess server. The DirectAccess server then authenticates the system and, if configured, authenticates the user. Both of these steps rely on certificates (and the option of smart cards for multi-factor authentication for the user). From here, there are differences in topology and design from which you can choose. You can use "End to End" (security to the application server) or "End to Edge" (security to the perimeter, then letting unsecured traffic on the LAN). One key piece of information that must be taken into account: DirectAccess uses IPv6 as the preferred protocol. You can use IPv4, but there will be extra steps that you may need to take. There are several more key points to the connection for which I will refer you to Microsoft's documentation at http://www.Microsoft.com/servers/directaccess.mspx.

SECURITY CONCERNS
Microsoft has taken steps to make sure that security of this technology is the focus and seems to have been successful. When this technology is configured properly and used properly, I can see a step forward with this technology. That being said, DirectAccess does assume some things. The most glaring is that user authentication is not required. If a user's laptop is stolen and not reported in time, then it is conceivable that an attacker would have access to your internal network. Although, they may not be able to log into the domain, there is still an IPSec connection between the attacker and the LAN. This will make the use of full disk encryption even more necessary. Also, the fact that there are so many technologies involved in order to get a connection is a concern. If any one of them has a vulnerability it can be a problem to say the least.

END OF THE VPN?
All-in-all, I don't think DirectAccess will herald the end of the VPN. I think that there may be some changes, but VPN is here to stay for the moment. The public information on DirectAccess is still a bit hazy on site to site connections (in fact, I am not sure it's possible). For this reason VPNs are still going to be in use. Also, remote access VPN technologies, as they exist today, will adapt to new market requirements. I foresee the major VPN vendors keeping pace with Microsoft.

Astaro Receives VMware Ready Certifications

Amir Khawaja — Thu, 30 Jul 2009 13:17:44 +0000

Astaro earned multiple VMware Ready™ certifications for its security products.

Astaro Security Gateway, Astaro Mail Gateway and Astaro Web Gateway have all been certified as VMware Ready, and Astaro is the only Unified Threat Management provider to have submitted to and passed VMware Ready validation. For more information, check out the press release here.

Ideas are for sharing

Amir Khawaja — Thu, 30 Jul 2009 13:06:44 +0000

We are rolling out a new service for our partners and customers - an improved feature request site.

On this new site our partners and customers can make suggestions for improvements or request totally new functionality. Not only can visitors make their own suggestions - they can vote on the suggestions of others, giving us a better understanding of the popularity or urgency of specific network security needs.

We will be using the insight gained from this site to plan future product updates and releases. We've always taken the suggestions of our partners and customers into account when planning future enhancements to our products - we know they have the best insight into what they need for web security but this new site gives them formal channel for making suggestions.

I'm excited to read the suggestions we receive and I look forward to learning more about what our customers and partners want.

How to protect your network from cyber-attacks

Tim Cronin — Thu, 30 Jul 2009 13:18:39 +0000

There are three measures network administrators can take to avoid the types of network attacks that plagued US and South Korean websites including www.whitehouse.gov, NASDAQ, NYSE, Yahoo!'s financial page and the Washington Post. The three areas to focus on are network based mitigation, host based mitigation and proactive measures.

Network based mitigation:

Install IDS/IPS with the ability to track floods (such as SYN, ICMP etc.)
Install a firewall that has the ability to drop packets rather than have them reach the internal server. The nature of a web server is such that you will allow HTTP to the server from the Internet. You will need to monitor your server to know where to block traffic.
Have contact numbers for your ISP's Emergency Management Team (or Response team, or the team that is able to respond to such an event). You will need to contact them in order to prevent the attack from reaching your network's perimeter in the first place.

Host based mitigation:

Ensure that HTTP open sessions time out at a reasonable time. When under attack, you will want to reduce this number.
Ensure that TCP also time out at a reasonable time.
Install a host-based firewall to prevent HTTP threads from spawning for attack packets

Proactive measures:
For those with the know-how, it would be possible to "fight back" with programs that can neutralize the threat. This method is used mostly by networks that are under constant attack such as government sites.

Spam Is More Than Annoying

Angelo Comazzetto — Thu, 30 Jul 2009 13:10:00 +0000

Not only is it annoying having to sift through all the garbage which clogs your inbox, but it costs you productivity as you attempt to separate the mails you need from the unwanted items.

Spam rarely ends up in my own inbox due to the effectiveness of the blocking solution I use, (I use a solution from Astaro) but many of the people I speak with daily communicate that in an inbox with 50 messages, 45 or more can easily be spam on a given day.

How obnoxious is it to go through all of your email and delete meaningless message after meaningless message. You have to wonder what these spammers are thinking - they must know that 99% of their messages are going to be deleted or blocked - and what are they trying to sell by randomly emailing people? Well, first of all they don't care that 99% of their emails will be deleted or blocked. Because they send out tens of millions of spam messages at a time if only 1% of the emails get through and accomplishes its goal they consider the distribution a success. That is why spammers use topics currently in the news (like the Swine Flu) to grab the attention of the few people who don't have a spam blocker already in place.

So, what can you do to stop these annoying, and potentially harmful messages from getting into your inbox? Email filtering is just the beginning. Email filtering will only work as a spam blocker if you are indentifying spam properly, and using the right technology for your organization. Astaro published a white paper describing the dangers of spam and effective anti-spam technologies and techniques. To read this white paper visit The Hidden Dangers of Spam.

A Conversation on "Health Information Technology"

Tim Cronin — Thu, 30 Jul 2009 13:20:10 +0000

On Sunday, the Boston Globe printed a portion of a letter to the editor I sent in regards to one of the paper's articles. The opinion discussed the mandating of electronic health records and the importance of security for such records. Below is the complete letter.

One of the hot-button issues facing the country today is healthcare reform. President Obama has identified widespread electronic medical records as a major benchmark towards achieving the goal of affordable health coverage for all. Scott Kirsner did an excellent job describing some of the technologies Massachusetts companies are creating that will make universal electronic health records possible in his article State helping to shape US efforts to digitize health records for all.

The article neglected to examine the network security concerns of such a system. One may say "Moving medical records online will mean less privacy for everybody." In reality less privacy is not an issue if proper security is in place. Therefore, moving medical records to electronic storage will increase the need to secure networks. The truth is that records are no less secure when stored electronically, as long as the network is secure. In fact, there are gains in privacy. The biggest risk involved is that making all records electronic does allow a person to attempt to gather information remotely by compromising a network. As long as medical facilities deploy network security technologies and maintain them, this should not be a widespread problem.

With paper records, someone who wanted to steal medical information can be successful, but would need to get a hold of a physical copy of the record. This means that an attacker would need to take a risk and go to the location of the records storage. Paper records also pose a risk to patient privacy as medical staff bring records home with them so they can work outside of the hospital. Recently, an employee at a Boston hospital accidently left records on the "T". If the records were accessible electronically through a secure network connection, this wouldn't have happened.

Electronic medical record keeping also provides for a more secure data backup process. Hospitals using electronic records will need redundant hard drives, servers, data storage and other important infrastructure to ensure medical information is never lost. With all those backups, many fear that it will be easier to gain unauthorized access to patient information. In actuality, the electronic backups will be easier to secure than the current system of paper charts. Currently paper records are sent to storage vendors and the vendor's employees have access to the information in clear text.

The best security that you can provide without destroying the information is to send the charts in a locked receptacle. In an electronic system, data can be encrypted and stored at vendors' facilities without fear that the vendor will be able to read the data. This adds to the locked receptacle, because you can lock storage medium in a case, then if that case is compromised, you also have the data in an illegible form. You can also deploy hashing functions to ensure that no data is tampered with. To address one of the biggest fears, properly deployed medical networks will not send information in a manner that is easy for someone to simply capture. With electronic medical records, you will need to make sure that there is no path for the records to be sent over the open Internet. Instead records should be sent over secured VPN networks specifically designed to protect this information.

Nobody should have access to the network that does not need access. Congress has already acted to ensure that this guideline is followed, through the HIPAA and HITECH acts. However, these acts stop short of dictating the security standards and focus on the penalty for if a record is compromised. Creating an electronic medical records system will benefit the healthcare system in America in many ways, including increasing the security of medical records However, if the country is to move towards mandating electronic medical records, then congress should create additional acts creating security standards.

As Slowloris HTTP DoS Rises Astaro is Ready

Angelo Comazzetto — Thu, 30 Jul 2009 13:13:46 +0000

This is an interesting attack, particularly because it does not require a lot of bandwidth by the attacker. It is possible to DoS even large sites simply using a common residential Internet connection, and using Slowloris to eat-up the Web Server's ability to respond to other HTTP requests, by sending partial ones itself and thus holding the sockets open.

You can read more about this DoS technique here. While the approach is not new, the working implementation of it "for the masses" is starting to appear more commonly. As we have already received dozens of queries about how to stop this attack, we'd like to inform you that Astaro installations with current/updated Intrusion Protection Patterns will be protected against this, so neither admins nor their Web Servers need to fear. The ID for this new rule is #1000023, and is located in the HTTP Servers Group under the Apache category.

Prevolence of Botnets and Their Zombies Encourages Spam

Tim Cronin — Thu, 30 Jul 2009 13:24:52 +0000

Dark Reading published an article titled "Booming Underground Economy Makes Spam A Hot Commodity, Expert Says" regarding the ease of using botnets for spam activity and how this makes spamming profitable.

Some of the more startling statistics show that "For about $10, [a spammer] can send a million emails". Even if 2 people order a product that they are selling for $10, that's a 100% profit over the cost of the use of the botnet. Assuming the actual production of the product is cheap enough, that's a good margin

How are botnets so inexpensive, though? And, why are there so many available? If you look at Commtouch's Malware Outbreak Center you will notice that the vast majority of detected malware seems to be botnet downloaders. Gone are the times when malware consisted of cute "look what I can do" code we are now in the time of real revenue-generating malware. All a botnet "commander" needs to do is create the code, send it out and let it propagate through the Internet. Eventually, there will be enough zombie hosts to really make money.

The strategies in use now should provide a good-enough deterrent to spammers, but there are simply not enough people using current protections. So long as host-based malware detection is in use and network based protections such as IDS/IPS, malware scanning and firewalling are in use, then the amount of zombies on the internet will be reduced enough so that spamming will not be profitable. Then we can look at our in boxes with confidence. We haven't reached that point yet, because there just simply aren't enough people using adequate controls of network traffic.

According to Commtouch again, in the Western world, zombies are not as common as developing nations. Unfortunately for the Western world, we feel the effects of others' lack of controls. Judging from all of this information, all the world needs to do in order to stop spam is make sure we are using currently available controls for our networks. This will make spamming unprofitable and make spammers use their tricks for other means. Until that day, the back-and-forth between spam and anti-spam will continue.

Virtualization as a Disaster Recovery Strategy

Bill Prout — Thu, 30 Jul 2009 13:14:08 +0000

There have actually been a few major disasters in the past 10 years that have shown the value of good disaster recovery plans. Though they're far from perfect they do make a difference and can always be improved with newer techniques and technology. When hurricane Katrina struck I was working with the City of New York's network design team and we were tasked with creating an emergency refugee processing center for the thousands of hurricane victims that the city had taken in.

While we were able to throw this site together over a weekend by using a lot of manpower and equipment it could have just as easily been done with a few decent virtual servers hosting the applications we needed. All applications including endpoints security could have been hosted virtually making design and deployment very simple. There most likely would have been significant cost savings on manpower, space, power, etc...

Though this is an extreme example it does show how virtual environments can be used for disaster recovery.

Tips for securing your Wi-Fi Connection

Tim Cronin — Thu, 30 Jul 2009 13:14:36 +0000

Recently, NPR's "All Tech Considered" posted a very good and concise article on securing WiFi technology. I would just like to add a few key points for those that concern themselves with network security.

First, when using a VPN on an un-trusted hotspot, make sure that it is a "full tunnel" VPN. Split tunnels work well for connecting with trusted networks (like your home network). Unfortunately, if you are on an un-trusted hotspot, then there is no guarantee that there is security on that hotspot and an attacker can use your PC to get access to your internal network. Second, I would just like to point out that "Secure your home network" Is a huge point. Don't just take advantage of encryption, MAC filtering and other ubiquitous measures. Also, reduce the size of your network to the minimum that is necessary for the amount of expected systems. And change the default network. Choose something not common.

These steps may not be effective alone, but can certainly add to an overall secure environment. SIDENOTE: MAC filtering and other security features have been shown to be inadequate when a skilled attacker targets your network. There is still not reason *not* to use them. The key is to make your network harder to get into than the ones around you, make it difficult enough so that the attacker loses interest or make it harder than his skill level to crack.

An attacker will likely take the path of least resistance, after all. If your network proves to be difficult to hack, the hacker will move on. Third, disable your wireless antenna when not in use. Most laptops have a button or switch that disables the antenna so that it's easy to see that it is disabled. This is especially true on airplanes. There are many people that find it fun to browse others' PCs while on board a plane. Fourth, if you connect to an access point that you don't intend to connect with often, delete it from your automatic wireless network list.

This was shown to be a very large hole by HD Moore (with his "Evil eeePC"). Instructions here: http://technet.microsoft.com/en-us/library/cc778180(WS.10).aspx Last, never assume that you aren't compromised. The chance always exists. Monitor your systems regularly for irregularities.

ASG Beta Release Version 7.470

Angelo Comazzetto — Thu, 09 Jul 2009 15:50:21 +0000

Our Beta community will be excited to hear that we have just made available the third package in our 7.500 release testing. This Up2Date draws heavily on the feedback from our Beta Testing Forum. We've made improvements to features, cleaned up a lot of areas to make them more production-ready, and advanced the quality and speed of of the entire release.

Due to the way our Beta infrastructure is organized and separated from the production/GA release network, this Up2Date package may take a while for your ASG to acquire fully. Any download slowness or delays in the package propagating to your Beta-test are due to this reason only, and when the GA version launches it will use the full power of our content distribution network. You can read on for the full details of this Beta Up2date! At around 175 Megabytes in size, its a very large Up2Date, so please be patient as it distributes.

We have made improvements to SSL VPN, WebAdmin, HTTP Proxy, Reporting, and the Flow Monitor, along with most other areas of the Beta. This release is available both as an Up2Date download package from 7.460 (Beta 2), as well as a full ISO image for both ASG appliances and software installs on your own hardware platform. Feel free to join us in the Beta using these options, or you can re-install at any time with the latest Beta version and restore a backup from any 7.40x or Beta 7.5 release for continued testing.

Please note:

If you are already testing the 7.460 Beta release, your installation will automatically download the Up2Date and make it available to install via WebAdmin. You do not need to download this package manually (unless you wish to).

Details and Download

Up2Date 7.470 Package

Size : 184484744 bytes (175MB)
MD5sum: a5f784ec85bfecb8a6d61508ce1f41b9
ftp://ftp.astaro.de/pub/ASG/v7/beta/u2d-sys-7.460-470.tgz.gpg

ISO (Software)

Size : 533086208 bytes (508MB)
Md5sum: 223debac4d4f242b09382bf688bcaa99
ftp://ftp.astaro.de/pub/ASG/v7/beta/asg-7.470-090709-3.iso

ISO (ASG Hardware Appliances)

Size : 556654592 bytes (530MB)
Md5sum: 85300ba149c9a79900b92ad51d09f92b
ftp://ftp.astaro.de/pub/ASG/v7/beta/ssi-7.470-090709-3.iso

Thank you for your continued testing and feedback!

Regards,
Your Astaro Team

Up2Date 7.404 Released

Angelo Comazzetto — Wed, 08 Jul 2009 15:38:10 +0000

Astaro has made available Up2Date 7.404 via our global content distribution system. Your Astaro Gateway Products should shortly be downloading and preparing it for install. This is an incremental release designed to strengthen the security and stability of your product. For the full details, read on!

This Up2Date package is mainly being released to address a published security concern regarding IPsec, which we will patch against. In addition, a few small adjustments are being made which address some issues.

Up2Date 7.404 Details

Remarks:

Existing configuration will not be changed
This package will be auto-downloaded and made ready for installation
NOTE: *System will be rebooted*

News:

Fixed IPsec vulnerability CVE-2009-2185
In regards to the new features and benefits of AxG 7.4, please read the V7.4 Release Notes PDF.

Fixes:

Fix [10588]: Connecting via DHCP / Cable modem may fail
Fix [10607]: Issue with reconnecting to DSL via PPPoE
Fix [10633]: Fixed error messages in ipsec.log "Conntrack failed"

Download Information:

Astaro Main FTP
Size: 9155683bytes (8.7 Megabytes)
Md5sum: ed5765c8b79580998be966a1022f5cda

The Astaro Up2Date technology makes it easy to upgrade your installed Astaro Security Gateway to the latest version. There are two ways to apply an Up2Date package to the system:

Log on to WebAdmin, navigate to Management >> Up2Date >> Overview and use Update to latest version now to install the Firmware Up2Date. Click on then Watch Up2Date Progress in new window and an extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server and install it under Management >> Up2Date >> Advanced:
Astaro AxG Up2Date Download Mirrors:
- Astaro US
- Astaro US2
- Astaro Germany
- Astaro Germany2
(All Up2Dates are GNUPG-signed!)

Feedback

If you want to provide feedback or want to discuss any of the AxG V7 features you should post it on our User Bulletin Board. Please take care to add always(!) the version you refer to (e.g. "[7.403] WAN Link Balancing ").
If you have feedback to our documentation (Online Help) please send it to docu@astaro.com.
There is also a demo server: http://demo.astaro.com

- The Astaro Team

As Slowloris HTTP DoS Rises, Astaro is Ready

Angelo Comazzetto — Fri, 26 Jun 2009 11:50:18 +0000

Recently the Slowloris Denial of Service attack has jumped in popularity. This attack is similar to SYN flood, but uses HTTP instead, basically consuming sockets on the Web Server vs. trying to saturate all the bandwidth. This is an interesting attack, particularly because it does not require a lot of bandwidth by the attacker.

Indeed it is possible to DoS even large sites simply using a common residential Internet connection, and using Slowloris to eat-up the Web Server's ability to respond to other HTTP requests, by sending partial ones itself and thus holding the sockets open.

You can read more about this DoS technique here. While the approach is not new, the working implementation of it "for the masses" is starting to appear more commonly. As we have already received dozens of queries about how to stop this attack, we'd like to inform you that Astaro installations with current/updated Intrusion Protection Patterns will be protected against this, so neither admins or their Web Servers need to fear. The ID for this new rule is #1000023, and is located in the HTTP Servers Group under the Apache category.

If your ASG installation is showing pattern revision 9857 or better, you are protected.

AxG Beta 7.460 Released

Angelo Comazzetto — Thu, 18 Jun 2009 20:24:21 +0000

Greetings! We have issued another Beta Version of our not-yet-released 7.500, for those who are testing or wish to test the new features and functionality of our next major Up2Date release. For more information on the 7.500 Beta, please see our initial launch announcement. For more information on this new Beta version release, please read on.

The 7.460 Beta Up2Date is a pure bugfix and stability released, which addresses approximately 75% of the reported issues communicated on our 7.500 Beta Forums. It also addresses and fixes issues found by our own teams in house. This release is available both as an Up2Date download package via our FTP and a full ISO image for those that wish to join the Beta at this point, or wish to re-install at any time with the Beta version for continued testing.

Please note:

If you are already testing the 7.450 Beta release, your installation will automatically download the Up2Date and make it available to install via WebAdmin. You do not need to download the package manually (unless you wish to).

Details and Download

Up2Date 7.460 Package:

Size : 107795134 bytes
MD5sum: 83b6b2095eb203d7845ab2b54f18f709
ftp://ftp.astaro.de/pub/ASG/v7/beta/u2d-sys-7.450-460.tgz.gpg

ISO (software):

Size : 527144960
Md5sum: 15e8fedb8a5377cf47a37815699bc359
ftp://ftp.astaro.de/pub/ASG/v7/beta/asg-7.460-090618-4.iso

ISO (hardware appliances):

Size : 550610944 bytes
Md5sum: b0a5e9141f9cfeee9b9310c6be1055f3
ftp://ftp.astaro.de/pub/ASG/v7/beta/ssi-7.460-090618-4.iso

Thank you for your continued testing and feedback!

Regards,
Your Astaro Teams

AxG 7.403 Up2Date Released

Angelo Comazzetto — Mon, 08 Jun 2009 14:30:21 +0000

Up2Date 7.403 has just been published to the Astaro Up2Date infrastructure. This is a stability release which enhances the core and operation of your Astaro product. Please read on for the details around this Up2date package.

Depending on your location and bandwidth, this Up2Date may take some hours to become available within WebAdmin of your installation. We are testing a new distributed Up2Date dispersal system based on a cloud infrastructure, which may significantly speed up both Up2Date propagation to your device, and the download speed at which the Up2Date is retrieved. As this service is fully deployed, most customers will directly see the benefit for future releases.

Up2Date Size: 72.59 MB (76111055 bytes)
Md5sum: 9fda5190714aedc0636fbb43cbd0cc85

Remarks:

Configuration will not be changed
*NOTE*: System will be rebooted!

News:

Added support for new Up2Date servers & cloud deployment
In regards to the new features and benefits of AxG 7.4, please read the V7.4 Release Notes PDF.

Bugfixes:

Fix [10015]: Active content removal not working correctly
Fix [10139]: Unable to download, clear, or delete log files
Fix [10233]: Regenerating the Signing CA might cause problems
Fix [10284]: Uplink interface not showing up sometimes
Fix [10323]: High-Availability logfile filling up quickly
Fix [10324]: Possible db sync problem on HA nodes
Fix [10339]: Slave nodes keeps UP2DATE state after manual action
Fix [10355]: Problem reinitializing tunnels after HA takeover
Fix [10360]: Exception list can not be created for Share
Fix [10361]: File Extensions missing from Filter Action page
Fix [10391]: POP3 prefetch fails at long MIME-encoded subjects
Fix [10409]: Web Security reports not visible for auditors
Fix [10423]: Using proxy arp may cause loss of WebAdmin connectivity
Fix [10426]: Importing license via wizard may not work correctly
Fix [10441]: HTTP block action not working in all cases

The Astaro Up2Date technology makes it easy to upgrade your installed Astaro Security Gateway to the latest version. There are two ways to apply an Up2Date package to the system:

Log on to WebAdmin, navigate to Management >> Up2Date >> Overview and use Update to latest version now to install the Firmware Up2Date. Click on then Watch Up2Date Progress in new window and an extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server and install it under Management >> Up2Date >> Advanced:
Astaro AxG Up2Date Download Mirrors:
- Astaro US
- Astaro US2
- Astaro Germany
- Astaro Germany2
(All Up2Dates are GNUPG-signed!)

Feedback

If you want to provide feedback or want to discuss any of the AxG V7 features you should post it on our User Bulletin Board. Please take care to add always(!) the version you refer to (e.g. "[7.403] WAN Link Balancing ").
If you have feedback to our documentation (Online Help) please send it to docu@astaro.com.
There is also a demo server: http://demo.astaro.com

Your Astaro R&D team

ASG Beta 7.500 Launched

Angelo Comazzetto — Tue, 26 May 2009 13:21:13 +0000

I am pleased to announce that the Beta for the next big release of Astaro Gateways (7.500) is now available. While this release will be finalized for all versions of AxG, the Beta phase is only for the Astaro Security Gateway. This release includes exiting new things that were posted, submitted, and/or reviewed by you, our partners and end users via our new feature request portal at feature.astaro.com.

This version's Beta will last approximately four weeks, with the GA version roadmapped for the beginning of July. Your participation in the Beta is greatly appreciated, as it allows us to tune and strengthen the final version based on your testing and comments. Please read on for more details about the Beta; what it contains, how to get it, and other information!

What's new in BETA ASG V7.500?

7.500 adds over 50 new features and conveniences, most of which are directly a result of submitted features by our partners and customer base. While we'll have detailed documentation and release notes ready for the final release, here is an overview of the things of note, and a few bullet points for information so you know where to go and what to see/try. This is not an exhaustive list, but most new things will be at least mentioned. Some things listed as "minor" may indeed not be considered minor for various admins/users/partners, depending on your needs.

Major New Things

Intrusion Protection Performance

Uses new version of the IPS engine
Scales massively when used with Multi-Core CPU/Appliances

Real-Time Bandwidth Monitor

New Interface utilization bars on Dashboard (setup scale via editing the Interface and filling in new parameters for Upload/Download)
Click for detailed overview as to "whats happening in my network right now"

Import/Export Widget

Gives the ability to work with manual lists for many features/fields
Useful to import a large blacklist (for example) into the URL Blacklist
Can been seen in many user-input boxes in Web, Mail and more. (Green Up/Down Arrows)

Transparent Authentication Support for Web Security

Allows users to authenticate against a Portal-Style page
Allows for username based tracking, reporting, and surfing without changing browser settings
Currently logo can be customized. Text,HTML, and further customizations planned for a later time.
Configurable Timeout via HTTP-->Advanced. (Default 900s)

Clone Objects

Easily duplicate existing objects for quick re-use.
Supported in most places for many objects (Definitions, Services, Certain Profiles/Actions)

Extended Network Security Reporting

Added Detailed Packet Filter/Firewall Reports
Added Detailed IM/P2P Reports

Reputation Support for Web Security

Allows use of the trustedsource.org reputation for Web Filtering
Documentation coming, for now visit their site/FAQ for more info on reputations

DHCP Improvements

Automatically map a current lease to a static assignment
Limit DHCP leases to those with static assignments only
Configurable DHCP lease time
Servers retain configuration when enabled/disabled

Multicast Routing Daemon

PIM-SM Routing support More documentation on this implementation to come. Experiment with it and if it solves your needs.

Other New Things

Windows SSL VPN Upgraded - New Client which supports X64 and many other options (download again via the UserPortal)
Improved HTTP Caching - Increases hit/usage rates and makes the cache more effective.
Quarantine/UserPortal Usability - Adds navigation to the bottom (supplementing the existing controls at the top), large amounts (250-1000) of displayed items per page, and sorting by subject line.
Default Definition for "Internet" - Allows to specify "Internet" as an object which will exclude internal network(s) to aid policy creation (0.0.0.0/0 on Gateway interface)
Customizable Shortcuts - Change the default Ctrl assignments to fit your preference
Improved Definition/Services Sidebar - Mouseover now instantly shows full name and extended info to aid identifying desired object for drag 'n drop.
User List shows static IP's - if assigned/configured (no need to edit in order to view)
Live Log Negation - use to filter live logs to not show lines that match "-" entries i.e. -test to remove lines containing "test"
Console/SSH Logins Trigger a notification - provides admin the needed insight when accessed.
Instant Email Backup - Button for every created backup file which allows it to be sent immediately via email to configured addresses
Custom text for notifications - Allows easier identification of which installation is sending the message. Especially useful if managing multiple sites using notifiers.
Test NTP Sync - Button to immediately poll the configured NTP server
Automatic Backup before Up2Date install
Configurable Default for Lists - Allows for the amount of items per page (Packet Filter Rules, or anywhere there is a number amounts drop down) to have a larger default view
Cluster/HA Serial Number View - Information on connected units made easier
Schedule Firmware Installation - When an Up2Date for Firmware is available, you can schedule it to auto-install at a certain time (not a recurring setting)
WebAdmin Network Section Split - Now two sections; "Network" and "Network Services" for usability.
Search Boxes Retain Data - No need to re-enter query when returning from a drill down/result click.
System Restart Reason - Allows logging of "why was system restarted" in the notification
Group Tool tips for Members - Easily discern Network/Service Group members without having to edit in order to view
Reporting Exclusions - Used to remove unwanted entries from various reports (such as Google-analytics from Web Security tables
Log Flag for NAT Rules - Similar to packet filter, tells you which NAT rule was matched as part of traffic handling
Masquerading for Additional IP Addresses - Allows the use of Masquerading (vs. just SNAT) for additional IP's bound to an interface
Support for Multiple Authentication Servers - The authentication server section has been redesigned to support fallback/failover in an easier format, with many usability improvements
SNMP MIB - Downloadable via the SNMP section of WebAdmin
Up2date Status Reworked - Clarifies the current status of a Firmware Up2date to avoid confusion regarding the availability, download progress etc...of an issued Up2date.
Inline/Snap Report Links - Directly moves the Admin to the relevant details report when browsing the embedded daily reports located throughout WebAdmin
Global POP3 Sender Blacklist - Quarantined as "other" in the QM/EUP
Dashboard RSS Feed - Provides visibility to select Astaro-issued items via WebAdmin *Other magic features, enhancements, and usability improvements

Beta Program Information & Download Links

Known-Issues

Online help & associated documentation has not been updated for new or changed features (yet).
Other FTP Locations will be online as our system spreads them to ftp.astaro.com and other mirrors (ftp2.astaro.com, ftp2.astaro.de etc...)

Download

This initial Beta version can only be tested through a new installation, i.e. by downloading and installing the complete ISO image. You cannot upgrade an existing production installation with a Beta up2date package. It is possible to restore a backup from an earlier version (up to 7.403) into your new Beta machine. We will make every effort to ensure Beta participants are able to Up2Date to the final GA version once it is released without re-installing.

Beta Download:

Software ISO-Image for your own X86 hardware
http://download-cdn.astaro.com/asg-beta/asg-7.450-090529-2.iso
Size: 500MB

Beta Download:

ISO Image for ASG Hardware Appliances
http://download-cdn.astaro.com/asg-beta/ssi-7.450-090529-2.iso
Size: 524MB

These links are directly to this release's ISO images. You can always find the various files, updates, and MD5's for this beta at ftp://ftp.astaro.de/pub/ASG/v7/beta

How to be a Beta Tester

A large amount of factors contributes to the best level of perfection for Astaro products in varied production environments. The following sections will provide all the information you need to download, install and test the ASG V7.5 Beta.

Testing Period May 29th - July 15th (estimated)

Limitations and Hints

As with all Beta software, this release is not yet final and should not be considered an indication of stability, quality, or performance that will be delivered in the GA release of ASG V7.5. If you are using this Beta as part of an evaluation or while considering a purchase, please allow Astaro or the appropriate partner to address any concerns you may have before finalizing your decision based on a Beta release. Further, this Beta will not be supported in ANY way via Astaro's support teams, and using it in production environments may cause downtime, issues, or troubles. We therefore discourage running the Beta at sites which cannot afford the negative aspects of running Beta software.
An ASG V7.5 manual and complete Online Help will be available with the GA release, along with other AxG versions of 7.500.

Feedback

Please post all Beta feedback (no matter how big or small) and discuss any of the ASG V7.5 Beta features on our User Bulletin Board in the "BETA Version" forum.

Your Efforts Rewarded!

Your feedback is closely reviewed and treated with priority by many members of our various teams here at Astaro. It allows us to deliver a final product to you of the highest quality. As a result, participants in our Beta Program for ASG V7.5 will have the chance to win one of three Amazon Gift Cards totaling over 600 dollars. Please qualify by actively posting and participating in discussions on our Beta version forum on our User Bulletin Board for details.

Special Home User Keys

In addition, we will offer active testers a specially enhanced home-user license which allows the full protection of up to 50 IP addresses (vs. the normal 10). These user keys are awarded after the GA release of 7.500, and are based on user activity, feedback, and general contribution to the Beta phase at our sole discretion.

Regards,
Your Astaro Product Management Team

New Astaro Feature Request Site

Angelo Comazzetto — Fri, 08 May 2009 13:32:01 +0000

Astaro has long been quite vocal about how our products are developed. We want to build products that solve problems. Products that people want to buy. One of the projects we've been working on is a new, openly visible community where your ideas, feature requests, tweaks, and other changes can be posted, viewed, commented on, and given weight by others.

We are pleased to announce that http://feature.astaro.com is now live. Whether you are an Astaro home user, customer, partner, distributor, or have yet to upgrade to Astaro from another product and improved your company with our solution, we welcome your feedback and ideas!

How Does the New System Work?

After a quick registration, (you may also use your OpenID such as from Google Mail or Facebook), you will be assigned a number of "votes". These votes can then be used to create new feature requests. As you are entering new requests, keep an eye out for the "suggestions" which will appear that help you avoid posting duplicates. Alternatively, you may use your votes to stamp your approval on existing feature requests. This works to add more significance/weight to an existing entry when they are reviewed by our product management team. You will receive a status report from the system which will automatically keep you informed about features which are relevant to you. Your voting points will be returned as features are accepted and implemented.

Why is this Approach Beneficial?

This process allows us an improved insight into what features are greatly desired by our audience and enables us to continue developing the product with you in mind.

Where Do I Access this System?

Already have something on your mind? No matter how large or small, we want to hear it! You may access the beta version of the new site here:http://feature.astaro.com. We have done our best to implement the most significant entries from the old database. If one of your entries does not appear in the search results and you feel that it was of value, please don't hesitate to add it in today.

Help us support our product improvement initiative by spreading the word to your colleagues and friends!

With kind regards,
Your Astaro Team

Up2date 7.402 Launched

Angelo Comazzetto — Thu, 23 Apr 2009 01:07:15 +0000

Hello! Astaro has released Up2Date 7.402, which is a stability release. This update adds support for newer Intel ethernet driver versions, adds to the amount of multipath rules that can be created, and optimizes some database tasks further. In addition, this release fixes some bugs and increases ACC integration/performance.

7.402 Up2Date Details

Remarks:

Configuration will not be changed
**NOTE**: System will be rebooted

News:

Updated Intel e1000 driver: **NIC ordering in software appliances should not be affected, however please verify your order assignments after installation!
Updated SIP support for better integration Improved database maintenance processing times
Improved Multipath to handle more than 64 rules
Improved ACC integration

Bug Fixes:

Fix [7900]: VLAN sometimes fails on LAG devices
Fix [9376]: Ipsec VPN tunnel not coming up after takeover
Fix [10108]: ASG 525-F eth8 and eth9 may lose link
Fix [10147]: IPsec tunnels with remote network 'Any' will not work
Fix [10158]: Multipath persistence by connection not working properly
Fix [10189]: User groups with umlauts not working in HTTP Proxy profiles
Fix [10200]: Solved with auto packet filter rules for outgoing traffic

Up2Date Information:

AxG 7.402 Up2Date Package

MD5sum: 99649d575795bddee7cc8247645a3275
Size: 143158517 bytes (139 MB)

Astaro Up2Date technology makes it easy to upgrade your installed Astaro Security Gateway to the latest version. There are two ways to apply a system Up2Date package to your installation:

Log on to WebAdmin, navigate to Management >> Up2Date >> Overview and use Update to latest version now to install the Firmware Up2Date. Click on :Watch Up2Date Progress in new window" if you want to watch the process, and an extra browser window will show the progress of the Up2Date installation. The System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server and install it under Management >> Up2Date >> Advanced:
Astaro AxG Up2Date Download Mirrors:
- Astaro US
- Astaro US2
- Astaro Germany
- Astaro Germany2
(All Up2Dates are GNUPG-signed!)

Feedback

If you want to provide feedback or want to discuss any of the AxG V7 features you should post it on our User Bulletin Board. Please take care to add always(!) the version you refer to (e.g. "[7.302] Quarantine Report ").
If you have feedback to our documentation (Online Help) please send it to docu@astaro.com.
There is also a demo server: http://demo.astaro.com

Your Astaro R&D team

Astaro Patterns: Controlling Conficker Worm

Angelo Comazzetto — Mon, 06 Apr 2009 13:39:46 +0000

With the recent attention in the media to the Conficker Worm, many customers have general questions regarding this threat.

For the short version, Astaro installations with HTTP Virus protection via the Web Security package have been protected against the HTTP download distribution (such as variant C) of this worm since January. However, with this Worm's ability to spread multiple ways, such as the TCP and UDP transfer of the payload, Virus scanning at the gateway should be bolstered by Intrusion Protection to offer a more complete security defense against Conficker. Read on for details as to how Astaro can aid you in fighting this worm!

New IPS Rules
Astaro Global Pattern Up2Date #9422 adds two new Intrusion Protection Rules, numbers 2000011 and 2000022 which are designed to identify and stop code execution of Conficker variants A and B respectively. If you have automatic pattern Up2Dates enabled (the default) this protection will be added automatically during the next few minutes. Otherwise please perform a manual pattern Up2Date if you are not using the automatic feature for patterns.

Ensure You Are Protected
To ensure you are protecting your network using these new patterns, in WebAdmin go to Network Security-->Intrusion Protection-->then the "Attack Patterns" Tab. From there, ensure the pattern group "Windows" under Operating System Specific Attacks is checked, and the action is set to "Drop".

Forensic Information via Logs
In the logging system for Intrusion Protection, if you would like to search for Conficker A/B attacks, simply search for the appropriate rule ID. A logfile entry will look like the below upon a pattern recognition: 1. A conficker.a shellcode with SID 2000011 Group 110 2. "A conficker.b shellcode" with SID 2000022 Group 110.

As always, if you have any questions about Astaro protecting you against Conficker, or any threats, let us know on our Online Forums or place a ticket with Astaro Support. Cheers, The Astaro Product Management Team

Astaro Secure Client V9.1 released

Udo Kerst — Thu, 19 Mar 2009 11:00:05 +0000

This new release adds a budget manager, multi-certificate configuration, additional GUI languages, WISPr support and many additional minor enhancements.

New Features
ASC V9.1 offers the following major new features, among others:

Budget Manager The new Budget Manager serves to monitor the costs of internet connection, focusing on UMTS, GPRS and WLAN connections. For this purpose administrators or users configure volume or time limits according to the basic provider rates.Should the user exceed the limit, either a warning notice appears or further connection attempts are hindered.The Budget Manager also allows the restriction or disabling of roaming.
Multi-Certificate Configuration Allows establishing multiple certificate based connections from the client to different VPN remote stations, e.g. to a customers VPN gateway using a soft certificate and to the own company network using a certificate saved to a smartcard.
WISPr Support The client now supports the new browser-less logon technology via WISPr (Wireless Internet Service Provider Roaming). This increases compatibility with T-Mobile hotspots in Germany, Austria, Netherlands, Czechia and Great Britain, and also in some Lufthansa lounges of international airports
Multi-lingual User-Interface The graphical user interface now supports German, English, French, Dutch and Polish language. In addition the new release provides a more comprehensive support of UMTS interface cards as well as new diagnostic capabilities. Additional feature and installation information as well as the most current documentation can be found on the Astaro Knowledgebase at http://www.astaro.com/kb/ under Section Astaro Secure Client - Manuals and Guides.

How to update your client software
There are two ways for updating your client:
1) Start the Astaro Secure Client Monitor on your desktop. On the menu select "Help -> Search for New Updates". Click "Next" on the upcoming "Software Update Wizard" window. The client will now automatically search for new updates. If a newer version is found, you can click on the "Next" button to start the automatic installation immediately.
2) Use MyAstaro to download the new client software from our HTTP or FTP Server. When installing the new software an already existing version will be recognized and updated accordingly.

How to upgrade your license
As V9.1 is a new major release an update to this version requires purchasing a one-time update license, which allows updating of an existing license by one or two releases. When purchasing the license you'll receive an activation key which must be applied to your existing license within MyAstaro. You'll then be offered a new file for download including the key that needs to be entered into your client.

Free License Upgrade If you have activated your existing ASC Version 9.0x license after Jan. 1st 2009, you will receive a new version 9.1 license free of charge by following these steps: Delete the file "ncpoa2.dat" from the "Programs\Astaro\Astaro Secure Client" directory in order to reset your past client activations. Start the Astaro Secure Client Monitor on your desktop. On the upcomming "License Data" Pop-up menu select "Activation". Click "Online Activation" on the upcoming "Software Activation Wizard" window. Click "Next" on all following windows. The client will now search for a new lincense. If a newer version is found, it will be installed automatically.

Evaluation Copy If you want an evaluation copy of Astaro Secure Client, go to MyAstaro and complete a short form to create a MyAstaro account. You will then be taken to a screen where you can download a 30-day evaluation version of Astaro Secure Client.

For more information please visit our website.

Your Product Management Team

AxG V7.401 Released

Angelo Comazzetto — Thu, 19 Mar 2009 15:32:08 +0000

With AxG V7.400 now populated to our user-base, we have a follow up Up2Date which addresses a few issues that did not make the GA version in time.

This is a pure bugfix/stability release which strengthens the quality of your Astaro installation. Depending on your location and bandwidth, this Up2Date may take some hours to become available within WebAdmin of your installation. We are testing a new distributed Up2Date dispersal system based on a cloud infrastructure, which may significantly speed up both Up2Date propagation to your device, and the download speed at which the Up2Date is retrieved.

As this service is fully deployed, most customers will directly see the benefit for future releases.

Up2Date

Size: 72.59 MB (76111055 bytes)
Md5sum: 9fda5190714aedc0636fbb43cbd0cc85

Remarks: Configuration will not be changed

*NOTE*: System will be rebooted! News: Added support for new Up2Date servers & cloud deployment

Bugfixes:

Fix [10015]: Active content removal not working correctly
Fix [10139]: Unable to download, clear, or delete log files
Fix [10233]: Regenerating the Signing CA might cause problems
Fix [10284]: Uplink interface not showing up sometimes
Fix [10323]: High-Availability logfile filling up quickly
Fix [10324]: Possible db sync problem on HA nodes
Fix [10339]: Slave nodes keeps UP2DATE state after manual action
Fix [10355]: Problem reinitializing tunnels after HA takeover
Fix [10360]: Exception list can not be created for Share
Fix [10361]: File Extensions missing from Filter Action page
Fix [10391]: POP3 prefetch fails at long MIME-encoded subjects
Fix [10409]: Web Security reports not visible for auditors Fix [10423]: Using proxy arp may cause loss of WebAdmin connectivity
Fix [10426]: Importing license via wizard may not work correctly
Fix [10441]: HTTP block action not working in all cases

In regards to the new features and benefits of AxG 7.4, please read the V7.4 Release Notes PDF. The Astaro Up2Date technology makes it easy to upgrade your installed Astaro Security Gateway to the latest version

There are two ways to apply an Up2Date package to the system:

1) Log on to WebAdmin, navigate to Management >> Up2Date >> Overview and use Update to latest version now to install the Firmware Up2Date. Click on then Watch Up2Date Progress in new window and an extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
2) Download the Up2Date package from our HTTP or FTP Server and install it under Management >> Up2Date >> Advanced:

Astaro AxG Up2Date Download Mirrors: - Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2

Feedback - If you want to provide feedback or want to discuss any of the AxG V7 features you should post it on our User Bulletin Board. Please take care to add always(!) the version you refer to (e.g. "[7.302] Quarantine Report ").

If you have feedback to our documentation (Online Help) please send it to docu@astaro.com. There is also a demo server: http://demo.astaro.com (All Up2Dates are GNUPG-signed!)

Your Astaro R&D team

Astaro Comand Center 2.0 Released

Angelo Comazzetto — Tue, 17 Mar 2009 14:25:04 +0000

We are pleased to announce the General Availability of the Astaro Command Center Version 2.0. This new version introduces the major new ability to configure and manage IPSEC tunnels entirely within ACC itself.

By providing a centralized location from which to work with and deploy VPN tunnels between Astaro installations, administrators can save management time and automate many of the tasks involved in successfully linking sites together with encrypted links. The Astaro Command Center is an entirely free product that allows you to centrally monitor and maintain multiple Astaro installations & devices. If you currently are responsible for more than one Astaro Gateway product, ACC is designed for you!

Starting with this release, it is now possible to setup site-to-site VPN tunnels with an amazing degree of ease from within Astaro Command Center itself. Simply indicate the devices to be joined together via VPN, select a few options, and the rest is automated with no need to login to each individual WebAdmin for the configuration. ACC is presented in the same administrative style as our AxG Version 7 WebAdmin, so that if you are new to ACC you will have no trouble getting started within a familiar looking environment.

Astaro Command Center 2.0 Features

IPSec VPN configuration wizard

allows set-up of site-to-site connectivity with only a few clicks
supports RSA based authentication for high security environments
offers the same proven and efficient IPSec policy definitions as known from the ASG
supports static and dynamic IPSec connections (initiate, respond-only)
automatically imports locally accessible interface networks from selected devices
already-deployed VPNs can later be modified with the same wizard

IPSec VPN monitoring overview

shows VPNs currently managed by ACC
allows re-configuration of VPNs - enable/disable VPNs - delete existing VPNs
"at-a-glance" information covering: - tunnel status - deployment status - meta information (policy, auth-method, number of tunnels and devices)

IPSec VPN monitoring details

shows exact data on tunnel status, deployment, meta information
displays which devices are interconnected for this VPN

Extended Access Control

introduces an abstract "Configuration" role which can be assigned for different devices
defines which users can change current and future configuration settings

Licensing

There is currently no change in the ACC's FREE licensing model
The newly introduced configuration features are NOT enforced or restricted in any way
The free license can be used with the ACC V1.9/V2.0 software and virtual appliance
The free license is now valid until the end of 2009
Licenses for hardware appliances have not changed

Requirements

The new features in ACC V2 require at least an ASG 7.400
The AMG/AWG line of products do not provide IPSec VPN functionality
Future configuration features in ACC might be applicable to AMG/AWG products as well

Download

This new release is available as a software ISO image, a virtual machine, and ISO image for ACC appliances, along with Up2Date packages from ACC 1.903 and the ACC 1.980 BETA:

ACC ISO (Software Appliance):

URL: ftp://ftp.astaro.de/pub/ACC/v2/software_appliance/iso/acc-2.000-090318-1.iso
Size: 479 MB (501.420.032 bytes)
Md5sum: 5db3a29351fdf1d2e76627fa9ebc8e4e

ACC ISO (Multi-Point Appliance):

URL: ftp://ftp.astaro.de/pub/ACC/v2/hardware_appliance/iso/sci-2.000-090318-1.iso
Size: 495 MB (518.197.248 bytes)
Md5sum: c99cafcaf22ad250040785b17e24aae5

ACC Vmware ESX3 image:

URL: ftp://ftp.astaro.de/pub/ACC/v2/virtual_appliance/acc-2.000-ESX-v3.zip
Size: 1052 MB (1.103.420.088 bytes)
Md5sum: 37647bafc410c40662c7ee8a8fb9a233

Up2Date 1.903-2.000:

URL: ftp://ftp.astaro.de/pub/ACC/v1.9/up2date/u2d-sys-2.000.tgz.gpg
Size: 261 MB (273.855.332 bytes)
Md5sum: a136901d14180234b26f67f1ad7c3bfd

Up2Date 1.980-2.000 (for ACC V2 Beta users):

URL: ftp://ftp.astaro.de/pub/ACC/v2/beta/u2d-sys-2.000.tgz.gpg
Size: 121 MB (127.271.915 bytes)
Md5sum: c49b38dcf40982dc767f5059e175005c

Astaro ACC Download Mirrors: - Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2

If you want to provide feedback or want to discuss any of the ACC V2 features you should post it on our User Bulletin Board. Please take care to always(!) add the version you refer to (e.g. "[2.00] IPSEC Tunnel Wizard...").

If you have feedback to our documentation (Online Help) please send it to docu@astaro.com. There is also a demo server which will run ACC Version 2 in the near future: http://accdemo.astaro.com For further information, you can read the ACC V2 Release Notes here.

Regards,
Your Astaro R&D and Product Management Teams

7.400 Up2Date Re-Released

Angelo Comazzetto — Thu, 12 Mar 2009 14:32:45 +0000

The official GA Up2Date Package for 7.400 has now been made available. We'd like to thank you for your patience as we ensured the quality of the Up2Date experience for all our customers. We know many of you are eagerly waiting for the new features in this version! Read on for the relevant details.

Up2Date 7.400 Status Review
During the brief period where Up2Date 7.400 was officially available, we identified an issue that could possibly cause the installation of the Up2Date 7.400 to take extensive periods of time for some customers. To be cautious, we revoked the package from our servers for more testing, and substituted it with a placeholder package designed to inform customers about the delay. We have now identified the issue and corrected it, along with optimizing other parts of the Up2Date process. For all the details about 7.400, see our main posting here.

Changes in the Re-Release
While the Up2Date is the same, the process by which it is installed has been altered. To keep you fully informed, we'll explain a bit about the database migration process. In this release, we will now migrate & work on the database after 8pm (unit time) during the evenings. If the migration process requires more than a single night (9.5 hours), it will finish the current work task and then carry on again each night until the process completes.

This ensures the installation has all available resources during the daytime hours. Even during the evening, the migration process will run at a low priority to minimize impact, and the installation will be operational during these periods. As a result, depending on the size of databases being worked with, this could take several sessions to finish. We have also added some admin notification messages which will inform you of the progress of the migration, and a final notification when the process is fully complete. Lastly, this process will not be affected by a reboot or power loss (aside from further delaying the work from finishing), and Cluster/HA setups will also use this process.)

Up2Date Download and Installation
Regardless of if you have the placeholder 7.400 Up2Date or have not yet retrieved anything, you do not have to take any action to ensure the correct 7.400 package is obtained by your Astaro installation(s). Please check the package information tooltip (represented by a Blue "I" logo on the Up2Date page), to ensure you are installing the official 7.400 and not attempting to install the placeholder package repeatedly.

Up2Date 7.400 File Information
AxG 7.400 Up2Date (for all Astaro installations) Size: 247453087 bytes (241MB) MD5sum: b96a27efc3c6356f2293c7b6bb867eda *Depending on your location and the popularity of the Up2Date server in your area, you unit may require up to 72 hours to secure a download slot and retrieve the 7.400 Up2Date.

With a significant new release, please check our V7 Known Issues List to make sure you are not affected by one of these issues.

ACC BETA Up2date 1.980 Released

Angelo Comazzetto — Wed, 11 Mar 2009 17:41:56 +0000

We just made available a new ACC BETA release 1.980 based on our Beta tester feedback and our own testing so far during this beta. Read on for a short announcement. This release keeps us on track for ACC 2.000 being generally available during the 3rd week of March if the schedule proceeds as planned.

You can see our previous announcement for all the BETA details. This Up2Date 1.980 is a bug fix and progression release based on the feedback of our testing community which enhances the stability and performance of the Astaro Command Center BETA. We have 3 packages which are available to you, which can be used to update your existing BETA installation with 1.980, install 1.980 fresh from a full ISO image, or move your existing 1.903 stable version into the BETA 1.950 (use with caution!).

Other Astaro Command Center BETA Files: 1.980 (Up2Date for all Existing Beta Testers)
MD5sum: fd512eee49f9fe1f438a3ad9642e726b Size: 45.827.679 bytes (44 MB)

Full 1.980 BETA Software ISO Image
URL : ftp://ftp.astaro.de/pub/ACC/v2/beta/acc-1.980-090311-1.iso
Size : 477 MB (499.849.216 bytes)
Md5sum: 38dd4292bf24d25d96a652a73d9b75ca

Up2Date from Stable1.903 to BETA 1.950:
URL : ftp://ftp.astaro.de/pub/ACC/v2/beta/u2d-sys-1.980.tgz.gpg
Size : 44 MB (45.827.679 bytes)
Md5sum: fd512eee49f9fe1f438a3ad9642e726b

ACC V2.000 Beta Program Details
For full details about the ACC 2.000 Beta, please see our initial announcement and we'd like to encourage all testers to report their experiences at our Beta Forums.

An Important Word about BETA Releases
We realize many features of this upcoming release are things you may be eagerly awaiting. While we do love to have as many users and installations as possible testing and providing feedback, in environments where uptime is crucial, consider that BETA releases can contain severe bugs and otherwise cause operational concerns! Most importantly, BETA versions are not reliable indicators of the final quality/stability of a formal, general release version. All Up2Dates are GNUPG-signed!

Your Astaro R&D team

Up2Date 7.400 Status Report

Angelo Comazzetto — Thu, 05 Mar 2009 16:08:27 +0000

Thank you for your patience regarding our 7.400 Up2Date release

During the 3-day window where the Up2Date was available we had a small number of cases where the upgrade process took longer than was acceptable. To spare other users from experiencing this issue, we decided to withdraw the Up2Date. We have identified the cause of the problem and, assuming testing goes according to expectations, we'll re-release 7.400 in the course of next week.

We will keep you informed via this blog with any other news or developments.

Up2Date ASG 7.400 Delayed/Re-Issue

Gert Hansen — Sun, 01 Mar 2009 19:13:25 +0000

We have replaced any downloaded 7.400's (not yet installed) with a "placeholder" Up2Date which has new text/tooltip indicating it is not a valid package and cannot be installed.

We will reissue 7.400 again shortly, with 2 issues resolved regarding the installation process, at which point the "placeholder" up2date will be replaced with the valid 7.400 again. If you need more information which up2date your unit has downloaded, please check the tooltip of the 7.400 Up2date Package. I've posted a screenshot of what it looks like here.

If you have already downloaded and successfully installed 7.400, there is no need for any action/re-install on your part.

After further analyzing the delays some customers experienced after installing the 7.400 up2dates, which were related to the database upgrade process, we decided to withdraw the up2date from the servers for now and investigate the issue.

I am a customer, what should i do now?
All users that have already installed the up2date and the system rebooted fine, you have no problem. Just continue using it. All users that have not yet installed the up2date, please wait for now. The ASG will automatically delete the current up2date package and will download the new one once it is ready.

All users that have installed the up2date and are experiencing problems, please be either patient or contact the astaro support team, which will help you to overcome the situation.

Thank you for your understanding
Gert Hansen

Known Issue - Initial bootup after 7.400 installation may take longer than expected

Gert Hansen — Fri, 27 Feb 2009 12:59:51 +0000

Dear Customers and Partners, after the release of 7.400 we have receive lots of positive feedback from customers who love the new functionality. Besides all the good news our support teams have identified a potential issue on bigger installations.

After the successful installation of 7.400, the system needs to upgrade the reporting database during the next boot up. This process can take from few minutes up to two hours, during this process the system is not fully operational. The Duration of the upgrade procedure is directly dependent on the database size, which is larger on bigger systems. A customer with a 50GB reporting database needed 2 hours for the upgrade process.

Please do not power down or restart the system during this process as in worst case it can cause data loss through database corruption and it will not speed up this process. If you have a system in that state, please just be patient, the system will boot up properly after the database upgrade has been finished In order to minimize the downtime cause by this, we suggest to schedule the installation to non-business hours. If you want to accelerate this process you can reduce the size of your database by deleting older entries.

In order to do so, you need to change the Reporting Settings in WebAdmin > Reporting > Settings > Settings > Reporting Settings. There you can disable reports you don't need as well as lower the duration how long reporting data is retained. The smaller you configure the duration, the less data will be in the database and the faster the upgrade process will be finished.

After making changes to these settings, you have to wait at least 12-18 hours, as the database maintenance process runs twice a day, which than will do the reduction of the database size. During this process, the system is fully operational. If you have further question, please don't hesitate to contact your Astaro Partner or us directly.

Best regards
Gert Hansen

Announcing 7.400 General Availability Release!

Angelo Comazzetto — Thu, 26 Feb 2009 14:30:26 +0000

After a hugely successful BETA program spanning several months and including thousands of comments and feedback, Astaro is proud to today release our Version 7.400, making it Generally Available for all Astaro Security, Mail, and Web Gateway Products.

This release brings new features which will enhance the functionality and capabilities of your AxG installation. Most notably are the introduction of full WAN Link Balancing, HTTPS Filtering, Site-to-Site SSL VPN, and Cisco IPSec Client Support, along with dozens of other exciting new features.

*A special thanks to our many BETA testers for your feedback! It allows us to deliver you the best possible product. We will shortly announce the winners and resulting BETA program giveways.

For the details of this release, along with links to download and documentation, please read further... As this is an extensive release, I'd invite you to carefully review the following post, as it has a lot of useful information that both inform you, and answer potential questions.

What's new in V7.400?

The following new major features are being introduced:

HTTPS Filtering

Scan and Filter HTTPS Content
Block programs that use HTTPS to circumvent/tunnel around the proxy filters

WAN Link Balancing

Make full use of multiple Internet connections
Automatically balance traffic and/or...
Optionally, create detailed rules for which traffic should use which gateway
Automatically fail-over across prioritized connections when needed
Balance and use more than just two connections

Site-to-Site SSL VPN

Extends our popular roadwarrior offering to Site-Site applications
Setup in seconds with easy config download/import
Full IP-Access allows for true alternative to IPSEC-based VPN's

Customizable URL Filtering Groups

It is now possible to create and delete URL filtering groups
Category selection box has been improved

PDF & CSV Report Support

The Daily, Weekly, and Monthly executive reports can be generated as PDF
Most reports can now be exported/saved in these popular formats
It is possible to now receive various reports in these formats via Email

New AV Engine

New Avira engine replaces outgoing Authentium
Clam AV still used as 2nd engine offering

Availability Network Groups

Creates ordered group of network resources, accessed in sequence when the first resource is unavailable.
Useful for many areas of configuration to introduce redundancy
Create redundancy in VPN Gateway Targets
Specify fallback server(s) for Directory Authentication

User Object Toggle

It is now possible to disable User-Objects vs. deleting them
Disabled objects will display an inactive icon and be grayed out in selection areas and lists

Cisco(tm) IPSEC Client Support

You can now create tunnels to AxG Devices using this client
Mobile devices (such as IPhone) and their VPN options are also now extended via this feature

Other

The "Test-User" Authentication tool will now report the group(s) the user is part of
Historial Executive Reports are now available
Reports can now be anonymized to address privacy/corporate/legal requirements
DynDNS now supports multiple interfaces
DynDNS is now compatible with Upstream NAT/Masq.
WebAdmin will now display DynDNS Status
Visit the UserPortal via iPhone for specialized download for this device
Improved the experience of Up2Date Notification and Progress for the Administrator

Release Notes
Besides the new functionality and features, V7.4 includes dozens of minor updates and tweaks that improve usability, polish WebAdmin, fix bugs, and increase performance and throughput of various systems. A detailed description of the new features, changes, system requirements as well as installation and upgrade information is included within the AxG V7.4 Release Notes.

Up2Date Package Information

Existing configuration will not be changed
System will be rebooted
Database will be extended on next bootup (may take some minutes)

News:

Added HTTPS filtering to HTTP Proxy
Added full transparent mode to HTTP Proxy
Added support for WAN uplink balancing
Added support for ACC 2.0 (VPN configuration)
Added support SSL Site-to-Site VPN
Added support for creating PDF and CSV reports
Added support for availability network groups
Added german and french translation to WebAdmin
Replaced Authentium AV scanner by Avira
Improved HA/Cluster syncronisation
Improved Intrusion Protection rule handling
Improved IPsec stability and performance
Improved Up2Date progress

Bugfixes:

Fix [5474]: No progressbar for UPS is shown in WebAdmin
Fix [5997]: Users may use HTTP Proxy even if not explicitly allowed
Fix [6620]: QoS rules are not applied to backup interface when using UFO
Fix [8317]: USV support is not working properly
Fix [8626]: DHCP fails to start on state toggle in WebAdmin
Fix [8875]: Active Directory Browser makes no sense when groups should be used in HTTP-Proxy
Fix [9239]: End users can't release spam on HA systems after a power outage
Fix [9249]: External SMTP server for notifications not used after a reboot
Fix [9278]: klips error by transmit big traffic through the ipsec tunnel
Fix [9374]: DKIM signature will not be added in some cases
Fix [9449]: Problem accessing internal servers via HTTP Proxy on cluster nodes
Fix [9617]: usernames which contains german umlauts cannot be authenticated via AD SSO (NTLM)
Fix [9914]: HTTP Proxy erroneously sets keep alive for some requests

7.400 Download & Important Install Information - Please read the following carefully!

The Astaro Up2Date technology makes it easy to upgrade your installation to the latest version. The moment your device obtains a download slot, the Up2Date will be automatically downloaded, verified, and made available for installation. Depending on your location and bandwidth, this could take up to 72 hours from initial launch due to the size and scale of this release.

It is NOT necessary to do anything in order to obtain 7.400, however if you are excited to install the new release ASAP, there are two ways to manually download an Up2Date package for the system so it can be imported to WebAdmin and applied.

New ISO's are also being made available for Software, Appliances, and the Astaro Smart Installer.

Up2Date Package 7.400 - Up2Date works for ALL products (AxG software/hardware/virtual appliance)

7.306-7.400 Server: ftp://ftp.astaro.de/pub/ASG/v7/up2date/

Size: 247009254 bytes
Md5sum: 5f8fd4be2c8c740bc7400d808f5a2bc6

7.395 BETA-7.400 Server: ftp://ftp.astaro.de/pub/ASG/v7/beta/

Size: 11341359 bytes
Md5sum: c7e79f0a03a786499ecff45d06b6495f

Astaro Security Gateway 7.400 Images

Software appliance (ASG) ISO image
Server: ftp://ftp.astaro.de/pub/ASG/v7/software_appliance/smart_installer/
Size: 462767275 bytes
Md5sum: 54e1600e6238ce7e79f3c7ea51484108

VMware Image (Server/Player/Workstation)
Server: ftp://ftp.astaro.de/pub/ASG/v7/virtual_appliance/
Size: 1011126099 bytes
Md5sum: 55b3d3bcb7a061ed4b8c6ede8c689c30

VMware Image (ESX Server)
Server: ftp://ftp.astaro.de/pub/ASG/v7/virtual_appliance/
Size: 1033515497 bytes
Md5sum: 10fecbc83e43244604d9c582fae8eb6b

Hardware Appliance Image (SSI) ISO image
Server: ftp://ftp.astaro.de/pub/ASG/v7/hardware_appliance/iso/
Size: 533686272 bytes
Md5sum: 745a3e0c58ff6450cfc78f836239fb12

Astaro Smart Installer (ASI) USB image
Server: ftp://ftp.astaro.de/pub/ASG/v7/hardware_appliance/smart_installer/
Size: 478922617 bytes
Md5sum: 210395f1cc9c0b0def55e66514e7f77a

Astaro Web Gateway 7.400 Images

Software appliance (AWG) *NEW* ISO image
Server: ftp://ftp.astaro.de/pub/AWG/v7/software_appliance/iso/
Size: 472279040 bytes
Md5sum: 2a6d0e75a39dbe5e6bc8b2bd3b44006a

Astaro Smart Installer (ASI) USB image
Server: ftp://ftp.astaro.de/pub/AWG/v7/software_appliance/smart_installer/
Size: 434757852 bytes
Md5sum: efdfeccc8a9fe957be537b41596a0309

VMware Image (Server/Player/Workstation)
Server: ftp://ftp.astaro.de/pub/AWG/v7/virtual_appliance/
Size: 963509938 bytes
Md5sum: f109029bbb91db1408342cb0bc4c692e

VMware Image (ESX Server)
Server: ftp://ftp.astaro.de/pub/AWG/v7/virtual_appliance/
Size: 981035784 bytes
Md5sum: 1f49259f37d375c22334d4b2f7e460d1

Hardware Appliance Image (SWI) ISO image
Server: ftp://ftp.astaro.de/pub/AWG/v7/hardware_appliance/iso/
Size: 484861952 bytes
Md5sum: cc375dc0e96480d6284fee3497da85b0

Astaro Smart Installer (ASI) USB image
Server: ftp://ftp.astaro.de/pub/AWG/v7/hardware_appliance/smart_installer/
Size: 441306517
Md5sum: 88a2f5c9fa3bda19bd0a870c4ae9596f bytes

Astaro Mail Gateway 7.400

Software appliance (AMG) *NEW* ISO image
Server: ftp://ftp.astaro.de/pub/AMG/v7/software_appliance/iso
Size: 476440576 bytes Md5sum: c29b64e1ecd254223f3ea10355b005aa

Astaro Smart Installer USB image
Server: ftp://ftp.astaro.de/pub/AMG/v7/software_appliance/smart_installer/
Size: 438284586 bytes
Md5sum: 05899435834e8ddb3943ee7bfe88cd9a

VMware Image (Server/Player/Workstation)
Server: ftp://ftp.astaro.de/pub/AMG/v7/virtual_appliance/
Size: 960385330 bytes
Md5sum: 9fac7d6551255259c9c7596ba10114b8

VMware Image (ESX Server)
Server: ftp://ftp.astaro.de/pub/AMG/v7/virtual_appliance/
Size: 982203217 bytes
Md5sum: d9f9e8305b724d7753a80c48565e3a42

Hardware Appliance (SMI) ISO image
Server: ftp://ftp.astaro.de/pub/AMG/v7/hardware_appliance/iso/
Size: 489023488 bytes
Md5sum: 647e3727736bb4479b3c611abdcf49ba

Astaro Smart Installer USB image
Server: ftp://ftp.astaro.de/pub/AMG/v7/hardware_appliance/smart_installer/
Size: 444152172 bytes
Md5sum: 890eddefa4d312b414a8c38037616ed6

A note about some FTP cleanup: The redundant directories below will be removed shortly. - ftp://ftp.astaro.de/pub/ASG/v7/install - ftp://ftp.astaro.de/pub/AWG/v7/install In addition there are 3 new tools/shortcuts for debugging available: - 'atop' is an advanced interactive monitor for viewing load on system and process level - 'psg' is a small function which greps in the ps axf output for the arguments specified - 'version' gives a neat overview about the current system version and type

Additional Mirrors Information (Manual Directory Navigation)
HTTP: - Astaro US - Astaro US2 FTP: - Astaro US - Astaro US2

The Astaro Security Gateway Administration Guide, a hardware compatibility list and a Known Issues List for the GA release are available on our knowledge base .

A Word About Memory Upgrades
As mentioned previously, ASG 110/120, 220, and 320 appliances can take advantage of our recently released RAM upgrade options, which will give more life and performance out of your investment. While upgrading is NOT required or enforced in order to install and operate Version 7.400, some appliances depending on their current usage may get significant benefits by taking advantage of this offer. For more information on available upgrades, please contact your Astaro Partner, Distributor, or Sales Contact. We have also made available a serial number submission page to assist you, which will quickly analyze the number of your unit(s) and inform you of the upgrade options.

Feedback
If you want to provide feedback or want to discuss any of the V7 features you should post it on our User Bulletin Board. Please take care to add always(!) the version you refer to (e.g. "[7.400] Quarantine Report "). If you have feedback to our documentation (Online Help) please send it to docu@astaro.com. There is also a demo server that showcases all the new awesomeness: http://demo.astaro.com All Up2Dates are GNUPG-signed! Enjoy the new things!

Your Astaro Product Management and R&D Teams

Astaro Command Center 2.0 BETA Begins

Angelo Comazzetto — Wed, 25 Feb 2009 14:00:00 +0000

We would like to announce that the Astaro Command Center will have a new 2.0 Version in the coming weeks, and are making available a BETA version of this release so that you can experience the new functionality and offerings, while having the opportunity to provide us with feedback, bug reports, and impressions of the product.

The Astaro Command Center is a centralized management platform which creates a "throne room" from which to manage multiple Astaro Installations. If you currently are responsible for more than a single Astaro Product (or Hundreds), Command Center is the perfect product for you, and is FREE of charge! Read on for further details of the BETA program. So far, the Astaro Command Center has offered the ability to schedule Up2Date installations across multiple devices, monitor resource usages, get license information & detailed per-installation statistics, and access WebAdmin for any connected Astaro with the push of a button.

Most recently in the 1.9 release of Command Center, we have introduced a dual-portal system with new management features, so partners can offer MSP-style services for multiple companies which can connect to the same ACC server, while being able to create user accounts with specific device visibility and permissions to separate these customers into secure groups of devices for management.

For ACC 2.0 BETA and beyond, configuration functionality will be introduced. Starting with this release, it is now possible to setup site-to-site VPN tunnels with an amazing degree of ease from within ACC itself. Simply indicate the devices to be joined together via VPN, select a few options, and the rest is automated. It can even be used to create multi-site Hub & Spoke or Full Mesh between many devices. The product is presented in the same administrative style as our Version 7 WebAdmin, so that if you are new to ACC you will have no trouble getting started.

Astaro Command Center 2.0 BETA Features

IPSec VPN configuration wizard

allows set-up of site-to-site connectivity with only a few clicks
supports RSA based authentication for high security environments
offers the same proven and efficient IPSec policy definitions as known from the ASG
supports static and dynamic IPSec connections (initiate, respond-only)
automatically imports locally accessible interface networks from selected devices
already-deployed VPNs can later be modified with the same wizard

IPSec VPN monitoring overview

shows VPNs currently managed by ACC
allows re-configuration of VPNs - enable/disable VPNs - delete existing VPNs
"at-a-glance" information covering: - tunnel status - deployment status - meta information (policy, auth-method, number of tunnels and devices)

IPSec VPN monitoring details

shows exact data on tunnel status, deployment, meta information
displays which devices are interconnected for this VPN

Extended Access Control

introduces an abstract "Configuration" role which can be assigned for different devices
defines which users can change current and future configuration settings

Licensing

There is currently no change in the ACC's FREE licensing model
The newly introduced configuration features are NOT enforced or restricted in any way
The free license can be used with the ACC V1.9/V2.0 software and virtual appliance
The free license is now valid until the end of 2009
Licenses for hardware appliances have not changed

BETA Requirements

The new features in ACC V2 BETA require at least an ASG 7.400 (or 7.395 Beta)
The AMG/AWG line of products do not provide IPSec VPN functionality
Future configuration features in ACC might be applicable to AMG/AWG products as well
As part of testing this release, your experiences/comments or review is to be posted in the ACC 2.0 Beta Forum.

How to become a Beta Tester
We try to ensure the opportunity is available for anyone to test our BETA release of ACC 2.0, customers, partners, prospects, and home users alike. All you need to do is download the release image, install it on your own hardware or virtual machine, and configure your ASG installation to transmit its data to the ACC device. These following sections will provide all the information you need to download, install and test the ACC 2.0 BETA.

Testing Period
February 25th - March15th

Download
This initial BETA version can be tested by downloading and installing the complete ISO image,or by manually applying the 1.903-->1.950 Up2Date to an existing system. If you decide to install new, or want to mirror an existing installation for fallback, it is possible to restore a backup from an earlier version of ACC 1.9x into 1.950 as well.

New installation:

ACC ISO:

URL: ftp://ftp.astaro.de/pub/ACC/v2/beta/acc-1.950-090225-3.iso
Size: 485 MB (507.774.976 bytes)
Md5sum: 593fe214e923565a3b474628a929292e

Up2Date 1.903-1.950:

URL: ftp://ftp.astaro.de/pub/ACC/v2/beta/u2d-sys-1.950.tgz.gpg
Size: 269 MB (281.706.774 bytes)
Md5sum: 3ec28e246e4a484be0ced3d2b6478e63

Limitations and Hints
The ACC 2.0 BETA is not going to be supported via official Astaro support plans, however the ACC development team will be closely monitoring and participating in your feedback, questions, and troubles via our ACC BETA Support Form. As with any BETA software, please be aware if you test this in a production environment you may experience no issues at all, or alternatively, bad things may happen. While we would like as much feedback as possible to ensure the quality of the final release, do not test this release if you cannot accommodate possible oddities as result of the pre-release nature of this offering!

Test Cases
After installing the ACC 2.0 BETA, we are particularly interested in your experiences regarding the number of machines you setup to be managed by your ACC, the hardware used, bandwidth of the connections involved, and other scaling/system specifications, along with your experienced performance. Further, and most importantly, please test and work with the VPN configuration tool and let us know your thoughts.

Feedback
Please post any feedback and discuss any of the ACC BETA features on our ACC BETA version forum. Your Efforts Rewarded! Your feedback is key to our efforts, as it allows us to deliver a final product to you of the highest quality. As a result, participants in our Beta Program for ACC 2.0 will have the chance to win one of 3 Amazon Gift Cards for 100 dollars. Please qualify by actively posting and participating in discussions on our ACC BETA version forum for details.

Regards,
Your Astaro Product Management Team

BETA Up2date RC2 (7.395) Released

Angelo Comazzetto — Thu, 19 Feb 2009 16:12:35 +0000

Astaro has just now started publishing 7.395, our RC2 release, to the Up2Date servers. For our BETA testers, this provides final feedback adjustments and polish, and will likely be the final BETA release until 7.400 officially launches next week. Read on for the details.

Overview
This release of RC2 sets the stage for the GA 7.400 release next week during the end of February if the schedule proceeds as planned. You can see our previous announcements for all the BETA details as required.

Up2Date Details 7.395 is a bugfix and progression release based on the feedback of our testing community, and finalizes most areas of the 7.400 Up2Date. For maximum adoption and testing, we are releasing this BETA Up2Date as ISO's for ASG software and appliances, as well as Up2Date Packages from 7.390->7.395 and 7.306->7.395 for those that wish to experience all the new offerings before public launch. All packages are available in the BETA area of our main FTP server.

Up2Date Packages

ASG Software ISO:
Size: 510408704 bytes (486 MB)
Md5sum: d78d0dd8f7fae0a6c8062ddc37193ad6

SSI-ISO

Size: 533843968 bytes (509 MB)
Md5sum: 364b9ec49cf9c07274e89969381d3460

Up2Date 7.390-395

Size: 138065867 bytes (131 MB)
Md5sum: 8105ab0de193786504e245a127ca2d97

Up2Date 7.306-7.395:

Size: 246837376 bytes (232 MB)
Md5sum: 4d494c5748e3bf1484908cf19b6d192e

V7.400 Beta Program Details
For full details about the 7.400 Beta, please see our initial announcement here, and we'd like to encourage all testers to report their experiences at our Beta Forums

An Important Word about BETA Releases
While we realize many features of the upcoming 7.400 are things you may be eagerly awaiting, and we do love to have as many users and installations as possible testing and providing feedback, in environments where uptime is crucial, note that Beta releases can contain severe bugs and otherwise cause operational concerns, and are not indicators of the final quality and stability of a formal, General release version. All Up2Dates are GNUPG-signed!

Your Astaro R&D team

BETA Up2date 7.390 Released

Angelo Comazzetto — Thu, 05 Feb 2009 17:13:39 +0000

A quick note that we just made available a new BETA release 7.390 based on our Beta tester feedback and our own testing. Read on for a short announcement.

This release keeps us on track for 7.400 being generally available during the 3rd week of February if the schedule proceeds as planned. You can see our previous announcements for all the BETA details.

This Up2Date 7.390 is a bugfix and progression release based on the feedback of our testing community.

7.390 (Up2Date for all Existing Beta Testers only)

MD5sum: f90debecfdca17a32e79be209399da29
Size: 123601045 bytes (117MB)

V7.400 Beta Program Details
For full details about the 7.400 Beta, please see our initial announcement here, and we'd like to encourage all testers to report their experiences at our Beta Forums

Your Astaro R&D team

Up2Date ACC 1.903 Released

Angelo Comazzetto — Wed, 04 Feb 2009 15:43:02 +0000

A new Up2Date 1.903 for Astaro Command Center is now available for download and installation. This is a stability release to further solidify your ACC installation. Additionally it will support new and upgraded appliance models in accordance to the Astaro Gateway Product line Up2Date 7.306.

Remarks: - System will be restarted after installation

News: - Support for new and upgraded appliance line models - Fixed erroneous ACL behavior when assigning user rights

Fixes:

9352 Fix and extend Up2Date Cache init script functions
9659 Forced logout from Gateway Manager when changing rights
9685 Fix parent proxy handling in Up2Date Cache
9775 Fix exotic deadlock situation when user sessions are destroyed
9776 Core daemon crashes on WebAdmin SSO to an unreachable device
9807 New images for appliances with upgraded memory
9845 New images for upcoming ASG x25 appliance

Up2Date: All Up2Dates are GNUPG-signed!
The Astaro Up2Date technology makes it easy to upgrade your installed Astaro Command Center V1.902 to the latest version. There are two ways to apply an Up2Date package to the system:

2) Download the Up2Date package from our HTTP or FTP Server and install it under Management >> Up2Date >> Advanced Up2Date package: Download: u2d-sys-1.903.tgz.gpg Size: 32M (34056784 bytes) md5sum: 2289834757cf8ec348ff3cfc75b76189

Astaro FTP server: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Japanese Mirror
Astaro HTTP server: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Japanese Mirror

If you want to provide feedback or want to discuss any of the ACC V1.9 features you should post it on our User Bulletin Board. Please take care to always(!) add the version you refer to (e.g. "[1.902] Gateway Manager ..."). If you have feedback to our documentation (Online Help) please send it to docu@astaro.com. There is also a demo server: http://accdemo.astaro.com

Regards,
Your Astaro R&D and Product Management Teams

Up2Date 7.306 Released: Appliance Ram Upgrades Available

Angelo Comazzetto — Mon, 02 Feb 2009 16:45:30 +0000

Greetings! Astaro has released Up2Date Package 7.306 this morning, which is now being published to our Up2Date servers for distribution. This Up2Date is for a single purpose, which is designed to inform our Astaro Security Gateway appliance users about the upcoming 7.400 release and allow them to prepare by taking advantage of some new offerings for certain appliance models. Read on for the full story.

Overview

Please read this message carefully, as it contains important information about new options for certain ASG appliance owners. Astaro users have always enjoyed the ability to upgrade their appliances across even major versions, usually removing the need to buy all new appliances just for software-versioning's sake. This does however mean that appliances with more dated hardware specifications can be stressed as more features are added (and enabled by the user) as we progress. ASG 7.306 will analyze the memory usage of your appliance, and if in the past 7 days the memory usage has gone above 70%, a notifier screen will be published to the Up2Date screen WebAdmin, informing you that for a good 7.400 experience with the new features, you should consider an upgrade, outlined below.

Please read this message carefully, as it contains important information about new options for certain ASG appliance owners. Because the upcoming 7.400 release adds dozens of new features and hundreds of changes, we have decided to offer memory upgrades to certain appliances to give even more life to the platforms. These available upgrades will be only for the ASG 110/120, ASG 220, and ASG 320 products. New Memory Requirements for ASG The minimum recommended RAM for 7.400 and Astaro Security Gateway UTM appliances is 1024MB, and while the number of features, combined with the number of users/load, will ultimately determine if this upgrade is needed for your existing appliances at this time. As such, you are not required to purchase any of these upgrade options, but they exist for you should you wish to take advantage of them.

New Memory Configurations Starting today, all new ASG 110/120, 220, and 320 appliances will ship with newly upgraded memory configurations. Specifically: -The ASG 110/120 will now have 1GB (1024MB) of memory. -The ASG 220 will now have 1GB (1024MB) of memory. -The ASG 320 will now have 2GB (2048MB) of memory.

Memory Upgrade Kits For current users of ASG 110/120, ASG 220, and ASG 320 appliances, we have made every effort to provide you with options for extending the capabilities of your platform. -Owners of the ASG 110/120 Revision's 1 and 2 can purchase an official 1GB upgrade kit -Owners of the ASG 220 Revision 2 can purchase an official 1GB upgrade kit -Owners of the ASG 320 (all models) can purchase an official 2GB upgrade kit These kits are certified by Astaro as fully compatible with your appropriate appliance, and include detailed instructions as to how to upgrade the memory in your unit.

Appliance Trade-In Option Owners of the ASG 110/120 Revision 0, and the ASG 220, Revision 1, are not able to purchase upgrade kits due to these units not supporting more than 512MB of memory. For these owners, we have made available very special unit-exchange pricing which will allow you to purchase the latest version of the ASG 110/120 or ASG 220 at a special trade-in price.

Availability Both the memory upgrade kits, and appliance trade-ins are now available, so that our users have plenty of time to prepare before Version 7.400 launches later this month. If you would like pricing information for your region, or are unsure of your model and would like clarification which upgrade options are available to you, please contact your Astaro Partner, Distributor, or Sales Representative for more information.

IMPORTANT NOTE In order to ensure your warranty remains intact, and the operation of your ASG appliance continues error-free, we must stress that using non-Astaro memory upgrades may cause serious side-effects to your appliance operation. Our appliances require very specific modules that are purpose tested for quality, performance, and meet strict specification guidelines. Using non-Astaro memory upgrades may cause your appliance to not boot, boot but with reduced memory capacity, or even boot fine and cause kernel panics, disk errors, and other irregular operation. For this reason the upgrade kits have been aggressively priced, as we wish to make these upgrades available to everyone at an affordable cost for extending your appliance's lifetime.

7.306 Up2Date Details Remarks: Configuration will not be changed

News: - ASG appliances with a high memory usage will see a notifier in the Up2Date section informing them of new memory upgrade options. All Up2Dates are GNUPG-signed! In regards to the new features and benefits of AxG 7.3, please read the V7.3 Release Notes PDF. The Astaro Up2Date technology makes it easy to upgrade your installed Astaro Security Gateway to the latest version. There are two ways to apply an Up2Date package to the system:

2) Download the Up2Date package from our HTTP or FTP Server and install it under Management >> Up2Date >> Advanced: (MD5sum: 1e0e21126d3edb1bedf7dbf1c343803f Size: 18771269 bytes)

HTTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Japanese Mirror
FTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Japanese Mirror

Feedback If you want to provide feedback or want to discuss any of the AxG V7 features you should post it on our User Bulletin Board. Please take care to add always(!) the version you refer to (e.g. "[7.302] Quarantine Report "). If you have feedback to our documentation (Online Help) please send it to docu@astaro.com. There is also a demo server: http://demo.astaro.com All Up2Dates are GNUPG-signed!

Your Astaro R&D team

BETA Up2Date 7.386 Released

Angelo Comazzetto — Mon, 19 Jan 2009 15:35:58 +0000

This BETA Up2Date contains fixes for the BETA 7.4 release, and contains a new French translation of WebAdmin, as well as three small fixes for HTTP Proxy, SNMP and bootup order of programs.

Participate in the Beta Program
Your feedback is important to us, and we'll reward testers with a chance at Amazon Gift Certificates, special 25 IP home-user licenses, and of course the opportunity to contribute to 7.4's success. Beta V7.386 is available as an Up2date for existing Beta testers, however see our previous postings for how to Up2Date from Version 7.305 to 7.380 to begin testing without the need to install from a dedicated Beta ISO image. (These are however available for your Astaro software or hardware appliance.)

Download Information
Download via our main FTP site or any of our mirrors such as ftp.astaro.com. 7.386 (Up2Date for all Existing Beta Testers) ------------ MD5sum: 466d9c8b9cf9bb1df970fcd60356e227 Size: 18260267 bytes

V7.400 Beta Program Details
For full details about the 7.400 Beta, please see our initial announcement here, and we'd like to encourage all testers to report their experiences at our Beta Forums.

An Important Word about BETA Releases
While we realize many features of the upcoming 7.400 are things you may be eagerly awaiting, and we do love to have as many users and installations as possible testing and providing feedback, in environments where uptime is crucial, note that Beta releases can contain severe bugs and otherwise cause operational concerns, and are not indicators of the final quality and stability of a General release. All Up2Dates are GNUPG-signed! Your Astaro R&D team

BETA 7.385 Up2Date Released

Angelo Comazzetto — Fri, 16 Jan 2009 00:14:43 +0000

In continuing our BETA program of the upcoming 7.400 release, we have today issued a new Beta Version 7.385 for your testing, based on your feedback. Please read on for details of this release. Due to the excellent feedback and reports from our Beta testing community, we have had the opportunity to verify your results and further tune this release. This Beta Up2Date contains fixes in almost every area, with major adjustments, fixes, and polish for the HTTPS filtering, WAN link balancing, and both single and cluster installations with large database sizes.

Participate in the Beta Program
With Beta V7.385, we move closer to a release version and wish to re-state that we appreciate all existing testers, and those that will take this opportunity to join us in testing our latest technology and feature offerings. Your feedback is important to us, and we'll reward testers with a chance at Amazon Gift Certificates, special 25 IP home-user licenses, and of course the opportunity to contribute to 7.400's success. Beta V7.385 is available as an Up2date for existing Beta testers, however see our previous postings for how to Up2Date from Version 7.305 to 7.380 to begin testing without the need to install from a dedicated Beta ISO image. (These are however available for your Astaro software or hardware appliance.)

Download Information
Download via our main FTP site or any of our mirrors such as ftp.astaro.com. 7.385 (Up2Date for all Existing Beta Testers) ------------ MD5sum: 28c8967bb79d84025a2af9dfcabd46aa Size: 116423658 bytes (approximately 106MB)

V7.400 Beta Program Details
For full details about the 7.400 Beta, please see our initial announcement here, and we'd like to encourage all testers to report their experiences at our Beta Forums.

An Important Word about BETA Releases
While we realize many features of the upcoming 7.400 are things you may be eagerly awaiting, and we do love to have as many users and installations as possible testing and providing feedback, in environments where uptime is crucial, note that Beta releases can contain severe bugs and otherwise cause operational concerns, and are not indicators of the final quality and stability of a General release. All Up2Dates are GNUPG-signed! Your Astaro R&D team

AxG V7.400 BETA Updates Released

Angelo Comazzetto — Mon, 15 Dec 2008 12:40:59 +0000

During the past few weeks Astaro has been conducting an open Beta for our 7.400 release.

We have made available two updates since the initial offering, both of which allowed us to address bugs and further polish 7.400 based on your valuable feedback. Read on for the current status of the 7.400 Beta and how you can get an advance look at one of our most exciting releases yet! The 7.400 Beta has received 2 incremental Up2Date releases, 7.360 and 7.380. These mainly address bugs and perform enhancements based on the hundreds of posts by our Beta community which provide feedback to us in our Beta Forums.

Participate in the Beta Program
With Beta V7.380, we are very close to a release candidate, and wish to encourage more users to test as they are able. Your feedback is important to us, and we'll reward testers with a chance at Amazon Gift Certificates, 25 IP home-use licenses, and of course the opportunity to contribute to 7.400's success. Beta V7.380 is available as an Up2date from Beta V7.360, a Software ISO, and a Hardware (SSI) ISO for testing on ASG appliances. New for Beta V7.380 is an Up2Date package allowing you to test the Beta without the need to re-install

Download Information
Download via our main FTP site or any of our mirrors such as ftp.astaro.com.

7.360-7.380 (Up2Date for Existing Beta Testers)

MD5sum: 231d4870c3fb27fc3c220a4731b852f1
Size : 212968785 bytes 7.305-7.380 (Up2Date

Package for all 7.305 installations wishing to test the Beta)

MD5sum: 83b2c54ad475c925a3dc51d3debc9071
Size : 230112614 bytes

*Info: this package is located in subdirectory "7.305-7.380"

ASG 7.380 (Software ISO for your own Hardware)

MD5sum: a22938770c96561152deac23f80580f1
Size: 500795392 bytes

SSI 7.380 (For ASG Appliances)

MD5sum: da4690643aca3df5bf446367b8df1465
Size: 524232704 byte

V7.400 Beta Program Details
For full details about the 7.400 Beta, please see our initial announcement here. All Up2Dates are GNUPG-signed! Your Astaro R&D team

Up2Date ACC V1.902 Released

Angelo Comazzetto — Mon, 08 Dec 2008 12:42:42 +0000

Astaro Command Center V1.902 is now available for download and installation.

This is a stability release to further solidify your ACC installation.

Remarks: - System will be restarted after installation

News: - Improved handling for stale sessions in Gateway Manager - Added support for shortcut "any" device group - Enhanced performance for filter bar

Fixes:

9361 Filter bar does not work correctly (Level column) on Dashboard->ListView
9362 Improve performance of FilterBar for large number of devices
9371 After deleting all devices treeview shows negative device count
9388 Treeview with only one level of subnodes should display connected images
9419 Core daemon needs to gather initial data on a best-effort basis
9447 Can't 'delete' or 'deny' new connected devices on Management->Registration page
9472 Treeview doesn't disappear after clicking the deny button on registration page
9535 Cleanup of stale sessions when browser window is closed

Up2Date: All Up2Dates are GNUPG-signed! The Astaro Up2Date technology makes it easy to upgrade your installed Astaro Command Center V1.901 to the latest version. There are two ways to apply an Up2Date package to the system:

Astaro FTP server: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Japanese Mirror
Astaro HTTP server: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Japanese Mirror

Regards,
Your Astaro R&D and Product Management Team

AxG V7.400 BETA Available!

Angelo Comazzetto — Thu, 20 Nov 2008 14:29:55 +0000

Greetings! Astaro would like to invite you to participate in the AxG V7.400 Beta Test Program. Our new release introduces many new and exciting things that you have asked us for.

We've listened, and you will now have functions such as HTTPS Scanning and WAN Link Balancing. By offering this pre-release of V7.4 we hope to gather feedback from you regarding our latest efforts, and are particularly interested in how the new features perform for you. Any time you can spend in documenting your experiences during this BETA via the forums (information posted below) allows us to build you the best possible product. Read on for a larger list of the new things...

What's new in BETA ASG V7.400?

The following new features are being introduced:

New HTTPS Filtering

Scan and Filter HTTPS Content
Block programs that use HTTPS to circumvent/tunnel around the proxy filters

WAN Link Balancing

Make full use of multiple Internet connections
Automatically balance traffic
Optionally, create detailed rules for what traffic should use which gateway
Automatically fail-over across prioritized connections when needed
Balance and use more than just two connections

Site-to-Site SSL VPN

Extends our popular roadwarrior offering to Site-Site applications
Setup in seconds with easy config download/import
Full IP-Access allows for true alternative to IPSEC-based VPN's

Customizable URL Filtering Groups

It is now possible to create and delete URL filtering groups
Category selection box has been improved

PDF & CSV Report Support

The Daily, Weekly, and Monthly executive reports can be generated as PDF
Most reports can now be exported/saved in these popular formats
It is possible to now receive various reports in these formats via Email

New AV Engine

New Avira engine replaces Authentium
Clam AV still used as 2nd engine offering

Availability Network Groups

Creates ordered group of network resources, accessed in sequence when the first resource is unavailable
Useful for many areas of configuration to introduce redundancy
Create redundancy in VPN Gateway Targets
Specify fallback server(s) for Directory Authentication

User Object Toggle

It is now possible to disable User-Objects vs. deleting them
Disabled objects will display an inactive icon and be grayed out in selection areas and lists

Cisco(tm) IPSEC Client Support

You can now create tunnels to AxG Devices using this client
Mobile devices (such as IPhone) and their VPN options are also now extended via this feature

Other

The "Test-User" Authentication tool will now report the group(s) the user is part of
Historial Executive Reports are now available
Reports can now be anonymized to address privacy/corporate/legal requirements
DynDNS now supports multiple interfaces
DynDNS is now compatible with Upstream NAT/Masq.
WebAdmin will now display DynDNS Status
Visit the UserPortal via iPhone for specialized download for this device
Improved the experience of Up2Date Notification and Progress for the Administrator

Besides the new functionality and features, V7.4 includes dozens of minor updates and tweaks that improve usability, polish WebAdmin, fix bugs, and increase performance and throughput of various systems. We'll post more of this throughout the BETA and final release.

Known-Issues

Online help & associated documentation has not been updated for new or changed features (yet).

How to become a Beta Tester Effective and reliable Internet Security is mission critical to all our customers. A comprehensive testing procedure is required to achieve the right level of perfection for Astaro products in a production environment. The following sections will provide all the information you need to download, install and test the AxG V7.4 Beta.

Testing Period November 20th - December 18th

Download This initial BETA version can only be tested through a new installation, i.e. by downloading and installing the complete ISO image. You cannot upgrade an existing production installation with a BETA up2date package. However, it is possible to restore a backup from an earlier version (up to 7.201). We will make every effort to ensure those that choose to participate in the BETA are able to Up2Date to the final version once it is released.

New installation:

Download Software ISO-Image for your own X86 hardware (size: 499357696 bytes md5: 07b30c0d943a125de8c717e59c705ffc)
Download ISO-Image for AxG appliances (size: 522788864 bytes md5: 5b9e253904cb5635eb1bce50a8b1d86d)

As these links are directly to the ISO images, you can always find the base offerings for this beta at ftp://ftp.astaro.de/pub/ASG/v7/beta

Limitations and Hints - AxG V7.4 BETA will not be supported in ANY way via Astaro's support teams, using it in production environments which might cause downtime, issues, or troubles for you is therefore discouraged. - An AxG V7.4 manual and complete Online Help will be available with the GA release. Test Cases After you have successfully installed the beta version of AxG V7.4, you are able to conduct individual tests at your own discretion using your own methods. We would also appreciate if you would have a closer look into the following areas and provide us with as much of your personal feedback as possible: * WAN Link Balancing with 2 Connections * HTTPS Scanning (HTTP Proxy) * Site-Site SSL VPN Setup and Operation

Feedback As with earlier versions please post any feedback and discuss any of the ASG V7.4 BETA features on our User Bulletin Board in the "BETA Version" forum.

Your Efforts Rewarded! Your feedback is key to our efforts, as it allows us to deliver a final product to you of the highest quality. As a result, participants in our Beta Program for AxG V7.4 will have the chance to win one of three Amazon Gift Cards totaling over 600 dollars. Please qualify by actively posting and participating in discussions on our BETA version forum on our User Bulletin Board for details. In addition, we will offer our active testers a specially enhanced home-user license which allows protection of 25 IP addresses (vs the normal 10).

Regards,
Your Astaro Product Management Team

Up2Date 7.305 Released

Angelo Comazzetto — Thu, 13 Nov 2008 16:05:36 +0000

We have just started the release of Up2Date 7.305. This Up2Date is a stability/fix release which strengthens the reliability of the database system in AxG installations, adjusts the housekeeping tasks of the logging system, and provides a security fix.

Note that this Up2Date requires a reboot once completed.

Remarks: Configuration will not be changed **NOTE**: System will be rebooted

News: - Improved overall database stability - Improved log cleaning process - Fixed libspf2 vulnerability CVE 2008-2469

Bug Fixes:

Fix [9274]: HA/Cluster system may deliver messages repeated several times
Fix [9324]: Resolved possible problem when resolving HA Master-Master situation
Fix [9372]: Resolved problem when disabling HA backup interface

All Up2Dates are GNUPG-signed! In regards to the new features and benefits of AxG 7.3, please read the V7.3 Release Notes PDF. The Astaro Up2Date technology makes it easy to upgrade your installed Astaro Security Gateway to the latest version. There are two ways to apply an Up2Date package to the system:

HTTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Japanese Mirror
FTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Japanese Mirror

Your Astaro R&D team

Up2Date 7.304 Released

Angelo Comazzetto — Thu, 23 Oct 2008 16:07:07 +0000

Astaro has just now released Up2Date V7.304, which is designed to enhance the stability of the HTTP proxy and address a few issues with Authentication.

This Up2Date does not require a reboot of the system, and is for all Astaro Gateway installations.

Remarks: Configuration will not be changed Middleware will be restarted News: - Improvements & Fixes for eDirectory authentication in the HTTP-Proxy

Bug Fixes

Fix: 9318 Authentication pop-up window not showing for HTTP Proxy when needed
Fix: 9319 Edirectory authentication can stop working in certain situations after some time.

HTTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Japanese Mirror
FTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Japanese Mirror

Feedback
If you want to provide feedback or want to discuss any of the AxG V7 features you should post it on our User Bulletin Board. Please take care to add always(!) the version you refer to (e.g. "[7.302] Quarantine Report "). If you have feedback to our documentation (Online Help) please send it to docu@astaro.com. There is also a demo server: http://demo.astaro.com All Up2Dates are GNUPG-signed!

Your Astaro R&D team

Up2Date ACC V1.901 Released

Angelo Comazzetto — Thu, 23 Oct 2008 16:08:31 +0000

The ACC Up2Date V1.901 is now available for download and installation. This is a stability release to further solidify your ACC installation.

Remarks: System will be restarted after installation

News: - Improved worldmap functionality - Several treeview adjustments and fixes - Improved handling and performance for large number of devices

Bug Fixes:

Fix: 9023 Privilege loss for users contained in both Allowed Admins and Allowed Users
Fix: 9043 Retranslation of location "state" fails for U.S. states using alphabetical codes
Fix: 9047 Filter bar is not working with IE6 for Maintenance >> Inventory (Network)
Fix: 9050 Not all location data is refreshed after a GeoIP update
Fix: 9051 WebAdmin SSO is not available within Access Control view
Fix: 9052 Filter bar should have a percentage drop-down-box for node selection
Fix: 9053 Some dialog boxes close unexpectedly when someone else executes an action
Fix: 9054 Fix update/logout issue on object tables when 250 devices are joining at once
Fix: 9094 Default sort order for levels in dashboard should be descending
Fix: 9137 Dashboard does not update after deleting the last device
Fix: 9184 Allow to open several WebAdmin SSO sessions in different browser tabs
Fix: 9205 Filters for several columns in Inventory and Access Control view are not working
Fix: 9215 Implement filter for Scheduled Operations
Fix: 9266 Add new action form on the scheduled operations page is sometimes incomplete
Fix: 9301 Error during login: #10405 - you are already logged in on this session/connection
Fix: 9309 Adjust certain thresholds to real world demands
Fix: 9320 Provide just-fit zoom button for whole earth and full screen map
Fix: 9338 Treeview shows incorrect first image within terminal subnodes
Fix: 9344 In IE Violations percent number needs two lines when value is -100
Fix: 9345 Registration page does not show any more devices after deleting devices on subsequent pages

Up2Date: All Up2Dates are GNUPG-signed!
The Astaro Up2Date technology makes it easy to upgrade your installed Astaro Command Center V1.900 to the latest version. There are two ways to apply an Up2Date package to the system:

Astaro FTP server: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Japanese Mirror
Astaro HTTP server: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Japanese Mirror
VMWare The new VMWare image will follow shortly!

Feedback
If you want to provide feedback or want to discuss any of the ACC features you should post it on our User Bulletin Board. Please take care to add always(!) the version you refer to (e.g. "[ACC V1.901] Worldmap"). If you have feedback to our documentation (Online Help) please send it to documentation@astaro.com

Regards,
Your Astaro R&D and Product Management Team

Up2Date 7.303 Released

Angelo Comazzetto — Fri, 17 Oct 2008 05:05:06 +0000

Up2Date 7.303 is now available for download and installation. This is a stability release to further solidify your AxG installlation, and includes some tweaks to Email Encryption and ACC 1.9 Support.

Remarks: System will be restarted after installation

News: - Improved Email Encryption behavior for various clients - Improved certificate handling for Email Encryption - Improved device agent for ACC version 1.9

Bug Fixes:

Fix: 8409 IPsec/Pluto misses SA syncs during restart on slave
Fix: 8892 SMTP relaying not working correctly with special configuration
Fix: 8948 Problem with masquerading rules after uplink failover
Fix: 9037 IPSec interface not initializing properly on uplink failover
Fix: 9072 Signing may be reported as invalid Fix: 9120 System may boot up with factory defaults after power cycle
Fix: 9207 OSPF debug output in WebAdmin is empty
Fix: 9220 Email Usage and Email filtering not showing any values

HTTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Japanese Mirror
FTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Japanese Mirror

Feedback
If you want to provide feedback or want to discuss any of the AxG V7 features you should post it on our User Bulletin Board. Please take care to add always(!) the version you refer to (e.g. "[7.302] Quarantine Report "). If you have feedback to our documentation (Online Help) please send it to docu@astaro.com. There is also a demo server: http://demo.astaro.com All Up2Dates are GNUPG-signed!

Your Astaro R&D team

Up2Date 7.302 Released

Angelo Comazzetto — Thu, 18 Sep 2008 07:20:15 +0000

Up2Date 7.302 is now available for download and installation. This Up2Date introduces a new Web Content Filter engine for faster and more accurate classifications.

The new system offers 97 categories that have been fully integrated into WebAdmin and the previous categories have been imported. To take full advantage of the new abilities of this Up2Date, administrators should review their Web Security categories after installation is complete.

Remarks: Web Security Categories will be updated System will be restarted

News: - HTTP Content filter subcategories will be extended, please check your configuration - Improved URL Filter for HTTP Proxy - Increased Web Security Classification Categories to 97 (Up from 60) - Improved device agent for ACC 1.9 - Added option to flush authentication cache - Fixed clamav vulnerabilities CVE-2008-3912, CVE-2008-3913, CVE-2008-3914

Bug Fixes:

Fix: 9017 Quarantine Report not sent as specified
Fix: 7717 Problem with colon in local user password
Fix: 8975 Special characters in emails are not processed correctly
Fix: 8930 User data can not be changed Fix: 8910 Outgoing emails might get signed although signing is off
Fix: 9028 Releasing of quarantined mails may not work

HTTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Japanese Mirror
FTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Japanese Mirror

ACC V1.9 GA released

Angelo Comazzetto — Wed, 10 Sep 2008 14:33:23 +0000

We are pleased to announce the availability of the Astaro Command Center V1.9. After a successful BETA period of over 4 weeks with ~300 feedback postings and community suggestions, this version is now ready for download and installation.

This new release focuses on the main areas reliability, scalability, performance and additional features. Also implemented is the split of the graphical user interface (GUI) in "WebAdmin" and "Gateway Manager".

The Astaro Command Center (ACC) is a centralized management tool for large Astaro Security Gateway (ASG), Astaro Web Gateway (AWG) and Astaro Mail Gateway (AMG) installations.

The main focus of ACC is to:

simplify strenuous and time-consuming tasks
allow direct access to application configuration
provide real-time system status surveillance
detect possible risks

ACC is browser-based, there is no need to install any client software, not even any java-plugins or flash enhancements. Due to major system architecture changes in the new Astaro Command Center V1.9 and the focus on future extensibility and scalability, only Gateway-Versions 7.300 and higher will be supported.

What's new in ACC V1.9?

GUI split
The WebAdmin (Port 4444) is responsible for the ACC system settings. The Gateway Manager (Port 4422) for monitoring and managing connected Astaro Gateways.

Directory Service integration
Administrators and Users of the ACC are now able to authenticate against existing Directory Services

Monitoring / Reporting / Alerting
The ACC illustrates reports about network traffic, concurrent connections, CPU-, Memory / Swap-, Partition usage and creates the "executive report", familiar from Astaro Security and Web Gateways.

Network restrictions & Shared Secret
It is now possible to restrict access to the ACC by using network access definitions for Clients and Gateways. You can also activate a Shared Secret authentication scheme requiring both Gateway Manager and connecting devices to exchange a shared common password before communication starts. Enabling or changing this kind of access control requires the same password to be specified in the Central Management configuration of each device requesting access to the ACC.

Trend indicators
In addition to the actual monitoring data, the ACC now augments certain information with trend indicators to show deviations to previously established baselines and historical averages.

Re-sorting
A newly integrated automatic sorting / re-sorting functionality improves situational awareness by ensuring that Gateways with the highest threat status are put on top within the various views.

Filter Bar
A newly integrated filter bar on the top of the monitoring views, allows focusing to specific gateways, which are above a specified threshold value.

Service Monitoring
The ACC V1.9 monitors up to now the running services on the connected gateways. The services are consolidated into 4 groups: - Misc (NTP-, DNS-, DHCP Server) - Network Security (SOCKS Proxy, Intrusion Protection) - Web Security (FTP Proxy, HTTP Proxy) - Mail Security (SMTP Proxy, POP3 Proxy)

Enhanced "Mouseover" details
The "Mouseover functionality" show in different views more exact details, even by pointing with the mouse pointer beyond of the section.

Scheduled operations
The enhanced scheduled operations allow now to set specific weekdays for executing the selected action. It is further on possible to execute these actions once, on a specific day. A detailed description of the new features, changes, system requirements as well as installation and upgrade information is included within the ACC V1.9 Release Notes There is a Quickstart Guide on the installation ISO, but you can download it also here: Quickstart Guide This version is technically a brand new base ground for further developments, an Up2Date package for V1.4 to V1.9 will not be available, please install the new version with our ISO package. An Up2Date for our BETA tester is available (Thank you again!)

Feedback

If you want to provide feedback or want to discuss any of the ACC V1.9 features you should post it on our User Bulletin Board. Please take care to add always(!) the version you refer to (e.g. "[1.9] Worldmap"). If you have feedback to our documentation (Online Help) please send it to documentation@astaro.com. There is also a demo server that showcases all the new shiny things: ACC1.9 Demo All Up2Dates are GNUPG-signed!

Download Information

Download acc-1.900-080910-2.iso
size: 438 MB (459.116.544 Byte)
md5sum: cd1510b792ce6c76ae43965f8c4125fd

Up2Date package for our 1.9 BETA tester (for V1.880):

Download u2d-sys-1.900.tgz.gpg
size: 126 MB (132.347.199 Byte)
md5sum: e99e7fe132485684edd94d350893da70
Astaro FTP server: DE US
Astaro HTTP server: DE 1 DE 2 US 1 US 2

Search for "how to burn" on our Knowledge Base if you have trouble burning a CD from the ISO image. Please note that ACC V1.9 is exempt from charges, according to this, the license is for free! There is no need to request a license, you can download it here:
http://www.astaro.com/lists/Free_License-ACC-V1.txt

Regards (also to CERN ;-) ),
Your Astaro R&D and Product Management Team.

Up2Date 7.301 Released

Angelo Comazzetto — Thu, 04 Sep 2008 18:14:48 +0000

Up2Date 7.301 is available now for all AxG platforms. This release offers various tweaks, tuning, and fixes for the recently launched 7.300 Up2date, and streamlines the migration operations during the Up2Date process.

Also added is further support for the upcoming Astaro Command Center 1.9 release.

Remarks:

Existing configuration will not be changed
Accounting database will be reorganized
System will be restarted

NOTE
After restart, some data reorganization will take place. You may notice a higher system load and disk usage.
* Do not shutdown the system during this time, otherwise data loss is possible!

News:

Improved database recovery after powerloss
Improved sending of Quarantine Report
Improved false positives when blocking Skype
Improved support of upcoming ACC V1.9
In regards to the new features and benefits of AxG 7.3, please read the V7.3 Release Notes PDF.

Bug Fixes:

Fix [8184]: Cache for HTTP Proxy AD SSO not updating sometimes
Fix [8349]: L2TP connection terminates after 60 minutes
Fix [8849]: End-User Portal does not show all emails
Fix [8850]: IP counting for licensing adds external hosts
Fix [8853]: SMTP service not starting on HA/Cluster systems
Fix [8864]: Email encryption may stop SMTP service
Fix [8876]: Special characters in emails are not processed correctly
Fix [8899]: Data partition filling up on small systems
Fix [8906]: SMTP service running with high CPU usage
Fix [8912]: Email decryption may cut last character in line
Fix [8949]: SMTP scanner caught in an endless loop

Download Information

The Astaro Up2Date technology makes it easy to upgrade your installed Astaro Security Gateway to the latest version. There are two ways to apply an Up2Date package to the system (All Up2Dates are GNUPG-signed!):

Log on to WebAdmin, navigate to Management >> Up2Date >> Overview and use Update to latest version now to install the Firmware Up2Date. Click on then Watch Up2Date Progress in new window and an extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server and install it under Management >> Up2Date >> Advanced:
(MD5sum: e1ba49ac6dc5cd792af83f8c5758c9a3 Size : 108835940 bytes)
HTTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Japanese Mirror
FTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Japanese Mirror

Feedback

If you want to provide feedback or want to discuss any of the AxG V7 features you should post it on our User Bulletin Board. Please take care to add always(!) the version you refer to (e.g. "[7.300] Quarantine Report "). If you have feedback to our documentation (Online Help) please send it to docu@astaro.com. There is also a demo server: http://demo.astaro.com

Your Astaro R&D team

Release Candidate 1 (RC1) for ACC V1.9 BETA released

Angelo Comazzetto — Thu, 04 Sep 2008 14:18:17 +0000

This is the first Release Candidate for the public V1.9 BETA, it contains multiple bugfixes and some feature and performance improvements. If no new issues appear, this might be the final release version. It will not be downloaded and installed on ACC V1.4 installations.

Remarks:

This is the first release candidate for ACC V1.9
Existing configuration will not be changed
System will be reboot after Up2Date
Reporting database will be relocated to another partition

New features in this update:

Introduced filter-bar to selectively show/hide devices
Added functionality for weekly recurring/scheduled operations
Improved and colorized all tool-tips and made them aware of alert level
Adjusted monitoring license thresholds to react more aggressively to expiries
Bridge and Point-to-Point interfaces will not be shown in resource monitoring

Bugfixes:

Device-Agent does not send monitoring updates after experiencing a timewarp
Device-Agent might fail to fully initialize itself after a reboot
Scroll-bars within the Gateway Manager where not displayed when resizing browser window in Firefox 3
Fixed several data elements which did not properly react to update notifications

For more information please see the corresponding UBB-posting at our User Bulletin Board. The Astaro Up2Date technology makes it easy to upgrade your installed Astaro Command Center V1.9 BETA to this new BETA version.

There are different ways to apply an Up2Date package to the system:

Log on to WebAdmin, navigate to Management >> Up2Date >> Overview and use Update to latest version now to install the Firmware Up2Date. Click on then Watch Up2Date Progress in new window and an extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server and install it under Management >> Up2Date >> Advanced File:
u2d-sys-1.880.tgz.gpg
MD5sum: bf8c8d7d1baaffc62ac6347e1d992587
Size: 146.414.973 bytes (140 MByte)

Please note: This Up2Date is only compatible with our ACC V1.9 BETA (V1.820). More information in our posting here: Public ACC V1.9 BETA released here: Up2Date 1.810 for ACC V1.9 BETA released and here: Up2Date 1.820 for ACC V1.9 BETA released
Alternatively, you can download the latest ACC V1.9 ISO File:
acc-1.880-080904-2.iso
MD5sum: a2a4565d1ce9eb0374fc1184ce9ecb30
Size: 455.712.768 bytes (435 MByte)
Astaro FTP server: DE
Astaro HTTP server: DE 1
All Up2Dates are GNUPG-signed!

Thank you in advance for using and testing ACC V1.9 BETA,
your Astaro Product Management Team

Up2Date 6.314 Released

Angelo Comazzetto — Wed, 03 Sep 2008 14:01:44 +0000

This is a security Up2Date package for the DNS proxy.

Remarks:

Configuration will not be changed
Middleware will be restarted

News:

Hotfix for DNS proxy vulnerability - CVE-2008-144

The Astaro Up2Date technology makes it easy to upgrade your installed Astaro Security Gateway to the latest version. There are two ways to apply an Up2Date package to the system:

Log on to WebAdmin, navigate to Management >> Up2Date >> Overview and use Update to latest version now to install the Firmware Up2Date. Click on then Watch Up2Date Progress in new window and an extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server and install it under Management >> Up2Date >> Advanced:
(MD5sum: 0735eb606db64f67ff28d62dd3026414 Size: 10340640 bytes)

Because of the risk of manipulated DNS answers we strongly recommend to install Up2Date 6.314 immediatey.

Your Astaro R&D team

Up2Date 1.820 for ACC V1.9 BETA released

Angelo Comazzetto — Fri, 22 Aug 2008 13:44:16 +0000

This is the second Up2Date for the public ACC V1.9 BETA, it contains bugfixes as well as some small improvements. It will not be downloaded and installed on ACC V1.4x installations.

Remarks

This is the second update for ACC V1.9 BETA
Existing configuration will not be changed
System will be reboot after Up2Date

Bugfixes:

Outdated firmware and patterns now show warnings within the Monitoring >> Version and Details view
the network icon in Monitoring >> Resources now changes color if one or more interfaces are down
missing updates in the Dashboard for on-/offline status, up2date progress and HA/Cluster are now working
the previously non-working actions GeoIP update, shutdown/reboot of cluster nodes are now functional
selecting install firmware/pattern in Monitoring >> Details now requires confirmation whether the action should be executed
after executing an action, the select box will now return to ::With selected:: to allow picking the next action to execute
fixed and enhanced monitoring and display of active connections and users license data
streamlined the treeview display to accommodate higher amounts of information
changes to public IP address are now reflected during runtime
erroneous display of public IP information has been fixed
restoring a backup from 1.800 or 1.810 will now work

For more information please see the corresponding UBB-posting at our User Bulletin Board.

The Astaro Up2Date technology makes it easy to upgrade your installed Astaro Command Center V1.9 BETA to this new BETA version. There are different ways to apply an Up2Date package to the system (All Up2Dates are GNUPG-signed!):

Log on to WebAdmin, navigate to Management >> Up2Date >> Overview and use Update to latest version now to install the Firmware Up2Date. Click on then Watch Up2Date Progress in new window and an extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server and install it under Management >> Up2Date >> Advanced File:
u2d-sys-1.820.tgz.gpg
MD5sum: 82fbe884a62babd9b8420dd59756d4c8
Size: 86.294.870 bytes (82 MByte)
Please note: This Up2Date is only compatible with our ACC V1.9 BETA (V1.810). More information in our posting here: Public ACC V1.9 BETA released and here: Up2Date 1.810 for ACC V1.9 BETA released
Alternatively, you can download the latest ACC V1.9 ISO File:
acc-1.820-080822-2.iso
MD5sum: f95fd4e4303e59fdba759306110ef6ba
Size: 453.382.144 bytes (432 MByte)
Astaro FTP server: DE US
Astaro HTTP server: DE 1 DE 2 US 1 US 2

Thank you in advance for using and testing ACC V1.9 BETA,
your Astaro Product Management Team

Up2Date ASG V7.300 GA Release

Angelo Comazzetto — Thu, 21 Aug 2008 15:45:06 +0000

I am pleased to announce the availability of the 7.300 Up2date by Astaro. After a successful beta period of over 4 weeks with ~650 feedback postings and community suggestions, this Up2date is now ready for download and installation.

The new Up2date is for all Astaro Security & Web Gateways, along with Software and Virtual installations. (Note: We will use the term "AxG" when referring to the entire family of Astaro Gateway Products) This new release focuses on the three main areas of Mail Security, Authentication, and the UserPortal in addition to several dozen new features across other minor areas. Also included in 7.300 is a completely redesigned database engine and framework, leading to massive performance improvements for message handling, greatly optimized reporting, and more.

What's new in AxG V7.300?

The new release showcases significantly improved and redesigned Mail Security features, a revamped End-User Portal, and many changes to the authentication system, most prominently the inclusion of a new Active Directory browser directly within WebAdmin for easy drag-and-drop selection of groups and users. The following main areas have significant new features:

Redesigned UserPortal
The entire feel and functionality of the Astaro UserPortal has been updated with a new style, and introduces new features. First, users will feel immediately at home with a newly polished layout that includes a host of new options for searching through and displaying content in the message quarantine. In addition to being able to mass-manage messages and mark them for release, deletion, white-list and more, the SMTP and POP3 areas have been separated into easily manageable sections. More enhancements have been added to enable users to globally cleanup their messages that have been caught for various reasons, or by age they have been residing in the quarantine. Finally, the UserPortal has been updated to only display RoadWarrior VPN options for which the user is actually permitted to use and configured for.

Enhanced Mail Security
Astaro has strongly enhanced the Mail Security offerings of AxG to realize strong performance gains in the filtering throughput and offer new tools with which to wage war against spam and unwanted mail in the inbox. A new profile mode allows easier configuration of filtering policy for a single domain, while providing even more flexibility and granularity when filtering mail for hundreds of domains. A new MIME filter for SMTP allows administrators to globally inhibit messages that contain Audio, Video, Executables, along with any other MIME type that is specified. We have also made easier the configuration of the Spam-scanning engine, and included new blacklisting options such as being able to delete messages that are highly-considered to be spam immediately. Lastly, newly added checks such as invalid HELO and missing RDNS, will contribute to the potency Astaro's Mail Security offerings, while support for Domain Keys Identified Mail (DKIM) lets you cryptographically sign outgoing messages.

Active Directory Browser
The users have spoken ,and in direct response to the popularity of the fully interactive, drag-and-drop style browser that Astaro has long had for E-Directory users, we have added this functionality for our Active Directory environments. By offering a full browser-style tool that allows selection of users and groups with the mouse, administrators no longer need to manually type out strings when setting up AD integration, massively reducing the time and expertise needed to take full advantage of user-based reporting, policy assignment, VPN access, and any area of AxG that supports authentication.

Active Directory and E-Directory Test Tools
New tools have been added to the WebAdmin to assist administrators in configuring their AxG product to connect and work with AD and EDir resources. It is now possible to test the connection to the server for errors during setup, along with being able to validate a test-user directly from WebAdmin against the backend server.

Email Encryption now FREE with Mail Security Subscription
The new Mail Security offering now includes the full functionality of Astaro's Email Encryption Engine at no additional charge. If you currently have a valid subscription to the Email Security or Email Encryption options, your license will be automatically granted full access to the renamed "Mail Security" subscription.

Reporting Improvements
Reporting is key for many, and we've added new configuration options for various areas. It is now possible to specify the length that each reporting section will be held in WebAdmin, and administrators can now completely disable reports they do not use, saving resources. As well, the entire reporting system is more responsive and better performing with speed improvements of double the previous implementation. The end-user quarantine report has been tweaked to allow deliver of this list twice per day at configurable times, ensuring it can be delivered at a time which best fits everyone's needs.

Remarks:

Existing SMTP/POP3 configuration will be extended
System will reboot after Up2Date
Logging DB and EMail Quarantine will be converted
System will be rebooted after Up2Date
*Important* Log Database Conversion will be continued after reboot with low run priority (resulting operation *may* run for many hours/days for environments with large amounts of existing log data)

News:

Improved Email Filter
Reworked Email encryption engine
New UserPortal
New Backend Database Architecture
Improved Active Directory integration and management
Configurable Reporting
Status Information for HA/Cluster Nodes
Reboot or Halt HA/Cluster Nodes
New Directory User Prefetch option
Backend User Group Support
Improved performance for logging and reporting backend
Improved backend group support for authentication
Improved IM/P2P detection rate and memory usage
Improved IPsec and L2TP subsystem and interoperability
Added XAUTH support for IPSec Remote Access
Added options for testing authentication servers
Added optional smarthost for notifications
Added options for configuring Reporting
Added options to reboot/shutdown HA/Cluster nodes
Fixed clam vulnerabilities CVE 2008-0314, 2008-1833, 2008-1835, 2008-1836, 2008-1837, 2008-1387, 2008-2713

Bugfixes:

Fix [4533]: L2TP doesn't work with IP addresses assigned via DHCP
Fix [5422]: Changing eDir SSL settings breaks eDir Browser for current session
Fix [5703]: Enduser Portal shows 127.0.0.1 as login source IP
Fix [6892]: Astaro notification emails tagged as spam
Fix [7005]: Middleware may mix up static DHCP mappings
Fix [7034]: If cffd fails during spam digest creation no resume for digest is triggered
Fix [7260]: System freezes on Vmware ESX Server V3
Fix [7472]: POP3 Proxy does not start with customized messages
Fix [7983]: Daily Spam Report fails for some Recipients (case-sensitive issue)
Fix [8073]: Blank password allowed for encrypted backups
Fix [8147]: FTP file downloads stop at 2GB
Fix [8200]: Unable to create exceptions for domains with single character
Fix [8248]: ASC config file doesn't set IKE config mode correctly
Fix [8254]: Using service 'Any' as traffic service breaks DNAT and SNAT rules
Fix [8358]: High memory usage for IM/P2P detection
Fix [8359]: Readable eDirectory passwords in debugging mode
Fix [8365]: Slave stuck in 'UP2DATE' state in HA/Cluster environment
Fix [8384]: Kernel reports 'Detected Tx Unit Hang' on e1000 hardware
Fix [8414]: HTTP Proxy may expire cached objects even if expire time isn't reached
Fix [8469]: Packetfilter log shows drops of local packets
Fix [8503]: VLAN sometimes fails on bonding device
Fix [8635]: Deactivating SIP support does not work correctly

A detailed description of the new features, changes, system requirements as well as installation and upgrade information is included within the AxG 7.300 Release Notes.

Download Information

The Astaro Up2Date technology makes it easy to upgrade your installed Astaro Security Gateway to the latest version.
There are two ways to apply an Up2Date package to the system (All Up2Dates are GNUPG-signed!):

Log on to WebAdmin, navigate to Management >> Up2Date >> Overview and use Update to latest version now to install the Firmware Up2Date. Click on then Watch Up2Date Progress in new window and an extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server and install it under Management >> Up2Date >> Advanced:
(MD5sum: 37627a6b8105bbc93c5a1ccffbbaa9a9 Size: 223,788,817 bytes)
HTTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Austria Mirror - Japanese Mirror

The Astaro Security Gateway Administration Guide, a hardware compatibility list and a Known Issues List for the GA release are available on our knowledge base .

Feedback

Your Astaro R&D team

Up2Date 1.810 for ACC V1.9 BETA released

Angelo Comazzetto — Fri, 15 Aug 2008 15:01:32 +0000

This is the first Up2Date for the public ACC V1.9 BETA, it contains bugfixes as well as some small improvements for the BETA. It will not be downloaded and installed on ACC V1.4x installations.

Remarks

This is the first update for ACC V1.9 BETA
Existing configuration will not be changed
System will be reboot after Up2Date

News

Gateway Manager

Numerous enhancements to usability and navigational aspects
History and auditing capability for unscheduled actions
Additional tooltip information for Availability and Resource views
Earlier warnings and threat signaling if thresholds are exceeded

WebAdmin

added DNS configuration menu
added external SMTP server for notifications

General

Fixed several bugs and resolved several cosmetic issues

For more information please see the corresponding UBB-posting at our User Bulletin Board.

Download Information

Log on to WebAdmin, navigate to Management >> Up2Date >> Overview and use Update to latest version now to install the Firmware Up2Date. Click on then Watch Up2Date Progress in new window and an extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server and install it under Management >> Up2Date >> Advanced
File: u2d-sys-1.810.tgz.gpg
MD5sum: b888ac600841af39f10eb077c2f20673
Size: 128.354.035 bytes (122 MByte)
Please note: This Up2Date is only compatible with our ACC V1.9 BETA (V1.800). More information in our posting here: Public ACC V1.9 BETA released
Alternatively, you can download the latest ACC V1.9 ISO
File: acc-1.810-080815-3.iso
MD5sum: b290c73495d25e1aa78efd8742c56d45
Size: 452.927.488 bytes (432 MByte)
Astaro FTP server: DE US
Astaro HTTP server: DE 1 DE 2 US 1 US 2

Thank you in advance for using and testing ACC V1.9 BETA,
Your Astaro Product Management Team

Up2Date 7.202 released

Markus Hennig — Mon, 04 Aug 2008 21:47:01 +0000

This is a security bugfix Up2Date package for the DNS proxy.

Remarks:

Configuration will not be changed
Middleware will be restarted

News:

Hotfix for DNS proxy vulnerability - CVE-2008-1447

Download Information

Log on to WebAdmin, navigate to Management >> Up2Date >> Overview and use Update to latest version now to install the Firmware Up2Date. Click on then Watch Up2Date Progress in new window and an extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server and install it under Management >> Up2Date >> Advanced:
(Md5sum: 947e47ef461b5bce8edad1712fd718f0 - Size: 1,814,637 bytes)

Because of the risk of manipulated DNS answers we strongly recommend to install Up2Date 7.202 shortly.

Your Astaro R&D team

Public ACC V1.9 BETA released

Angelo Comazzetto — Thu, 31 Jul 2008 15:30:58 +0000

Astaro is pleased to announce the availability of the Astaro Command Center V1.9 BETA release and invites you to participate in the Astaro BETA Test Program, where you have the chance to win Amazon Gift Certificates!

The ACC V1.9 BETA will run from July 31th through August 29th. The results will be of huge value in order to discover possible malfunctions at a very early stage and hence significantly increase the stability and reliability of the final software release. By participating in the beta program, you have the chance to win one of three Amazon Gift Certificates, depending on your feedback you are providing to Astaro during the beta phase. The following sections will provide an overview about new features included, as well as all information you need to download, install and test the new software. After you have successfully installed the beta software, you are able to conduct individual tests at your own discretion.

What's new in ACC V1.9?

The new version offers a re-designed Interface and is split into the "WebAdmin" and "Gateway Manager".

Administrative GUI split:

WebAdmin (Port 4444): Is responsible for the ACC system settings.
Gateway Manager (Port 4422): Is responsible for monitoring and managing connected Astaro Gateways.

Furthermore, V1.9 offers many feature and usability enhancements as well as bug fixes. The new version provides the following major enhancements:

WebAdmin (System Settings):

Directory / Authentication Support
Administrators and Users of the ACC are now able to authenticate against existing Active Directory, eDirectory, RADIUS, TACACS and LDAP.

Integrated Up2Date mechanism
If a newer version is available for installation, you can update to the latest version by clicking the "Update to latest version now" button.

Backup / Restore
Creating a backup takes a snapshot of the current ACC configuration and adds it to the list of available backups in the WebAdmin interface.

Monitoring / Reporting / Alerting
The ACC illustrates reports about traffic (eth), concurrent connections, CPU-, Memory / Swap-, Partition usage and creates the "executive report", familiar from Astaro Security Gateway. This Report can be sent at three different intervals (daily, weekly, monthly) to different recipients. Notifications (e.g. for system restart or available Up2Date packages) can also be configured.

Gateway Manager:

New monitoring features
The near real-time monitoring functionality of the ACC offers tactical dashboard and worldmap views with rapid and efficient drill-down capability. In addition to the actual monitoring data, the ACC now augments certain information with trend indicators to show deviations to previously established baselines and historical averages. Depending on the type of data monitored, those baselines are either short-lived (CPU load average) or worth several days of data collection (Threat Monitoring). Detailed listviews for aspects ranging from Threat and Version Status via License and Resource Usage to an all new Service Monitoring and High-Availability and Cluster Monitoring are provided in a concise and problem-oriented manner. A newly integrated automatic (re-)sorting functionality improves situational awareness by ensuring that Gateways with the highest threat status are put on top within the various views.

Multi-Client Capability:
The access control management, which seamlessly integrates Astaro's sophisticated backend authentication mechanisms, offers multi-client capabilities for Service-Providers. It is possible to create fine-grained access rights to Gateways, based on an easy-to-use but powerful role system which enables a hierarchical administratorship.

Demo System

Please check also the live demo of ACC under http://accdemo.astaro.com

System Requirements
Supported web browsers for "WebAdmin" and "Gateway Manager": ACC V1.9 supports the following browser/platform combinations:

MS Windows 2000/XP/Vista:

IE6 or higher (including IE7)
Note: Parallel installations of IE6 and IE7 are not supported!
Mozilla Firefox 2.0 or higher
Safari 3.0 or higher

Linux:

Mozilla Firefox 2.0 or higher

Mac OSX:

Safari 2.0.3 or higher
Mozilla Firefox 2.0 or higher
Note: The iPhone Safari browser has certain limitations - hence it is not supported. Other browsers could also work, but might be subject to rendering or JavaScript issues. They are unsupported. Java or Flash support is not needed. Because much of the AJAX GUI processing is done by the management workstation instead of the ACC, we recommend using

Firefox 3 on a management workstation with at least 1024 MB RAM and a CPU with 3 GHz. More system performance will increase GUI processing speed significantly.

Upgrade Requirements and Options

General Information

Due to major system architecture changes in the new Astaro Command Center V1.9 and the focus on future extensibility and scalability, only Versions 7.300 and higher will be supported. You can continue using older products with the previous ACC V1.4 which offers backward compatibility, but you cannot benefit from the new features and enhanced capabilities until you update both your Astaro Security Gateway and your ACC installations.

Supported Astaro Security Gateway / Astaro Web Gateway releases

The following versions of Astaro Gateway are supported:

ASG V7.3 and higher
AWG V7.3 and higher

Please note, that these versions also offer slow-migration functionality as described below.

Slow Migration

ASG and AWG V7.300 offer the possibility to slow migrate to the new ACC V1.9. You can opt for a slow migration process and update your Astaro Gateway installations step by step to the latest version, which features a dual-ACC support. Within the V7.300 you can choose if you want to connect your Astaro Gateway product to a legacy ACC V1.4 or the newest ACC V1.9, thereby providing you with complete freedom on how and when to update your large installation base.

Hardware requirements

Software Appliance installation

The software needs to be installed on a dedicated Intel compatible PC. For proved hardware components please check our Hardware Compatibility List (HCL) at: http://www.astaro.com/lists/HCL-ACC-V1.txt

Virtual Appliance installation

ACC V1.9 can be installed as a virtual appliance. The following VMware virtualization platforms are supported:

VMware Player
VMware Server
VMware Workstation
VMware ESX Server

Minimum hardware requirements for the ACC installation

The minimum hardware requirements for Astaro Command Center V1.9 depends on the number of managed devices in use as well as the number of administrators who access the software simultaneously. There are numbers for CPU, RAM, Hard disk and Bandwidth (devices), Bandwidth (clients) respectively.
The requirement starts with a PC with 2GHz CPU, 512 MB RAM and 30 GB HD (for 10 gateways and one simultaneous administrator) and up to a PC with 2x 4x2Ghz CPU, 3 GB RAM and 160 GB HD (for 250 gateways and 10 administrators who access the ACC simultaneously).
Please take a look to our minimum hardware requirements table here: ACC-V1.9-HardwareRequirements.pdf

Conducting beta tests

Limitations and hints With the provided ISO image there may be some limitations (remember: it's a BETA :-) )

Please check the Known Issue List before you test ACC V1.9 BETA.
ACC V1.9 BETA will not be supported via Astaro's support teams; therefore, you should not use it within productive environments.
An ACC V1.9 manual and complete Online Help will be available with the GA release.

Software download and installation

Download acc-1.800-080731-1.iso
size: 433 MB (453,761,024 Byte)
md5sum: 3c232a607cfa84175caa540d7fb075bb
Astaro FTP server: DE US
Astaro HTTP server: DE 1 DE 2 US 1 US 2

Search for "how to burn" on our Knowledge Base if you have trouble burning a CD from the ISO image. The ACC framework has been replaced with the tried Astaro V7 framework. Since the V7 framework is based on a licensing system, it is compulsory that a license file is also imported here. Please note that ACC V1.9 is exempt from charges, according to this, the license is for free! There is no need to request a license, you can download it here: http://www.astaro.com/lists/Free_License-ACC-V1.txt

Providing Feedback

You can provide your feedback through the following channels: As with earlier versions you can post any feedback and discuss any of the ACC V1.9 BETA features on our User Bulletin Board. There is a separate beta forum where you can participate in the Astaro Command Center V1.9 BETA challenge. Please do not use the General Discussion forum for beta related bugs, even if you do not want to part in the exciting contest. However finding bugs within the new version will be harder than ever as the Astaro R&D team has already put tremendous effort in testing all the new features. Hence all experienced Astaro users are invited to participate in the new Astaro beta challenge:

The Top-3 UBB-posters who reported the highest number of confirmed bugs will win one of three Amazon Gift Certificates.

For more information please see the corresponding UBB-posting at our User Bulletin Board.

Astaro very much appreciates your contribution,
Your Astaro Product Management Team

Public ASG V7.300 BETA released

Udo Kerst — Thu, 03 Jul 2008 13:29:52 +0000

New Astaro Security Gateway V7.300 BETA improves Mail Security and Management functionality

Astaro invites you to participate in the ASG V7.300 Beta Test Program. The new release features a broad set of new and improved Mail Security functions, redesigned End-User and Mail Manager portals, enhanced authentication management and reporting functions, performance improvements for reporting and logging as well as bugfixes.

What's new in ASG V7.300?

The following new features are included:

Improved Email Filter

Sender/domain and IP/network blacklists (SMTP only)
Spam and malware rejection during SMTP transaction
Email recipient verification based on Active Directory (SMTP only)
MIME type blocking with "magic" file type lookup (SMTP only)
Quarantine for unscannable attachments (e.g. encrypted zips, oversized content)
Upload and/or change SMTP TLS/SSL certificate
Upstream host/network list, with "Upstream hosts only" option
RDNS and HELO checks (anti-spam feature)
Multi-lingual spam digest with configurable schedule (two configurable times per day)
DKIM (Domainkeys Identified Mail) outgoing mail signing
Multi-lingual UserPortal with customizable welcome message
Persistent cookie support for end user portal
SMTP parent proxy support for spam detection engine
Reworked Email encryption engine (with additional support of PGP key server query and clustering)

Management

Redesigned End-User and Mail Manager portals (enhanced search, management of deferred messages and more)
Visual SMTP log (in Admin Mail Manager)
Redesigned SMTP Proxy Profile configuration
Configurable SMTP Server for Notifications
Test Authentication Settings and User Authentication
Reworked eDirectory Browser and new Active Directory Browser
Backend-User-Group Support for Authentication
Directory User Prefetch for eDirectory and Active Directory
Perfomance Improvements for Logging and Reporting (based on PostgreSQL)
Show Reporting Graphs of HA-/Cluster-Slave Machines in WebAdmin
Reboot/Halt HA-/Cluster-Slave Machines in WebAdmin
Configurable Reporting

Other

IPsec XAUTH support
Besides these new features the new release includes bugfixes and updates that increase the stability and system performance.

Known-Issues

Online help has not been updated for new or changed features yet.

How to become a Beta Tester

Bullet proof internet security is mission critical to all our customers. A comprehensive testing procedure is required to achieve the right level of perfection for Astaro products in a productive environment. Therefore we would like to invite you to participate in our Beta Test Program. The following sections will provide all the information you need to download, install and test the ASG V7.3 Beta.

Testing Period

July 3rd - August 15th

Download Information

The initial beta version can only be tested through a new installation, i.e. by downloading and installing the complete ISO image. You can't upgrade your existing installation with a BETA up2date package. However, it is possible to restore a backup from an earlier version (up to 7.201).

New installation:

Download ISO-Image for custom X86 hardware
(Size 450177024 bytes, MD5Sum c83107fe6a21777c1a4af843422b86ed)

Download ISO-Image for ASG appliances
(Size 473632768 bytes, MD5Sum 83b2e6d714d380579f95c3ac36fb2a1a)

Limitations and Hints

ASG V7.3 BETA will not be supported via Astaro's support teams, using it in production evironments is therefore discouraged.
A ASG V7.3 manual and complete Online Help will be available with the GA release.

Test Cases

After you have successfully installed the beta version of ASG V7.3 you are able to conduct individual tests at your own discretion. If feasible we would also appreciate if you would have a closer look into the following areas and provide us with your personal feedback as described below:

End-User portal / Admin Mail Manager
SMTP Proxy in general
POP3 Proxy
FTP Proxy

Feedback

As with earlier versions please post any feedback and discuss any of the ASG V7.3 BETA features on our User Bulletin Board in the "BETA Version" forum.

Win Amazon Gift cards!

Your feedback is important. It supports our effort to meet the highest quality demands. As a result, participants in our Beta Program for ASG V7.3 will have the chance to win three Amazon Gift Cards! Please see the BETA version forum on our User Bulletin Board for details.

Your Astaro Product Management Team

Astaro Web Gateway V7 GA released

Eric Begoc — Mon, 16 Jun 2008 12:39:09 +0000

We are glad to announce that Astaro Web Gateway V7 is finally ready and available now. The new Web Security product is available as hardware and virtual appliance.

The Virtual appliance is now available for download. Astaro Web Gateway provides complete protection and control over data transferred over the web. The All-In-One web security appliance features Malware Detection, Application Control, URL Filtering and Bandwidth Management, fully integrated and manageable through a single and intuitive browser-based user interface.

Main Features

HTTP and FTP Proxy
The Astaro Web Gateway proxy cache provides faster Web browsing experience and helps to save Internet bandwidth for other business critical applications. You can use transparent mode, standard mode, and authentication mode simultaneously on different networks with each instance using different filtering actions.

URL Filtering
Administrators can control employee web access for 60 specific content categories. A comprehensive URL database with international content offers support for more than 70 languages via sites registered in over 200 countries. The database is updated daily with newly discovered websites. A fine-grained rule administration allows not only simple user/group-specific restriction of access rights to certain websites; it also allows them to be limited to a single or recurring period.

Malware Detection
Malware filtering covers all web and FTP traffic in order to stop viruses, spyware and active content from entering your network. Hidden "phone home" communication from spyware infected PCs is detected and blocked, avoiding the leakage of confidential data. To provide optimal protection, Astaro Web Gateway provides two built-in virus scanners operating with comprehensive, independent databases with over 300,000 patterns. With the MIME type filter you can restrict access to HTTP objects that match a given MIME/content type. Optionally you can also turn on a "magic lookup" forcing the MIME type filter to inspect the complete HTTP body in order to verify if the specified MIME type is correct and not faked.

Granular IM/P2P Control
The Astaro Flow Classifier allows detection and classification of sophisticated protocols, which are typically hard to identify. Administrators can define exceptions from the global IM/P2P usage policy for individual IP addresses. This allows granting usage of specific IM or P2P applications to specific users/IP addresses only. By use of the flow classifier, Astaro Web Gateway can also detect Skype communication, and block it, or limit its bandwidth consumption, or just log its usage for the administrator.

Bandwidth Management
In order to reserve sufficient bandwidth for business critical applications you can define bandwidth limitations for certain IM/P2P protocols, e.g. BitTorrent. For this purpose Astaro Web Gateway offers pre-defined traffic-selectors for all IM and P2P protocols. You can also define new generic traffic-selectors to control many different traffic types, not only based on IP addresses and ports but also on TOS and DSCP header markings.

A detailed description of the new features, changes, system requirements as well as installation and upgrade information is included within the Astaro Web Gateway V7.2 Release Notes.

Up2Date 7.201 released

Eric Begoc — Mon, 16 Jun 2008 15:17:31 +0000

This is a small bugfix Up2Date package which verifies the fix of an up2date issue, fixes some configuration problems in IM/P2P detection and some other smaller issues in different areas.

Remarks:

Existing configuration will not be changed
System will reboot after Up2Date

News:

This is a small bugfix release

Bug Fixes:

Fix [8305]: No option to enter Controlled Networks for IM/P2P
Fix [8313]: SSL VPN not working correctly in all cases
Fix [8323]: Using predefined QoS traffic selectors for IM/P2P may cause problems
Fix [8336]: HTTP Proxy misbehavior when reloading configuration
Fix [8366]: Online Help and Manual for Astaro Web Gateway may not work after installation
Fix [8369]: Licenses can not be installed on Astaro Web Gateway Virtual Appliance
Fix [8385]: MiddleWare may stop working after factory reset

All Up2Dates are GNUPG-signed! Please check also the V7.2 Release Notes PDF.

Download Information

The Astaro Up2Date technology makes it easy to upgrade your installed Astaro Security Gateway to the latest version. There are two ways to apply an Up2Date package to the system:

Log on to WebAdmin, navigate to Management >> Up2Date >> Overview and use Update to latest version now to install the Firmware Up2Date. Click on then Watch Up2Date Progress in new window and an extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server and install it under Management >> Up2Date >> Advanced:
(Md5sum: d6bc88e431443fff253678a3b3d47995 - Size: 28146350 bytes)

Known Issue:

Problem installing this Up2Date package? If your system is not able to properly install 7.201 even after your tried it multiple times, you might be affected by a 7.200 issue that prevents installing up2date packages. More information about this issue and how to easily fix it can be found in Knowledge Base Article #288713 If your system can install the 7.201 up2date package, you are not affected by this Known Issue.

Your Astaro R&D team

Up2Date ASG V7.200 GA released

Udo Kerst — Mon, 26 May 2008 12:23:04 +0000

I am glad to announce that after many weeks of development, QA testing and public beta, Astaro Security Gateway 7.200 is finally ready and available now.

The new release includes a new IM/P2P control application allowing for granular control of many IM/P2P protocols including detection and blocking of Skype. It also provides HTTP MIME type filtering, an improved L2TP VPN backend, new VMware tools, an updated IPS engine and linux kernel as well as bugfixes and other improvements.

What's new in ASG V7.200?

The new release provides granular IM and P2P detection and blocking capabilities based on a new layer 7 application classification engine, the Astaro Flow Classifier (AFC). The new engine offers better detection accuracy making it possible to even detect and block skype as well as a performance improvement. The following new features are included:

Exceptions based on User/IP addresses
Administrators can now define exceptions from the global IM/P2P usage policy for individual IP addresses. This allows granting usage of specific IM or P2P applications to specific users only.

Improved IM/P2P protocol detection
The new Astaro Flow Classifier allows detection and classification of more sophisticated protocols, which are typically hard to identify, like QQ or Winny

Quality of Service for IM/P2P protocols
In order to reserve sufficient bandwidth for business critical applications you can now define bandwidth limitations even for certain IM/P2P protocols, e.g. BitTorrent

Skype blocking, alerting and bandwidth shaping
By use of the new flow classifier, Astaro Security Gateway can now also detect Skype communication, and block it, or limit its bandwidth consumption, or just log its usage for to the administrator. The granular IM/P2P control capabilities replace the existing functionality available within earlier ASG V7 versions and will now be part of the optional ASG Web Filtering Subscription.

Furthermore the new release provides a HTTP MIME type filter, that can be used to restrict downloading of files that match a given MIME/content type.

Note:
All existing ASG V7 installations, with a base license start date before April, 1st 2008 will remain unaffected by this licensing change, i.e. the complete IM/P2P functionality will remain included within the base license. All installations after that date require the purchase of a Web Filtering Subscription in order to benefit from the new IM/P2P functionality.

Remarks:

Existing IM/P2P configuration will be extended
System will reboot after Up2Date

News:

Improved IM/P2P protocol detection
Added Skype detection and blocking
Added QoS traffic selectors for IM/P2P protocols
Added MIME type filter to HTTP Proxy
Improved L2TP backend service Updated VMware tools
Removed support for hardware accelerated AV/IPS scanning

Bugfixes:

Fix [6271]: SSL VPN does not start with more than 30 network definitions
Fix [6821]: Combining DNAT and policy routing may not work in all cases
Fix [6886]: Problem detecting linkbeat for HA on ASG525F
Fix [6952]: IPS not working correctly on ASG Cluster in bridge mode
Fix [7091]: L2TP packets may get lost on bridge interfaces
Fix [7555]: Problem with Site-to-Site VPN having a NAT router inbetween
Fix [7580]: IPSec error: No space left on device
Fix [7585]: Problems when SSL VPN user logs in twice
Fix [7766]: IPSec connection problems in HA/Cluster environments
Fix [7823]: Active Directoy dot-notation not working
Fix [7833]: Download of S/MIME certificate provides empty file
Fix [7892]: Cluster with four or more nodes will not update completely
Fix [7906]: Link detection on LAG interfaces does not work on Slave/Worker nodes
Fix [7920]: Problem with usernames containing spaces
Fix [7927]: OSPF not working correctly in HA/Cluster environment
Fix [7939]: Hostname for End User Portal no longer acceps IPs
Fix [7950]: Changing link speed/mode does not take effect in bridge mode
Fix [8001]: Daylight Saving Time (DST) not updating properly
Fix [8005]: Webadmin/End-User Portal hangs when backend user logs in
Fix [8035]: Estimation of log partition fillup can be negative
Fix [8070]: Web Security reporting shows largs numbers
Fix [8109]: Packetfilter may drop locally generated packets

A detailed description of the new features, changes, system requirements as well as installation and upgrade information is included within the Astaro Security Gateway V7.2 Release Notes.

Download Information

Log on to WebAdmin, navigate to Management >> Up2Date >> Overview and use Update to latest version now to install the Firmware Up2Date. Click on then Watch Up2Date Progress in new window and an extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server and install it under Management >> Up2Date >> Advanced:
(MD5sum: 88ffbb6099a2b8a19b4b2a1c638cc088 Size: 129,201,116 bytes)
HTTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Austria Mirror - Japanese Mirror

The Astaro Security Gateway Administration Guide, a hardware compatibility list and a Known Issues List for the GA release are available on our knowledge base .

Feedback

If you want to provide feedback or want to discuss any of the ASG V7 features you should post it on our User Bulletin Board. Please take care to add always(!) the version you refer to (e.g. "[7.200] IM protocol detection "). If you have feedback to our documentation (Online Help) please send it to docu@astaro.com. There is also a demo server to check the new GUI: http://demo.astaro.com.

Your Astaro R&D team

Release Candidate 1 (RC1) for ASG V7.200 BETA released

Gert Hansen — Thu, 08 May 2008 16:03:33 +0000

This is the first Release Candidate for the public V7.200 BETA, it contains multiple bugfixes, some feature and performance improvements. If no new issues appear, this might be the final release verseion. It will not be downloaded and installed on ASG 7.104 installations.

Remarks

This is the first Release Candidate for ASG V7.200 BETA Existing configuration will not be changed
System will be reboot after Up2Date

News

Fixed Skype over blocking of HTTPS site
Fixed encrypted Bittorrent Blocking
Fixed rare condition that could lead to IM/P2P engine crashes
Fixed QoS for IM/P2P protocols
Fixed DSCP matching in QoS Traffic Selectors
Fixed potential Deadlock in Kernel IPsec engine
Improved detection accuracy of IM/P2P protocols especially SSL/TLS based
Improved performance for IM/P2P classification
Renamed static IM/P2P Traffic Selectors
Removed P2P protocols FastTrack, SoulSeek, WinMX, XDCC
Removed Advanced Tab from IM/P2P config pages
Please check also the V7 BETA forum.

Download Information

The Astaro Up2Date technology makes it easy to upgrade your installed Astaro Security Gateway to this BETA version. There are two ways to apply an Up2Date package to the system (All Up2Dates are GNUPG-signed!):

Log on to WebAdmin, navigate to Management >> Up2Date >> Overview and use Update to latest version now to install the Firmware Up2Date. Click on then Watch Up2Date Progress in new window and an extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server and install it under Management >> Up2Date >> Advanced:
(MD5sum: 14a62fb97b78fb548e5c1e660b14b114 Size: 56.308.118 bytes) Download server:
HTTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Austria Mirror - Japanese Mirror

Thanks in advance for using and testing ASG V7.200 BETA,
Your Astaro R&D team!

Up2Date 7.191 for ASG V7.200 BETA released

Gert Hansen — Mon, 28 Apr 2008 16:18:18 +0000

This is the third Up2Date for the public V7.200 BETA, it contains multiple bugfixes, some feature and performance improvements. If no new issues appear, this might be the release candidate. It will not be downloaded and installed on ASG 7.104 installations.

Remarks

This is the third Update for ASG V7.200 BETA
Existing configuration will not be changed
System will be reboot after Up2Date

News

Added File Transfer Blocking for IM Protocols
Improved detection accuracy of many IM/P2P protocols
Improved performance for IM/P2P classification
Added RAID monitor to dashboard (for ASG525 and AWG4000)
Fixed some HTTP issues with large file transfer
Fixed 100%-cpu usage while IM/P2P scanning
Fixed Cluster IPS Crash
Please check also the V7 BETA forum.

Download Information

Log on to WebAdmin, navigate to Management >> Up2Date >> Overview and use Update to latest version now to install the Firmware Up2Date. Click on then Watch Up2Date Progress in new window and an extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server and install it under Management >> Up2Date >> Advanced:
(MD5sum: 786011c851de88d714344ced23934802 Size: 65.444.620 bytes)
Download server:
HTTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Austria Mirror - Japanese Mirror

Thanks in advance for using and testing ASG V7.200 BETA,
Your Astaro R&D team!

Up2Date 7.190 for ASG V7.200 BETA released

Gert Hansen — Tue, 15 Apr 2008 18:55:07 +0000

This is the second Up2Date for the public V7.200 BETA, it contains bugfixes as well as some small improvements for the BETA. It will not be downloaded and installed on ASG 7.104 installations.

Remarks

This is the first update for ASG V7.200 BETA
Existing configuration will not be changed
System will be reboot after Up2Date

News

Fixed IM/P2P Futex() bug
Fixed "No traffic getting through" bug
Fixed OSPF and HA not working together properly
Fixed sending OSPF notification if afcd is not running
Fixed too high High web usage reporting for certain websites
Fixed wrong calculation of available days in logfiles - again :)
Fixed random dropping of outbound proxy packets
Improved Astaro Flow Classifier Livelog viewe
Please check also the V7 BETA forum.

Download Information

Log on to WebAdmin, navigate to Management >> Up2Date >> Overview and use Update to latest version now to install the Firmware Up2Date. Click on then Watch Up2Date Progress in new window and an extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server and install it under Management >> Up2Date >> Advanced:
(MD5sum: b4076811cace09345b6105500f21c5db Size: 39.106.352 bytes)
Download server:
HTTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Austria Mirror - Japanese Mirror

Thanks in advance for using and testing ASG V7.200 BETA,
Your Astaro R&D team!

Up2Date 7.185 for ASG V7.200 BETA released

Gert Hansen — Wed, 09 Apr 2008 17:53:25 +0000

This is the first Up2Date for the public V7.200 BETA, it contains bugfixes as well as some small improvements for the BETA. It will not be downloaded and installed on ASG 7.104 installations.

Remarks

This is the first update for ASG V7.200 BETA
Existing configuration will not be changed
System will be reboot after Up2Date

News

Fixed IM/P2P Memory Leak
Fixed IM/P2P Exception Bug
Added IM/P2P logfile
Added support for simultaneous SSL-VPN user login from two ip addresses
Improved system resource usage (RAM/CPU)
Updated timezone file
Added missing gui text in IM/P2P
Increased scheduler priority for IPS and IM/P2P engine, should result in lower latency
Fixed wrong calculation of available days in logfiles
Please check also the V7 BETA forum.

Download Information

Log on to WebAdmin, navigate to Management >> Up2Date >> Overview and use Update to latest version now to install the Firmware Up2Date. Click on then Watch Up2Date Progress in new window and an extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server and install it under Management >> Up2Date >> Advanced:
(MD5sum: 58e48c0b85040665641bae55cd3ed835 Size: 70.829.641 bytes)
Download server:
HTTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Austria Mirror - Japanese Mirror

Thanks in advance for using and testing ASG V7.200 BETA,
Your Astaro R&D team!

ASG Up2date 6.313 released [Middle]

Gert Hansen — Wed, 26 Mar 2008 18:49:20 +0000

This is just a small bug fix Up2Date including a fix for not forwarding email due to broken external RBL server.

Remarks

Required previous version is 6.312
SMTP Proxy configuration will be changed
Depending on the speed of the CPU the Up2Date installation will take a few minutes

New/Changed/Improved Bugfix

(please refer to the known issue list on http://www.astaro.com/kb)
ID8025 RBL relays.ordb.org is blocking all emails

Download Information

The Astaro Up2Date technology makes it easy to upgrade your installed Astaro Security Linux to the latest version. There are three ways to apply an Up2Date package to the system (All Up2Dates are GNUPG-signed!):

Log on to WebAdmin, navigate to "System -> Up2Date Service" and start a "Update now" in "System Up2Date. An extra browser window will show the progress of the Up2Date process and the System Administrator will receive a notification email once the Up2Date process has finished successfully.
Log on to WebAdmin, navigate to "System -> Up2Date Service" and enable "Prefetch Up2dates". The System Administrator will receive a Notification email after an Up2Date package has been successfully fetched and can install the Up2Date by clicking "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server:
(MD5sum: 7320910f588ba50cbb987eb02ec53763 Size : 85,854 bytes)
HTTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Australian Mirror - Austria Mirror - Japanese Mirror
Log on to WebAdmin, navigate to "System -> Up2Date Service", start "Import from file" and import the downloaded Up2Date package. After a successful upload click "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System Administrator will receive a notification email once the Up2Date process has finished successfully.

Feedback

If you want to provide feedback or want to discuss any of the ASG V6 features you should post it on our User Bulletin Board. Please take care to add always(!) the version you refer to (e.g. "[6.313] does this solve this issue").

Your Astaro R&D team

Public ASG V7.200 BETA released

Gert Hansen — Wed, 26 Mar 2008 18:55:19 +0000

Test Astaro Security Gateway V7.200 BETA and win a fully loaded (3 year) ASG120 appliance

Astaro invites you to participate in the Astaro Beta Test Program. The new ASG V7.200 features an improved Instant Messaging (IM) and Peer-to-peer (P2P) detection engine including skype blocking, an updated IPS engine and linux kernel as well bugfixes and other improvements.

What's new in ASG V7.200?

This release focuses on an improved IM and P2P detection and blocking, Astaro developed and integrated a new layer 7 application classification engine. It features a better detection accuracy making it possible to detect and block skype as well as a performance improvement. The new design made additional features possible like exception for IM/P2P as well as the usage of the application classification inside Bandwidth Management (QoS).

Exceptions for IM/P2P
This feature makes it possible to create exceptions for certain users (by ip address) to change the default policy of the IM/P2P management

Skype Detection/Blocking/Alerting
Skype uses a specially designed protocol to bypass nearly every blocking device making it a security risk to many companies. This release includes the functionality to detect and block skype at the gateway.

Bandwidth Management (QoS) for IM/P2P protocols
It is now possible to use the Layer 7 classified protocols (IM/P2P) inside the bandwidth management (QoS) and shape/throttle these kind of protocols.

Filter Web-Content based on Mime-Type/Content-Type
Demanded by many customer we added WebContent blocking based on Mime-Type/Content-Type. Besides these new features the new release includes kernel bugfixes and updates that increase the stability as well as extend the supported hardware.

Known-Issues
We are still fine tuning the detection engine and know that some protocols are not yet fully classified. Also the File-transfer blocking of IM protocols has not been enabled yet.

How to become a Beta Tester

Testing Period

March 26th - April 17rd

Download

You can either do a new installation by downloading and installing the complete ISO image or you can upgrade your existing installation with the BETA up2date package.

New installation:

Download asg-7.180-080326-2.iso
size:472 MB (483,756,032 Byte)
md5sum: 9e923048ca1f4e6f37d406449b2b9b0b

Upgrade:

Download u2d-sys-7.180.tgz.gpg
size: 92 MB (94,257,858 Byte)
md5sum: e042b72e506b3b7803930ebd79329319

As the first Beta Up2Date package will not be fetched via the automatic Up2Date mechanism you need to download and install the Up2Date package manually
Download the Up2Date package from our FTP Server and install it in WebAdmin under Management >> Up2Date >> Advanced (please note: you need a running 7.104 to install 7.180)
Further Beta Up2Date packages, which will be released during the test period will be automatically fetched as usually
At the end of the beta phase we will offer a migration path for all BETA installations to install 7.200 GA and keep config and log files

Download servers:

Astaro FTP server: ftp://betau2d:korgano@ftp.astaro.de/

Limitations and Hints

With the provided ISO image there maybe some limitations (remember: it's a BETA :-)
ASG V7.2 BETA will not be supported via Astaro's support teams therefore you should not use it within productive environments.
An ASG V7.2 manual and complete Online Help will be available with the GA release.
The ASG V7.2 BETA version is compatible with the latest version of Astaro Command Center (ACC), including deployments with HA and Clustering scenarios.
We are currently fine tuning the detection engine, therefore some protocols might not yet be detected fully or some over blocking might occur.

Test Cases

After you have successfully installed the beta version of ASG V7.2 you are able to conduct individual tests at your own discretion. If feasible we would also appreciate if you would have a closer look into the following areas and provide us with your personal feedback as described below:

network performance when IPS and/or IM/P2P management is enabled
cpu and ram utilization when IPS and/or IM/P2P management is enabled
detection accuracy of the new IM/P2P engine - false classification of connections
system stability

Feedback

As with earlier versions please post any feedback and discuss any of the ASG V7.2 BETA features on our User Bulletin Board in the "BETA Version" forum.

Win a fully loaded ASG 120!

Challenge

The tester who is reporting the highest amount of confirmed bugs will be honored with it . For more information please see the posting on our User Bulletin Board beta forum. Shortly after the Beta phase has finished Astaro will evaluate the feedback of all beta program participants and will inform you about your possible win of the ASG120.

Good luck!
Your Astaro Product Management Team

ASG 7.200 BETA upcoming!

Gert Hansen — Tue, 25 Mar 2008 13:58:47 +0000

This is a short pre-announcement of the upcoming 7.200 BETA version. Within the next days we are going to release 7.200 BETA as an ISO image and Up2Date package (you need 7.104 to install it).

ASG V7.200 will include exciting new features like blocking Skype, improved IM/P2P detection including ip based exceptions and QoS shaping of these protocols. Improved Intrusion Prevention engine delivering better performance while disabling the hardware accelleration. Extended WebSecurity to allow blocking by mime-type/content-type. New Linux Kernel with improved stability and extended hardware support Furthermore you will experience convenience changes and performance improvements.

Please stay tuned for more details.

Astaro Secure Client V9.03 released

Udo Kerst — Mon, 10 Mar 2008 12:42:50 +0000

This new release adds a new Silent Installation option, a signed Windows XP driver as well as other smaller enhancements. This minor software update is free of charge. Thus all users in possession of a valid 9.0 license can download and use the new version.

New Features

ASC V9.03 offers the following major new features, among others:

Silent Installation
Client installations in large environments can now be dramatically simplified by using a new setup facility allowing the installation of a client without requiring any user input. This can be achieved by defining required installation parameters like installation directory or paths to configuration and certificate files within a dedicated setup file. Please read the ASC_Silent Installation-HowTo document available on the Astaro Knowledgebase at http://www.astaro.com/kb/ for further information.

Signed Windows XP driver
The client driver for Windows XP has been signed by Microsoft in order to skip the usual pop-up window alerting the user that a non-officially signed application is trying to install on the PC. This not only facilitates the silent installation but also avoids problems with certain desktop firewalls. Additional feature and installation information can be found on the Astaro Knowledgebase at http://www.astaro.com/kb/ under Section Astaro Secure Client - Manuals and Guides.

How to Upgrade

There are two ways to upgrade an existing Astaro Secure Client to the new version:

Start the Astaro Secure Client Monitor on your desktop. On the menu select "Help -> Search for New Updates". Click "Next" on the upcoming "Software Update Wizard" window. The client will now automatically search for new updates. If a newer version is found, you can click on the "Next" button to start the automatic installation immediately.
Use MyAstaro to download the new client software from our HTTP or FTP Server. When installing the new software an already existing version will be recognized and updated accordingly.

If you want an evaluation copy of Astaro Secure Client, go to MyAstaro and complete a short form to create a MyAstaro account. You will then be taken to a screen where you can download a 30-day evaluation version of Astaro Secure Client.
For more information please visit our website.

Your Product Management Team

Up2Date 7.104 released

Udo Kerst — Wed, 27 Feb 2008 10:49:41 +0000

This is a small bugfix Up2Date which fixes an up2date issue after a factory reset as well as an issue with decreased spam detection rates.

Remarks:

System will be rebooted

News:

This is a small bugfix release resolving the following issues:

Factory Reset leads to up2date verification error
After executing the a factory reset the resulting system is no longer able to properly verify the digital signature of system and pattern up2date packages. If you encounter this issue, please contact the astaro support team.

Update 7.102 may lead to decreased spam detection rates
Installing the up2date 7.102 can lead to the fact that two 'cffd' processes are running, which both try to process email. The first of these processes can do spam detection the second not, because the socket of the spam detection engine is already used by the first process. If you encounter this issue, you need to restart the system which fill fix the issue permanently.

Please check also the V7.1 Release Notes PDF.

Bugfixes:

Fix [7866]: Up2Date package verification fails after factory reset

Download Information

Log on to WebAdmin, navigate to Management >> Up2Date >> Overview and use Update to latest version now to install the Firmware Up2Date. Click on then Watch Up2Date Progress in new window and an extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server and install it under Management >> Up2Date >> Advanced:
(MD5sum: ca5a45038ee03b8bf30417795c76ab44 Size : 9,193,372 bytes)
HTTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Austria Mirror - Japanese Mirror

Feedback

If you want to provide feedback or want to discuss any of the ASG V7 features you should post it on our User Bulletin Board. Please take care to add always(!) the version you refer to (e.g. "[7.103] memory leak fix worked"). There is also a demo server to check ASG V7: http://demo.astaro.com.

Your Astaro R&D team

Up2Date 7.103 released

Gert Hansen — Tue, 19 Feb 2008 09:17:02 +0000

This is a small bugfix Up2Date which fixes a memory leak that could lead to reduced performance over time as well as an improved Up2Date mechanism that minimizes the risk of updates fail to install.

Remarks:

Middleware will be restarted
HTTP daemon will be restarted

News:

This is a small bugfix release
Small Middleware Memory Leak fixed
Disable performance logging in HA mode
Please check also the V7.1 Release Notes PDF

Bugfixes:

Fix [7814]: Middleware may slow down on some systems
Fix [7831]: High availablility logfile filling up with stats

Download Information

Log on to WebAdmin, navigate to Management >> Up2Date >> Overview and use Update to latest version now to install the Firmware Up2Date. Click on then Watch Up2Date Progress in new window and an extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server and install it under Management >> Up2Date >> Advanced:
(MD5sum: d7c5bb6eda6e4ff5c5f1824cd8b7ec71 Size : 5,386,126 bytes)
HTTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Austria Mirror - Japanese Mirror

Feedback

If you want to provide feedback or want to discuss any of the ASG V7 features you should post it on our User Bulletin Board. Please take care to add always(!) the version you refer to (e.g. "[7.103] memory leak fix worked"). There is also a demo server to check ASG V7: http://demo.astaro.com.

Your Astaro R&D team

Up2Date 7.102 released

Gert Hansen — Thu, 14 Feb 2008 21:28:07 +0000

This Up2Date adds two new features "WebAdmin Auditor role", "Web Security Reporting for blocked pages" and fixes issues in different areas which increases stability and performance.

New Features and Enhancements

WebAdmin Auditor role
Users with Auditor role will be able to login to WebAdmin with restricted (read-only) access, so they only can only view reports and logfiles without permission to change system settings.

Web Security Reporting for blocked pages
New Web Security Reports list all websites that have been blocked by the Astaro Web Filter due to viruses found, blocked file extensions or blocked URL categories. Different views are available sorted by categories, users, domains, and more.

Please check also the V7.1 Release Notes PDF.

Fixes

The following issues have been fixed with the current release, among others:

High Availability
Several fixes have been made for High Availability configurations, including proper start-up of IPsec services, synchronization of authentication state when using external authentication like eDirectory, synchronization of configuration data and logfiles as well as the Up2Date process.

HTTP Proxy
Several minor issues with the new HTTP Proxy have been fixed, i.e. with time based profiles, misbehaviour when parent proxy is not resolvable and with sites not working correctly.

Authentication
Auto-usercreation now only creates lowercase usernames in order to avoid duplicate, case-sensitive usernames with remote authentication back-ends. Furthermore Single Sign-On within clustered eDirectory environments has been improved.

Tunnel Reference within live log
When using the IPsec live log viewer, the tunnel references will now be resolved to the tunnel names. That should help while debugging/viewing the IPsec status.

MMS connection tracking helper
The connection tracking helper for MMS has been removed as the protocol is only rarely used and also causes unstable behaviour in some cases.

Public List of Bugfixes:

Fix [7097]: Nics listed twice in WebAdmin overview
Fix [7314]: Bridge can not be disabled after importing a backup
Fix [7475]: IPsec starting in wrong mode after restart of HA system
Fix [7483]: Lots of config changes cause SMTP restarts
Fix [7491]: eDirectory SSO synchronisation: use overlapping sync intervall
Fix [7569]: Unresolved HTTP parent proxy kills the backend system

Download Information

Log on to WebAdmin, navigate to Management >> Up2Date >> Overview and use Update to latest version now to install the Firmware Up2Date. Click on then Watch Up2Date Progress in new window and an extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server and install it under Management >> Up2Date >> Advanced:
(MD5sum: 0172f86b763945e63722239218d065a0 Size : 96,980,676 bytes)
HTTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Austria Mirror - Japanese Mirror

Feedback

If you want to provide feedback or want to discuss any of the ASG V7 features you should post it on our User Bulletin Board. Please take care to add always(!) the version you refer to (e.g. "[7.102] new auditor role"). There is also a demo server to check ASG V7: http://demo.astaro.com.

Your Astaro R&D team

Up2Date 7.101 released

Markus Hennig — Mon, 17 Dec 2007 17:48:37 +0000

This is a small bugfix Up2Date which increases performance of the HTTP proxy in some situations and fixes some minor issues.

Up2Date 7.101

Remarks:

Webadmin cert will be recreated
HTTP daemon will be restarted
HTTP proxy will be restarted

News:

This is a bugfix release
HTTP proxy performance increase
Connection tracking handling optimization for HTTP proxy and authentication
Please check also the V7.1 Release Notes PDF

Bugfixes:

Fix [7442]: High system load after remote access login
Fix [7443]: Customization Texts for HTTP Proxy not working
Fix [7445]: Kaspersky Antivirus blocks HTTPS through proxy
Fix [7455]: Adobe Download Manager may fail to download pdf files
Fix [7479]: SNAT rule for network groups not set

Download Information

Log on to WebAdmin, navigate to Management >> Up2Date >> Overview and use Update to latest version now to install the Firmware Up2Date. Click on then Watch Up2Date Progress in new window and an extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server and install it under Management >> Up2Date >> Advanced:
(MD5sum: c6eb4f2b176fac3afbb7e6e8d5251bb2 Size : 29,533,961 bytes)
HTTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Austria Mirror - Japanese Mirror

Feedback

If you want to provide feedback or want to discuss any of the ASG V7 features you should post it on our User Bulletin Board. Please take care to add always(!) the version you refer to (e.g. "[7.101] speedup of reporting in WebAdmin"). There is also a demo server to check ASG V7: http://demo.astaro.com

Your Astaro R&D team

Up2Date 7.100 for ASG 7.1 BETA released

Markus Hennig — Mon, 03 Dec 2007 16:00:18 +0000

This is the official ASG V7.100 release for all BETA testers. Installing this release will update your installation from 7.091 to 7.100. Please read the official 7.100 announcement for all details. Within next 24 hours we will shut down the BETA Up2Date server.

Please use manual upload of the Up2Date, if your BETA installation did not download this Firmware Up2Date to your ASG. We will provide Firmware Up2Date download via our FTP/HTTP download server for several days.

Remarks:

System will reboot after Up2Date
Existing configuration will not be changed
Customers upgrading from versions prior to 7.100 MUST re-join the Firewall to the AD domain if they use SSO. In order to join the AD domain, the firewall must find a DC (Domain Controller) machine. In previous versions, this was done with a NetBIOS broadcast.
Starting with ASG 7.100, pure AD (native) mode is used, which in turn requires finding the DC with a DNS lookup. There are also more strict requirements on DNS resolution and time differences. The following conditions must be met:
- The time zone on the firewall and the DC must be the same.
- There MUST NOT be a time difference of more than five minutes between the firewall clock and the DC clock.
- The ASG hostname must exist in the AD DNS system.
- The ASG must use the AD DNS as forwarder, or must have a DNS request route for the AD domain which points to the AD DNS server.

News

Please see detailed release notes at http://download.astaro.de/ASL/v7.0/iso_i386/ASGV7.1_ReleaseNotes.pdf

Bugfixes:

Fix [6102]: .com websites are blocked by file extension scanner
Fix [6106]: Changing type of an interface will delete corresponding NAT/Masq rules
Fix [6178]: Whitelisting does not work under certain circumstances
Fix [6281]: NTLM doesn't work with IE7 and Windows Vista
Fix [6389]: WebAdmin very slow when using many objects
Fix [6438]: WebAdmin SSO support for ACC not working
Fix [6463]: More than one Executive Report in HA/Cluster environment
Fix [6492]: WebAdmin becomes unresponsive after a longer log-in period
Fix [6628]: Wrong message after too many failed WebAdmin logins
Fix [6651]: HA/Cluster stops working if ha password has special characters
Fix [6741]: Email Encryption logfiles filling up partition
Fix [6763]: Problems with IPSec and DNAT on bridge interfaces
Fix [6865]: Daily Spam Report is sent to all users
Fix [6982]: Anti-Spam filter not working in some environments
Fix [7014]: eDirectory authentication does not work if BaseDN is empty

Download Information

Log on to WebAdmin, navigate to Management >> Up2Date >> Overview and use Update to latest version now to install the Firmware Up2Date. Click on then Watch Up2Date Progress in new window and an extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server and install it under Management >> Up2Date >> Advanced:
(MD5sum:80ec2cb2a6bbf480a4f0e1d39206e341 Size: 24,069,410 bytes)
Download server:
HTTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Austria Mirror - Japanese Mirror

On the UBB Tom and Gert will post the official end of the BETA challenge and announce the winners (we decided to have more then 3 :-).

Thank you very much for participated the 7.1 BETA program,
your Astaro R&D team!

Up2Date and ISO ASG V7.100

Markus Hennig — Mon, 03 Dec 2007 16:10:51 +0000

Astaro is pleased to announce that Astaro Security Gateway V7.1 GA is available now. Version 7.1 integrates exciting new Web Security features like Active Directory SSO native mode, improved performance, lower resource usage (without squid now), intelligent caching, re-added black/whitelist and audio/video streaming support.

On top of that we now support interface based packet filter rules, offer a detailed network accounting report and much more. Furthermore you will experience convenience changes and performance improvements.

What's new in ASG V7.1?

The new HTTP proxy provides the following major enhancements:

Active Directory native mode (NTLMv2/Kerberos)
Added support for NTLMv2/Kerberos authentication, which is required to authenticate against a Windows Domain Controller running in Native Mode.

Concurrent usage of black and white lists per profile
Within HTTP profiles you can now define filter actions that block and allow access to dedicated URLs/sites at the same time.

Streaming media bypass
Scanning of video and audio streams can be selectively disabled in order to avoid delays caused by downloading and scanning the entire stream through the HTTP proxy prior to playing.

Block content before download
File extension filter rules are now applied before downloading a file.

Dynamic configuration changes without restart
The new proxy now reloads its configuration without terminating existing connections

Profile/Filteraction logging
To help troubleshooting wrong profile/filter assignment matching, the used profile and filter action is now logged in the http logfile.

HTTP Proxy scans POST request bodies
The proxy now employs virus scanning for bodies sent with POST requests to foreign servers as well. If the body contains a Virus, the content is blocked with '403 Forbidden'.

Improved performance
Intelligent caching capabilities, support of HTTP 1.1 connection keepalive and a new IO model allow for increased network performance of up to 80% depending on hardware and content scanning configuration. Besides HTTP proxy enhancements the new release also includes the following new features:

Packet filter based on interface
Auto-Packetfilter rule generation for NAT traffic
SPAM Scanner with X-SPAM Flag
Network Accounting/Usage
Contentfilter double byte support
Virtual HA MAC-Addresses (MAC address takeover)
Multiple-IP-Check Uplink Failover
>utomatic user creation support for eDir SSO
DynDNS-for-Static-Ethernet
Disabling of proxy and IPS exceptions
Disabling of aliases on network interfaces
Global NAT Traversal option

A detailed description of the new features, changes, system requirements as well as installation and upgrade information is included within the Astaro Security Gateway V7.1 Release Notes. The Astaro Security Gateway Administration Guide, a hardware compatibility list and a Known Issues List for the GA release are available on our knowledge base.

License

ASG V7 includes a 30 day all feature on trial period.

Feedback

If you want to provide feedback or want to discuss any of the ASG V7 features you should post it on our User Bulletin Board. Please take care to add always(!) the version you refer to (e.g. "[7.100] Active Directory authentication "). If you have feedback to our documentation (Online Help) please send it to docu@astaro.com. There is also a demo server to check the new GUI: http://demo.astaro.com

Download Information

ISO image asg-7.100-071203-2.iso

size: 469 MB (469,676,032 Byte)
md5sum: e04aef8ea0bebb6051bf700a1309bc41
FTP server: * Germany * Germany2 * US * US 2 * Austria Mirror * Japanese Mirror
HTTP server: * Germany * Germany2 * US * US 2 * Austria Mirror * Japanese Mirror

VMWare Images for Player/Workstation, ESX v2 and ESX v3

FTP server: * Germany * Germany2 * US * US 2 * Austria Mirror * Japanese Mirror
HTTP server: * Germany * Germany2 * US * US 2 * Austria Mirror * Japanese Mirror

BitTorrent:

* http://download.astaro.de/ASL/v7.0/iso_i386/asg-7.100-071203-2.iso.torrent
(If you are not familiar with BitTorrent, please check out this detailed description: http://en.wikipedia.org/wiki/Bittorrent).

Search for "how to burn" on our Knowledge Base (http://www.astaro.com/kb/) if you have trouble to burn a CD from the ISO image.

Installation and Hardware Requirements

The software needs to be installed on a dedicated Intel compatible PC.
Astaro minimum recommendation for V7.1 BETA installations: Intel Pentium III 900 MHz, 512MB RAM, 10 GB hard disk drive and above.
Best performance results running on: Dual Xeon or Athlon, 2GB RAM, 36 GB SCSI 15krpm hard disk drive and above.
For proved hardware components please check our Hardware Compatibility List (HCL) at: http://www.astaro.com/lists/HCL-ASG-V7.txt

Up2Date 7.100

Remarks:

System will reboot after Up2Date
Existing configuration will not be changed
Customers upgrading from versions prior to 7.100 MUST re-join the Firewall to the AD domain if they use SSO. In order to join the AD domain, the firewall must find a DC (Domain Controller) machine. In previous versions, this was done with a NetBIOS broadcast.
Starting with ASG 7.100, pure AD (native) mode is used, which in turn requires finding the DC with a DNS lookup. There are also more strict requirements on DNS resolution and time differences. The following conditions must be met:
- The time zone on the firewall and the DC must be the same.
- There MUST NOT be a time difference of more than five minutes between the firewall clock and the DC clock.
- The ASG hostname must exist in the AD DNS system.
- The ASG must use the AD DNS as forwarder, or must have a DNS request route for the AD domain which points to the AD DNS server.

News:

Please see detailed release notes at http://download.astaro.de/ASL/v7.0/iso_i386/ASGV7.1_ReleaseNotes.pdf

Bugfixes:

Download Information

Log on to WebAdmin, navigate to Management >> Up2Date >> Overview and use Update to latest version now to install the Firmware Up2Date. Click on then Watch Up2Date Progress in new window and an extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server and install it under Management >> Up2Date >> Advanced:
(MD5sum: 2e1a36d6374fd663763e49367b54533d Size : 152,837,625 bytes)
HTTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Australian Mirror - Austria Mirror - Japanese Mirror

Supported Web Browsers

The Astaro Security Gateway V7 graphical user interface (WebAdmin) will support the following browser/platform combinations:

MS Windows 2000/XP/Vista

IE6 or higher (including IE7)
note: parallel installations of IE6 and IE7 are not supported!
Mozilla Firefox 1.5 or higher
Safari 3.0 or higher

Linux:

Mozilla Firefox 1.5 or higher

Mac OSX:

Safari 2.0.3 or higher
Mozilla Firefox 1.5 or higher
Note: the iPhone Safari browser has certain limitations - hence it is not supported

Other browsers could also work, but might be subject to rendering or JavaScript issues. They are unsupported. Java or Flash support is not needed.

We recommend using Firefox on a system with at least 512 MB RAM and a CPU with 1.5 GHz or more to achieve maximum performance

Your Astaro Teams

Up2Date 7.091 for ASG 7.1BETA released

Markus Hennig — Wed, 28 Nov 2007 18:04:47 +0000

This is the Release Candidate 2 Up2Date for the public 7.1 BETA, it contains just bugfixes for the BETA. It will not downloaded and installed on ASG 7.011 installations.

Remarks

This is ASG 7.1 RC2
Existing configuration will not be changed
System will be reboot after Up2Date

News

Reference counting issues in kernel fixed Timezone settings issue fixed
Active directory lowercase/uppercase domain joining fixed
Minor HTTP Proxy fix

Download Information

Please check also the V7 BETA forum. The Astaro Up2Date technology makes it easy to upgrade your installed Astaro Security Gateway to this BETA version. There are two ways to apply an Up2Date package to the system (All Up2Dates are GNUPG-signed!):

Log on to WebAdmin, navigate to Management >> Up2Date >> Overview and use Update to latest version now to install the Firmware Up2Date. Click on then Watch Up2Date Progress in new window and an extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server and install it under Management >> Up2Date >> Advanced:
(MD5sum: 8935829a78e612de06919c89cac054c3 Size: 53,169,300 bytes)
Download server:
HTTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Austria Mirror - Japanese Mirror

Please read also the official 7.1 BETA announcement.

Thx in advance for using and testing 7.1 BETA,
Your Astaro R&D team!

Up2Date 7.090 for ASG 7.1 BETA released

Markus Hennig — Tue, 27 Nov 2007 17:05:51 +0000

This is the third online Up2Date for the public 7.1 BETA, it contains just bugfixes for the BETA. It will not downloaded and installed on ASG 7.011 installations. 7.090 is RC1 of the upcoming ASG 7.100.

Remarks

This is ASG 7.1 RC1
Existing configuration will not be changed
HTTP-Proxy cache will be zapped
System will be reboot after Up2Date
Please check also the V7 BETA forum

News

ixed possible authentication daemon problem
Fixed broken HTTP Proxy error messages
Fixed HTTP Proxy crash when turning off HW acceleration
Fixed several accounting problems
Fixed some minor and browser issues

Download Information

Log on to WebAdmin, navigate to Management >> Up2Date >> Overview and use Update to latest version now to install the Firmware Up2Date. Click on then Watch Up2Date Progress in new window and an extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server and install it under Management >> Up2Date >> Advanced:
(MD5sum: 110aa42b6cae23a831d538774c7ffd94 Size: 75,600,140 bytes)
Download server:
HTTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Austria Mirror - Japanese Mirror

Please read also the official 7.1 BETA announcement.

Thx in advance for using and testing 7.1 BETA,
your Astaro R&D team!

ASG Up2date 6.312 released [Middle]

Markus Hennig — Mon, 26 Nov 2007 17:16:20 +0000

This is just a small bug fix Up2Date including fixes for several issues.

Remarks

Required previous version is 6.311
Existing configuration will not be changed
Middleware will be restarted
Active IP and VPN connections will be restarted
Depending on the speed of the CPU the Up2Date installation will take a few minutes

Nwe/Changed/Improved

Target version for migration to V7 has been set to 7.008

Bugfix

(please refer to the known issue list on http://www.astaro.com/kb)
ID6171 Problems initializing antivirus database
ID6518 Problems while updating DynDNS entries
ID6598 Upgrading to V7 may fail on filesystem creation

Download Information

Log on to WebAdmin, navigate to "System -> Up2Date Service" and start a "Update now" in "System Up2Date. An extra browser window will show the progress of the Up2Date process and the System Administrator will receive a notification email once the Up2Date process has finished successfully.
Log on to WebAdmin, navigate to "System -> Up2Date Service" and enable "Prefetch Up2dates". The System Administrator will receive a Notification email after an Up2Date package has been successfully fetched and can install the Up2Date by clicking "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server:
(MD5sum: 12eba8c3752c997be6c740c5072411c7 Size : 1,366,761 bytes)
HTTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Australian Mirror - Austria Mirror - Japanese Mirror
Log on to WebAdmin, navigate to "System -> Up2Date Service", start "Import from file" and import the downloaded Up2Date package. After a successful upload click "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System Administrator will receive a notification email once the Up2Date process has finished successfully.

Feedback

Your Astaro R&D team

Up2Date 7.086 for ASG 7.1BETA released

Markus Hennig — Thu, 22 Nov 2007 22:11:03 +0000

This is the second online Up2Date for the public 7.1 BETA, it contains just bugfixes for the BETA. It will not downloaded and installed on ASG 7.011 installations.

Remarks

Welcome to Astaro beta testing
Existing configuration will not be changed
System will be reboot after Up2Date
Please check also the V7 BETA forum.

News

Added option to disable accounting
Improved database query performance for Network Usage Reports
Fixed possible HTTP Proxy deadlock when using Surfprotection
Fixed HTTP exceptions with extensions
Fixed aborted HTTP downloads stored in cache
Fixed Dashboard showing HTTP Proxy always active
Fixed HTTP Proxy ignoring weekdays in time events
Fixed time events when timezone is not UTC
Fixed Confd crash when importing older backups
Fixed SMTP Proxy problems due to MySQL/config changes
Fixed autocreation of eDir authenticated users without email
Fixed several live logs not being refreshed
Fixed parsing problems in non-english executive reports
Fixed L2TP not working after predefined pool is deleted

Download Information

Log on to WebAdmin, navigate to Management >> Up2Date >> Overview and use Update to latest version now to install the Firmware Up2Date. Click on then Watch Up2Date Progress in new window and an extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server and install it under Management >> Up2Date >> Advanced:
(MD5sum: 9d447fbe81398353634f44054bf6faa1 Size: 77,109,289 bytes)
Download server:
HTTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Austria Mirror - Japanese Mirror

Please read also the official 7.1 BETA announcement.

Thx in advance for using and testing 7.1 BETA,
Your Astaro R&D team!

Up2Date 7.080 for ASG 7.1BETA released

Markus Hennig — Wed, 14 Nov 2007 22:58:34 +0000

This is the first online Up2Date for the public 7.1 BETA, it contains just bugfixes for the BETA. It will not downloaded and installed on ASG 7.011 installations.

Remarks:

This is a bugfix release
For more information, please visit http://astaro.org/forumdisplay.php?f=4
Existing configuration will not be changed
System will be reboot after Up2Date
Please check also the V7 BETA forum.

News:

Fixed AD joining with changed security settings
Fixed AD joining with .local domains
Fixed iTunes update via HTTP Proxy
Fixed Maxdome streaming (content-type application/x-mms-framed)
Fixed invalid POST requests with Zattoo streaming client
Fixed licensing issue with appliances
Fixed WebAdmin certificate creation
Fixed WebAdmin restarts when creating users
Fixed some cosmetic WebAdmin issues
Removed Via: header in HTTP Proxy

Download Information

Log on to WebAdmin, navigate to Management >> Up2Date >> Overview and use Update to latest version now to install the Firmware Up2Date. Click on then Watch Up2Date Progress in new window and an extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server and install it under Management >> Up2Date >> Advanced: (MD5sum: 1f66c74233e9d96629ae99bd4a10f502 Size : 121,964,195 bytes)
Download server:
HTTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Austria Mirror - Japanese Mirror

Please read also the official 7.1 BETA announcement.

Thx in advance for using and testing 7.1 BETA,
Your Astaro R&D team!

Public ASG V7.1 BETA released

Udo Kerst — Thu, 08 Nov 2007 09:08:11 +0000

Test Astaro Security Gateway V7.1 Beta and win a Nintendo Wii

Astaro invites you to participate in the new Astaro Beta Test Program. The first Astaro Security Gateway V7.1 BETA release is now available; become a Beta Tester today for a chance to win one of six Nintendo Wii game consoles.

What's new in ASG V7.1?

The completely re-designed HTTP proxy improves Web Filtering functionality & significantly increases performance. The new version also offers many usability enhancements as well as bug fixes. The new HTTP proxy provides the following major enhancements:

Whitelist/Blacklist per profile
Now you can block and allow dedicated URLs at the same time.

Active Directory native mode (NTLMv2/Kerberos)
Added support for NTLMv2/Kerberos authentication, which is required to authenticate against a Windows Domain Controller running in Native Mode.

Streaming media bypass
Ability to disable video and audio stream scanning in order to avoid delays caused by downloading and scanning the entire stream through the HTTP proxy prior to playing.

Intelligent caching (avoid multiple scanning of cached objects)
To further increase throughput of the HTTP Proxy, all cached content will be scanned only once. Re-scanning will only be done if the Virus scanner configuration has changed.

Block content before download
File extension scanning is now done before the download of the content is started.

No restart on configuration changes
The new proxy now reloads its configuration without terminating existing connections

Full support for HTTP 1.1 connection keepalive
The new proxy fully supports HTTP 1.1 keepalive on client and server connections, improving network performance.

Profile/Filteraction logging
To help troubleshooting wrong profile/filter assignment matching, the used profile and filter action is now logged in the http logfile.

HTTP Proxy scans POST request bodies
The proxy now does virus scanning for bodies sent with POST requests to foreign servers as well

Improved performance
The new proxy uses an IO model that allows for increased network performance of up to 80% depending on hardware and content scanning configuration.

Besides HTTP proxy enhancements the new release also includes the following new features:

SPAM Scanner with X-SPAM Flag
Network Accounting/Usage
Automatically Delete HTTP Proxy Usage Reports
Contentfilter double byte support
HTTP-/SMTP-/FTP-/POP3-/IPS-Exceptions ON/OFF switches in WebAdmin
Cluster/HA MAC-Address takeover
Multiple-IP-Check Uplink Failover
DynDNS-for-Static-Ethernet
Packet filter based on interface
Nat Traversal ON/OFF
switch in WebAdmin
Auto-Packetfilter Checkbox for DNAT/SNAT
Additional addresses (aka alias) on network interfaces ON/OFF
switch in WebAdmin
utomatic user creation support for eDir SSO

How to become a Beta Tester

Testing Period

November 9th - November 23rd

Download

You can either do a new installation by downloading and installing the complete ISO image or you can upgrade your existing installation with the BETA up2date package.

New installation:

Download asg-7.075-071108-3.iso
Size:468 MB (468,187,136 Byte)
md5sum: d6ebea275c888edebdf0ee4eb5c1dd65

Search for "how to burn" on our Knowledge Base (http://www.astaro.com/kb/) if you have trouble to burn a CD from the ISO image. The ASG V7.1 BETA includes a test license with unlimited users and all features activated. There is no need to request a new or special license.

Upgrade:

Download u2d-sys-7.075.tgz.gpg
size: 103 MB (103,628,560 Byte)
md5sum: d152ae3304a958667e3f1650a72a0eda

As the first Beta Up2Date package will not be fetched via the automatic Up2Date mechanism you need to download and install the Up2Date package manually
Download the Up2Date package from our HTTP or FTP Server and install it in WebAdmin under Management >> Up2Date >> Advanced (please note: you need a running 7.011 to install 7.075)
Further Beta Up2Date packages, which will be released during the test period will be automatically fetched as usually
At the end of the beta phase we will offer a migration path for all BETA installations to install 7.100 GA and keep config and log files

Download servers:

Astaro FTP server: ftp://ftp.astaro.de/pub/ASL/v7.0/BETA/
Astaro HTTP server: http://download.astaro.de/ASL/v7.0/BETA/
BitTorrent: http://download.astaro.de/ASL/v7.0/BETA/
(If you are not familiar with BitTorrent, please check out this detailed description: http://en.wikipedia.org/wiki/Bittorrent).

Installation and Hardware Requirements

The software needs to be installed on a dedicated Intel compatible PC.
Astaro minimum recommendation for V7.1 BETA installations: Intel Pentium III 900 MHz, 512MB RAM, 10 GB hard disk drive and above.
Best performance results running on: Dual Xeon or Athlon, 2GB RAM, 36 GB SCSI 15krpm hard disk drive and above.
For proved hardware components please check our Hardware Compatibility List (HCL) at: http://www.astaro.com/lists/HCL-ASG-V7.txt

Supported Web Browsers

The Astaro Security Gateway V7 graphical user interface (WebAdmin) will support the following browser/platform combinations:

MS Windows 2000/XP/Vista

IE6 or higher (including IE7)
note: parallel installations of IE6 and IE7 are not supported!
Mozilla Firefox 1.5 or higher
Safari 3.0 or higher

Linux:

Mozilla Firefox 1.5 or higher

Mac OSX:

Safari 2.0.3 or higher
Mozilla Firefox 1.5 or higher
Note: the iPhone Safari browser has certain limitations - hence it is not supported

Other browsers could also work, but might be subject to rendering or JavaScript issues. They are unsupported. Java or Flash support is not needed. We recommend using Firefox on a system with at least 512 MB RAM and a CPU with 1.5 GHz or more to achieve maximum performance

Limitations and Hints

With the provided ISO image there maybe some limitations (remember: it's a BETA :-)
Please check the Known Issue List on our User Bulletin Board before you test ASG V7.1 BETA.
ASG V7.1 BETA will not be supported via Astaro's support teams therefore you should not use it within productive environments.
An ASG V7.1 manual and complete Online Help will be available with the GA release.
The ASG V7.1 BETA version is compatible with the latest version of Astaro Command Center (ACC), including deployments with HA and Clustering scenarios.

Test Cases

After you have successfully installed the beta version of ASG V7.1 you are able to conduct individual tests at your own discretion. If feasible we would also appreciate if you would have a closer look into the following areas and provide us with your personal feedback as described below:

HTTP proxy performance
Correct display and functionality of HTML pages
Playing video and audio streams with activated streaming bypass
WebAdmin performance

Feedback

Provide your feedback through the following two channels:

As with earlier versions please post any feedback and discuss any of the ASG V7.1 BETA features on our User Bulletin Board in the "BETA Version" forum. But be aware: Finding bugs in ASG V7.1 Beta will be harder then ever as the Astaro R&D team has already put tremendous effort in testing all the new features.
Additionally we are offering a direct feedback channel for both, experienced and occasional users through a short online questionnaire asking for your specific test experience and observations with the major new features. Use this tool if you want to share your overall satisfaction with the new release.

Win a Nintendo Wii !

Your feedback is important. It supports our effort to meet the highest quality demands. As a result, all participants in our Beta Program for ASG V7.1 will have the chance to win one of six new gaming consoles from Nintendo! And this is how it works: Beta Testers using the Astaro User Bulletin Board to provide their feedback are invited to participate in the Astaro Beta Challenge:
Each of the three testers who are reporting the highest amount of confirmed bugs will be honoured with a Nintendo Wii. For more information please see this dedicated posting on our User Bulletin Board. Beta Testers who complete the ASG V7.1 questionnaire are automatically included in the ASG V7.1 Prize Draw. Astaro will raffle three additional Nintendo Wii consoles among participants who complete our short survey. The questionnaire will be available on November 9th via http://www.astaro.com/V7.1survey Shortly after the Beta phase has finished Astaro will evaluate the feedback of all beta program participants and will inform you about your possible win of a Nintendo Wii. Please note that you can't win more than one of the six Nintendo's consoles that are available in this program.

Good luck!
Your Astaro Product Management Team

7.100 BETA upcoming!

Markus Hennig — Tue, 06 Nov 2007 16:50:19 +0000

This is a short pre-announcement of the upcoming 7.100 BETA version. Within the next days we are going to release 7.100 BETA as an ISO image and Up2Date package (you need 7.011 to install it).

ASG V7.100 will include exciting new Web Security features like Active Directory SSO native mode, improved performance, lower resource usage (without squid now), intelligent caching, re-added black/whitelist and audio/video streaming support. On top of that we now support interface based packet filter rules, offer a detailed network accounting report and much more. Furthermore you will experience convenience changes and performance improvements.

Please stay tuned for more details.

Up2Date 7.011 released [HIGH]

Markus Hennig — Mon, 15 Oct 2007 14:56:51 +0000

This Up2Date fixes a non-Single Sign On-eDirectory authentication issue and a problem in the inline reports in the WebAdmin.

Up2Date 7.011

Remarks:

Authentication framework will be restarted
Existing configuration will not be changed

News:

This is a bugfix release
Please check also the V7 release notes PDF

Bugfixes:

[6853] Reporting may stop working because of backend problem
[7001] eDirectory authentication in standard mode not working

Download Information

Log on to WebAdmin, navigate to Management >> Up2Date >> Overview and use Update to latest version now to install the Firmware Up2Date. Click on then Watch Up2Date Progress in new window and an extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server and install it under Management >> Up2Date >> Advanced:
(MD5sum: b88ecd2e82bb21374da2efb9d2ef2141 Size : 15,789,482 bytes)
Please note: because there is no restart of the backend components MiddleWare or Confd the version counter in WebAdmin (lower left corner) will show 7.011 not before a new login.
HTTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Austria Mirror - Japanese Mirror

Feedback

If you want to provide feedback or want to discuss any of the ASG V7 features you should post it on our User Bulletin Board. Please take care to add always(!) the version you refer to (e.g. "[7.011] report about dropped ICMP packets"). There is also a demo server to check ASG V7: http://demo.astaro.com.

Your Astaro R&D team

Up2Date 7.010 released [HIGH]

Udo Kerst — Thu, 11 Oct 2007 15:14:01 +0000

This Up2Date will fix various issues with SSL VPN, HTTP Proxy, Authentication, PPTP and HA/Cluster.

Up2Date 7.010

Remarks:

Middleware will be restarted
Active IP and VPN connections will be restarted
Existing configuration will not be changed

News:

This is a bugfix release
Please check also the V7 release notes PDF

Bugfixes:

Fix [6483]: PPTP connection may stop passing traffic
Fix [6525]: Corrupt databases in HA/Cluster environment
Fix [6855]: Problem in Authentication service under high load
Fix [6874]: HTTP Proxy authentication exceptions not working correctly
Fix [6903]: Checkboxes can not be enabled in HTTP Proxy when using Internet Explorer 6
Fix [6911]: Backend problem after importing a license
Fix [6920]: SSL VPN renegotiates keys every hour
Fix [6926]: Spam Digest not working on HA/Cluster systems

Download Information

Log on to WebAdmin, navigate to Management >> Up2Date >> Overview and use Update to latest version now to install the Firmware Up2Date. Click on then Watch Up2Date Progress in new window and an extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server and install it under Management >> Up2Date >> Advanced:
(MD5sum: 9c41c38b8f322d92c39971686ca8bf4e Size : 39.828.777 bytes)
HTTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Australian Mirror - Austria Mirror - Japanese Mirror

Feedback

If you want to provide feedback or want to discuss any of the ASG V7 features you should post it on our User Bulletin Board. Please take care to add always(!) the version you refer to (e.g. "[7.010] HTTP proxy authentication"). There is also a demo server to check ASG V7: http://demo.astaro.com.

Your Astaro R&D team

Up2Date 7.009 released [HIGH]

Markus Hennig — Fri, 14 Sep 2007 09:37:50 +0000

This small bugfix Up2Date will fix remaining issues from Up2Date 7.008, including the download problem with the MS IE and the whitelist regexp entries.

Up2Date 7.009

Remarks:

Middleware will be restarted Active IP and VPN connections will be restarted
Existing configuration will not be changed

News:

This is a bugfix release

Bugfixes:

Fix [6859]: Downloads via HTTP Proxy do not work with Internet Explorer
Fix [6862]: New HTTP exceptions not matching substrings
Fix [6867]: HTTP Proxy profiles not assigning correctly
Fix [6869]: Up2date package upload via WebAdmin not possible

Download Information

The Astaro Up2Date technology makes it easy to upgrade your installed Astaro Security Linux to the latest version. There are two ways to apply an Up2Date package to the system (All Up2Dates are GNUPG-signed!):

Log on to WebAdmin, navigate to Management >> Up2Date >> Overview and use Update to latest version now to install the Firmware Up2Date. Click on then Watch Up2Date Progress in new window and an extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server and install it under Management >> Up2Date >> Advanced:
(MD5sum:bd9c0e814c23cb58378c9c6628a91030 Size : 30,887,910 bytes)
HTTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Australian Mirror - Austria Mirror - Japanese Mirror

Feedback

If you want to provide feedback or want to discuss any of the ASG V7 features you should post it on our User Bulletin Board. Please take care to add always(!) the version you refer to (e.g. "[7.009] list of HTTP whitelist entries exmaples"). There is also a demo server to check ASG V7: http://demo.astaro.com.

Your Astaro R&D team

Upcoming Up2Date 7.009

Markus Hennig — Thu, 13 Sep 2007 21:07:53 +0000

Tomorrow morning (CEST) we will release Up2Date 7.009 which will fix two remaining issues from 7.008: downloads via HTTP Proxy using MS Internet Explorer and HTTP domain whitelist entries.

Downloads via HTTP Proxy using Internet Explorer (ID6859)
When trying to download a file via HTTP Proxy with Microsoft Internet Explorer 6 or 7, the download manager page does not refresh automatically and the download is not shown as finished after scanning succeeds. Mozilla based browsers are not affected. Unfortunately there is no workaround we were able to offer.

HTTP domain whitelists (ID6862)
Up to version 7.007, the "Target Domains" match in the "Exceptions" Tab of the HTTP Proxy was a pure substring match against the domain part of URLs. For example, an entry of "astaro.com" would match all domains (including subdomains and Hostnames) that have "astaro.com" in them, for instance "up2date.astaro.com".

To provide more flexibility with V7.008, Astaro allowed defining exact (sub)domain names by use of regular expressions. Unfortunately this also causes some existing expressions to no longer work because they now require an exact match - so the entry "astaro.com" only matches the domain "astaro.com" but not "www.astaro.com". This can be corrected by using regular-expression style wildcarding, in this case ".*astaro.com" would achieve the desired effect; however it requires manual adaptation of each entry.

V7.009 will correct this behaviour so that both existing expressions for pre-7.008 installations and expressions modified for 7.008 continue to work, while the more flexible regular expression syntax can still be used.

I apologize for any inconvenience these issues might caused,
Markus Hennig

Up2Date 7.008 released [Middle]

Markus Hennig — Wed, 12 Sep 2007 09:52:55 +0000

We are pleased to announce the immediate availability of Astaro Security Gateway V7.008. Even if only titled as a maintenance release this version includes major functionality improvement besides many other enhancements and bug-fixes.

The major parts of the Up2Date are:

New Spam Scan Engine
As our existing SpamAssassin scanner was no longer sufficient for detecting latest sophisticated spam techniques we have replaced it with a new engine. This engine now allows precisely detecting spam techniques like PDF or image spam by use of advanced recurrent pattern detection technology. As this technique also consumes only a fraction of the CPU power required by SpamAssassin this furthermore leads to a significant overall performance improvement.

Regular Expressions within whitelists
You can now also use regular expressions within HTTP proxy whitelists. Hence please make sure not to use entries like "*.example.com" within the list of target domains, because those entries are no valid regular expressions and will therefore be skipped.

Deletion of user certificates
Deleting a user will now also result in deleting his certificate which means you can add a new user with the same username again.

DSL reconnection
Automatic reconnection of DSL connections with statically assigned IP addresses now works properly. This also affects IPsec tunnels (Site-to-Site) which have not been established properly after a reconnect.

Other
Various scenarios creating a mix-up between WebAdmin, Enduser Portal and SSL VPN port have been fixed. Users that are added to a running system can now be used immediately for authentication, e.g. PPTP. Additionally this Up2Date contains a multitude of bugfixes for various sections of Astaro Security Gateway, please see below for details. Also browser incompatibilities, typos and other small issues have been corrected.

Up2Date 7.008

Remarks:

Middleware will be restarted
Active IP and VPN connections will be restarted
Existing configuration will not be changed

News:

Added new Antispam Engine for Email scanning
Fixed several problems with WebAdmin and SSL VPN ports
Fixed lots of small issues and browser problems
Please check also the V7 release notes PDF.

Bugfixes:

5468 Definition dialog boxes with fixed width only
5711 IPSec tunnels may not come up after DPD event
5747 Intrusion Protection counter in dashboard incorrect
5778 User objects not allowed as source/destination in DNAT/SNAT rules
5786 SHA-2 with 512 bit not compatible with NCP/ASC IPSec client
5789 User certificate will not be deleted at all
6031 HTTP traffic in cluster may not be distributed to worker
6265 Portscan detection and logging consumes too much CPU resources
6320 POP3 spam email not tagged correctly
6333 Drag-and-drop fails with Internet Explorer
6375 Contentfilter whitelist does not use regular expressions
6421 HTTP Proxy does not log complete URL
6510 Up and down arrows don't work correctly in HTTP Profiles
6571 L2TP daemon will not be restarted automatically
6607 Daily Spam Report may not be sent out correctly
6618 HTTP Proxy closes sessions after response
6639 Timezone glitch in WebSecurity Reporting
6692 Interface used in Dyndns settings can not be removed
6703 Automatic import of SMIME certificates not working correctly
6713 Changes to backend query order do not take effect
6715 Remote Syslog logs without facility and priority
6716 L2TP over IPsec offers wrong certificate
6732 Can not change PPPoE Daily Reconnect Time to 'never'
6740 Authentication of new users may fail
6772 SMTP Mail processing may stop completely

Download Information

Log on to WebAdmin, navigate to Management >> Up2Date >> Overview and use Update to latest version now to install the Firmware Up2Date. Click on then Watch Up2Date Progress in new window and an extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server and install it under Management >> Up2Date >> Advanced:
(MD5sum:598d2f716226e0c0d3eaf84f26cce92e Size : 107,631,385 bytes)
HTTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Australian Mirror - Austria Mirror - Japanese Mirror

Feedback

If you want to provide feedback or want to discuss any of the ASG V7 features you should post it on our User Bulletin Board. Please take care to add always(!) the version you refer to (e.g. "[7.008] new spam scan engine and POP3 question...").
There is also a demo server to check ASG V7: http://demo.astaro.com.

Your Astaro R&D team

ACC Up2Date 1.401 [low]

Markus Hennig — Thu, 23 Aug 2007 20:15:54 +0000

This small Up2Date fixes some minor issues und prepares in the Command Center the Single Sign On for the ASG V7 WebAdmin.

News

Added support for ASG V7 WebAdmin Single SignOn - the necessery part in V7 will be aded in one of the next V7 Up2Date packages

Bugfixes

ID6435 Commandserver may crash on confirming devices
ID6550 Scheduled maintenance fails when employed for several devices
ID6667 UPS charge may show red for ASG V7 devices

Download Information

The Astaro Up2Date technology makes it easy to upgrade your installed Astaro Command Center to the latest version: Start the Up2Date under "ACC Management >> Maintenance". All Up2Dates are GNUPG-signed!

Virtual Appliance
ACC V1.4 is also made available as a VMWare virtual appliance. Similar to the ASG virtual appliance, ACC can be easily deployed within VMWare virtualized environments, such as VMWare Server, VMWare ESX Server, VMWare Workstation or VMWare Player, by using a pre-configured/pre-installed ACC ISO.

Download the Astaro Command Center 1.400 ISO or VMWare image here:

FTP server: * Germany * Germany 2 * US * US 2 * Japanese Mirror
HTTP server: * Germany * Germany 2 * US * US 2 * Japanese Mirror
BitTorrent: * http://download.astaro.de/ACC/v1.0/iso_i686/acc-1.400-070309-1.iso.torrent
(If you are not familiar with BitTorrent, please check out this detailed description: http://en.wikipedia.org/wiki/Bittorrent).

Search for "how to burn" on our Knowledge Base if you have trouble to burn a CD from the ISO image.
(Size: 259 MB (259,311,616 Byte) md5sum: 57abc2586dcfccd2c9ef1c27d399ce70 )

Hardware requirements for ACC

Upto 100 Devices:

CPU: Intel Pentium 4 2.4 GHz or AMD Athlon XP 2400+
512 MB RAM (1 GB recommended)
40 GB IDE or SCSI hard disk drive
Bootable IDE or SCSI CD-ROM drive
1 PCI Ethernet network card
Internet Connection: 192 Kbit upstream, 2 Mbit downstream

Upto 500 Devices:

CPU: Dual Intel XEON or Dual AMD Opteron
2048 MB RAM (4 GB recommended)
160 GB IDE or SCSI hard disk drive
Bootable IDE or SCSI CD-ROM drive
1 PCI Ethernet network card
Internet Connection: 1 Mbit upstream, 10 Mbit downstream

Please check the ACC V1 hardware compatibility list (HCL) on our knowledge base for supported SCSI controller and NICs

Supported web browser

Astaro Command Center will support the following browser/platform combinations:

MS Windows 2000/XP/Vista

E6 or higher (including IE7)
Mozilla Firefox 1.5 or higher

Linux:

Mozilla Firefox 1.5 or higher

Mac OSX:

Safari 2.0.3 or higher
Mozilla Firefox 1.5 or higher

Other browsers could also work, but might be subject to rendering or JavaScript issues. They are unsupported. Java or Flash support is not needed. We recommend Firefox as web browser on a system with at least 512 MB RAM and a CPU with 1.5 GHz or more.

Licensing

You do not need a license to use ACC V1 (yeah, it's free!).

Feedback

If you want to provide feedback or want to discuss any of the ACC V1 features you should post it on our User Bulletin Board. Please take care to add always(!) the version you refer to (e.g. "[ACC 1.401] monitoring of 100+ devices").
There is also a demo server to check the new GUI: https://accdemo.astaro.com

Enjoy,
Astaro R&D Team

Up2Date 7.007 released [Middle]

Markus Hennig — Wed, 15 Aug 2007 14:04:26 +0000

This Up2Date is a hotfix release for the WebSecurity Reporting backend. In some high-traffic environments the reporting database may grow too fast. Along with this WebSecurity Reporting fix three other issues are addressed.

These issues cover possible DynDNS update problems, error handling in eDirectory environments and search options in WebAdmin. Please note that a one-time WebSecurity database cleanup-process will run next night after Up2Date installation which needs 10 to 120 minutes.

Up2Date 7.007

Remarks:

Middleware will be restarted
Active IP and VPN connections will be restarted
Existing configuration will not be changed

News:

This is a hotfix release for WebSecurity Reporting
Please check also the V7 release notes PDF.

Bugfixes:

Fix [6660]: Search for IP addresses not working with many definitions
Fix [6662]: WebSecurity Reporting shows wrong numbers
Fix [6674]: DynDNS may not update because of a missing packetfilter rule
Fix [6701]: Possible problem when syncing eDirectory users

Download Information

Log on to WebAdmin, navigate to Management >> Up2Date >> Overview and use Update to latest version now to install the Firmware Up2Date. Click on then Watch Up2Date Progress in new window and an extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server and install it under Management >> Up2Date >> Advanced:
(MD5sum:dba1cde07f70bce067f148961c2d6a54 Size : 35,119,116 bytes)
HTTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Australian Mirror - Austria Mirror - Japanese Mirror

Feedback

If you want to provide feedback or want to discuss any of the ASG V7 features you should post it on our User Bulletin Board. Please take care to add always(!) the version you refer to (e.g. "[7.007] all DynDNS problems gone, but one remaining question...").
There is also a demo server to check ASG V7: http://demo.astaro.com

Your Astaro R&D team

ISO 7.006 released

Markus Hennig — Thu, 09 Aug 2007 17:25:35 +0000

This ISO images includes all previous Up2Date packages and is the most recent version of ASG V7. It should be used to install ASG V7 from scratch on custom hardware (not on Astaro Appliances!).

Please contact your local Astaro partner or Astaro Support how to install your Astaro Appliance with a 7.006 ISO.

Download Information

ISO image asg-7.006-070726-2.iso
size: 437 MB (437334016 Byte)
md5sum: bb4721d4d04d87ce363b870fa432b6fe
FTP server: * Germany * Germany2 * US * US 2 * Austria Mirror * Japanese Mirror
HTTP server: * Germany * Germany2 * US * US 2 * Austria Mirror * Japanese Mirror
BitTorrent: * http://download.astaro.de/ASL/v7.0/iso_i386/asg-7.006-070726-2.iso.iso.torrent

If you are not familiar with BitTorrent, please check out this detailed description: http://en.wikipedia.org/wiki/Bittorrent. Search for "how to burn" on our Knowledge Base if you have trouble to burn a CD from the ISO image.

Feedback

If you want to provide feedback or want to discuss any of the ASG V7 features you should post it on our User Bulletin Board. Please take care to add always(!) the version you refer to (e.g. "[7.006] Websecurity report is great but show strange numbers"). Please check also the V7 release notes PDF. There is also a demo server to check the new GUI: http://demo.astaro.com

Your Astaro R&D team

ASG Up2date 6.311 released [Middle]

Markus Hennig — Sat, 28 Jul 2007 00:39:19 +0000

This very small Up2Date package adds support for encrypted backup files while the V6->V7 migration and fixes a small issue in the backup converter.

Remarks

Required previous version is 6.310
Existing configuration will not be changed
Middleware will not be restarted
ctive IP and VPN connections will not be restarted

New/Changed/Improved Bugfix

(please refer to the known issue list on http://www.astaro.com/kb)
ID6603 Upgrade to V7 not working with encrypted configuration
ID6624 Parts of the V6 configuration missing after Upgrade

Download Information

Log on to WebAdmin, navigate to "System -> Up2Date Service" and start a "Update now" in "System Up2Date. An extra browser window will show the progress of the Up2Date process and the System Administrator will receive a notification email once the Up2Date process has finished successfully.
Log on to WebAdmin, navigate to "System -> Up2Date Service" and enable "Prefetch Up2dates". The System Administrator will receive a Notification email after an Up2Date package has been successfully fetched and can install the Up2Date by clicking "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server:
(MD5sum: f6e166e4aa6ee9c518f9332e7cd7c050 Size : 1,128,468 bytes)
HTTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Australian Mirror - Austria Mirror - Japanese Mirror
Log on to WebAdmin, navigate to "System -> Up2Date Service", start "Import from file" and import the downloaded Up2Date package. After a successful upload click "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System Administrator will receive a notification email once the Up2Date process has finished successfully.

Feedback

Your Astaro R&D team

Up2Date 7.006 released [Middle]

Markus Hennig — Thu, 26 Jul 2007 23:58:15 +0000

We are pleased to announce the immediate availability of Astaro Security Gateway V7.006. The new release not only includes bug-fixes and enhancements, but also a series of important new features like:

Improved reporting:
The Web Security in-line report has been significantly improved. The web usage tab now displays comprehensive statistics, detailing the most active web users and most frequented domains. Time ranges for this feature may be specified.

Log file filtering and search:
You may now filter and search through archived log files by using a new tab under the "Logging/View Log files" section. This simplifies the process of locating specific entries.

Base license with proxy functionality:
The base proxy functionality for HTTP/FTP/SMTP/POP3 (including HTTP Cache and authentication) is now available within the ASG base license. If you do not require applications such as anti virus or anti spam, the Email or Web Filtering subscriptions no longer need to be purchased.

Enhanced QoS configuration:
Instead of clicking through individual tabs for each QoS-enabled interface, you are now able to define bandwidth pools on the new interfaces tab. This largely enhances the configuration of QoS profiles.

Backup heartbeat interface:
You are now able to configure a backup heartbeat interface for HA configurations. This prevents occurrences where both the master and the slave try to become the master at the same time (master-master situations). These situations occur for example, because of an HA synchronization interface failure or due to an unplugged network cable.

eDirectory synchronization improvements:
Administrators can now set intervals (in seconds) where the Astaro Security Gateway will work to synchronize its user database with the eDirectory server.

Custom DynDNS settings:
It is now possible to freely enter custom DynDNS hostnames, for example, "www.example.com, mail.example.com, example.com"

Improved ACC compatibility:
Version 7.006 contains a new device agent for enhanced interoperability with Astaro Command Center.

Regeneration of VPN Signing CA:
You are now able to regenerate the VPN Signing CA which was created during the initial setup of the unit. The VPN Signing CA is the certificate authority who signs digital certificates for use with remote access and site-to-site VPN connections.

Bugfixes:
The new release also corrects various outstanding issues. These issues previously affected the SMTP Proxy (large message ID) and generated kernel freezes with the smaller ASG devices as well as with hardware accelerated anti-virus scanning. The handling for packet filter rules has been improved when additional addresses are in use. The possibility to edit/delete these interfaces after importing a V6 backup has also been addressed. The backend system now also allows the definition of usernames using numbers only.

Up2Date 7.006

Remarks:

Firewall will reboot after Up2Date!
Please note: Because of a WebSecurity database integrity check performed after(!) the reboot, the firewall is maybe some minutes (up to one hour) under high load, depending on the hardware (CPU power, hard disk speed) and database size.
Existing configuration will not be changed

News:

Added CA import and regeneration
Added backup interface for HA and Cluster
Changed subscription licensing model back to V6 style
Improved WebSecurity reporting
Improved logfile handling
Improved logging/performance of accounting data
Improved eDirectory performance for large eDir-trees
Fixed kernel freezes on smaller machines
Fixed kernel freezes with Hardware-Acceleration
Please check also the V7 release notes PDF.

Bugfixes:

Fix [5665]: Broken rendering of WebAdmin tabs in QoS settings
Fix [5881]: Dyndns-custom only supports one hostname
Fix [6311]: Error while scanning emails may stop SMTP proxy
Fix [6317]: Pattern Up2Dates on cluster nodes running very slow
Fix [6391]: User objects fail to be created when user name contains a numeral
Fix [6460]: Authentication daemon restarting in eDirectory environments
Fix [6469]: Online help will not open when WebAdmin language is set to Japanese or Chinese
Fix [6471]: Mail processing stops at message ID 1000000
Fix [6472]: Middleware stops working with unresolved routing targets
Fix [6473]: Disabled End User Spam report enabled after editing custom text
Fix [6478]: Packetfilter rules not set correctly when using additional addresses
Fix [6484]: Sorting of policy routes not working correctly

Download Information

Log on to WebAdmin, navigate to Management >> Up2Date >> Overview and use Update to latest version now to install the Firmware Up2Date. Click on then Watch Up2Date Progress in new window and an extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server and install it under Management >> Up2Date >> Advanced:
(MD5sum:88dda57d90405743faa8b3511f39260c Size :102,610,337 bytes)
HTTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Australian Mirror - Austria Mirror - Japanese Mirror

Feedback

If you want to provide feedback or want to discuss any of the ASG V7 features you should post it on our User Bulletin Board. Please take care to add always(!) the version you refer to (e.g. "[7.006] new e1000 driver boosts my new intel card").
There is also a demo server to check ASG V7: http://demo.astaro.com

Your Astaro R&D team

ASG Up2date 6.310 released [Middle]

Markus Hennig — Thu, 12 Jul 2007 18:26:01 +0000

6.310 is the Migration Kit Up2Date.

With help of the migration function you can install ASG V7.005 just by click a button on your Astaro appliance. This Up2Date introduces the V7 migration kit, which is used to upgrade from installations of ASG V6 to V7, converting (most of) the configuration. The migration kit is available for ASG Appliances only.

However, migrating to V7 is just an option; we will of course continue to provide pattern and firmware updates for ASG V6. The migration can be started from the System >> Up2Date Service menu in WebAdmin. The upgrade procedure reboots the device two times and takes up to 15 minutes (depending on the ASG model) and is irreversible.

Note further that migrating from V6 to V7 runs into the following limitations while converting the configuration:

HA configuration will not be converted.
emote Syslog will not be converted.
Site-to-site and Remote Access VPN: Only PPTP settings will be converted.
Intrusion Protection settings will not be converted.
Network and service groups: Groups containing other groups will be expanded.
Packetfilter: QoS settings of packetfilter rules will not be converted.
DHCP on Eth-VLAN is unsupported in V7.
Configured Ethernet aliases that are disabled will not be converted.
E-mail address fields in V6 (such as System >> Settings >> Administrator Contact) will not be converted.
TTP proxy configuration will not be converted.
SMTP proxy configuration will not be converted.
Remote user authentication services will not be converted.
DHCP relay will not be converted.

Remarks:

Required previous version is 6.306
Existing configuration will not be changed
Middleware will not be restarted
Active IP and VPN connections will not be restarted

New/Changed/Improved

Added Upgrade to V7 for ASG appliances

BUGFIX

(please refer to the known issue list on http://www.astaro.com/kb)

Download Information

Log on to WebAdmin, navigate to "System -> Up2Date Service" and start a "Update now" in "System Up2Date. An extra browser window will show the progress of the Up2Date process and the System Administrator will receive a notification email once the Up2Date process has finished successfully.
Log on to WebAdmin, navigate to "System -> Up2Date Service" and enable "Prefetch Up2dates". The System Administrator will receive a Notification email after an Up2Date package has been successfully fetched and can install the Up2Date by clicking "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server:
(MD5sum: d7de2e52361fa8259279f6f61cf7166e Size: 18,303,216 bytes)
HTTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Australian Mirror - Austria Mirror - Japanese Mirror
Log on to WebAdmin, navigate to "System -> Up2Date Service", start "Import from file" and import the downloaded Up2Date package. After a successful upload click "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System Administrator will receive a notification email once the Up2Date process has finished successfully.

Feedback

Your Astaro R&D team

Astaro Secure Client V9.01

Udo Kerst — Mon, 09 Jul 2007 15:46:47 +0000

This new release adds Support for Microsoft Windows Vista 64 Bit.

This minor software update is free of charge. Thus all users in possession of a valid 9.0 license can download and use the new version.

How to Upgrade

Here are two ways to upgrade an existing Astaro Secure Client to the new version:

Start the Astaro Secure Client Monitor on your desktop. On the menu select "Help -> Search for New Updates". Click "Next" on the upcoming "Software Update Wizard" window. The client will now automatically search for new updates. If a newer version is found, you can click on the "Next" button to start the automatic installation immediately.
Use MyAstaro to download the new client software from our HTTP or FTP Server. When installing the new software an already existing version will be recognized and updated accordingly. If you want an evaluation copy of Astaro Secure Client, go to MyAstaro and complete a short form to create a MyAstaro account. You will then be taken to a screen where you can download a 30-day evaluation version of Astaro Secure Client.

For more information please visit our website.

Your Product Management Team

Up2Date 5.215 [Middle]

Markus Hennig — Mon, 02 Jul 2007 00:01:02 +0000

This small package updates the initial IPs of SurfProtection servers in the US.

Up2Date 5.215

Remarks

Required previous version is 5.214
Existing configuration will not be changed
Middleware will be restarted
Depending on the speed of the CPU the Up2Date installation will take a few minutes

New/Changed/Improved

Updated initial IPs of SurfProtection servers

Bugfix

(please refer to the known issue list on http://www.astaro.com/kb)

Download Information

Log on to WebAdmin, navigate to "System -> Up2Date Service" and start a "Update now" in "System Up2Date. An extra browser window will show the progress of the Up2Date process and the System Administrator will receive a notification email once the Up2Date process has finished successfully.
Log on to WebAdmin, navigate to "System -> Up2Date Service" and enable "Prefetch Up2dates". The System Administrator will receive a Notification email after an Up2Date package has been succesfully fetched and can install the Up2Date by clicking "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server:
(MD5sum: 0f9d5b3627df18f7aa3fd208e9727208 Size : 3,572 bytes)

HTTP: Astaro US - Astaro Germany - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro Germany - Austria Mirror - Japanese Mirror

Log on to WebAdmin, navigate to "System -> Up2Date Service", start "Import from file" and import the downloaded Up2Date package. After a successful upload click "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System Administrator will receive a notification email once the Up2Date process has finished successfully.

ASG Up2date 6.306 released [low]

Markus Hennig — Mon, 02 Jul 2007 00:05:33 +0000

This small package updates the initial IPs of SurfProtection servers in the US.

Remarks

Required previous version is 6.305
Existing configuration will not be changed
Middleware will be restarted
Active IP and VPN connections will be restarted
Depending on the speed of the CPU the Up2Date installation will take a few minutes

New/Changed/Improved

Updated initial IPs of SurfProtection servers

Bugfix

please refer to the known issue list on http://www.astaro.com/kb

Download Information

Log on to WebAdmin, navigate to "System -> Up2Date Service" and start a "Update now" in "System Up2Date. An extra browser window will show the progress of the Up2Date process and the System Administrator will receive a notification email once the Up2Date process has finished successfully.
Log on to WebAdmin, navigate to "System -> Up2Date Service" and enable "Prefetch Up2dates". The System Administrator will receive a Notification email after an Up2Date package has been successfully fetched and can install the Up2Date by clicking "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server:
(MD5sum: 308797d85f6dbc4fcb2825f9f2c0b72f Size : 2,734,114 bytes)
HTTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Australian Mirror - Austria Mirror - Japanese Mirror
Log on to WebAdmin, navigate to "System -> Up2Date Service", start "Import from file" and import the downloaded Up2Date package. After a successful upload click "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System Administrator will receive a notification email once the Up2Date process has finished successfully.

Feedback

Your Astaro R&D team

End of Life for Astaro Security Linux V5 as of 1st October 2007

Markus Hennig — Mon, 02 Jul 2007 01:56:02 +0000

Astaro announces End of Life for Astaro Security Linux V5 as of 1st October 2007.

As of this date, the following services for Astaro Security Linux (ASL) V5 will be discontinued:

System Up2Dates for new features, bug and security fixes
Pattern Up2Dates for AV and spam
Documentation updates (i.e. manuals, online help, HCLs and KILs)
Support from Astaro support teams
License renewals
Software downloads

Existing ASL V5 installations will continue to run for as long as subscriptions are valid. This includes access to the Surf Protection online database. The base system itself will not expire. We strongly recommend that ASL V5 customers upgrade to Astaro Security Gateway V7 and take advantage of the enhancements and valuable new features that have been introduced to the security solution. These features include a Transparent Firewall Mode, Dual Virus scanner support, email encryption, SSL VPNs, Active/Active Clustering, an End-user portal, IM/P2P management, OSPF routing as well as many others.

The upgrade is free-of-charge.

In the process of upgrading, we advise customers to setup a completely new system with ASG V7 (without the backup conversion). This is due to the huge amount of changes between the versions.

Astaro Report Manager V4.6 GA

Markus Hennig — Mon, 18 Jun 2007 17:37:46 +0000

Astaro is pleased to announce the availability of the Astaro Report Manager V4.6 GA. Version 4.6 contains several enhancements like support for ASG V7, enhanced alerting, advanced event classification, integrated security center, enhanced user management. Astaro Report Manager is an award-winning data collection and reporting tool that retrieves, correlates and analyzes data from Astaro Security Gateways and other products.

Key features of this latest release include:

Supports ASG V7
Enhanced alerting: Set alert correlation interval and severity of alerts
Advanced Event Classification: Classify events based on policy
Integrated Security Center: Combines Reporting and Monitoring views
Enhanced User Management: User limitation per reporting category, query and per device

A detailed description of the new features, changes, system requirements as well as installation and upgrade information is included within the Astaro Report Manager V4.6 Release Notes in my.astaro. The Astaro Report Manager User Guide and Setup Guide are available on our knowledge base.

License

ARM V4.6 includes a 30 day all feature on trial period. Please check the Release Note for details.

Download

Astaro Report Manager is available for Free Trial Download on my.astaro!

Feedback

If you want to provide feedback or want to discuss any of the ARM V4.6 features you should post it on our User Bulletin Board. Please take care to add always (!) the version you refer to (e.g. "[4.6] setup question "). If you have feedback to our documentation please send it to documentations@astaro.com.

Up2Date 7.005 released [Middle]

Markus Hennig — Thu, 14 Jun 2007 21:59:11 +0000

Up2Date 7.005 publishes the Backup Converter, Japanese and Chinese localization, WebAdmin Improvements, Performance Optimizations and of course some bug fixes...

Main topics in 7.005

Backup Converter
In order to migrate from existing V6 installations to V7 a Backup converter has been added. This converter will help by moving network and user definitions as well as a lot of other configuration options to V7. Because of many backend changes in V7 it is not possible to convert the V6 configuration completely. See WebAdmin >> Management >> Backup/Restore >> V6 backup import for more details.

Localization
The first part of the localization support is added in this release. Localization will cover WebAdmin, Executive Report and Daily Spam Digest and is available in Japanese and Chinese language.

WebAdmin Improvements
There are several WebAdmin improvements like a filter for the livelogs and the possibility to switch off spam thresholds in SMTP profiles. In addition you can now specifiy or edit the BATV secret and order policy routes by your needs.

Performance Optimizations
For several backend components memory usage and/or performance has been optimized which should lower the overall system resource usage for daily operation.

ASG 320 NIC Ordering
Some users of the ASG 320 already using V7 and who started with an early image may experience a mix up of the NIC ordering after applying Up2Date 7.004. The original state gets restored with this Up2Date.

SMTP Proxy
For SMTP Proxy a problem has been fixed which might stop the whole SMTP Proxy when scanning an email in a certain format. Also the Daily Spam Digest will now be sent out to internal users only.

HTTP Proxy
An issue in HTTP Proxy has been fixed which may slow down or stop HTTP Proxy when trying to deliver virus scanned webpages to the client. Also streaming downloads are now properly handled in the backend when a client disconnects a streaming session before it ends.

Up2Date 7.005

Remarks:

Firewall will reboot after Up2Date!
Existing configuration will not be changed

News:

Added Backupconverter for V6 Backups
Added Japanese and Chinese language support
Added filter option for Livelog windows
Added option to sort policy routes
Updated GeoIP data for reporting
Improved memory usage and performance of several backend components

Bugfixes:

Fix [5584]: Spam threshold can not be switched off in SMTP profiles
Fix [5796]: Unable to expand the preview window in quarantine manager
Fix [5811]: Daily Spam Digest also sent to external domains
Fix [5889]: Content blocked page showing up twice
Fix [5956]: Huge amount of SMTP domains will slow down WebAdmin
Fix [6100]: Streaming downloads aren't aborted on client disconnect
Fix [6132]: System allows interface routes without target interface
Fix [6169]: Problems with Vista Windows Mail and POP3 Proxy in prefetch mode
Fix [6197]: BATV secret not changeable in WebAdmin
Fix [6203]: Backend sync for users with multiple mail adresses does not work
Fix [6285]: HA file synchronization may sync in wrong direction
Fix [6300]: Unable to release/download quarantined POP3 messages
Fix [6311]: Error while scanning emails may stop SMTP proxy
Fix [6316]: File synchronization fails if HA/Cluster password has special characters
Fix [6321]: Possible problem when restarting SSL VPN
Fix [6325]: Nic order mixed up on ASG 320
Fix [6339]: SSL VPN route will be deleted after enabling a static route
Fix [6342]: Large HTTP blacklist may cause WebAdmin slowdown

Download Information

Log on to WebAdmin, navigate to Management >> Up2Date >> Overview and use Update to latest version now to install the Firmware Up2Date. Click on then Watch Up2Date Progress in new window and an extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server and install it under Management >> Up2Date >> Advanced:
(MD5sum: b1bf5de79b606f904dbb04f5f9bc952c Size : 78,432,258 bytes)
HTTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Australian Mirror - Austria Mirror - Japanese Mirror

Feedback

If you want to provide feedback or want to discuss any of the ASG V7 features you should post it on our User Bulletin Board. Please take care to add always(!) the version you refer to (e.g. "[7.005] V6 Backup converter fails with my HTTP config").
There is also a demo server to check ASG V7: http://demo.astaro.com

Your Astaro R&D team

ASG Up2date 6.305 released [Middle]

Markus Hennig — Thu, 24 May 2007 16:17:55 +0000

This is a small bugfix Up2Date for ASG V6, it also adds a new configuration option to handle broken ISS server (persistent HTTP 1.1 session).

Remarks

Required previous version is 6.304
Existing configuration will not be changed
Middleware will be restarted
Active IP and VPN connections will be restarted
Depending on the speed of the CPU the Up2Date installation will take a few minutes

New/Changed/Improved

Added configuration option for persistent HTTP connections

Bugfix

(please refer to the known issue list on http://www.astaro.com/kb)
ID4050 No IPsec traffic after PPPoE reconnect
ID5575 Possible L2TP connection problems
ID5823 Local Snort rules overwritten by ruleset update
ID5916 Daily Spam Digest not working for Subdomains

Download Information

All Up2Dates are GNUPG-signed! The Astaro Up2Date technology makes it easy to upgrade your installed Astaro Security Linux to the latest version. There are three ways to apply an Up2Date package to the system:

Log on to WebAdmin, navigate to "System -> Up2Date Service" and start a "Update now" in "System Up2Date. An extra browser window will show the progress of the Up2Date process and the System Administrator will receive a notification email once the Up2Date process has finished successfully.
Log on to WebAdmin, navigate to "System -> Up2Date Service" and enable "Prefetch Up2dates". The System Administrator will receive a Notification email after an Up2Date package has been successfully fetched and can install the Up2Date by clicking "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server:
(MD5sum: e9c0f81c341b05cb67d1ed9b4335a78e Size : 27,039,798 bytes)
HTTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Australian Mirror - Austria Mirror - Japanese Mirror
ILog on to WebAdmin, navigate to "System -> Up2Date Service", start "Import from file" and import the downloaded Up2Date package. After a successful upload click "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System Administrator will receive a notification email once the Up2Date process has finished successfully.

Feedback

Your Astaro R&D team

Up2Date 7.004 released [Middle]

Markus Hennig — Mon, 14 May 2007 16:05:56 +0000

With 7.004 the HTTP Proxy performance for large downloads will be improved, several eDirectory issues fixed and some other smaller problems solved. Read on for a more detailed description.

Main topics in 7.004

Several issues concerning Novells eDirectory authentication get addressed. Most of them cover problems in large installations where the authentication via eDirectory becomes very slow or fails. This is often due to a fallback to standard mode or problems accessing certain objects in the eDirectory (e.g., containers).
The behavior of the HTTP Proxy for handling large objects changes. Prior to this Up2Date, all objects were stored in memory, which can overload especially small machines when downloading large files such as ISO images. Also downloads may be interrupted by the selfmonitoring subsystem responsible for restarting the HTTP Proxy if a regular response/load check fails. Now the HTTP Proxy stores larger downloads on disk, which will reduce the memory consumption and improve the overall performance. The HTTP Proxy now also supports Active Directory authentication in cluster mode.
For SMTP Proxy some small issues such as the missing hostname in the banner greeting, problems with special characters with smarthost authentication, a possible loop while rescanning a message and a possible error while scanning e-mails in HA mode are addressed.
SSL VPN users having special characters in their certificate can now establish VPN connections to the ASG.
An issue in the IP counting subsystem (part of the licensing mechanism) concerning the detection of ARP requests and portscans as valid IP addresses is fixed.
Some users of the ASG 425 already using V7 and who started with an early image (7.000) may experience a mix up of the NIC ordering after applying Up2Date 7.003. The original state gets restored with this Up2Date.
Smaller fixes concerning the Executive Report, NTP (time syncronisation), Additional IPs on interfaces (Alias interfaces), DHCP Server on VLAN interfaces and the reporting subsystem are also included.

ASG V6 backup import
The release of the ASG V6 backup import function has been postponed for 7.005 due to ongoing QA tests. This function is planned for release at the end of May in combination with the ASG V6 appliance upgrade kit. If you require assistance in migrating a V6 installation before this time, please contact your local certified Partner or Astaro support directly.

Up2Date 7.004

Remarks:

Middleware will be restarted
Active IP and VPN connections will be restarted
Existing configuration will not be changed

News:

Improved HTTP Proxy performance for large downloads
Fixed PPTP Server Vulnerability CVE-2007-0244

Bugfixes:

Fix [5535]: Font rendering of Executive Report in Outlook 2007 faulty
Fix [5659]: SMTP Banner does not show hostname
Fix [5667]: SSL VPN doesn't work with special characters in certificates
Fix [5671]: eDirectory does not allow to use eDirectory containers in backend groups
Fix [5685]: Traffic graphs still appear in reporting after deleting interfaces
Fix [5735]: Wrong definition of the NTP service
Fix [5756]: DHCP server may serve wrong IPs on VLANs
Fix [5782]: Automatic cleanup of Quarantine Manager not working correctly
Fix [5788]: eDirectory authentication for several users fails
Fix [5790]: SSL client package should install Windows service
Fix [5804]: Special characters not possible in smarthost authentication
Fix [5845]: Active directory authentication does not work on cluster
Fix [5876]: IPSec Roadwarrior Connection not counted in Dashboard view
Fix [5895]: SSL VPN does not check user certificate
Fix [5947]: Executive report shows blank blocked categories
Fix [5951]: Cache size for HTTP Proxy (squid) too small
Fix [5959]: Time not synced via NTP in automatic HA mode
Fix [6094]: MySQL may stop working after time change
Fix [6098]: IP counting for licensing is too strict
Fix [6103]: Empty Source network breaks HTTP proxy profile config
Fix [6148]: Empty hostname for DNS host cause system lockup
Fix [6215]: HA System reports "Error while scanning a message in database"
Fix [6222]: IP rule for IPsec site-to-site remote network missing
Fix [6255]: ASG 425 interface problem after Up2Date to version 7.003

Download Information

All Up2Dates are GNUPG-signed! The Astaro Up2Date technology makes it easy to upgrade your installed Astaro Security Linux to the latest version. There are two ways to apply an Up2Date package to the system:

Log on to WebAdmin, navigate to Management >> Up2Date >> Overview and use Update to latest version now to install the Firmware Up2Date. Click on then Watch Up2Date Progress in new window and an extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server and install it under Management >> Up2Date >> Advanced:
(MD5sum: 397371f112f5ded45a2979bbcd966064 Size : 49,028,212 bytes)
Please note: because of a missing restart of the authentication mechanism (AUA) during the Up2Date process some customer experienced problems with authentication of SSL connections. We reloaded the Up2Date and added a restart of AUA (and changed nothing else). If you already installed 7.004 and experience problems with SSL VPN, please reboot the ASG - that will fix the issue. We excuse for the inconvenience caused by this problem!
HTTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Australian Mirror - Austria Mirror - Japanese Mirror

Feedback

If you want to provide feedback or want to discuss any of the ASG V7 features you should post it on our User Bulletin Board. Please take care to add always(!) the version you refer to (e.g. "[7.004] Auto-Backup question").
There is also a demo server to check the new GUI: http://demo.astaro.com

Your Astaro R&D team

ISO 7.003 released

Markus Hennig — Thu, 03 May 2007 06:56:53 +0000

This ISO images includes all previous Up2Date packages and is the most recent version of ASG V7. It should be used to install ASG V7 from scratch on custom hardware (not on Astaro Appliances!).

Please contact your local Astaro partner or Astaro Support how to install your Astaro Appliance with a 7.003 ISO.

Download Information

ISO image asg-7.003-070503-1.iso
size: 424 MB (424,687,616 Byte)
md5sum: d0232ec0d93eda77207e32cddee0c2f1
FTP server: - Germany - Germany2 - US - US 2 - Austria Mirror - Japanese Mirror
HTTP server: - Germany - Germany2 - US - US 2 - Austria Mirror - Japanese Mirror
BitTorrent: http://download.astaro.de/ASL/v7.0/iso_i386/asg-7.003-070503-1.iso.torrent

Feedback

If you want to provide feedback or want to discuss any of the ASG V7 features you should post it on our User Bulletin Board. Please take care to add always(!) the version you refer to (e.g. "[7.003] Daily Executive Report color problem under Win95").
There is also a demo server to check the new GUI: http://demo.astaro.com

Your Astaro R&D team

Up2Date 7.003 released [Middle]

Markus Hennig — Thu, 26 Apr 2007 07:16:56 +0000

This Up2Date fixes several bugs: important, annoying and cosmetic, improves performance of V7 and introduces three new features: USB Stick as configuration storage, NAT support for multiple L2TP over IPSec connections and support for wildcards in exceptions.

Performance Improvements
The overall system performance has been vastly improved. Memory and disk usage have also been reduced in many areas, such as with packet forwarding, AV scanning, temporary http downloads, self-monitoring, IPS hardware acceleration and logging. Furthermore, bandwidth usage for Astaro pattern updates have been reduced by more than 50%.

ASG V6 backup import
The release of the ASG V6 backup import function has been postponed due to ongoing QA tests. This function is planned for release at the end of May in combination with the ASG V6 appliance upgrade kit. If you require assistance in migrating a V6 installation before this time, please contact your local certified Partner or Astaro support directly.

Marvell/Syskonnect Driver changes
Due to an increasing number of system problems using these networking chips (including our ASG425 appliance), we been able to integrate an updated version of this driver which serves to improve the system stability. Since adapting hardware drivers may also affect hardware support, all ASG software users that use Marvell or Syskonnect network cards should first apply this update in their test environment prior to implementing it into a productive system.

New Features

Configuration import available through USB Sticks during boot up If you store an unencrypted ASG V7 backup file (with the file extension .abf) on a FAT formatted USB stick, you are able to plug it in before booting. The system will then automatically import and apply this configuration.
Multiple L2TP over IPSec clients behind the same NAT router The Remote Access functionality has now been extended to support multiple L2TP over IPSec clients behind the same NAT-Router for connection with the ASG. It should be noted that the hostname for these clients will need to differ.
Support for wildcards in exceptions The exceptions for HTTP, SMTP and POP3 now also support wildcards for the sender, recipient addresses as well as the target domain fields. For example:
- Sender Address: *@astaro.com
- Target Domain: *.astaro.com

Bugfixes

The update includes more than 80 bugfixes for many different areas.

Networking:
The stability and crashing issues associated with the 'bridging' mode and logging have now been fixed. Policy based routing has been improved and now works in all conditions as expected. This includes SNAT/DNAT or FullNAT.

Network Security:
All currently known IPSec VPN issues have been fixed. The SIP parser of the VoIP security module has been enhanced in order to support more SIP providers.

Web Security:
Many fixes and improvements have been included in the HTTP proxy, such as: User's who cancel their download or close their browser whilst downloading a file. The proxy will detect this and abort the download. Improved URL filter categorization. Categorization failures should no longer be a problem. Fragmented HTTP request handling is fixed. Nintendo Wii Updates are now accessible. The slow surfing performance whilst using the HW accelerated AV scanning (ASG 425/525) has been fixed. Blocked access for certain websites when using Internet Explorer 7 has been fixed. Profile assignments have been improved. Assignments based on user groups are now case-insensitive.

Email Security: The framework now features improved stability, properly handling malformed emails. The POP3 email downloads have been improved. The issue of duplicate downloads has also been resolved. POP3 now uses APOP authentication, in the case that the server supports it. SMTP domain, sender and recipients matches are now case-insensitive. This fixes the issue for confidentiality footer, profile assignment as well exception matching. Display errors in the end-user portal email handling have been fixed.

Open Issues

There are still a few minor open issues that have not been addressed within this up2date. You may want to keep an eye on these issues when using ASG V7 at this time.

HTTP Authentication
If the HTTP default profile is configured in (Basic Auth, SSO AD or eDir), access will be granted to all users and not just the one's specified in 'Allowed Users and Groups'. There is a workaround available for this issue on the KIL.
Active Directory SSO authentication on the cluster does not function correctly at this time.
eDirectory does not currently support matching containers as well as support multiple root nodes. eDir SSO does not currently support single users logged onto multiple workstations. V7 installations connected to large eDirectory systems should check that the performance for their environment is sufficient. We plan to address the eDirectory fixes and improvements in the next Up2date (7.004), which is scheduled for mid May.

Up2Date 7.003

Remarks:

Firewall will reboot after Up2Date
Existing configuration will not be changed

News:

Improved the display of large object lists in WebAdmin
Restoring backups by means of a USB flash drive
Fixing several bugs in both the POP3 and SMTP proxy
Improved IPSec stability Improved Policy Routing
Fixing several HTTP proxy problems such as profile handling and the handling of large objects that consume too much memory (note that support for Active Directory Native Mode is still open)
Kernel bugfix in bridge mode code
Improved Up2Date service and robustness
For further information please consult the Up2Date Blog

Bugfixes:

Fix [5309]: Broken subject lines quarantine manager
Fix [5384]: Daily Spam Report layout broken in Google Mail
Fix [5404]: RSA keys may be displayed incorrectly
Fix [5568]: Daily Spam Report misses percentage value of blocked e-mails
Fix [5602]: Logmask of HTTP proxy cannot be changed
Fix [5609]: HTTP Proxy allocates a lot of memory
Fix [5613]: Cluster not able to handle IPSec NAT packets
Fix [5652]: Using Internet Explorer, the HTTP proxy fails to display a web page that requires a POST request
Fix [5693]: Sometimes the daily spam report is not created
Fix [5716]: Scalability of object tables in WebAdmin
Fix [5728]: Problems with Full-NAT handling
Fix [5780]: Missing download progress due to unknown content length information
Fix [5781]: Strange POP3 error messages
Fix [5797]: Daily Spam Report mistakenly tagged as spam
Fix [5801]: Authentication exceptions per domain do not work
Fix [5824]: Possible parsing errors concerning SIP control packets
Fix [5844]: Some POP3 messages are downloaded more than once
Fix [5910]: MiddleWare fails when Radius server is unresolved
Fix [5920]: IPSec status view shows wrong status
Fix [5925]: Subject lines in Daily Spam Report corrupted
Fix [5941]: Base64 encoded subjects in quarantine manager are decoded with an error
Fix [5944]: Wildcards in exception lists not allowed
Fix [5963]: Timewarp shell script hangs on MiddleWare restart
Fix [5994]: Empty content-disposition header in the MIME part is rendering the e-mail undeliverable
Fix [5999]: No IPsec traffic after PPPoE reconnect
Fix [6008]: HTTP Proxy logging concerning file extension blocking is incomplete
Fix [6011]: Canceled downloads are not deleted by the HTTP proxy
Fix [6021]: Downloads are not aborted when user leaves downloader page
Fix [6027]: IOS error messages in Exim log - rendering the SMTP proxy inoperable
Fix [6065]: Pluto.pid not deleted after DSL reconnect
Fix [6081]: Confidentiality footer may get added to incoming emails
Fix [6143]: Incorrect BATV ACL check causes all bounces to be rejected

Download Information

Log on to WebAdmin, navigate to Management >> Up2Date >> Overview and use Update to latest version now to install the Firmware Up2Date. Click on then Watch Up2Date Progress in new window and an extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server and install it under Management >> Up2Date >> Advanced:
(MD5sum: 9197cb836bcaf9ac0c0b326268e59d76 Size : 68,670,254 bytes)
HTTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Australian Mirror - Austria Mirror - Japanese Mirror

Feedback

If you want to provide feedback or want to discuss any of the ASG V7 features you should post it on our User Bulletin Board. Please take care to add always(!) the version you refer to (e.g. "[7.003] POP3 spam blocking problem after change of account password"). There is also a demo server to check the new GUI: http://demo.astaro.com

ISO image asg-7.003.iso: An ISO-image of 7.003 will be released within next days.

Your Astaro R&D team

Up2Date 5.214 [Middle]

Markus Hennig — Wed, 14 Mar 2007 22:17:40 +0000

This is a small Kaspersky AV license renewal only Up2Date.

Up2Date 5.214

Remarks

Required previous version is 5.213
Existing configuration will not be changed
Depending on the speed of the CPU the Up2Date installation will take a few minutes

Nee/Changed/Improved

Replaced Kaspersky scanner key

Download Information

Log on to WebAdmin, navigate to "System -> Up2Date Service" and start a "Update now" in "System Up2Date. An extra browser window will show the progress of the Up2Date process and the System Administrator will receive a notification email once the Up2Date process has finished successfully.
Log on to WebAdmin, navigate to "System -> Up2Date Service" and enable "Prefetch Up2dates". The System Administrator will receive a Notification email after an Up2Date package has been succesfully fetched and can install the Up2Date by clicking "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server:
(MD5sum: 259da75c2c438414f5e497018d107350 Size : 1,597,497 bytes)
HTTP: Astaro US - Astaro Germany - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro Germany - Austria Mirror - Japanese Mirror
Log on to WebAdmin, navigate to "System -> Up2Date Service", start "Import from file" and import the downloaded Up2Date package. After a successful upload click "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System Administrator will receive a notification email once the Up2Date process has finished successfully.

ACC 1.400 released [Middle]

Markus Hennig — Sat, 10 Mar 2007 11:10:04 +0000

This new ISO and Up2Date changes the GUI to the new look&feel to the ASG V7 style and it adds V7 support. ACC 1.4 also handles the new daylight saving time dates from the Energy Savings Act in the US and Canada.

V7 support in ACC 1.4 means:

Cluster Monitoring
Global Pattern Version
UPS Battery Charge Monitoring
Up2Date Cache for all V7 packages

Besides these new features there are some minor bug fixes included in the new release. The Astaro Up2Date technology makes it easy to upgrade your installed Astaro Command Center to the latest version: Start the Up2Date under "ACC Management >> Maintenance". All Up2Dates are GNUPG-signed!

Virtual Appliance

ACC V1.4 is also made available as a VMWare virtual appliance. Similar to the ASG virtual appliance, ACC can be easily deployed within VMWare virtualized environments, such as VMWare Server, VMWare ESX Server, VMWare Workstation or VMWare Player, by using a pre-configured/pre-installed ACC ISO.

Download Information

Astaro Command Center 1.400 ISO or VMWare image

FTP server: * Germany * Germany 2 * US * US 2 * Japanese Mirror
HTTP server: * Germany * Germany 2 * US * US 2 * Japanese Mirror
BitTorrent: * http://download.astaro.de/ACC/v1.0/iso_i686/acc-1.400-070309-1.iso.torrent
Size: 259 MB (259,311,616 Byte)
md5sum: 57abc2586dcfccd2c9ef1c27d399ce70

(If you are not familiar with BitTorrent, please check out this detailed description: http://en.wikipedia.org/wiki/Bittorrent). Search for "how to burn" on our Knowledge Base if you have trouble to burn a CD from the ISO image.

Hardware requirements for ACC

Upto 100 Devices

CPU: Intel Pentium 4 2.4 GHz or AMD Athlon XP 2400+
512 MB RAM (1 GB recommended)
40 GB IDE or SCSI hard disk drive
Bootable IDE or SCSI CD-ROM drive
1 PCI Ethernet network card
Internet Connection: 192 Kbit upstream, 2 Mbit downstream

Upto 500 Devices

CPU: Dual Intel XEON or Dual AMD Opteron
2048 MB RAM (4 GB recommended)
160 GB IDE or SCSI hard disk drive
Bootable IDE or SCSI CD-ROM drive
1 PCI Ethernet network card
Internet Connection: 1 Mbit upstream, 10 Mbit downstream

Please check the ACC V1 hardware compatibility list (HCL) on our knowledge base for supported SCSI controller and NICs

Supported web browser

Astaro Command Center will support the following browser/platform combinations:

MS Windows 2000/XP/Vista

IE6 or higher (including IE7)
Mozilla Firefox 1.5 or higher

Linux:

Mozilla Firefox 1.5 or higher

Mac OSX:

Safari 2.0.3 or higher
Mozilla Firefox 1.5 or higher

Licensing

You do not need a license to use ACC V1 (yeah, it's free!).

Feedback

If you want to provide feedback or want to discuss any of the ACC V1 features you should post it on our User Bulletin Board. Please take care to add always(!) the version you refer to (e.g. "[ACC 1.400] Monitoring of V7 Cluster"). There is also a demo server to check the new GUI: https://accdemo.astaro.com

Enjoy,
Astaro R&D Team

ASG Up2date 6.304 released [Middle]

Markus Hennig — Thu, 08 Mar 2007 22:27:21 +0000

This Up2Date includes changes for the changed daylight saving timings in US and Canada, it updates the virus scan engine ClamAV and fixes some bugs. Please note that this Up2Date also includes a license renewal for the old Kaspersky AV engine. In the case you still use it (you got an extra license key via fax order for it) you should install this Up2Date within next week.

Remarks

Required previous version is 6.303
Existing configuration will not be changed
Middleware will be restarted
Active IP and VPN connections will be restarted
Depending on the speed of the CPU the Up2Date installation will take a few minutes

New/Changed/Improved

Added new clamav scan engine
CVE-2006-5874, CVE-2006-6406, CVE-2006-6481)

Bugfix

(please refer to the known issue list on http://www.astaro.com/kb)
ID4221 Selfmonitor checks for hardware scanner missing
ID5187 Daylight savings time adjustments for USA and Canada

Note (March 9th): Due to symbolic link problem within the new Clam AV scan engine the Up2Date was reloaded. There is no change of the content or functionality, just a corrected link. If you already installed 6.304 and experience problems, please reboot the ASG - this will fix the problem. We apologize for the inconvenience!

Download Information

Log on to WebAdmin, navigate to "System -> Up2Date Service" and start a "Update now" in "System Up2Date. An extra browser window will show the progress of the Up2Date process and the System Administrator will receive a notification email once the Up2Date process has finished successfully.
Log on to WebAdmin, navigate to "System -> Up2Date Service" and enable "Prefetch Up2dates". The System Administrator will receive a Notification email after an Up2Date package has been successfully fetched and can install the Up2Date by clicking "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server:
(MD5sum: 25feb5d77e473a90244e663129709ad1 Size : 17,108,634 bytes)
HTTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Australian Mirror - Austria Mirror - Japanese Mirror
Log on to WebAdmin, navigate to "System -> Up2Date Service", start "Import from file" and import the downloaded Up2Date package. After a successful upload click "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System Administrator will receive a notification email once the Up2Date process has finished successfully. To install Astaro Security Gateway, you need the installation ISO image, available on our download page.

Astaro Secure Client V9.0

Udo Kerst — Mon, 05 Mar 2007 16:36:46 +0000

We are pleased to announce Astaro Secure Client V9.0 This new release includes the following new features:

Support for Microsoft Windows Vista
Version 9.0 now also supports Windows Vista in addition to Microsoft Windows 2000 and Windows XP. The Client user interface has also been visually adapted to the new Windows Vista look and feel.

Extended IPSec Hash Algorithms
You can now use additional algorithms like SHA 256, SHA 384, and SHA 512 bit for authentication with both the IKE policies as well as with IPSec policies.

Automatic Application Execution
This allows configuring external applications that will be started automatically after the connection has been established successfully. Different applications can also be bound to different phonebook entries.

Automatic WLAN profile selection
Profiles for WLAN connections can now be selected and enabled automatically depending on the actual WLAN found.

UDP-Filter
With the standard configuration UDP packets are now being filtered to prevent an outside host from connecting to the client. The filter can be configured to filter all packets or only those from unknown networks.

Extended EAP support
Various EAP enhancements have been included, like EAP username extraction from EAP certificate, use EAP authentication depending on connection type, use EAP for WPA encryption.

Include customer logo
You are now able to include your own project logo into the client monitor. The new release of Astaro Secure Client is available immediately. Customers with existing licenses can upgrade to the new release via one-time updates.

How to Upgrade

There are two ways to upgrade an existing Astaro Secure Client to the new version:

Start the Astaro Secure Client Monitor on your desktop. On the menu select "Help -> Search for New Updates". Click "Next" on the upcoming "Software Update Wizard" window. The client will now automatically search for new updates. If a newer version is found, you can click on the "Next" button to start the automatic installation immediately.
Use MyAstaro to download the new client software from our HTTP or FTP Server. When installing the new software an already existing version will be recognized and updated accordingly. If you want an evaluation copy of Astaro Secure Client, go to MyAstaro and complete a short form to create a MyAstaro account. You will then be taken to a screen where you can download a 30-day evaluation version of Astaro Secure Client.

For more information please visit our website.

Your Product Management Team

Up2Date 7.002 released [Middle]

Markus Hennig — Fri, 02 Mar 2007 22:18:19 +0000

ASG V7.002 improves the accounting backend and fixes several issues. A new ISO image with version 7.002 is also available for download via FTP, HTTP or BitTorrent.

Remarks

Middleware will be restarted
Active IP and VPN connections will be restarted
Existing configuration will not be changed
Accounting data for the day the Up2Date is applied will get lost
You need to relogin to WebAdmin after the Up2Date has been applied

News

This is a bugfix release
Accounting database backend has been improved

BUGFIX

(please refer to the known issue list on http://www.astaro.com/kb)
5239 Some IM/P2P protocols won't be blocked
5451 File extension filter blocks file only after download is complete
5603 Changing the name of ContentFilter categories not working correctly
5631 Downloaded Up2Date package may not get unpacked
5637 SMTP domains are case-sensitive when used in profiles
5649 "Re-generate WebAdmin certificate" may fail
5651 Whitelist mode in HTTP Proxy Profiles not working
5657 Interface Name in reporting graphs is 'Unknown' for PPP-Interfaces
5660 HTTP Proxy Profiles sorting
5666 Wrong status for added networks of a ipsec-tunnel and listview
5669 Global HTTP Settings - Allowed Networks can not be changed
5682 Internet Explorer 7 (IE7) is incompatible to WebAdmin
5683 File extension filter blocks file after complete download
5686 Not possible to set GoogleTalk/Jabber "Block file transfers only"
5694 Executive Reporting showing more than 5 entries in TOP5 lists
5698 Content filter mangles SMTP addresses
5709 Confidential footer applies on incoming mails only
5732 Static Usergroups don't work in the Packetfilter
5740 No space left on device due to too many tmpLFI* files
5765 Network groups in DNS allowed networks not allowed
5766 Incoming/outgoing e-mails are truncated if they contain a 'dot'

Download Information

Log on to WebAdmin, navigate to Management >> Up2Date >> Overview and use Update to latest version now to install the Firmware Up2Date. Click on then Watch Up2Date Progress in new window and an extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server and install it under Management >> Up2Date >> Advanced:
(MD5sum: 4d40a7df9c1b64ba4c4e375aef9896f7 Size : 54,128,049 bytes)
HTTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Australian Mirror - Austria Mirror - Japanese Mirror

Download ISO image asg-7.002-070302-1.iso

Size: 417 MB (417,738,752 Byte)
md5sum: 1a78a9d11411ad512bc9bf3e8118459f
FTP server: - Germany - Germany2 - US - US 2 - Austria Mirror - Japanese Mirror
HTTP server: - Germany - Germany2 - US - US 2 - Austria Mirror - Japanese Mirror
BitTorrent: http://download.astaro.de/ASL/v7.0/iso_i386/asg-7.002-070302-1.iso.torrent

Feedback

If you want to provide feedback or want to discuss any of the ASG V7 features you should post it on our User Bulletin Board. Please take care to add always(!) the version you refer to (e.g. "[7.002] Site-to-Site compatibility success story"). There is also a demo server to check the new GUI: http://demo.astaro.com

Your Astaro R&D team

Up2Date 7.001 released [HIGH]

Markus Hennig — Tue, 30 Jan 2007 17:04:41 +0000

7.001 is a bugfix only Firmware Up2Date. It fixes a serious bug in the reporting und Up2Date, a small HA/Cluster sync problem and some other smaller issues. It is recommended to update your unit to ASG 7.001 as soon as possible.

In ASG version 7.000, the automatic firmware download function is impaired. As a workaround, you can specify passwords for loginuser and root, which is to be configured on the Management >> System Settings >> Shell Access tab in WebAdmin. There is no need to enable the "ssh shell access", Astaro recommends keeping this features disabled. However, it is recommended to update your unit to ASG 7.001 as soon as possible, which is a bugfix maintenance release fixing the problem described above as well as several minor issues. You can also upload the Firmware Up2Date manually via WebAdmin Management >> Up2Date >> Advanced.Get the 7.001 package here: http://download.astaro.de/ASL/v7.0/up2date/u2d-sys-7.001.tgz.gpg or from on official mirror listed below.

Remarks

Required previous version is 7.000
Existing configuration will not be changed
Middleware will be restarted
Active IP and VPN connections will be restarted
You need to relogin to WebAdmin after the Up2Date has been applied
Bug ID5592 was also responsible for some backend misbehaviors

News

This is a small bugfix release only

Bugfix

(please refer to the known issue list on http://www.astaro.com/kb)
4920 Interfaces that are part of a LAG are not shown in dashboard
5495 Link Aggregation on 425 does not work correctly
5540 Awkward Real Names in From and To fields in POP3 Log
5564 NTP synchronization does not work on slave nodes
5569 Error while trying to update group membership
5572 PPTP shuts down if no user or group is set
5574 Additional interface menu not reachable after editing primary interface
5576 Blank HTTP Profiles/Proxy Profiles page after deleting objects
5579 Release symbol is shown in Quarantine Manager when prefetch is off
5580 Up2date Overview page: Unable to complete backend request
5592 Up2Date and Reporting may not work after installation

Download Information

Log on to WebAdmin, navigate to Management >> Up2Date >> Overview and use Update to latest version now to install the Firmware Up2Date. Click on then Watch Up2Date Progress in new window and an extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server and install it under Management >> Up2Date >> Advanced:
(MD5sum: e3152d1a7f7d55cdbe1cc7a498b3b011 Size : 26,130,105 bytes)
HTTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Australian Mirror - Austria Mirror - Japanese Mirror

ISO image asg-7.001-070130-2.iso

size: 412 MB (412,203,008 Byte)
md5sum: 8c276a4baa256b77852dc0468e74860e
FTP server: Germany - Germany2 - US - US 2 - Austria Mirror - Japanese Mirror
HTTP server: Germany - Germany2 - US - US 2 - Austria Mirror - Japanese Mirror
BitTorrent: http://download.astaro.de/ASL/v7.0/iso_i386/asg-7.001-070130-2.iso.torrent

Feedback

If you want to provide feedback or want to discuss any of the ASG V7 features you should post it on our User Bulletin Board. Please take care to add always(!) the version you refer to (e.g. "[7.001] POP3 prefetch question"). There is also a demo server to check the new GUI: http://demo.astaro.com

Your Astaro R&D team

We're hiring!

Markus Hennig — Mon, 29 Jan 2007 16:42:23 +0000

I hope you saw already our new home page - it includes also a list of open jobs. Especially I want point you to the R&D positions in Germany. We offer flexible hours, a relaxed work environment, a climate of success and a chance to work in a dynamic start-up company.

If you are looking for a company that challenges you to do your best, Astaro is the place for you. To apply for a position, please review our job openings and submit your resume online.

ASG V7 GA released !

Markus Hennig — Mon, 22 Jan 2007 23:01:07 +0000

Astaro is pleased to announce the availability of the Astaro Security Gateway V7 GA. Version 7 contains a huge number of advanced features and enhancements like transparent e-mail encryption, SSL VPN, active/active clustering and control of instant messaging and peer-to-peer file sharing traffic.

Thanks to anybody who contributed to this major release! We received a tremendous amount of excellent feedback during our BETA test.

Key features of this latest release include:

Enhanced GUI & Usability Improvements
End User Portal
Customizable end user messages
Configurable Alerting
Improved Reporting
Improved Packet Filter Logging
Active/Active High Availability (Cluster)
VoIP optimized QoS support
Zero Latency HA
Auto Configuration HA
Ethernet Link Aggregation
SSL VPN
Dynamic OSPF Routing
Improved VoIP security
DNS Enhancements
TACACS authentication support
VPN configuration for network groups
Configurable DSL reconnect
End User Spam Report
POP3 pre-fetching
Foreign Charsets support for SMTP and POP3
Customizable Email Footer
OpenPGP & S/MIME Email encryption / decryption
Transparent FTP Proxy
Instant Messaging and Peer-to-Peer Management
Improved HTTP Proxy Performance

A detailed description of the new features, changes, system requirements as well as installation and upgrade information is included within the Astaro Security Gateway V7 Release Notes. The Astaro Security Gateway Administration Guide, a hardware compatibility list and a Known Issues List for the GA release are available on our knowledge base. The import of ASG V6 configuration backup files is not supported within the initial 7.000 release but will be made available through a future Up2Date package.

License

ASG V7 includes a 30 day all feature on trial period period. Please check the Release Note for details.

Download Information

ISO image asg-7.000-070123-1.iso
size: 412 MB (412,338,176 Byte)
md5sum: d544437371accd3920abe23fc4720d93
FTP server: Germany - Germany2 - US - US 2 - Austria Mirror - Japanese Mirror
HTTP server: Germany - Germany2 - US - US 2 - Austria Mirror - Japanese Mirror
BitTorrent: http://download.astaro.de/ASL/v7.0/iso_i386/asg-7.000-070123-1.iso.torrent

Feedback

If you want to provide feedback or want to discuss any of the ASG V7 features you should post it on our User Bulletin Board. Please take care to add always(!) the version you refer to (e.g. "[7.000] VPN setup question (V6-V7)"). If you have feedback to our documentation (Online Help) please send it to docu@astaro.com. There is also a demo server to check the new GUI: http://demo.astaro.com

Your Astaro R&D team

Development Snapshot ASG 6.933

Markus Hennig — Mon, 15 Jan 2007 22:18:36 +0000

This development snapshot of upcoming ASG V7 shows the latest state of ASG V7 BETA. Besides a lot of fixes and beautification it includes also the promised Initial Install Wizard.

The persistent feedback on our UBB and on V7Beta@astaro.com motivated us to release another snapshot of upcoming ASG V7: 6.933 Because of the amount of changes we are not able to provide a Firmware Up2Date package, but you can use your backup file from a previous ASG V7 BETA installation. Please remember: it's still not the GA version of ASG V7. It will not be supported via Astaro's support teams therefore you should not use it within productive environments! Now everything is in (Initial Setup Wizard, Overall Reporting / Executive Report, NTLM Single Sign On) and the last missing part is a new ACC version to support ASG V7 fully.

License
Please check the UBB announcement for license details.

Feedback
If you want to provide feedback or want to discuss any of the ASG V7 features you should post it on our User Bulletin Board in the "BETA Version" forum. Please take care to add always(!) the version you refer to (e.g. "[6.933] Weekly Executive Report not shown correctly in Lotus Notes 5 ").

Alternatively if you want to provide feedback, problem reports and comments directly to the Astaro R&D team you can also send it to V7Beta@astaro.com. If you have feedback to our documentation (Online Help) please send it to docu@astaro.com. We greatly appreciate your input, comments and suggestions - especially for this version! There is also a demo server to check the new GUI: http://demo.astaro.com

Download ISO image asg-6.933-070115-1.iso
size: 398 MB (398,026,752 Byte)
md5sum: 24f12ef51dabc9c4e50f7f4344a17bd5

FTP server: * Germany * US * US 2 * Austria Mirror * Japanese Mirror
HTTP server: * Germany * US * US 2 * Austria Mirror * Japanese Mirror
BitTorrent: * http://download.astaro.de/ASL/v7.0/iso_i386/asg-6.933-070115-1.iso.torrent
(If you are not familiar with BitTorrent, please check out this detailed description: http://en.wikipedia.org/wiki/Bittorrent). Search for "how to burn" on our Knowledge Base if you have trouble to burn a CD from the ISO image

Thx in advance for your feedback!
Your Astaro R&D team

Up2Date 6.915 for ASG V7 BETA

Markus Hennig — Thu, 21 Dec 2006 14:08:58 +0000

This small Up2Date adds NTLM support for the HTTP Proxy and NTLM Single Sign On.

Remark

Existing configuration will not be changed
Depending on your system this may take a while
all IP and VPN connections will be restartet Details:
Added NTLM support for HTTP Proxy and NTLM SSO
Fixed small bug in SMTP Daily Email Report for non-local users

Thats it... The R'nD team wishes happy xmas and a recreative holiday season!

ISO and Up2Date 6.908 for ASG V7 BETA

Markus Hennig — Wed, 13 Dec 2006 21:22:42 +0000

We released version 6.908 of ASG V7 BETA: it includes a huge number of big and small fixes and improvements, a redesigned email encryption engine, performance tunings and it is a major step forward to the GA version.

Basics

First of all: thx for your feedback, suggestions, comments, feature requests, bug reports! With the feedback on the UBB and v7@astaro.com we made 6.908. We are sure you will find your input in this release.

Also:

there is an online Firmware Up2Date and a new ISO image (save your backup first!)
the configuration will be upgraded to 6.908
the device will reboot!
Firmware Up2Date 6.908 is 150MB big, please be patient with the download

Please remember: its still an BETA version of ASG V7. ASG V7 BETA will not be supported via Astaro's support teams therefore you should not use it within productive environments!

Details

The major part is email encryption, the rest is equable dispensed on all parts of ASG V7 BETA. No huge list here, sorry - but feel invited to find it out and install 6.908!

So, what about ASG V7 GA? Maybe you read it on our new Astaro blog: we are in heavy testing. We are aiming now to have 1200 different test cases (last but not least because of your detailed feedback), including stress tests for any conceivable situation - and this takes time... Will take all time we need to fulfill all tests with QA result ok - not longer, but also not shorter. So please stay tuned, we will keep you informed. We working on the following features, which also will be included within the final ASG V7 version: - Initial Setup Wizard - Overall Reporting / Executive Report redesign/ Status Displaying - full ACC support - NTLM Single Sign On (NTLM already works, there are still some issue with SSO)

License

Please check the UBB announcement for license details. You will need a license immediately after applying Up2Date 6.098!

Download Information

ISO image asg-6.908-061213-2.iso
size: 410 MB (410,269,696 Byte)
md5sum: 4285ee782d96d0cea3f513562d8dee21
FTP server: - Germany - US - US 2 - Austria Mirror - Japanese Mirror
HTTP server: - Germany - US - US 2 - Austria Mirror - Japanese Mirror
BitTorrent: http://download.astaro.de/ASL/v7.0/iso_i386/asg-6.908-061213-2.iso.torrent

Feedback

If you want to provide feedback or want to discuss any of the ASG V7 BETA features you should post it on our User Bulletin Board in the "BETA Version" forum. Please take care to add always(!) the version you refer to (e.g. "[6.908] Background color in the End User Portal does not match"). Alternatively if you want to provide feedback, problem reports and comments directly to the Astaro R&D team you can also send it to V7Beta@astaro.com. If you have feedback to our documentation (Online Help) please send it to docu@astaro.com.
We greatly appreciate your input, comments and suggestions - especially for this version! There is also a demo server to check the new GUI: https://v7demo.astaro.com

Thx in advance for your tests!
Your Astaro R&D team

Up2Date 6.836 for ASG V7 BETA

Markus Hennig — Fri, 17 Nov 2006 18:32:38 +0000

This is just a small bugfix Up2Date for the remaining issues in 6.834 - the ASG V7 BETA version. Its mainly a performance boost for the HTTP proxy (inclusive Anti Virus scanning), bug fix for the exceptions handling and the User Portal...

...and we fixed of course the missing graphs in Network reporting. The Up2Date will not reboot your device, but restart all network connections!

For all details about V7 BETA und Up2Date status i would like to point you to the 6.834 announcement.
Thx!

Up2Date 6.834 for ASG V7 BETA

Markus Hennig — Thu, 16 Nov 2006 16:47:55 +0000

This is this second Up2Date for ASG V7 BETA. It is again very huge, because we include a new kernel, bug fixes and missing features, like the eDirectory Browser or the Packet Filter Livelog with rule number display:

Please check out the Up2Date details:

Basics

First of all: thx for your feedback, suggestions, comments, feature requests, bug reports! We got continuously feedback on the UBB and v7@astaro.com and we appreciate everyone's!

Also:

there is an online Firmware Up2Date and a new ISO image (save your backup first!)
the configuration will not be changed
the device will reboot!
Firmware Up2Date 6.834 is over 100MB big, please be patient with the download

Please remember: its still an BETA version of ASG V7. ASG V7 BETA will not be supported via Astaro's support teams therefore you should not use it within productive environments!

Details

This is a brief overview about the components we updated:

Kernel: updated Marvel NIC driver, cluster bug fixes
User Portal: bug fixes and beautifying
POP3 bug fixes
Up2Date performance improve
Packet Filter Livelog with Rule Number display: (the yellow lines are rejected packets because of rule number 1)
Single Sign On with eDirectory (and a big performance boost compared to ASG V6)
Authentication overall bug fixes (NTLM-authentication is still buggy we afraid)
eDirectory Browser (First screenshot of an populated V7BETA eDir-browser in our v7 mailbox v7beta@astaro.com will win a V7 100 user 1 year everything enabled license, I will post this screenshot as a comment here :-)
new exception handling for all proxies and IPS
reporting improvements
and several hundred other improvements, bug fixes, changes, adds.

We working on the following features, which also will be included within the final ASG V7 version:

Initial Setup Wizard
Overall Reporting / Executive Report redesign/ Status Displaying
Performance optimization depending on RAM/CPU/Disk (already started with this Up2Date)
QoS/Packetfilter beautification
full ACC support
NTLM Single Sign On

License

Please check the 6.819 announcement for license details.

Download Information

ISO image asg-6.834-061116-2.iso
size: 384 MB (384,421,888 Byte)
md5sum: d57c101dbfc945bc112780a78f2f1263
FTP server: * Germany * US * US 2 * Austria Mirror * Japanese Mirror
HTTP server: * Germany * US * US 2 * Austria Mirror * Japanese Mirror
BitTorrent: * http://download.astaro.de/ASL/v7.0/iso_i386/asg-6.834-061116-2.iso.torrent

Feedback

If you want to provide feedback or want to discuss any of the ASG V7 BETA features you should post it on our User Bulletin Board in the "BETA Version" forum. Please take care to add always(!) the version you refer to (e.g. "[6.834] Cluster performance with 6 devices scales only 5.2 times"). Alternatively if you want to provide feedback, problem reports and comments directly to the Astaro R&D team you can also send it to V7Beta@astaro.com. If you have feedback to our documentation (Online Help) please send it to docu@astaro.com. We greatly appreciate your input, comments and suggestions - especially for this Up2Date!
There is also a demo server to check the new GUI: https://v7demo.astaro.com

Thx in advance for your tests!
Your Astaro R&D team

Here is the winner screenshot from Sven (see the comment below):

ACC Up2Date 1.301 [low]

Markus Hennig — Thu, 02 Nov 2006 23:37:47 +0000

This small Up2Date introduces the new feature:

Scheduled Maintenance of devices

Device actions and Up2Date operations can now be scheduled using an easy and intuitive interface.
Current operations include:

System reboot
System shutdown
System Up2Date prefetch
System Up2Date install
Pattern Up2Date install

Download Information

The Astaro Up2Date technology makes it easy to upgrade your installed Astaro Command Center to the latest version: Start the Up2Date under "ACC Management >> Maintenance". All Up2Dates are GNUPG-signed

Licensing

You do not need a license to use ACC V1 (yeah, it's free!).

Hardware requirements for ACC

Our minimum recommendation for ACC V1 installations:

Intel Pentium IV IV (2.4 GHz) / AMD Athlon XP 2500
512 MB RAM (1GB recommended)
40 GB hard disk drive
1 PCI NIC

Please check the ASL V6 hardware compatibility list (HCL) on our knowledge base for supported SCSI controller and NICs

Supported web browser

Astaro Command Center will support the following browser/platform combinations:

MS Windows 2000/XP/Vista

IE6 or higher (including IE7)
Mozilla Firefox 1.5 or higher

Linux:

Mozilla Firefox 1.5 or higher

Mac OSX:

Safari 2.0.3 or higher
Mozilla Firefox 1.5 or higher

Other browsers could also work, but might be subject to rendering or JavaScript issues. They are unsupported. Java or Flash support is not needed. We recommend Firefox for the web browser and system with at least 512 MB RAM and a CPU with 1.5 GHz or more.

Feedback

Feedback, problem reports and comments should be posted on our User Bulletin Board in the. Please take care to add always(!) the version you refer to (e.g. "[1.301] missing Feb 28th in calendar"). You will find the ACC V1 manual on our knowledge base, but there is of course an online help integrated…

Enjoy,
Astaro R&D Team

Up2Date 6.819 for ASG V7 BETA

Markus Hennig — Fri, 03 Nov 2006 21:18:49 +0000

This is this first Up2Date for ASG V7 BETA. Its a very huge one, because we touched nearly all components for improvements, bug fixes and missing features. Please check out the Up2Date details:

Basics

First of all: thx for your feedback, suggestions, comments, feature requests, bug reports! We got tremendous feedback and we appreciate everyone's!

there is only an online Firmware Up2Date (please apply via WebAdmin Management >> Up2Date)
the configuration will not be changed
all IP and VPN connections will be restartet
the temporary email storage will be deleted
Firmware Up2Date 6.819 is over 90MB big, please be patient with the download
your ASG V7 will not reboot

Please remember: its still an BETA version of ASG V7. ASG V7 BETA will not be supported via Astaro's support teams therefore you should not use it within productive environments!

Details

This is a brief overview about the components we updated:

GUI : WebAdmin
Proxies : FTP, HTTP, POP3, SMTP
Open Source: ctsync, named, dhcp client
Basesystem : Middleware, Confdaemon, Selfmonitor, Tools
Up2Date : Downloader, Installer, Config
HA/Cluster : Init, sync, system
Log/Report : Notifier, Logfiles
This includes several hundred improvements, bug fixes, changes, adds.

Also we included the following top level items

Recognition rate for IM/P2P traffic
POP3 prefetch configuration and management

HTTP content removal and working on the following features, which also will be included within the final ASG V7 version:

Initial Setup Wizard
Overall Reporting / Executive Report redesign/ Status Displaying
LDAP browsing for eDirectory Browser
Performance optimization depending on RAM/CPU/Disk
QoS/Packetfilter beautification
Full ACC support
NTLM Singel Sign On

License

ASG V7 BETA is now able to handle licenses: please save the following V7 BETA test license in a file and upload it into WebAdmin: Management >> Licensing >> Installation

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [LicenseInfo] Owner = V7 Beta, Astaro Corporation (Root) Id = 104579 LicenseString = 0226a-0628o-01256-7cdej-noopp-qzsz4-z3115-16481-11212-21000-75692 [LicenseOptions] Type = Evaluation UserLimit = 9999 ConcurrentConnections = 999999 RegistrationDate = 11/03/2006 ExpirationDate = 12/31/2006 HighAvailability = ON SymmetricMultiProcessing = ON IntrusionProtection = ON AVEngine = Astaro [SecureEmail] Start = 11/02/2006 Stop = 12/31/2006 [SecureWeb] Start = 11/02/2006 Stop = 12/31/2006 [MaintenanceSilver] Start = 11/02/2006 Stop = 12/31/2006 [EmailEncryption] Start = 11/02/2006 Stop = 12/31/2006 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) iD8DBQFFS13g+ts+PoSKFF0RAtHCAJ9l9NRJBKR640lACOxT8HE2gDqX0QCfSI9q RsbWOtmciMJkNG+ffsHK1sI= =U36I -----END PGP SIGNATURE-----

(it looks like I'm not able to change the default formatting of the blog... the line LicenseString = 0226a-062... must be in one line!)

Download Information

ISO image asl-6.800-060630-1.iso
size: 370 MB (370,403,328 Byte)
md5sum: af0699ee5844dd7bba9d6d02f7724b66
FTP server: - Germany - US - US 2 - Austria Mirror - Japanese Mirror
HTTP server: - Germany - US - US 2 - Austria Mirror - Japanese Mirror
BitTorrent: http://download.astaro.de/ASL/v7.0/iso_i386/asg-6.808-061020-1.iso.torrent

Feedback

If you want to provide feedback or want to discuss any of the ASG V7 BETA features you should post it on our User Bulletin Board in the "BETA Version" forum. Please take care to add always(!) the version you refer to (e.g. "[6.819] problem with POP3 proxy in pre-fetch mode"). Alternatively if you want to provide feedback, problem reports and comments directly to the Astaro R&D team you can also send it to V7Beta@astaro.com. If you have feedback to our documentation (Online Help) please send it to docu@astaro.com. We greatly appreciate your input, comments and suggestions - especially for this Up2Date!
There is also a demo server to check the new GUI: https://v7demo.astaro.com

Thx in advance for your tests!
Your Astaro R&D team

Public ASG V7 BETA released

Markus Hennig — Fri, 20 Oct 2006 15:42:01 +0000

We released public ASG V7 ISO and VMWare images for everyone who is interested. The images will allow an installation of ASG V7 BETA on PC or VMware, all features and functions enabled.

Please check out the huge list of new features:

Active/Active Clustering, SSL VPN
Ethernet Link Aggregation
OSPF Routing
TACACS+ authentication
OpenPGP and S/MIME email encryption
FTP Proxy
IM/P2P Control
Multi-admin support and tracking
End-user self service portal
Customizable system messages

For a quick overview: there is a V7 BETA demo server at https://v7demo.astaro.com (This is a very long announcement... please scroll down to the end for download instructions)

Management

Enhanced GUI & Usability Improvements
By using advanced HTTP technologies like AJAX, the V7 WebAdmin interface has been completely redesigned now providing a new look & feel, a lot of usability improvements and now working much faster then previous WebAdmin versions. Among others it includes the following improvements:

new dashboard views for quick overview about system modules and resources, security applications, active tasks (e.g. configuration), and functions.
Multiple multi-admin support, which allows multiple admins to work at the same time on ASG V7.
Allows creating new network objects from any point within WebAdmin without the need to jump between submenus.

Enduser Portal
This new portal provides many new self servicing capabilities for each individual end user therefore reducing the burden for the administrator significantly. Through the portal each end user can access his:

Mail manager for managing his quarantined mail objects (release, whitelist,...) and defining his POP3 accounts
Remote access manager for one-click downloads of complete VPN client packages (software, setup and certificates) for IPSec and SSL.
POP3 prefetch configuration for individual en-/disabling of this new mode.

Customizable end user messages
Administrators can now individually customize and localize all notifications, HTTP-Status/Error pages, messages and mails that are viewed by end user (not admin) to individual needs and rules. E.g. the header of a "Content Blocked" page is customizable with logo/banner and with some descriptive text. The content is customizable within subject and description, the details are not customizable (depend on the context). All end user messages (especially the customizable parts) support multiple languages (utf8/unicode compatible).

Configurable Alerting
A new GUI allows configuring for each notification if the administrator wants to receive it or if it should be silently dropped. This provides administrators with easier control of the alerts and notification he is interested in.

Network Security

Active/Active Cluster
The Astaro cluster solution provides active/active high availability as well as state-of-the art scalability based on Astaro's self developed patent pending technology. The cluster distributes cost-intense tasks like content scanning, IPSec and intrusion protection to multiple nodes without the need for an external load balancer, thus providing effective and flexible speed-up. For each task a total throughput of 1GBit/s is targeted for the cluster. A cluster can consist of up to 10 units (1 master, 1 slave, 8 nodes). The master distributes workload among slave and nodes. The slave takes over duty from master in case of master failure. Firewall applications only run on master.

VoIP optimized QoS support
Allows for granular definition of policies for bandwidth usage. Provides better support for applications that need specific quality of service levels for delay and throughput (such as real-time applications). Customer can define rules to specify min/max uplink/downlink bandwidth depending on "traffic selector". Traffic selectors are traffic types depending on parameters like connection, service, host, packet length as well as specific TCP and QoS flags (ToS/Type of Service, DSCP/DiffServ Code Points) set in the packet. Most of these traffic selectors will be pre-defined and selectable from a list.

SSL VPN with Client
Enhances security and ease of use for mobile users by adding SSL VPN gateway capabilities. OpenVPN client allows using most applications remotely via the VPNs including native MS Office and file sharing (in contrast to other SSL solutions without client which only support web based applications). To make installation of the extra client as easy as possible we have created a new end user portal where the user can login and then download his customized ssl vpn client package which includes software, certificates and configuration handled by a simple One-Click installation routine. A single access profile is supported for remote users which avoids extra configuration effort for SSL and IPSec VPN.

Ethernet Link Aggregation (Port Trunking, Bonding...)
Allows aggregation of up to four (physical) Ethernet connections into one (logical). This can be used to increase network throughput as well as reliability e.g. by connecting the ASG Ethernet interfaces to different redundant switches. The implementation will be based on the IEEE 802.3ad recommendation.

Dynamic OSPF Routing
Allows for automatic distribution of network routes, i.e. an automatic recognition of the network topology without the need to define static routing on each firewall or router. OSPF is probably the most widely used interior gateway protocol today and provides many advantages compared with the older RIP protocol. V7 implements OSPFv2 according to RFC 2328 including MD5 and plain text password authentication

Zero Latency/ Zero Configuration HA
ASG V7 also provides an improved HA concept ("active-passive", "hot standby"). The takeover time after a failure has been reduced to less than 2 seconds (compared to one minute or more in previous versions). Additionally to packet filter connection synchronization (which is already present in ASGV6) all IPSec tunnels are now also being synchronized. Therefore road warriors as well as remote VPN gateways do not need to re-establish IPSec tunnels after a takeover. Also, quarantined objects are synchronized. The V7 HA functionality also provides an „automatic setup" (zero configuration) mode which configures the unit automatically for HA depending on whether it finds a master or slave unit on a specific interface (the HA port).

Improved VoIP security via enhanced H.323 Helper
H.323 connection tracking helper now supports all combinations of signalling and data channels when using H.323 protocols. This provides enhanced security as only the required firewall ports will be opened during the conversation. This feature is included under the new main WebAdmin menu VoIP Security

DNS Enhancements
Provides more fine grained configuration options for the DNS proxy (e.g. Split DNS, host configuration, additional DynDNS settings)

TACACS+ authentication support
Allows authentication of ASG users against servers using the Cisco TACACS+ authentication protocol

VPN configuration for network groups
Allows creation of VPN tunnels between groups of local and remote sub-networks. Makes VPN configuration easier by avoiding separate tunnel creation for each single combination of local/remote subnets.

Configurable DSL reconnect
Allows to specify a time at which the DLS connection (PPPoE, PPPoA) should be dis-/reconnected to prevent a network interruption during working hours. We also offer a button in webadmin to force an immediate reconnection (in V6 there is a fixed, unconfigurable delay of 900 seconds before the next reconnect will be initiated)

Email Security

OpenPGP & S/MIME Email encyption / decryption with SMTP proxy
Provides world's first transparent encryption, decryption, and digital signatures of e-mails within an UTM gateway. Supports OpenPGP & S/MIME including certificate/key handling and content scanning for incoming mails. Enhances e-mail security significantly and allows usage of e-mail encryption even by small companies not having advanced skills in security technology.

Daily Email Report
The daily spam digest has been improved to not only include information about quarantined (SMTP) spam but about all messages (SMTP and POP3) that have been blocked or quarantined in any way e.g. by RBL, blacklists, detected viruses, phishing etc.. Users can click on any entry to release the message or to whitelist the sender from being checked by the Antispam module for the future. Users will only get one single digest for all email addresses they use. In addition if the message was send to a mailing list each recipient can release the mail individually. The layout/content of the report is also customizable as many other notifications (see feature Customizable end user messages).

POP3 prefetching
This is a new mode in addition to the current POP3 proxy mode. If this mode is turned on the proxy polls periodically the POP3 server for new messages. If a new message has arrived it will be scanned and stored into a local database on the ASG. When a client tries to fetch new mails it communicates only with the proxy and receives new messages only if it was scanned and stored in the database. As this mode allows scanning of messages well before they are requested by the client, the client receives them much faster and timeout problems through the introduced scanning process will be eliminated. This allows also putting POP3 spam messages into the daily email report.

Foreign Charsets support for SMTP and POP3
Shows properly decoded subject lines with correct charset in replacement messages. Until now subjects encoded with foreign charsets are not readable,e.g like this: "=?ISO-8859-1?B?SWYgeW91IGNhbiByZWFkIHRoaXMgeW8=?= =?ISO-8859-2?B?dSB1bmRlcnN0YW5kIHRoZSBleGFtcGxlLg==?=" .

Customizable Email Footer
Allows customers adding a "virus checked" footer to every e-mail that goes through the system and which is successfully scanned for viruses, especially for those e-mails that include attachments. This enhances the security level and improves visibility about performed e-mail checks for e-mail recipient. Furthermore a customizable disclaimer footer can be added to each email in order to outline that the content of this email is only intended for the recipient of the email.

Web Security

Transparent FTP Proxy
Up until now file transfers over FTP were only scanned by the ASG if the FTP was initiated over a Web Browser (FTP over HTTP) The new transparent FTP proxy is now able to handle „native" FTP connections as well (e.g. command line or graphical FTP clients, like WS-FTP, CuteFTP etc.). therefore allowing transparent scanning and filtering of malicious content (viruses, expression lists, extension filter) within all FTP traffic

Instant Messaging and Peer-to-Peer Management
In addition to filtering all e-mail and web traffic, Astaro Security Gateway will now also monitor Instant Messaging traffic such as ICQ, AOL, MSN and Skype as well as Peer-to-Peer filesharing traffic such as Bittorrent and Kazaa. Administrators can restrict the usage of these tools, protecting their company from dangers posed by viruses and malware as well as legal implications and the potential damage to their reputation

Improved HTTP Proxy Performance
The performance of the HTTP proxy has been significantly enhanced (up to 100%). Beside these features ASG V7 BETA also includes many smaller enhancements and usability improvements as well as bug fixes.

Limitations and hints

With the provided ISO image there maybe some limitations (remember: it's a BETA :-):

Please check the Known Issue List (KIL) before you test ASG V7 BETA!
ASG V7 BETA will not be supported via Astaro's support teams therefore you should not use it within productive environments.
To provide feedback about any issues found please use the procedures outlined below.
The BETA version also includes some additional debug code and is not performance optimized yet.
An ASG V7 manual will be available with the GA release.
Online Help is already available however still may contain some gaps.
It is not possible to import configuration backup files from ASG V6 into ASG V7 BETA. The ASG V7 BETA includes a test license with unlimited users and all features activated. There is no need to request a new or special license.

HW requirements

Astaro minimum recommendation for V7 BETA installations:

Intel Pentium III 900 MHz
256MB RAM
10 GB hard disk drive and above.

Best performance results running on:

Dual Xeon or Athlon
2GB RAM
36 GB SCSI 15krpm hard disk drive and above.

For proved hardware components please check our Hardware Compatibility List (HCL) at: http://www.astaro.com/lists/HCL-ASG-V7.txt

ASG V7 BETA might also be tested within VMWare virtual environments, such as VMWare Server, VMWare ESX Server, VMWare Workstation or VMWare Player, by using a pre-configured/pre-installed ASG ISO called VMWare Virtual Appliance. This ISO provides the same functionality as the standard ASG. The ASG V7 BETA Virtual Appliance can be downloaded from the servers listed below.

Supported web browser

Astaro Security Gateway V7 WebAdmin will support the following browser/platform combinations:

MS Windows 2000/XP/Vista

IE6 or higher (including IE7)
Mozilla Firefox 1.5 or higher

Linux

Mozilla Firefox 1.5 or higher

Mac OSX

Safari 2.0.3 or higher
Mozilla Firefox 1.5 or higher

Other browsers could also work, but might be subject to rendering or JavaScript issues. They are unsupported. Java or Flash support is not needed. As with the new GUI technology much of the GUI processing has been moved from the appliance to the management workstation we recommend using Firefox on a system with at least 512 MB RAM and a CPU with 1GHz or more to achieve maximum performance

Download Information

ISO image asl-6.800-060630-1.iso
size: 370 MB (370,403,328 Byte) md5sum: af0699ee5844dd7bba9d6d02f7724b66
FTP server: - Germany - US - US 2 - Australian Mirror - Austria Mirror - Japanese Mirror
HTTP server: - Germany - US - US 2 - Australian Mirror - Austria Mirror - Japanese Mirror
BitTorrent: http://download.astaro.de/ASL/v7.0/iso_i386/asg-6.808-061020-1.iso.torrent

Feedback

If you want to provide feedback or want to discuss any of the ASG V7 BETA features you should post it on our User Bulletin Board in the "BETA Version" forum. Please take care to add always(!) the version you refer to (e.g. "[6.818] problem with POP3 proxy in pre-fetch mode"). Alternatively if you want to provide feedback, problem reports and comments directly to the Astaro R&D team you can also send it to V7Beta@astaro.com. If you have feedback to our documentation (Online Help) please send it to docu@astaro.com. We greatly appreciate your input, comments and suggestions! Astaro is trying to build the security solutions that you need and is continuously enhancing the Astaro Security Gateway functionality.

Therefore in addition to the features listed above we are currently also working on the following features, which also will be included within the final ASG V7 version:

Initial Setup Wizard
Overall Reporting / Executive Report redesign/ Status Displaying
Recognition rate for IM/P2P traffic
LDAP browsing for eDirectory Browser
Performance optimization depending on RAM/CPU/Disk
QoS/Packetfilter beautification
full ACC support
POP3 prefetch configuration and management
NTLM Singel Sign On
LDAP browser for eDirectory
HTTP content removal

There is also a demo server to check the new GUI: https://v7demo.astaro.com

Thx in advance for your tests!
Your Astaro R&D team

ACC 1.300 released [middle]

Markus Hennig — Tue, 10 Oct 2006 19:33:42 +0000

This new ISO and Up2Date introduces new ACC features:

Enhanced Fine-Grained Access Control for the Role-Based Multi- Admin System
Real-Time Monitoring of High Availability Bundles
Local ASG Up2Date Cache
Dashboard List-View
Backup and Restore of ACC Data

... and a lot smaller improvements and bugfixes. It also increases the number of supported devices to 500.

The new features in detail:

Enhanced Fine-Grained Access Control for the Role-Based Multi- Admin System
Different administrator roles (for monitoring, maintenance and configuration) can now be defined for each device or device group via an easy to use point and click menu. This increases flexibility in regard to granting dedicated administrator rights for specific areas within large network environments (e.g. for different regions). In addition, permission can be automatically granted to newly confirmed devices through pre-defined rules.

Real-Time Monitoring of High Availability Bundles
A new "Hardware" category has been allocated to the device monitoring section, allowing for real-time status monitoring of critical High Availability (HA) components. For instance, the name, version and last contact status for all HA bundle devices, (master and slave), will now be shown within list-views and also depicted as color coded icons within the dashboard. This up-to-date information will ensure that administrators are always aware about critical component states requiring immediate action, preventing possible system outages.

Local ASG Up2Date Cache
The Astaro Command Center server now acts as a local Up2Date server (cache), providing pre-fetched Up2Date packages for all Astaro Security Gateways within a customers network environment. This reduces internet traffic significantly as each package is only downloaded once. Furthermore, the server also allows for the centralized update of ASGs which do not have a direct internet connection.

Dashboard List-View
This new type of list-view works to aggregate the summary information available from the dashboard, creating lists that can be sorted by each individual parameter (overall status, on/offline, threat level, resource level, version level and license level). In large environments, this view will provide an improved overview about specific device parameters.

Backup and Restore of ACC Data
This function allows a backup/restore of the actual data stored within ACC.

Increased Number of Supported Devices
The number of supported devices is increased to 500. Besides these top feature there are a lot of smaller improvements and small fixes. The Astaro Up2Date technology makes it easy to upgrade your installed Astaro Command Center to the latest version: Start the Up2Date under "ACC Management >> Maintenance". All Up2Dates are GNUPG-signed!

Virtual Appliance
ACC V1.3 will be also made available as a VMWare virtual appliance. Similar to the ASG virtual appliance, ACC can be easily deployed within VMWare virtualized environments, such as VMWare Server, VMWare ESX Server, VMWare Workstation or VMWare Player, by using a pre-configured/pre-installed ACC ISO.

Download Information

Astaro Command Center 1.300 ISO or VMWare image
FTP server: - Germany - Germany 2 - US - US 2 - Japanese Mirror
HTTP server: - Germany - Germany 2 - US - US 2 - Japanese Mirror
(Size: 257 MB (257,275,904 Byte) md5sum: 7d0db749cbfb0e0963c42195d0d20f60)

Hardware requirements for ACC

Our minimum recommendation for ACC V1 installations:

Intel Pentium IV IV (2.4 GHz) / AMD Athlon XP 2500
512 MB RAM (1GB recommended)
40 GB hard disk drive
1 PCI NIC

Please check the ASL V6 hardware compatibility list (HCL) on our knowledge base for supported SCSI controller and NICs

Supported web browser

Astaro Command Center will support the following browser/platform combinations:

MS Windows 2000/XP/Vista

IE6 or higher (including IE7)
Mozilla Firefox 1.5 or higher

Linux:

Mozilla Firefox 1.5 or higher

Mac OSX:

Safari 2.0.3 or higher
Mozilla Firefox 1.5 or higher

Licensing

You do not need a license to use ACC V1 (yeah, it's free!).

Enjoy,
Astaro R&D Team

Up2Date 5.213 [Middle]

Markus Hennig — Wed, 27 Sep 2006 16:07:43 +0000

This is a small bugfix Up2Date for Anti-Spam and IPS. It also adds support for upcoming Astaro Command Center 1.3.

Up2Date 5.213

Remarks

Required previous version is 5.212
Existing configuration will not be changed
Middleware will be restarted
Active IP and VPN connections will be restarted
Depending on the speed of the CPU the Up2Date installation will take a few minutes

New/Changed/Improved

Fixed possible evasion attack in IPS subsystem
Improved ACC device agent

Bugfix

(please refer to the known issue list on http://www.astaro.com/kb)
ID3632 Spamassassin fails while preforking with a syswrite failure

Download Information

Log on to WebAdmin, navigate to "System -> Up2Date Service" and start a "Update now" in "System Up2Date. An extra browser window will show the progress of the Up2Date process and the System Administrator will receive a notification email once the Up2Date process has finished successfully.
Log on to WebAdmin, navigate to "System -> Up2Date Service" and enable "Prefetch Up2dates". The System Administrator will receive a Notification email after an Up2Date package has been succesfully fetched and can install the Up2Date by clicking "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server:
(MD5sum: a382e289de227908984ecbccd38e8250 Size : 15,140,625 bytes)
HTTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
Log on to WebAdmin, navigate to "System -> Up2Date Service", start "Import from file" and import the downloaded Up2Date package. After a successful upload click "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System Administrator will receive a notification email once the Up2Date process has finished successfully.

To install Astaro Security Linux, you need the installation ISO image, available on our download page.

Minimum Hardware Requirements

CPU: PII > 400MHz
RAM: 128 MB (256 recommended)
CDROM: IDE or SCSI (see HCL for supported SCSI controller)
Harddisk: > 5GB IDE or SCSI (see HCL for supported SCSI controller)
NIC: at least 2 PCI NICs (see HCL for support chipsets)

ASG Up2date 6.303 released [Middle]

Markus Hennig — Wed, 13 Sep 2006 11:51:07 +0000

This Up2Date introduces the new feature link speed setting for Ethernet cards on Astaro Security Gateway Appliances. It also contains fixes for Antispam, memory management for HTTP Proxy and IPSec, and for some smaller issues. Everybody who experienced problems with abnormal memory consumption while using IPsec or the HTTP proxy should install this Up2Date immediately.

Remarks

Required previous version is 6.302
Existing configuration will not be changed
!! Firewall will reboot after Up2Date !!

New/Changed/Improved

Added support for upcoming Astaro Command Center 1.3
Added linkspeed settings for ASG appliances
Improved Up2Date Upstream Proxy functionality
Fixed CVE-2006-1056, CVE-2006-1242, CVE-2006-2446

Bugfix

(please refer to the known issue list on http://www.astaro.com/kb)
ID3022 SNMP dies regularly and gets restarted by selfmon
ID3443 Squid uses a lot of memory
ID3795 Spamassassin fails while preforking with a syswrite failure
ID3813 Kernel memory leak in IPsec subsystem
ID3923 Clock issues when running as VMware installation
ID3987 WebAdmin settings don't take effect in the backend
ID4159 Connection tracking table in WebAdmin may be cut
ID4241 Outlook/Exchange emails may get high spam scores

Note

Due to problems with certain network equipment (switches, Cable/DSL-modems) using fixed Ethernet link speed we extended the functionality of the new feature "Ethernet link speed" to take care of these devices. This required a reload of the Up2Date. We reverted the PPTP changes in the reloaded Up2Date, because we got feedback that the included PPTP fix works perfect and solves the ID3786-problem but on the other hand that the PPTP fix disturbing PPTP connections through ASG which worked before. We were not able to reproduce a failure and none of our PPTP tests failed but decided to revert it for safety reasons. Next Up2Date will handle this issue.

Download Information

Log on to WebAdmin, navigate to "System -> Up2Date Service" and start a "Update now" in "System Up2Date. An extra browser window will show the progress of the Up2Date process and the System Administrator will receive a notification email once the Up2Date process has finished successfully.
Log on to WebAdmin, navigate to "System -> Up2Date Service" and enable "Prefetch Up2dates". The System Administrator will receive a Notification email after an Up2Date package has been successfully fetched and can install the Up2Date by clicking "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server:
(MD5sum: 9af3a3aa430888b12839ffb206b0bff8 Size : 80,305,979 bytes)
HTTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Australian Mirror - Austria Mirror - Japanese Mirror
Log on to WebAdmin, navigate to "System -> Up2Date Service", start "Import from file" and import the downloaded Up2Date package. After a successful upload click "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System Administrator will receive a notification email once the Up2Date process has finished successfully.

To install Astaro Security Gateway, you need the installation ISO image, available on our download page.

Up2Date 6.302 reloaded

Markus Hennig — Wed, 23 Aug 2006 20:01:55 +0000

Due to a restart-issue with the Clamav UPX heap overflow-fix we reloaded Up2Date 6.302. Please read on if you use the Open Source engine Anti-Virus engine and installed 6.302 already. If you didn't install the Up2Date yet, your ASG will prefetch the Up2Date again and install the new one.

You can see the new one on the two notification messages you will get:
First "Wrong MD5sum for local System Up2Date Package" and second a "Prefetched new System Up2Date Package(s)". If you use the Open Source Anti-Virus Engine

and already installed Up2Date 6.302 the AV engine is probably not able activate updated virus pattern, but will run with the current pattern base without problems.

Please reboot your ASG (WebAdmin: System >> Shut down/Restart) and the problem is fixed. If you are not able to reboot your device please contact our support team. There is no functional change in the reloaded Up2Date, its just a small reload fix during the Up2Date process.

We apologize for any inconvenience this issue might cause.

ASG Up2date 6.302 released [Middle]

Markus Hennig — Tue, 22 Aug 2006 08:00:10 +0000

Up2Date 6.302 includes a security fix for a virus scan engine, a fix for the HTTP Proxy Report and a correction in the Chinese language file. All ASG 420/425 appliance users should install the Up2Date as soon as possible, because it includes a fix for the sometimes not properly working Ethernet NICs 4-7. Read on for the details.

Remarks

Required previous version is 6.301
Existing configuration will not be changed
Middleware will be restarted
Active IP and VPN connections will be restarted
Depending on the speed of the CPU the Up2Date installation will take a few minutes

New/Changed/Improved

Fixed Clamav UPX heap overflow (CVE-2006-4018)

Bugfix

(please refer to the known issue list on http://www.astaro.com/kb)
ID3965 HTTP Proxy Report Blocked Pages show @
ID4059 Possible problem when scanning RAR files
ID4060 HA might not work correctly on ASG425 with eth4-eth7
ID4182 Chinese language support not working properly

Download Information

Log on to WebAdmin, navigate to "System -> Up2Date Service" and start a "Update now" in "System Up2Date. An extra browser window will show the progress of the Up2Date process and the System Administrator will receive a notification email once the Up2Date process has finished successfully.
Log on to WebAdmin, navigate to "System -> Up2Date Service" and enable "Prefetch Up2dates". The System Administrator will receive a Notification email after an Up2Date package has been successfully fetched and can install the Up2Date by clicking "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server:
(MD5sum: 47946aeb261426ac3b3b0579e7c42965 Size : 7,253,284 bytes)
HTTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Australian Mirror - Austria Mirror - Japanese Mirror
Log on to WebAdmin, navigate to "System -> Up2Date Service", start "Import from file" and import the downloaded Up2Date package. After a successful upload click "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System Administrator will receive a notification email once the Up2Date process has finished successfully.

To install Astaro Security Gateway, you need the installation ISO image, available on our download page.

Astaro Secure Client V8.3

Markus Hennig — Fri, 11 Aug 2006 10:29:43 +0000

We are pleased to announce Astaro Secure Client V8.3 This new release includes the following new features:

Integrated WLAN Configuration
When using Wireless LAN as connection type you can now directly configure and control the WLAN card from within the Astaro Secure Client. You no longer need to install additional management software from the card vendor (for Windows 2000/XP only)

Automatic Media Detection
The client now automatically detects all available transmission paths and selects the fastest media depending on specified priorities. The connection type priority is specified in the following sequence: 1. LAN, 2. WLAN, 3. DSL, 4. UMTS/GPRS, 5. ISDN, 6. MODEM.

Friendly Net Detection
Friendly Net Detection enables the Astaro Secure Client to dynamically apply a suitable firewall policy depending on the detected communication environment (e.g. detected IP network or DHCP server). This feature prevents unintentional use of incorrect firewall configurations, and thus attacks on the corporate network.

Voice over IP (VoIP) Traffic Prioritization
Integrated bandwidth management mechanisms allow transferring voice data with high Quality of Service levels (low delay, low distortion) across the VPN.

Extended range of supported Smart Cards
The following smart cards are supported directly via the PC/SC or CT-API interface: Signtrust, NetKey 2000, TC Trust (CardOS M4), Telesec PKS SigG

HTTP Authentication
HTTP authentication allows automatic, script-driven logon for mobile users at hotspots (DSL as well). User name and password are automatically extracted from the client configuration in the background, thus the user does not have to re-enter this data into a HTTP authentication pop-up window.

UDP Encapsulation support
With UDP encapsulation the port used for IPSec communication can be freely selected. This allows establishing IPsec tunnels even through firewalls which have not the standard IPsec ports opened.

Beside these new features the new release also introduces a new licensing scheme including:

Mandatory activation of each client before
Change of current update policy -> only minor updates remain free of charge, major updates now incur an extra cost

The new release of Astaro Secure Client is available immediately. Customers who have either a valid Astaro Secure Client support contract or who have bought a license from 1st January 2006 will be able to use the new features with their existing license. Customers with older licenses are able to upgrade to the new release via one-time updates.

How to Upgrade

There are two ways to upgrade an existing Astaro Secure Client to the new version:

Start the Astaro Secure Client Monitor on your desktop. On the menu select "Help -> Search for New Updates". Click "Next" on the upcoming "Software Update Wizard" window. The client will now automatically search for new updates. If a newer version is found, you can click on the "Next" button to start the automatic installation immediately.
Use MyAstaro to download the new client software from our HTTP or FTP Server. When installing the new software an already existing version will be recognized and updated accordingly. If you want an evaluation copy of Astaro Secure Client, go to MyAstaro and complete a short form to create a MyAstaro account. You will then be taken to a screen where you can download a 30-day evaluation version of Astaro Secure Client.

For more information please visit our website.
Your Product Management Team

ASG Up2date 6.301 released [Middle]

Markus Hennig — Thu, 20 Jul 2006 14:35:11 +0000

Up2Date 6.301 introduces a Chinese translation of the WebAdmin and a new Marvell/Syskonnect driver (which is used in ASG420/425 appliances). Beside that it fixes 21 bugs: HTTP-Proxy and its reporting, VPN, DNAT... It definitely fixes also the double email problem. Read on for details and the Known Issue List IDs.

Remarks

Required previous version is 6.300
Existing configuration will not be changed
!! Firewall will reboot after Up2Date !!

New/Changed/Improved

Added Chinese translation to WebAdmin
Added new Marvell/Syskonnect driver (ASG420/425)

Bugfix

(please refer to the known issue list on http://www.astaro.com/kb)
ID3106 Connection tracking in WebAdmin misses entries
ID3148 Missing user in HTTP-Proxy after name change
ID3168 Proxy Content Manager incorrectly deletes emails
ID3653 HTTP pages graph missing in reporting
ID3785 Uplink failover interface may not come up correctly
ID3787 Surf Protection Category names un-editable after adding special characters
ID3793 Remote syslog does not send facility and level
ID3876 Some pictures missing when website is viewed over HTTP Proxy
ID3933 DNS Proxy does not resolve IPs from internal network
ID3957 Missing network graphs for VLAN interfaces
ID3968 Possible ethernet loop when using HA and bridging
ID3980 VPN Id for X.509 certificates
ID3982 Kernel Panic with DNAT und FTP
ID3991 DNAT does not bypass WebAdmin port
ID3992 Problem in handling of HTTP Port Ranges in IPS causes huge memory usage
ID3999 Individual pattern Up2date does not work correctly
ID4001 Authentium pattern updates not visible in reporting
ID4009 Hardware acceleration conflicts with HA
ID4010 Duplicate emails from SMTP Proxy when using HTTP parent proxy
ID4012 HW acceleration creates large swap files
ID4025 NIC hardware offloading may cause problems

Download Information

Log on to WebAdmin, navigate to "System -> Up2Date Service" and start a "Update now" in "System Up2Date. An extra browser window will show the progress of the Up2Date process and the System Administrator will receive a notification email once the Up2Date process has finished successfully.
Log on to WebAdmin, navigate to "System -> Up2Date Service" and enable "Prefetch Up2dates". The System Administrator will receive a Notification email after an Up2Date package has been successfully fetched and can install the Up2Date by clicking "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server:
(MD5sum: 3a19c5c994d1b09ef43934e074e24c8d Size : 65,953,959 bytes)
HTTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Australian Mirror - Austria Mirror - Japanese Mirror
Log on to WebAdmin, navigate to "System -> Up2Date Service", start "Import from file" and import the downloaded Up2Date package. After a successful upload click "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System Administrator will receive a notification email once the Up2Date process has finished successfully.

To install Astaro Security Gateway, you need the installation ISO image, available on our download page.

ACC Up2Date 1.201 [low]

Gert Hansen — Wed, 05 Jul 2006 15:54:54 +0000

Version 1.201 is a bug fix update which fixes seven bugs, including the limitation that Webadmin Single-Sign-On only works if ASG uses webadmin port tcp/443. - read on to get the details…

WebAdmin Single-Sign-On (SSO) now also works on non-standard tcp ports
ACC now supports WebAdmin SSO also for ports other than tcp/443. The ASG device agent sends the actual configured Webadmin port to ACC, which uses it for the SSO functionality. Now all ASG devices which have its Admin Interface on a non-standard tcp port can be managed and configured by ACC.

Remarks

Required previous version is 1.200
Existing configuration will not be changed
Depending on the speed of the CPU the Up2Date installation will take a few minutes

Bugfix

(please refer to the known issue list on http://www.astaro.com/kb)
3855 WebAdmin SSO does only work if webadmin port is tcp/443
3856 Wrong IP in browser title 3864 Grub error 18 when using SCSI drives
3867 The favicon is missing in the webbrowser
3870 Version status also shown as critical if features are not licensed
3913 System may accept more than 100 devices until next restart
3984 Year index out of range when tracking System Up2Dates on ASG

Download Information

All Up2Dates are GNUPG-signed! The Astaro Up2Date technology makes it easy to upgrade your installed Astaro Command Center to the latest version:

Astaro Command Center 1.201 ISO-image
Size: 240 MB (240,586,752 Byte)
md5sum: 5b0c271c7937b277e53e6a7330bb54ef
FTP server: * Germany * Germany 2 * US * US 2 * Japanese Mirror
HTTP server: * Germany * Germany 2 * US * US 2 * Japanese Mirror
BitTorrent: * acc-1.201-060705-1.iso.torrent

Hardware requirements for ACC

Our minimum recommendation for ACC V1 installations:

Intel Pentium IV IV (2.4 GHz) / AMD Athlon XP 2500
512 MB RAM (1GB recommended)
40 GB hard disk drive
1 PCI NIC

Please check the ASL V6 hardware compatibility list (HCL) on our knowledge base for supported SCSI controller and NICs

Supported web browser

Astaro Command Center will support the following browser/platform combinations:

MS Windows 2000/XP/Vista

IE6 or higher (including IE7)
Mozilla Firefox 1.5 or higher

Linux:

Mozilla Firefox 1.5 or higher

Mac OSX:

Safari 2.0.3 or higher
Mozilla Firefox 1.5 or higher

Other browsers could also work, but might be subject to rendering or JavaScript issues. They are unsupported. Java or Flash support is not needed. We recommend for the web browser a system with at least 512 MB RAM and a CPU with 1.5 GHz or more.

Licensing

You do not need a license to use ACC V1 (yeah, it's free!).

Feedback

Feedback, problem reports and comments should be posted on our User Bulletin Board in the. Please take care to add always(!) the version you refer to (e.g. "[6.202] missing comma in SIP Proxy online help"). You will find the ACC V1 manual on our knowledge base, but there is of course an online help integrated…

Enjoy,
Astaro R&D Team

ASG Up2date 6.300 released [Middle]

Markus Hennig — Mon, 26 Jun 2006 22:19:19 +0000

Version 6.300 includes some highlights: performance improvments for IPS and Anti-Virus of more than 50%, deletion of NTLM credentials and two new SMTP recipient white lists (global or just for Anti-Spam). And it includes of course also many bug fixes - read on to get the details…

SMTP recipient whitelists
There are two new whitelist: one in the spam section to exclude recipients from spam check and a global whitelist to exclude recipients from all checks (even from virus scanning):

Performance improvments for IPS and Anti-Virus
We optimized the search algorithm for IPS engine, with only 10MB of additional RAM usage, the perforce increases by more than 50%. This optimization is only enabled for machines with more than 256 MB RAM. We are also introducing the Astaro Anti-Virus engine for a faster Secure Web and Secure Email.

NTLM credentials deletion
We fixed this long term and displeasing issue, you are now able to disable NTLM, which than will delete the old credentials. This enables you to rejoin again or to a new Active Directory. Please remember to delete the ASG system account on your Domain Controller with the Administrative Tool ”Active Directory Users and Computers„ to also remove all ASG entries in the AD.

Remarks

Required previous version is 6.203
Existing configuration will not be changed
Middleware will be restarted
Active IP and VPN connections will be restarted
Depending on the speed of the CPU the Up2Date installation will take a few minutes

New/Changed/Improved

Added new Astaro Anti-Virus engine with better performance
Added option to delete NTLM credentials
Improved performance of IPS scanning
Improved global whitelists for SMTP Proxy
Improved spam recipient whitelist for SMTP Proxy

Bugfix

(please refer to the known issue list on http://www.astaro.com/kb)
ID2996 CA-Certificate is not synced to HA slave immediately
ID2997 CA-Certificate is not deleted on the HA slave
ID2999 Overwrite an existing interface by editing another one
ID3095 Active Directory/NT Domain Membership can not be switched off
ID3302 Bind DN and Base DN error messages are inverted
ID3306 Renaming of a network objects was not always reflected in proxy, DoS, NAT settings
ID3386 'Current System QoS Rules' does not show proper information
ID3718 demime entry spams smtp.log
ID3848 Trusted senders does not work for RBL
ID3866 FTP connection tracking helper modules are not loaded in all cases
ID3873 Log Files are blank when viewing via WebAdmin
ID3896 Deletion of logfiles older X days does not work always
ID3904 IPS reports Bad Traffic Same Src/Dst IP
ID3905 Some spoofed packets get dropped but not logged
ID3908 PPTP user may be shown as inactive even it is connected
ID3911 IPS flood BARE BYTE UNICODE ENCODING
ID3930 HA slave looses connection to master
ID3959 Manuals on ASG can not be viewed since sometimes the files are corrupt
ID3966 Duplicate emails sent from SMTP Proxy

Download Information

Log on to WebAdmin, navigate to "System -> Up2Date Service" and start a "Update now" in "System Up2Date. An extra browser window will show the progress of the Up2Date process and the System Administrator will receive a notification email once the Up2Date process has finished successfully.
Log on to WebAdmin, navigate to "System -> Up2Date Service" and enable "Prefetch Up2dates". The System Administrator will receive a Notification email after an Up2Date package has been successfully fetched and can install the Up2Date by clicking "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server:
(MD5sum: d63b6f0a0f5df987647c46f83aaa4295 Size : 62,720,470 bytes)
HTTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Australian Mirror - Austria Mirror - Japanese Mirror
Log on to WebAdmin, navigate to "System -> Up2Date Service", start "Import from file" and import the downloaded Up2Date package. After a successful upload click "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System Administrator will receive a notification email once the Up2Date process has finished successfully. The manual for ASG V6 is available on our knowledge base. A hardware compatibility list and a Known Issues List for the ASG V6 are available at: knowlegde base

Download ISO image asl-6.300-060630-1.iso
size: 365 MB (382,455,808 Byte)
md5sum: fc41531ab97cea669cf1dc0eba3a5c4b
FTP server: * Germany * Germany 2 * US * US 2 * Australian Mirror * Austria Mirror * Japanese Mirror
HTTP server: * Germany * Germany 2 * US * US 2 * Australian Mirror * Austria Mirror * Japanese Mirror
BitTorrent: * http://download2.astaro.de/ASL/v6.0/iso_i386/asl-6.300-060630-1.iso.torrent

Hardware requirements

Astaro minimum recommendation for V6 installations:

Intel Pentium II
256MB RAM
9 GB hard disk drive and above.

Best performance results running on:

Dual Xeon or Athlon
512MB/1GB RAM
36 GB SCSI 15krpm hard disk drive and above.

For testing purpose you can also use our Virtual Appliance.

Feedback

Your Astaro R&D team

ASG Up2Date 6.203 released [Middle]

Markus Hennig — Thu, 08 Jun 2006 19:48:38 +0000

Version 6.203 introduces two new features and a bunch of bug fixes. These new features are: support for USB sticks for backup-file installation during bootup and Port-80 support for the Surf Protection database connect. Check the details and also the list of 19 bug fixes.

USB stick support
During bootup ASG V6.203 will check if a USB stick a available and readable and if an unencrypted backup-file (backup.abf) is stored. If so, the backup-file will be installed without any user interaction. To prevent an inadvertent reinstall next time the ASG reboots the USB is logical locked. You need to remove and then plug-in again the USB stick to install the backup-file again. If there is more than one backup-file stored on the USB stick, the first one in lexical order will be used. We tested a wide range of USB controller and USB sticks but we afraid that there are some out, which will not work. Maybe you will test your USB controller and USB stick in the case you don’t use an ASG appliance. We thought that is a helpful shortcut for disaster recovery, but do not wish that you need it one day.

Port-80 support for the Surf Protection
The Surf Protection databases will be connected on TCP-Port 6000 per default. In some case this does not work because of an additional upstream firewall. With version 6.203 your ASG checks if it can connect the database via TCP-Port 80 (maybe through an additional upstream proxy and firewall). There is nothing to-do for you nor a menu in the WebAdmin to enable this feature.

Remarks

Required previous version is 6.202
Existing configuration will not be changed
!! Firewall will reboot after Up2Date !!

New/Changed/Improved

SurfProtection now also tries to connect via tcp port 80 to the external database. For HTTP this will also work via parent proxy. Connections via tcp port 6000 (default behavior before) are still supported
Added Automatic Configuration Import from USB stick during ASG bootup
Fixed possible evasion attack against IPS subsystem

BUGFIX

(please refer to the known issue list on http://www.astaro.com/kb)
ID3270 L2TP does not work if bridge is enabled
ID3340 DHCP server not authoritative
ID3462 Blacklist extension filter blocks wrong downloads
ID3464 Usernames do not show up in http_access log
ID3482 Default ICMP Flood Protection settings may cause issues
ID3630 Large swapfiles for hardware accelerated scanning
ID3642 Problem when using IPsec VPN on bridge interfaces
ID3715 Factory reset via cmdline may result in defective system
ID3719 SIP Proxy host length is limited to 32 characters
ID3744 Usernames do not show up in contentfilter blocked log
ID3767 IPSec Strict-Flag only used in Phase 2
ID3789 Petabyte spikes in network graphs
ID3798 IPSec autopacketfilter do not work in bridge mode
ID3802 HTTP download gets blocked as virus Oversized.zip
ID3811 Blocked webpages showing too many details
ID3816 Uplink Failover check IP is ignored for VLAN interfaces
ID3822 Single failed WebAdmin login counts two times in reporting
ID3838 Download window is too small when using Internet Explorer
ID3852 Max MTU limited to 3000 octets by WebAdmin

Download Information

Log on to WebAdmin, navigate to "System -> Up2Date Service" and start a "Update now" in "System Up2Date. An extra browser window will show the progress of the Up2Date process and the System Administrator will receive a notification email once the Up2Date process has finished successfully.
Log on to WebAdmin, navigate to "System -> Up2Date Service" and enable "Prefetch Up2dates". The System Administrator will receive a Notification email after an Up2Date package has been successfully fetched and can install the Up2Date by clicking "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server:
(MD5sum: f1a9ba0dbbf0735c39cd6c93a5ec8e75 Size : 71,683,253 bytes)
HTTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Australian Mirror - Austria Mirror - Japanese Mirror
Log on to WebAdmin, navigate to "System -> Up2Date Service", start "Import from file" and import the downloaded Up2Date package. After a successful upload click "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System Administrator will receive a notification email once the Up2Date process has finished successfully.

To install Astaro Security Gateway, you need the installation ISO image, available on our download page.

ASG Virtual Appliance 6.202 released

Markus Hennig — Tue, 30 May 2006 14:02:30 +0000

The VMware images of ASG V6.202 were released. They include all previous Up2Date packages and using now the (virtual) LSI Logic SCSI Adapter to increase disk performance. If you just want to glance at ASG Virtual Appliance to get a first impression of what ASG really does, we recommend using the free VMware Player for its ease-of-use.

However, if you are considering using ASG Virtual Appliance in a production environment, or if you would like to conduct performance or load testing with ASG, we recommend using VMware ESX Server, because its network performance is much better. The following VMware virtualization software is supported:

VMware Player (screenshot)
VMware Server
VMware Workstation
VMware ESX Server

We included the VMware-tools for enabling all features of VMware VirtualCenter (screenshot). Astaro Security Gateway for VMware includes as usual a 7 day test license and you can request a free home use license at http://my.astaro.com. There is no difference between a "real" ASG installation and a virtual one, so the manual for ASG V6 is the same (on our knowledge base) and also the the Known Issues List (on our knowlegde base). An additional PDF in the ZIP-files explains the installation and setup of a ASG Virtual Appliance.
You can find a short version as a text-file here: http://download2.astaro.com/Virtual-Appliance/readme.txt

Download Information

Download the VMware images here:

FTP server: * Germany * Germany 2 * US * US 2 * Japanese Mirror
HTTP server: * Germany * Germany 2 * US * US 2 * Japanese Mirror
BitTorrent: * astaro-security-gateway-va-6_202.zip.torrent * astaro-security-gateway-ESX-va-6_202.zip.torrent

Astaro Command Center released!

Markus Hennig — Tue, 30 May 2006 15:19:29 +0000

Today we shipped Astaro Command Center V1. Astaro Command Center V1 allows for centralized and efficient management of many challenging and time-consuming tasks, such as defining security policies, configuring applications, monitoring actual device states, and the updating of device software.

The intuitive web-based user interface provides an effective overview detailing the actual health of each device, swiftly allowing administrators to see which gateways require immediate action. A new user interface leverages state-of-the-art technologies like AJAX, (Asynchronous JavaScript And XML) which immediately displays any changes in data without additional delays resulting from screen refreshes. This results in significantly improved ease of use when managing multiple Astaro Security Gateways.

Astaro Command Center V1 includes the following management applications:

Monitoring allows tracking of critical system parameters in real-time, like detected threats, license status, software updates and resource usage. Various view options provide up-to-date information of all Astaro systems within a complete network infrastructure.

(enlarge)
A World Map allows easy localization of a specific device within a large global network. A zoom function allows navigation to specific regions of interest.

(enlarge)
Inventory management provides comprehensive information about each device such as CPU, hard disk, memory, network interfaces, and software version, among others. All Astaro Security Gateway devices are automatically organized into device groups.

(enlarge)
Central update management enables the possibility of updating multiple devices through a single click. The progress of each device is displayed centrally.
System maintenance for connected gateways offers centralized system shutdowns and restarts.
Single-sign-on eases configuration management via centralized login to each device's WebAdmin, the browser based administrative interface for Astaro Security Gateways. Thus, administrators have to login only once into ACC to access any firewall within the network.

(enlarge)
Role-based Multi-administrative support allows the definition of administrators with different roles for using different management functions within Astaro Command Center concurrently.

(enlarge)

ACC V1.200 works with up to 100 devices and 5 parallel admin sessions. It supports ASG V5 (5.212 recommended) and ASG V6 (6.202 recommended) installations - as software, appliance or virtual appliance.

Licensing

You do not need a license to use ACC V1 (yeah, it's free!).

Download Information

Astaro Command Center ISO-image:
Size: 237 MB (237,592,576 Byte)
md5sum: 66555536ff58bf7d260c42d3ae13f46d
FTP server: * Germany * Germany 2 * US * US 2 * Japanese Mirror
HTTP server: * Germany * Germany 2 * US * US 2 * Japanese Mirror
BitTorrent: * acc-1.200-060530-3.iso.torrent

Hardware requirements for ACC

Our minimum recommendation for ACC V1 installations:

Intel Pentium IV IV (2.4 GHz) / AMD Athlon XP 2500
512 MB RAM (1GB recommended)
40 GB hard disk drive
1 PCI NIC

Please check the ASL V6 hardware compatibility list (HCL) on our knowledge base for supported SCSI controller and NICs

Supported web browser

Astaro Command Center will support the following browser/platform combinations:

MS Windows 2000/XP/Vista

IE6 or higher (including IE7)
Mozilla Firefox 1.5 or higher

Linux:

Mozilla Firefox 1.5 or higher

Mac OSX:

Safari 2.0.3 or higher
Mozilla Firefox 1.5 or higher

Feedback

We highly appreciate your comments/questions/list of missing features/suggestions.

Please let us know: acc@astaro.com Thank you! You will find the ACC V1 manual on our knowledge base, but there is of course an online help integrated…

Enjoy,
Astaro R&D Team

ASG ISO 6.202 released

Markus Hennig — Mon, 22 May 2006 06:40:09 +0000

The ISO image of ASG V6.202 was released. It includes all previous Up2Date packages. Version 6.202 of Astaro Security Gateway includes as usual a 7 day test license and you can request a free home use license at http://my.astaro.com.

The manual for ASG V6 is available on our knowledge base. A hardware compatibility list and a Known Issues List for the ASG V6 are available at: knowlegde base

Download Information

asl-6.202-060509-1.iso
size: 375 MB (375,601,152 Byte)
md5sum: f5c198f4a5eace5ac724681db8fc1c5e
FTP server: * Germany * Germany 2 * US * US 2 * Australian Mirror * Austria Mirror * Japanese Mirror
HTTP server: * Germany * Germany 2 * US * US 2 * Australian Mirror * Austria Mirror * Japanese Mirror
BitTorrent: * http://download2.astaro.de/ASL/v6.0/iso_i386/asl-6.202-060509-1.iso.torrent

HW requirements

Astaro minimum recommendation for V6 installations:

Intel Pentium II
256MB RAM
9 GB hard disk drive and above

Best performance results running on:

Dual Xeon or Athlon
512MB/1GB RAM
36 GB SCSI 15krpm hard disk drive and above

For testing purpose you can also use our Virtual Appliance.

Feedback

Your Astaro R&D team

ASG Up2Date 5.212 released [Low]

Markus Hennig — Tue, 09 May 2006 14:43:34 +0000

This Up2Date improves the support for the upcoming Astaro Command Center V1, improves the report generator and fixes a string vulnerability in "ez-ipupdate". It also contains a fixes for rare issues with antispam and DSL connections (PPPoA). If you plan to monitor or manage your ASG V5 device with ACC you should install this Up2Date to be prepared :-)

Up2Date 5.212

Remarks

Required previous version is 5.211
Existing configuration will not be changed
Middleware will be restarted
Active IP and VPN connections will be restarted
Depending on the speed of the CPU the Up2Date installation will take a few minutes

New/Changed/Improved

Improved Support for upcoming Astaro Command Center V1
Improved report generator when using uninitialized values
Fixed ez-ipupdate format string vulnerability

Bugfix

(please refer to the known issue list on http://www.astaro.com/kb)
ID1831 PPPoA daemon not terminated correctly
ID3750 Spamassassin may fill up root partition

Download Information

Log on to WebAdmin, navigate to "System -> Up2Date Service" and start a "Update now" in "System Up2Date. An extra browser window will show the progress of the Up2Date process and the System Administrator will receive a notification email once the Up2Date process has finished successfully.
Log on to WebAdmin, navigate to "System -> Up2Date Service" and enable "Prefetch Up2dates". The System Administrator will receive a Notification email after an Up2Date package has been succesfully fetched and can install the Up2Date by clicking "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server:
(MD5sum: 406b53777ff91c213b23a2b2325698d3 Size : 20,593,437 bytes)
HTTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
Log on to WebAdmin, navigate to "System -> Up2Date Service", start "Import from file" and import the downloaded Up2Date package. After a successful upload click "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System Administrator will receive a notification email once the Up2Date process has finished successfully.

To install Astaro Security Linux, you need the installation ISO image, available on our download page.

Minimum Hardware Requirements

CPU: PII > 400MHz
RAM: 128 MB (256 recommended)
CDROM: IDE or SCSI (see HCL for supported SCSI controller)
Harddisk: > 5GB IDE or SCSI (see HCL for supported SCSI controller)
NIC: at least 2 PCI NICs (see HCL for support chipsets)

ASG Up2Date 6.202 released [Middle]

Markus Hennig — Tue, 09 May 2006 15:12:03 +0000

This Up2Date improves the support for the upcoming Astaro Command Center V1, fixes some vulnerabilities in the anti virus scan engine ClamAV and tunes the anti spam engine to improve the detection rate. It also fixes six minor bugs form the Known Issue List (http://www.astaro.com/kb).

We added also a new button, to allow administrators to disable complex local passwords (sorry, we needed it for the Common Criteria Certification...).

The new button Force complex passwords: is under System>>User Authentication. This Up2Date includes VMware tools which are used by the new Astaro Virtual Appliance. Install this Up2Date if you use the ClamAV anti virus scanner or when you plan to monitor or manage your ASG V6 device with ACC.

Up2Date 6.202

Remarks

Required previous version is 6.201
Existing configuration will not be changed
Middleware will be restarted
Active IP and VPN connections will be restarted
Depending on the speed of the CPU the Up2Date installation will take a few minutes

New/Changed/Improved

Added VMware tools for Astaro Virtual Appliances (http://www.vmware.com/vmtn/appliances/directory/110)
Added button to disable complex local passwords
Fixed ClamAV vulnerabilities CVE-2006-1614, CVE-2006-1615, CVE-2006-1630
Improved Support for upcoming Astaro Command Center V1
Improved Spam detection rate

Bugfixes

(please refer to the known issue list on http://www.astaro.com/kb)
ID2844 PPPoA connections may not reconnect correctly
ID2935 SNMPd loses track of interface indexes
ID3409 IPSec Client config includes wrong lifetimes
ID3722 Squid localhost ACL uses static destination port
ID3759 Duplicate packetfilter rules in backend
ID3766 Flood-Protection log-limit-burst is not set correctly

Download Information

Log on to WebAdmin, navigate to "System -> Up2Date Service" and start a "Update now" in "System Up2Date. An extra browser window will show the progress of the Up2Date process and the System Administrator will receive a notification email once the Up2Date process has finished successfully.
Log on to WebAdmin, navigate to "System -> Up2Date Service" and enable "Prefetch Up2dates". The System Administrator will receive a Notification email after an Up2Date package has been succesfully fetched and can install the Up2Date by clicking "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server:
(MD5sum: bf3ead564a7fe25eb4588ab5cc62ab52 Size : 42,784,055 bytes)
HTTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Australian Mirror - Austria Mirror - Japanese Mirror
Log on to WebAdmin, navigate to "System -> Up2Date Service", start "Import from file" and import the downloaded Up2Date package. After a successful upload click "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System Administrator will receive a notification email once the Up2Date process has finished successfully.

To install Astaro Security Gateway, you need the installation ISO image, available on our download page.

CA Certificate expiration date

Markus Hennig — Sun, 07 May 2006 23:38:24 +0000

You use X.509 certificates for VPN connections and you are a loyal user of Astaro Security Gateway? Maybe you should check the expiration date of your CA (Certificate Authority) Certificate, because it has a lifetime of "just" 4 years. If you use X.509 certificates for VPN connections and imported your configuration from a V5 you should check the expiration date of your CA (Certificate Authority) Certificates.

Please login into the WebAdmin, go to IPSec VPN >> CA Management and hover over the blue i of the Verification CA. You will see something like this:

The entry Expires shows you, when your VPN connections with X.509 certificates signed by this CA will be dropped, because its expired. And they will be dropped minutious, I tested it today :-) Another good indicator for an expired Certificate Authority Certificate is a red error message "No verification CA !" for your host certificate:

Be prepared and generate a new Certificate Authority Certificate under IPSec VPN >> CA Management and sign your host certificate before the expiration date. The online help of ASG will guide you with a Basic Step-by-Step Setup paragraph.

Is this a bug? Is this irritating?

No, its a security feature! Four years is a very long time - usually nobody will run (or should run) a security device for this time without a major release change. Maybe you did, because we offered you always a seamless upgrade path from major version to major version (btw. without any extra costs) and your configuration including the certificates moved from release to release. So this is your chance to clean things up, to rethink your VPN setup and to wonder who are these people asking for a new certificate because the VPN connection is broken...

Maybe its also good reason to increase the key size of the Certificate Authority, you never know.

ASG Up2Date 6.201 released [Middle]

Markus Hennig — Thu, 06 Apr 2006 13:29:37 +0000

This Up2Date fixes a problem with the default Surf Protection categories for 6.200-preinstalled appliances. Installations with Up2Date 6.200 are not affected.

The Up2Date fixes also some eDirectory issues from version 6.200 and increases the lookup speed dramatically, so all ASG user which uses eDirectory for authentication should install this Up2Date.

Urgency: Middle (low, Middle, HIGH)
Size: 17 Mbyte (17,655,683 bytes)
md5sum: 387c521a1fb0fb31e5a4aa956e1885fc

Up2Date 6.201

Remarks

Required previous version is 6.200
Existing configuration will not be changed
Middleware will be restarted
Active IP and VPN connections will be restarted
Depending on the speed of the CPU the Up2Date installation will take a few minutes

This Up2Date fixes a problem with the default Surf Protection categories for 6.200-preinstalled appliances. Installations with Up2Date 6.200 are not affected. The Up2Date fixes also some eDirectory issues from version 6.200 and increases the lookup speed dramatically, so all ASG user which uses eDirectory for authentication should install this Up2Date.

Bugfix

(please refer to the LIST OF KNOWN ISSUES on http://www.astaro.com/kb)
ID3472 PPTP will not establish when windows-logon is enabled
ID3650 Logfiles not accessible via WebAdmin
ID3676 USB connection to Uninterruptible Power Supply (UPS) for status information causes Kernel Oops
ID3697 eDirectory SSO does not work for users with aliases
ID3698 Browser fails to show logfiles or fails to browse eDirectory
ID3700 Common Criteria password restrictions do not apply when adding new users
ID3707 Download Manager causing error in IE
ID3708 Wrong SurfProtection categories in details view
ID3709 eDirectory browser may not work with large trees

Download Information

All Up2Dates are GNUPG-signed! The Astaro Up2Date technology makes it easy to upgrade your installed Astaro Security Linux to the latest version.There are three ways to apply an Up2Date package to the system:

Log on to WebAdmin, navigate to "System -> Up2Date Service" and start a "Update now" in "System Up2Date. An extra browser window will show the progress of the Up2Date process and the System Administrator will receive a notification email once the Up2Date process has finished successfully.
Log on to WebAdmin, navigate to "System -> Up2Date Service" and enable "Prefetch Up2dates". The System Administrator will receive a Notification email after an Up2Date package has been succesfully fetched and can install the Up2Date by clicking "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server:
HTTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Australian Mirror - Austria Mirror - Japanese Mirror
Log on to WebAdmin, navigate to "System -> Up2Date Service", start "Import from file" and import the downloaded Up2Date package. After a successful upload click "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System Administrator will receive a notification email once the Up2Date process has finished successfully.

To install Astaro Security Gateway, you need the installation ISO image, available on our download page.

ASG Up2Date 6.200 released [Low]

Markus Hennig — Wed, 22 Mar 2006 08:31:35 +0000

This Up2Date adds some very interesting new functionality: Generic Proxy, eDirectory LDAP browser and an eDirectory Single Sign-On.

Urgency: low (low, Middle, HIGH)
Size: 54 Mbyte (54,157,179 bytes)
md5sum: 5e9b47b72a41bc46a1aa79d6e6ff810b

Up2Date 6.200

Remarks

Required previous version is 6.106
Existing configuration will not be changed
Middleware will be restarted
Active IP and VPN connections will be restarted
Depending on the speed of the CPU the Up2Date installation will take a few minutes

New/Changed/Improved

Added eDirectory Single Sign-On
Added eDirectory LDAP browser
Added Generic Proxy

Bugfix

(please refer to the LIST OF KNOWN ISSUES on http://www.astaro.com/kb)
ID3402 Large harddrives cause squid errors
ID3649 Contentfilter categories may show empty fields after factory reset

Download Information

Log on to WebAdmin, navigate to "System -> Up2Date Service" and start a "Update now" in "System Up2Date. An extra browser window will show the progress of the Up2Date process and the System Administrator will receive a notification email once the Up2Date process has finished successfully.
Log on to WebAdmin, navigate to "System -> Up2Date Service" and enable "Prefetch Up2dates". The System Administrator will receive a Notification email after an Up2Date package has been succesfully fetched and can install the Up2Date by clicking "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server:
HTTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Australian Mirror - Austria Mirror - Japanese Mirror
Log on to WebAdmin, navigate to "System -> Up2Date Service", start "Import from file" and import the downloaded Up2Date package. After a successful upload click "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System Administrator will receive a notification email once the Up2Date process has finished successfully.

To install Astaro Security Gateway, you need the installation ISO image, available on our download page.

ASG Up2Date 5.211 released [High]

Markus Hennig — Tue, 21 Mar 2006 09:35:33 +0000

This Up2Date renews just the license for the anti virus scan engine, but is simple necessary... So, please install the Up2Date immediately.

Urgency: HIGH (low, Middle, HIGH)
Size: 1MB (1,597,131 bytes)
md5sum: 340b5cd9b1cf4473e7364f369b34472b

Up2Date 5.211

Remarks

Required previous version is 5.210
Existing configuration will not be changed
Middleware will be restarted
Active IP and VPN connections will be restarted
Depending on the speed of the CPU the Up2Date installation will take a few minutes

New/Changed/Improved

Renewed Kaspersky virus scanner license

Bugfix

(please refer to the known issue list on http://www.astaro.com/kb)

Download Information

Log on to WebAdmin, navigate to "System -> Up2Date Service" and start a "Update now" in "System Up2Date. An extra browser window will show the progress of the Up2Date process and the System Administrator will receive a notification email once the Up2Date process has finished successfully.
Log on to WebAdmin, navigate to "System -> Up2Date Service" and enable "Prefetch Up2dates". The System Administrator will receive a Notification email after an Up2Date package has been succesfully fetched and can install the Up2Date by clicking "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server:
HTTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
Log on to WebAdmin, navigate to "System -> Up2Date Service", start "Import from file" and import the downloaded Up2Date package. After a successful upload click "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System Administrator will receive a notification email once the Up2Date process has finished successfully.

To install Astaro Security Linux, you need the installation ISO image, available on our download page.

Minimum Hardware Requirements

CPU: PII > 400MHz
RAM: 128 MB (256 recommended)
CDROM: IDE or SCSI (see HCL for supported SCSI controller)
Harddisk: > 5GB IDE or SCSI (see HCL for supported SCSI controller)
NIC: at least 2 PCI NICs (see HCL for support chipsets)

ASG Up2Date 6.106 released [High]

Markus Hennig — Tue, 21 Mar 2006 09:37:52 +0000

This Up2Date renews just the license for the anti virus scan engine, but is simple necessary... So, please install the Up2Date immediately.

Urgency: HIGH (low, Middle, HIGH)
Size: 1 Mbyte (1,522,269 bytes)
md5sum: 0dfe0bb529eb2fd80189a62f1c48e565

Up2Date 6.106

Remarks

Required previous version is 6.105
Existing configuration will not be changed
Virus scan engine will be restartet
!! Install this Up2Date immediately, Virus Protection may stop working if not applied !

Bugfix

(please refer to the LIST OF KNOWN ISSUES on http://www.astaro.com/kb)
ID3659 Kaspersky license needs update

Download Information

Log on to WebAdmin, navigate to "System -> Up2Date Service" and start a "Update now" in "System Up2Date. An extra browser window will show the progress of the Up2Date process and the System Administrator will receive a notification email once the Up2Date process has finished successfully.
Log on to WebAdmin, navigate to "System -> Up2Date Service" and enable "Prefetch Up2dates". The System Administrator will receive a Notification email after an Up2Date package has been succesfully fetched and can install the Up2Date by clicking "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server:
HTTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Australian Mirror - Austria Mirror - Japanese Mirror
Log on to WebAdmin, navigate to "System -> Up2Date Service", start "Import from file" and import the downloaded Up2Date package. After a successful upload click "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System Administrator will receive a notification email once the Up2Date process has finished successfully.

To install Astaro Security Gateway, you need the installation ISO image, available on our download page.

ASG Up2Date 4.031 released [Middle]

Markus Hennig — Tue, 28 Feb 2006 17:05:05 +0000

This Up2Date renews just the license for the anti virus scan engine, but is simple necessary... So, please install the Up2Date immediately.

Urgency: Middle (low, Middle, HIGH)
Size: 1 MB (1585 byte)
md5sum: 731c2fc5d1b31d0f7fa57314a382087c

Up2Date 4.031
=============

REMARKS
* Required previous version is 4.030
* Existing configuration will not be changed
* Active IP and VPN connections will not be restarted

NEW/CHANGED/IMPROVED

* Kaspersky Virus Scan Engine license renewal

Bugfixes

All Up2Dates are GNUPG-signed!

The Astaro Up2Date technology makes it easy to upgrade your installed Astaro Security Linux to the latest version.

There are three ways to apply an Up2Date package to the system:

1)
Log on to WebAdmin, navigate to "System -> Up2Date Service" and start a "Update now" in "System Up2Date. An extra browser window will show the progress of the Up2Date process and the System Administrator will receive a notification email once the Up2Date process has finished successfully.

2)
Log on to WebAdmin, navigate to "System -> Up2Date Service" and enable "Prefetch Up2dates". The System Administrator will receive a Notification email after an Up2Date package has been succesfully fetched and can install the Up2Date by clicking "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.

3)
Download the Up2Date package from our HTTP or FTP Server:

HTTP:
Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror

FTP:
Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror

Log on to WebAdmin, navigate to "System -> Up2Date Service", start "Import from file" and import the downloaded Up2Date package. After a successful upload click "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System Administrator will receive a notification email once the Up2Date process has finished successfully.

To install Astaro Security Linux, you need the installation ISO image, available on our download page.

ASG Up2Date 6.105 released [Middle]

Markus Hennig — Tue, 28 Feb 2006 20:20:40 +0000

This Up2Date prepares ASG for the upcoming Common Criteria and ICSA certification. It also adds Japanese language support in the WebAdmin and includes some improvements and (of course) bugfixes. Please check the details inside...

Urgency: Middle (low, Middle, HIGH)
Size: 80 Mbyte (80,586,159 bytes)
md5sum: b5991ab8c169e214b1f99f13407cbaea

Up2Date 6.105

Remarks

Required previous version is 6.104
Existing configuration will not be changed
WebAdmin LiveLog may stop updating during installation
!! Firewall will reboot after Up2Date !!

New/Changed/Improved

Added Common Criteria support in WebAdmin
Added ICSA support in WebAdmin
Added Japanese language support in WebAdmin
Improved SMTP Proxy queue handling
Improved HTTP Proxy download manager

Bugfix

(please refer to the LIST OF KNOWN ISSUES on http://www.astaro.com/kb)
ID2792 Automatic CRL Fetching not working
ID3167 Compression for Net-to-Net IPSec tunnels not working
ID3408 POP3 sender whitelist is case sensitive
ID3413 Dowload Manager delivers wrong sized files
ID3414 HA daemon not starting up correctly
ID3419 HA config sync may not work correctly
ID3485 ClamAV reports RAR files as Unknown Virus
ID3621 Deleting oldest logfiles via archive settings not working

Download Information

All Up2Dates are GNUPG-signed! The Astaro Up2Date technology makes it easy to upgrade your installed Astaro Security Linux to the latest version.
There are three ways to apply an Up2Date package to the system:

Log on to WebAdmin, navigate to "System -> Up2Date Service" and start a "Update now" in "System Up2Date. An extra browser window will show the progress of the Up2Date process and the System Administrator will receive a notification email once the Up2Date process has finished successfully.
Log on to WebAdmin, navigate to "System -> Up2Date Service" and enable "Prefetch Up2dates". The System Administrator will receive a Notification email after an Up2Date package has been succesfully fetched and can install the Up2Date by clicking "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server:
HTTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Australian Mirror - Austria Mirror - Japanese Mirror
Log on to WebAdmin, navigate to "System -> Up2Date Service", start "Import from file" and import the downloaded Up2Date package. After a successful upload click "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System Administrator will receive a notification email once the Up2Date process has finished successfully.

To install Astaro Security Gateway, you need the installation ISO image, available on our download page.

ASG Up2Date 5.210 released [low]

Markus Hennig — Thu, 09 Feb 2006 17:23:43 +0000

This small Up2Date improves the SessionID security check for live log scripts in the WebAdmin and updates also the device agent for the upcoming Astaro Command Center (ACC).

Urgency: low (low, Middle, HIGH)
Size: 8M (8,959,688 bytes)
md5sum: ee78f15d1d3f4688814c3d2b9e5a1192

Up2Date 5.210

Remarks

Required previous version is 5.209
Existing configuration will not be changed
Middleware will be restarted
Active IP and VPN connections will be restarted
Depending on the speed of the CPU the Up2Date installation will take a few minutes

New/Changed/Improved

Improved SessionID security for live log scripts
Improved ACC device agent

Bugfix

(please refer to the known issue list on http://www.astaro.com/kb)
ID3484 IPSec Client config includes wrong lifetimes

Download Information

Log on to WebAdmin, navigate to "System -> Up2Date Service" and start a "Update now" in "System Up2Date. An extra browser window will show the progress of the Up2Date process and the System Administrator will receive a notification email once the Up2Date process has finished successfully.
Log on to WebAdmin, navigate to "System -> Up2Date Service" and enable "Prefetch Up2dates". The System Administrator will receive a Notification email after an Up2Date package has been succesfully fetched and can install the Up2Date by clicking "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server:
HTTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
Log on to WebAdmin, navigate to "System -> Up2Date Service", start "Import from file" and import the downloaded Up2Date package. After a successful upload click "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System Administrator will receive a notification email once the Up2Date process has finished successfully.

To install Astaro Security Linux, you need the installation ISO image, available on our download page.

Minimum Hardware Requirements

CPU: PII > 400MHz
RAM: 128 MB (256 recommended)
CDROM: IDE or SCSI (see HCL for supported SCSI controller)
Harddisk: > 5GB IDE or SCSI (see HCL for supported SCSI controller)
NIC: at least 2 PCI NICs (see HCL for support chipsets)

ACC Up2Date 6.104 releaed [High]

Markus Hennig — Fri, 27 Jan 2006 16:25:23 +0000

This small Up2Date improves the SessionID security check for live log scripts in the WebAdmin.

Urgency: HIGH (low, Middle, HIGH)
Size: 8 Mbyte (8,709,372 bytes)
md5sum: cecb60dc73bc9949c62e74f96df7b7d3

Up2Date 6.104

Remarks

Required previous version is 6.103
Existing configuration will not be changed
Middleware will be restarted
Active IP and VPN connections will be restarted
Depending on the speed of the CPU the Up2Date installation will take a few minutes

New/Changed/Improved

Improved SessionID security check for live log scripts

Bugfix

(please refer to the LIST OF KNOWN ISSUES on http://www.astaro.com/kb)
ID3353 Parser problem in HTTP Proxy Usage reports

Download Information

Log on to WebAdmin, navigate to "System -> Up2Date Service" and start a "Update now" in "System Up2Date. An extra browser window will show the progress of the Up2Date process and the System Administrator will receive a notification email once the Up2Date process has finished successfully.
Log on to WebAdmin, navigate to "System -> Up2Date Service" and enable "Prefetch Up2dates". The System Administrator will receive a Notification email after an Up2Date package has been succesfully fetched and can install the Up2Date by clicking "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server:
HTTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Australian Mirror - Austria Mirror - Japanese Mirror
Log on to WebAdmin, navigate to "System -> Up2Date Service", start "Import from file" and import the downloaded Up2Date package. After a successful upload click "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System Administrator will receive a notification email once the Up2Date process has finished successfully.

To install Astaro Security Gateway, you need the installation ISO image, available on our download page.

ASG Up2Date 4.030 released [High]

Markus Hennig — Fri, 27 Jan 2006 16:19:43 +0000

This small Up2Date improves the SessionID security check for live log scripts in the WebAdmin.

Urgency: HIGH (low, Middle, HIGH)
Size: 1 MB (6242 byte)
md5sum: 46563505c8e41039a6d7d89c61335ada

Up2Date 4.030

Remarks

Required previous version is 4.029
Existing configuration will not be changed
Active IP and VPN connections will be restarted
MiddleWare will be restarted

New/Changed/Improved

Improved SessionID security check for live log scripts

Download Information

Log on to WebAdmin, navigate to "System -> Up2Date Service" and start a "Update now" in "System Up2Date. An extra browser window will show the progress of the Up2Date process and the System Administrator will receive a notification email once the Up2Date process has finished successfully.
Log on to WebAdmin, navigate to "System -> Up2Date Service" and enable "Prefetch Up2dates". The System Administrator will receive a Notification email after an Up2Date package has been succesfully fetched and can install the Up2Date by clicking "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server:
HTTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
Log on to WebAdmin, navigate to "System -> Up2Date Service", start "Import from file" and import the downloaded Up2Date package. After a successful upload click "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System Administrator will receive a notification email once the Up2Date process has finished successfully.

To install Astaro Security Linux, you need the installation ISO image, available on our download page.

ASG Software V7 Feature Request Survey closed

Markus Hennig — Fri, 20 Jan 2006 11:46:37 +0000

We've closed the feature poll phase for the Astaro Security Gateway Software V7.0. Thanks to all who invested their time to give us this valuable input. In the next phase we will evaluate the results of this voting and plan the Astaro Security Gateway V7.0 Software development in detail.

ASG Up2Date 5.209 released [Low]

Markus Hennig — Thu, 19 Jan 2006 17:20:09 +0000

Urgency: low (low, Middle, HIGH)
Size: 7M (7,360,966 bytes)
md5sum: 3a859154b96e0c42a8d334f31f8e3f0f

Up2Date 5.209

Remarks

Required previous version is 5.208
Existing configuration will not be changed
Middleware will be restarted
Active IP and VPN connections will be restarted
Depending on the speed of the CPU the Up2Date installation will take a few minutes

Bugfix

(please refer to the known issue list on http://www.astaro.com/kb)
ID2835 Site-2-Site VPN does not working after reconnect
ID3299 Spam report contains email preview
ID3333 POP3 Proxy does not work correctly
ID3394 Maximum conncurrent connection limited

Download Information

Log on to WebAdmin, navigate to "System -> Up2Date Service" and start a "Update now" in "System Up2Date. An extra browser window will show the progress of the Up2Date process and the System Administrator will receive a notification email once the Up2Date process has finished successfully.
Log on to WebAdmin, navigate to "System -> Up2Date Service" and enable "Prefetch Up2dates". The System Administrator will receive a Notification email after an Up2Date package has been succesfully fetched and can install the Up2Date by clicking "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server:
HTTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
Log on to WebAdmin, navigate to "System -> Up2Date Service", start "Import from file" and import the downloaded Up2Date package. After a successful upload click "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System Administrator will receive a notification email once the Up2Date process has finished successfully.

To install Astaro Security Linux, you need the installation ISO image, available on our download page.

Minimum Hardware Requirements

CPU: PII > 400MHz
RAM: 128 MB (256 recommended)
CDROM: IDE or SCSI (see HCL for supported SCSI controller)
Harddisk: > 5GB IDE or SCSI (see HCL for supported SCSI controller)
NIC: at least 2 PCI NICs (see HCL for support chipsets)

[Middle] Up2Date 6.103

Markus Hennig — Thu, 12 Jan 2006 14:25:00 +0000

Urgency: Middle (low, Middle, HIGH)
Size: 54 Mbyte (54,573,817 bytes)
md5sum: 02bdd2e937f19feafc51c1eadf2e1a4c

Up2Date 6.103

Remarks

Required previous version is 6.102
Existing configuration will not be changed
!! Firewall will reboot after Up2Date !!

New/Changed/Improved

Added configurable whitelist to HTTP Proxy
Added support for Intel ICH7R chipset
Improved IPsec performance on SMP machines

Bugfix

(please refer to the LIST OF KNOWN ISSUES on http://www.astaro.com/kb)
ID2546 PSK-based roadwarrior or L2TP connections may fail to establish
ID3143 Activating compression causes problems on Roadwarrior Connections.
ID3218 Windows XP/SP2 L2TP client loops during connection establishment
ID3249 File extension blocking is too strict
ID3257 DNAT rules with local connections not working
ID3276 Daily Spam Digest mails are marked as spam
ID3291 Changing setting of Dead Peer Detection seems to have not effect
ID3296 Pluto crashes with mismatching phase 2 policy
ID3308 Linkbeat checking also down interfaces
ID3349 No network group support in IPS advanced section

Download Information

Log on to WebAdmin, navigate to "System -> Up2Date Service" and start a "Update now" in "System Up2Date. An extra browser window will show the progress of the Up2Date process and the System Administrator will receive a notification email once the Up2Date process has finished successfully.
Log on to WebAdmin, navigate to "System -> Up2Date Service" and enable "Prefetch Up2dates". The System Administrator will receive a Notification email after an Up2Date package has been succesfully fetched and can install the Up2Date by clicking "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server:
HTTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Australian Mirror - Austria Mirror - Japanese Mirror
Log on to WebAdmin, navigate to "System -> Up2Date Service", start "Import from file" and import the downloaded Up2Date package. After a successful upload click "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System Administrator will receive a notification email once the Up2Date process has finished successfully.

To install Astaro Security Gateway, you need the installation ISO image, available on our download page.

ASG Software V7 Feature Request Survey

Markus Hennig — Fri, 23 Dec 2005 14:12:22 +0000

On behalf of Astaro's product management group I invite you to fill out an on-line survey form giving us your input on new features that you would like to see in Astaro Security Gateway Software V7 We would very much appreciate your input, because it will help us deliver software that provides the best value to our customers.

This questionnaire will probably take you about an hour to complete. It has been set up in the format of the "Astaro Security Gateway Feature Store" where you have 55 "Astaro Units" to spend on the new capabilities that you think would make the most important additions to our software. We would appreciate it if you could give careful thought about which features you would most like to see.

You can access the survey form at:

www.astaro.com/survey/
username: survey
password: V7work

If you have time, we would appreciate getting your feedback by the end of the year. You can ask someone else in your organization to complete this survey, but please treat this as confidential and do not send the link outside of your company.

If you have any ideas or requests that are not on the survey, please feel free to include them in the two comment fields at the bottom of the form.

[Middle] Up2Date 6.102

Markus Hennig — Wed, 30 Nov 2005 16:47:22 +0000

Urgency: Middle (low, Middle, HIGH)
Size: 29 Mbyte (29,721,726 bytes)
md5sum: 3fb210b5a5dfb7282042b75854445346

Up2Date 6.102
=============

REMARKS

* Required previous version is 6.101
* Existing configuration will not be changed
* Middleware will be restarted
* Active IP and VPN connections will be restarted
* Depending on the speed of the CPU the Up2Date installation will take a few minutes

NEW/CHANGED/IMPROVED

* Added support for MGE and APC UPS
* Fixed remote IPSec DoS (NISCC 273756 - pluto crash)

BUGFIX (please refer to the LIST OF KNOWN ISSUES on http://www.astaro.com/kb)
ID2993 Uplink failover does not work correctly with PPPoE interface
ID3183 Executive Report doesn't show up2dates for VirusProtection
ID3268 PPTP connection tracking table may get corrupted
ID3301 HTTP Proxy Usage Report limited to 50 users

All Up2Dates are GNUPG-signed!

The Astaro Up2Date technology makes it easy to upgrade your installed Astaro Security Linux to the latest version.
There are three ways to apply an Up2Date package to the system:

1)
Log on to WebAdmin, navigate to "System -> Up2Date Service" and start a "Update now" in "System Up2Date. An extra browser window will show the progress of the Up2Date process and the System Administrator will receive a notification email once the Up2Date process has finished successfully.

2)
Log on to WebAdmin, navigate to "System -> Up2Date Service" and enable "Prefetch Up2dates". The System Administrator will receive a Notification email after an Up2Date package has been succesfully fetched and can install the Up2Date by clicking "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.

3)
Download the Up2Date package from our HTTP or FTP Server:

HTTP:
Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Australian Mirror - Austria Mirror - Japanese Mirror

FTP:
Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Australian Mirror - Austria Mirror - Japanese Mirror

Log on to WebAdmin, navigate to "System -> Up2Date Service", start "Import from file" and import the downloaded Up2Date package. After a successful upload click "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System Administrator will receive a notification email once the Up2Date process has finished successfully.

To install Astaro Security Gateway, you need the installation ISO image, available on our download page.

[Low] Up2Date 5.208

Markus Hennig — Fri, 18 Nov 2005 08:43:37 +0000

Urgency: low (low, Middle, HIGH)
Size: 50 MB (50,102,297 bytes)
md5sum: e3a1370fff3e64541522df1e59ee4dcf

Up2Date 5.208

Remarks

Required previous version is 5.207
Existing configuration will not be changed
!! Firewall will reboot after Up2Date !!

New/Changed/Improved

Added support for Command Center
Fixed PPTP vulnerability in kernel (remote DoS)
Disabled SSLv2 Cipher Suite for WebAdmin (possible vulnerability)

Bugfix

(please refer to the known issue list on http://www.astaro.com/kb)
ID2270 Connections lost using passive FTP

Download Information

Log on to WebAdmin, navigate to "System -> Up2Date Service" and start a "Update now" in "System Up2Date. An extra browser window will show the progress of the Up2Date process and the System Administrator will receive a notification email once the Up2Date process has finished successfully.
Log on to WebAdmin, navigate to "System -> Up2Date Service" and enable "Prefetch Up2dates". The System Administrator will receive a Notification email after an Up2Date package has been succesfully fetched and can install the Up2Date by clicking "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server:
HTTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
Log on to WebAdmin, navigate to "System -> Up2Date Service", start "Import from file" and import the downloaded Up2Date package. After a successful upload click "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System Administrator will receive a notification email once the Up2Date process has finished successfully.

To install Astaro Security Linux, you need the installation ISO image, available on our download page.

Minimum Hardware Requirements

CPU: PII > 400MHz
RAM: 128 MB (256 recommended)
CDROM: IDE or SCSI (see HCL for supported SCSI controller)
Harddisk: > 5GB IDE or SCSI (see HCL for supported SCSI controller)
NIC: at least 2 PCI NICs (see HCL for support chipsets)

[Middle] Up2Date 4.029

Markus Hennig — Wed, 16 Nov 2005 17:34:40 +0000

Urgency: Middle (low, Middle, HIGH)
Size: 3MB (3,032,253 byte)
md5sum: eb82da66823006e420daa3c684b03ff9

Up2Date 4.029

Remarks

Required previous version is 4.028
Existing configuration will not be changed
Active IP and VPN connections will be restarted
MiddleWare will be restarted

New/Changed/Improved

Disabled SSLv2 Cipher Suite for WebAdmin (possible vulnerability)
Fixed Pluto crash with malformed ISAKMP messages (DoS)

Bugfixes

ID0472 Accounting does not work correctly for PPP interfaces
ID0515 Not possible to set multicast packetfilter rules in WebAdmin
ID0547 POP3 network definitions not updated after change

Download Information

Log on to WebAdmin, navigate to "System -> Up2Date Service" and start a "Update now" in "System Up2Date. An extra browser window will show the progress of the Up2Date process and the System Administrator will receive a notification email once the Up2Date process has finished successfully.
Log on to WebAdmin, navigate to "System -> Up2Date Service" and enable "Prefetch Up2dates". The System Administrator will receive a Notification email after an Up2Date package has been succesfully fetched and can install the Up2Date by clicking "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server:
HTTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
Log on to WebAdmin, navigate to "System -> Up2Date Service", start "Import from file" and import the downloaded Up2Date package. After a successful upload click "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System Administrator will receive a notification email once the Up2Date process has finished successfully.

To install Astaro Security Linux, you need the installation ISO image, available on our download page.

[Middle] Up2Date 6.101

Markus Hennig — Tue, 08 Nov 2005 23:19:18 +0000

Urgency: Middle (low, Middle, HIGH)
Size: 44 Mbyte (44,469,614 bytes)
md5sum: 6205b73271e989913e11ca453b79f2aa

Up2Date 6.101

Remarks

Required previous version is 6.100
Existing configuration will not be changed
!! Firewall will reboot after Up2Date !!

New/Changed/Improved

Improved SurfProtection communication to URL database
Updated Device Agent for Command Center
Disabled SSLv2 Cipher Suite for WebAdmin (possible vulnerability)

Bugfixes

(please refer to the LIST OF KNOWN ISSUES on http://www.astaro.com/kb)
ID3090 Cannot delete VLAN interface when using alias
ID3162 Issue on AV engine page with certain licenses
ID3169 Autogenerated IPSec key objects with DN as VPN ID do not work
ID3170 VPN subsystem may crash when using many roadwarriors
ID3195 Download manager fails on certain downloads
ID3207 Some VPN tunnels fail to come up automatically
ID3213 L2TP authentication does not work with '#' symbol in the password
ID3219 Java Applet errors with HTTP Proxy
ID3220 LDAP port resets to default 389

Download Information

Log on to WebAdmin, navigate to "System -> Up2Date Service" and start a "Update now" in "System Up2Date. An extra browser window will show the progress of the Up2Date process and the System Administrator will receive a notification email once the Up2Date process has finished successfully.
Log on to WebAdmin, navigate to "System -> Up2Date Service" and enable "Prefetch Up2dates". The System Administrator will receive a Notification email after an Up2Date package has been succesfully fetched and can install the Up2Date by clicking "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server:
HTTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Australian Mirror - Austria Mirror - Japanese Mirror
Log on to WebAdmin, navigate to "System -> Up2Date Service", start "Import from file" and import the downloaded Up2Date package. After a successful upload click "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System Administrator will receive a notification email once the Up2Date process has finished successfully.

To install Astaro Security Gateway, you need the installation ISO image, available on our download page.

[Low] Up2Date 5.207

Markus Hennig — Thu, 20 Oct 2005 14:15:38 +0000

Urgency: low (low, Middle, HIGH)
Size: 19 MB (19,592,252 bytes)
md5sum: 87d742d04fd21ca4a1a218fdeff997b7

Up2Date 5.207

Remarks

Required previous version is 5.206
Existing configuration will not be changed
Middleware will be restarted
Active IP and VPN connections will be restarted
Depending on the speed of the CPU the Up2Date installation will take a few minutes

Bugfix

(please refer to the known issue list on http://www.astaro.com/kb)
ID2451 Reporting does not count certain surf protection categories
ID2473 Greylisting limited to 31999 recipients
ID2906 Hostname has leading @ in IPsec Client config
ID3018 Problems using PPPoE interfaces with static gateway IP
ID3037 POP3 Proxy has problems downloading bigger emails

Download Information

Log on to WebAdmin, navigate to "System -> Up2Date Service" and start a "Update now" in "System Up2Date. An extra browser window will show the progress of the Up2Date process and the System Administrator will receive a notification email once the Up2Date process has finished successfully.
Log on to WebAdmin, navigate to "System -> Up2Date Service" and enable "Prefetch Up2dates". The System Administrator will receive a Notification email after an Up2Date package has been succesfully fetched and can install the Up2Date by clicking "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server:
HTTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
Log on to WebAdmin, navigate to "System -> Up2Date Service", start "Import from file" and import the downloaded Up2Date package. After a successful upload click "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System Administrator will receive a notification email once the Up2Date process has finished successfully.

To install Astaro Security Linux, you need the installation ISO image, available on our download page.

Minimum Hardware Requirements

CPU: PII > 400MHz
RAM: 128 MB (256 recommended)
CDROM: IDE or SCSI (see HCL for supported SCSI controller)
Harddisk: > 5GB IDE or SCSI (see HCL for supported SCSI controller)
NIC: at least 2 PCI NICs (see HCL for support chipsets)

[Middle] Up2Date 6.100

Markus Hennig — Tue, 11 Oct 2005 16:05:45 +0000

Urgency: Middle (low, Middle, HIGH)
Size: 83 Mbyte (83,387,607 bytes)
md5sum: ec5c84cc48165558ca06e8b6d585ee69

Up2Date 6.100

Remarks

Required previous version is 6.004
Existing configuration will not be changed
!! Firewall will reboot after Up2Date !!

New/Changed/Improved

Improved Virus Protection
- Added ClamAV as a second software Anti-Virus engine
- Added Sensory as a hardware based Anti-Virus scan engine (for Astaro Security Gateway appliances only)
Improved Spam Protection
- Added User Spam Releasing feature in Daily Spam Digest
- Added email scanning based on URL filtering
- Added real time anti spam pattern
Integrated manuals into WebAdmin
- Added possibility to view manuals directly in WebAdmin
Added support for Command Center - a new centralized tool for monitoring and administration

Bugfix

(please refer to the LIST OF KNOWN ISSUES on http://www.astaro.com/kb)
ID2743 Daily Spam Digest not correctly calculated
ID2857 Adding rules to large packetfilter rulesets
ID2981 HA interface is selectable as member of the bridge
ID3016 Service definitions in policy routing not updated
ID3024 No dots in NT domain names allowed
ID3053 L2TP login fails with special password
ID3057 Timebased packetfilter does not interrupt exiting connections
ID3116 HA Heartbeat is dropped by snort

Download Information

Log on to WebAdmin, navigate to "System -> Up2Date Service" and start a "Update now" in "System Up2Date. An extra browser window will show the progress of the Up2Date process and the System Administrator will receive a notification email once the Up2Date process has finished successfully.
Log on to WebAdmin, navigate to "System -> Up2Date Service" and enable "Prefetch Up2dates". The System Administrator will receive a Notification email after an Up2Date package has been succesfully fetched and can install the Up2Date by clicking "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server:
HTTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Australian Mirror - Austria Mirror - Japanese Mirror
Log on to WebAdmin, navigate to "System -> Up2Date Service", start "Import from file" and import the downloaded Up2Date package. After a successful upload click "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System Administrator will receive a notification email once the Up2Date process has finished successfully.

To install Astaro Security Gateway, you need the installation ISO image, available on our download page.

[Middle] Up2Date 4.028

Markus Hennig — Mon, 26 Sep 2005 16:30:52 +0000

Urgency: Middle (low, Middle, HIGH)
Size: 7MB (7,555,524 byte)
md5sum: d45678cb7429b80952a1c2c374954053

Up2Date 4.028

Remarks

Required previous version is 4.027
Existing configuration will not be change
!!! ATTENTION - FIREWALL WILL REBOOT AFTER UP2DATE !!!

New/Changed/Improved

PPTP Remote DoS Vulnerability fixed

Bugfixes

ID0390 Do not delete last interface
ID0604 Delete service groups remain in system
ID0554 Wrong keys show up when editing IPsec connections

Download Information

Log on to WebAdmin, navigate to "System -> Up2Date Service" and start a "Update now" in "System Up2Date. An extra browser window will show the progress of the Up2Date process and the System Administrator will receive a notification email once the Up2Date process has finished successfully.
Log on to WebAdmin, navigate to "System -> Up2Date Service" and enable "Prefetch Up2dates". The System Administrator will receive a Notification email after an Up2Date package has been succesfully fetched and can install the Up2Date by clicking "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server:
HTTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
Log on to WebAdmin, navigate to "System -> Up2Date Service", start "Import from file" and import the downloaded Up2Date package. After a successful upload click "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System Administrator will receive a notification email once the Up2Date process has finished successfully.

To install Astaro Security Linux, you need the installation ISO image, available on our download page.

[Middle] Up2Date 6.004

Markus Hennig — Thu, 15 Sep 2005 15:23:15 +0000

Urgency: Middle (low, Middle, HIGH)
Size: 1 Mbyte (55,068 bytes)
md5sum: 6bd8f68480c68e732e44cef401828b6f

Up2Date 6.004

Remarks

Required previous version is 6.003
Existing configuration will not be changed
Middleware will be restarted
Active IP and VPN connections will be restarted
Depending on the speed of the CPU the Up2Date installation will take a few minutes

New/Changed/Improved

This Up2Date provides a performance increase for the POP3 Proxy concerning emails of small sizes.

Bugfix

(please refer to the List of Known Issues on http://www.astaro.com/kb)

Download Information

Log on to WebAdmin, navigate to "System -> Up2Date Service" and start a "Update now" in "System Up2Date. An extra browser window will show the progress of the Up2Date process and the System Administrator will receive a notification email once the Up2Date process has finished successfully.
Log on to WebAdmin, navigate to "System -> Up2Date Service" and enable "Prefetch Up2dates". The System Administrator will receive a Notification email after an Up2Date package has been succesfully fetched and can install the Up2Date by clicking "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server:
HTTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Australian Mirror - Austria Mirror - Japanese Mirror
Log on to WebAdmin, navigate to "System -> Up2Date Service", start "Import from file" and import the downloaded Up2Date package. After a successful upload click "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System Administrator will receive a notification email once the Up2Date process has finished successfully.

To install Astaro Security Linux, you need the installation ISO image, available on our download page.

[Middle] Up2Date 6.003

Markus Hennig — Tue, 13 Sep 2005 16:53:59 +0000

Urgency: Middle (low, Middle, HIGH)
Size: 36 Mbyte (36,344,160 bytes)
md5sum: a2bb6f6e49803b82da6a588ecba69753

Up2Date 6.003

Remarks

Required previous version is 6.002
Existing configuration will not be changed
Middleware will be restarted
Active IP and VPN connections will be restarted
Depending on the speed of the CPU the Up2Date installation will take a few minutes

Bugfix

(please refer to the LIST OF KNOWN ISSUES on http://www.astaro.com/kb)
ID2900 All POP3 spam mails reported as threshold 1
ID2933 Policy routes have wrong sort order for more then 9 routes
ID2995 Network-accounting in briged mode shows no traffic
ID2998 Not possible to establish two L2TP tunnel to more than one interface
ID3007 Communication to kaspersky virus scanner failed
ID3015 DHCP Relay turns off before configuration set

Download Information

Log on to WebAdmin, navigate to "System -> Up2Date Service" and start a "Update now" in "System Up2Date. An extra browser window will show the progress of the Up2Date process and the System Administrator will receive a notification email once the Up2Date process has finished successfully.
Log on to WebAdmin, navigate to "System -> Up2Date Service" and enable "Prefetch Up2dates". The System Administrator will receive a Notification email after an Up2Date package has been succesfully fetched and can install the Up2Date by clicking "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server:
HTTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Australian Mirror - Austria Mirror - Japanese Mirror
Log on to WebAdmin, navigate to "System -> Up2Date Service", start "Import from file" and import the downloaded Up2Date package. After a successful upload click "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System Administrator will receive a notification email once the Up2Date process has finished successfully.

To install Astaro Security Linux, you need the installation ISO image, available on our download page.

[Middle] Up2Date 6.002

Markus Hennig — Thu, 11 Aug 2005 21:48:17 +0000

Urgency: Middle (low, Middle, HIGH)
Size: 29MB (29,724,836 bytes)
md5sum: 8a98b4101826fe6281af6faacf069ffe

Up2Date 6.002

Remarks

Required previous version is 6.001
Existing configuration will not be changed
Middleware will be restarted
Active IP and VPN connections will be restarted
Depending on the speed of the CPU the Up2Date installation will take a few minutes

Bugfix

(please refer to the LIST OF KNOWN ISSUES on http://www.astaro.com/kb)
ID2090 Windows Update does not work with NTLM authentication
ID2802 Some reports stop working after deleting local logfiles
ID2849 IPsec policies with DH/PFS group X 4096 don't work
ID2870 LDAP authentication does not work in a special case
ID2874 Factory Reset may not work correctly on slow machines
ID2883 PPP Modem disconnect not properly detected
ID2917 Problems using PPPoE interfaces with static gateway IP
ID2922 IPS cannot be enabled on some firewalls
Fix for the "HTTP CONNECT Unauthorized Access Weakness" reported on Bugtraq

Download Information

Log on to WebAdmin, navigate to "System -> Up2Date Service" and start a "Update now" in "System Up2Date. An extra browser window will show the progress of the Up2Date process and the System Administrator will receive a notification email once the Up2Date process has finished successfully.
Log on to WebAdmin, navigate to "System -> Up2Date Service" and enable "Prefetch Up2dates". The System Administrator will receive a Notification email after an Up2Date package has been succesfully fetched and can install the Up2Date by clicking "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server:
HTTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro US2 - Astaro Germany - Astaro Germany2 - Australian Mirror - Austria Mirror - Japanese Mirror
Log on to WebAdmin, navigate to "System -> Up2Date Service", start "Import from file" and import the downloaded Up2Date package. After a successful upload click "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System Administrator will receive a notification email once the Up2Date process has finished successfully.

To install Astaro Security Linux, you need the installation ISO image, available on our download page.

[Low] Up2Date 5.206

Markus Hennig — Wed, 27 Jul 2005 14:42:53 +0000

Urgency: low (low, Middle, HIGH)
Size: 1MB (1,925,280 bytes)
md5sum: 2897078819759b96d733b71970e85aeb

Up2Date 5.206

Remarks

Required previous version is 5.205
Existing configuration will not be changed
Middleware will not be restarted
Active IP and VPN connections will not be restarted

New/Changed/Improved

Added the possibility to upgrade from ASL V5 to ASL V6. This feature, however, is only applicable for ASG appliances.

Bugfix

(please refer to the known issue list on http://www.astaro.com/kb)
ID2866 Factory Reset may not work correctly on slow machines

Download Information

Log on to WebAdmin, navigate to "System -> Up2Date Service" and start a "Update now" in "System Up2Date. An extra browser window will show the progress of the Up2Date process and the System Administrator will receive a notification email once the Up2Date process has finished successfully.
Log on to WebAdmin, navigate to "System -> Up2Date Service" and enable "Prefetch Up2dates". The System Administrator will receive a Notification email after an Up2Date package has been succesfully fetched and can install the Up2Date by clicking "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server:
HTTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
Log on to WebAdmin, navigate to "System -> Up2Date Service", start "Import from file" and import the downloaded Up2Date package. After a successful upload click "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System Administrator will receive a notification email once the Up2Date process has finished successfully.

To install Astaro Security Linux, you need the installation ISO image, available on our download page.

Minimum Hardware Requirements

CPU: PII > 400MHz
RAM: 128 MB (256 recommended)
CDROM: IDE or SCSI (see HCL for supported SCSI controller)
Harddisk: > 5GB IDE or SCSI (see HCL for supported SCSI controller)
NIC: at least 2 PCI NICs (see HCL for support chipsets)

[Low] Up2Date 5.205

Markus Hennig — Mon, 18 Jul 2005 17:11:39 +0000

Urgency: low (low, Middle, HIGH)
Size: 14MB ( 14,496,382bytes)
md5sum: 86947657f9173994f8d193662779d8db

Up2Date 5.205

Remarks

Required previous version is 5.204
Existing configuration will not be changed
Middleware will be restarted
Active IP and VPN connections will be restarted
Depending on the speed of the CPU the Up2Date installation will take a few minutes

New/Changed/Improved

Added the possibility to upgrade from ASL V5 to ASL V6. This feature, however, is only applicable for ASG appliances.

Bugfix

(please refer to the known issue list on http://www.astaro.com/kb)
ID2590 Domain setting in the SMTP Proxy is case-sensitive.
ID2732 connection to POP3 Server is closed after several NOOPs
ID2787 Snort may fail to block traffic on web server
ID2819 POP3 Proxy doesn't accept QUIT command in AUTHORIZATION state if the connection was closed by the remote server

Download Information

Log on to WebAdmin, navigate to "System -> Up2Date Service" and start a "Update now" in "System Up2Date. An extra browser window will show the progress of the Up2Date process and the System Administrator will receive a notification email once the Up2Date process has finished successfully.
Log on to WebAdmin, navigate to "System -> Up2Date Service" and enable "Prefetch Up2dates". The System Administrator will receive a Notification email after an Up2Date package has been succesfully fetched and can install the Up2Date by clicking "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server:
HTTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
Log on to WebAdmin, navigate to "System -> Up2Date Service", start "Import from file" and import the downloaded Up2Date package. After a successful upload click "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System Administrator will receive a notification email once the Up2Date process has finished successfully.

To install Astaro Security Linux, you need the installation ISO image, available on our download page.

Minimum Hardware Requirements

CPU: PII > 400MHz
RAM: 128 MB (256 recommended)
CDROM: IDE or SCSI (see HCL for supported SCSI controller)
Harddisk: > 5GB IDE or SCSI (see HCL for supported SCSI controller)
NIC: at least 2 PCI NICs (see HCL for support chipsets)

[Low] Up2Date 5.204

Markus Hennig — Wed, 06 Jul 2005 16:09:27 +0000

Urgency: low (low, Middle, HIGH)
Size: 38MB (38,841,138 bytes)
md5sum: 78e46cd95c9a1388d3a88f6198d6a75b

Up2Date 5.204

Remarks

Required previous version is 5.203
Existing configuration will not be changed
!! Firewall will reboot after Up2Date !!

New/Changed/Improved

Added DHCP Relay option
Added TFTP Connection tracking helper

Bugfix

(please refer to the known issue list on http://docs.astaro.org)

Download Information

Log on to WebAdmin, navigate to "System -> Up2Date Service" and start a "Update now" in "System Up2Date. An extra browser window will show the progress of the Up2Date process and the System Administrator will receive a notification email once the Up2Date process has finished successfully.
Log on to WebAdmin, navigate to "System -> Up2Date Service" and enable "Prefetch Up2dates". The System Administrator will receive a Notification email after an Up2Date package has been succesfully fetched and can install the Up2Date by clicking "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server:
HTTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
Log on to WebAdmin, navigate to "System -> Up2Date Service", start "Import from file" and import the downloaded Up2Date package. After a successful upload click "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System Administrator will receive a notification email once the Up2Date process has finished successfully.

To install Astaro Security Linux, you need the installation ISO image, available on our download page.

Minimum Hardware Requirements

CPU: PII > 400MHz
RAM: 128 MB (256 recommended)
CDROM: IDE or SCSI (see HCL for supported SCSI controller)
Harddisk: > 5GB IDE or SCSI (see HCL for supported SCSI controller)
NIC: at least 2 PCI NICs (see HCL for support chipsets)

ASL V6 GA

Markus Hennig — Wed, 06 Jul 2005 17:03:00 +0000

Astaro is pleased to announce the availability of the Astaro Security Linux V6 GA. Thanks to anybody on this board who contributed to this release! We received a tremendous amount of excellent feedback during our BETA test.

New Features of ASL V6

Astaro Security Linux V6 adds many new capabilities like improved protection for Voice over Internet Protocol (VoIP) communications, increased protection from "zero-day attacks," and support for the Linux 2.6 Kernel as well as enhanced configuration and reporting options that improve the flexibility and ease of management.

Key features of this latest release include:

Transparent Firewall Mode
Time-Based Packet Filter and Surf Protection
Policy-Based Routing
Support of Linux Kernel 2.6
SIP Proxy
Anomaly-Based Intrusion Protection
Novell eDirectory Support

A detailed description of the new features is included in the package. A manual for ASL V6 is available on our knowledge base.

The ASL V6 GA includes a 7 day test license but you can use your ASL V5 licenese or generate a new one in MyAstaro. It is possible to import configuration backup files from ASL V5.2 and ASL V6 RC1 into the GA version (the backup file will include your license). A hardware compatibility list and a Known Issues List for the GA release are available at: knowlegde base

Hardware requirements

Astaro minimum recommendation for V6 installations:

Intel Pentium II
256MB RAM
9 GB hard disk drive and above.

Best performance results running on:

Dual Xeon or Athlon
512MB/1GB RAM
36 GB SCSI 15krpm hard disk drive and above.

For testing purpose you can also use a VMware Workstation (http://www.vmware.com/products/desktop/ws_features.html).

Download Information

Download asl-.iso
size: 319 MB (319,088,640 Byte)
md5sum: c913158eb7854a7371b66b5bc7f73552
FTP server: Germany - Germany 2 - US - US 2 - Australian Mirror - Austria Mirror - Japanese Mirror
HTTP server: Germany - Germany 2 - US - US 2 - Australian Mirror - Austria Mirror - Japanese Mirror
BitTorrent: http://download2.astaro.de/ASL/v6.0/iso_i386/asl-6.001-050705-3.iso.torrent

Feedback

Feedback, problem reports and comments should be posted on our User Bulletin Board in the. Please take care to add always(!) the version you refer to (e.g. "[6.001] missing comma in Packet Filter Rules online help").

Astaro R&D team

[Low] Up2Date 3.223

Markus Hennig — Thu, 30 Jun 2005 12:58:52 +0000

Urgency: low (low, Middle, HIGH)
Size: 0.1MB (1,075 bytes)
md5sum: c9d4b84f1f9cf28689661d9b42070118

Remarks

Required previous version is 3.222
Existing configuration will not be changed

Discontinuance of Support Announcement: Astaro Security Linux V3

This notice announces that technical support and the Up2Date service for Astaro Security Linux V3 will be terminated on June 30, 2005. No additional support requests will be accepted after that date. Sales of Astaro Security Linux V3 were discontinued at the end of June 2002, three years prior to the end of support announced in this notice. Customers on this release should strongly consider upgrading to Astaro Security Linux V6, which is fully supported and contains many additional features. Please contact your vendor or sales representative.

Download Information

All Up2Dates are GNUPG-signed! The Astaro Up2Date technology makes it easy to upgrade your installed Astaro Security Linux to the latest version.There are two ways to apply an Up2Date package to the system:

Log on to WebAdmin, navigate to "System -> Up2Date Service" and start a "Update now" in "System Up2Date. An extra browser window will show the progress of the Up2Date process and the System Administrator will receive a notification email once the Up2Date process has finished successfully.
Log on to WebAdmin, navigate to "System -> Up2Date Service" and enable "Prefetch Up2dates". The System Administrator will receive a Notification email after an Up2Date package has been succesfully fetched and can install the Up2Date by clicking "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.

To install Astaro Security Linux, you need the installation ISO image, available on our download page.

ASL V6 RC1

Markus Hennig — Fri, 24 Jun 2005 15:46:15 +0000

Astaro is pleased to announce the availability of the Astaro Security Linux V6 Release Candidate 1. Thanks to anybody on this board who contributed to this release! We received a tremendous amount of excellent feedback during our BETA test. We are planning to ship the General Availability release shortly. The next days will give us extra time to validate improvements made in Astaro Security Linux V6 during the final days of testing. The Release Candidate available today is suitable for testing and for home use, but should not be used in production environments.

New Features

Key features of this latest release include:

Transparent Firewall Mode
Time-Based Packet Filter and Surf Protection
Policy-Based Routing
Support of Linux Kernel 2.6
SIP Proxy
Anomaly-Based Intrusion Protection
Novell eDirectory Support

A detailed description of the new features is included in the package.

Changes in the release:

NTLM Authentication: Added Clear Cache Button
POP3 Proxy: Added detail selection for blocked messages
DHCP Service: Added DHCP Relay agent
Connection Tracking: Added TFTP helper
Intrusion Prevention: Reduced anomaly detection noise
eDirectory: Moved to User Authentication

Fixes in this release:

Bootsplashes does not work on several Intel VGA-Cards
Empty HTTP-Proxy profiles and Time Events could not be deleted
PPPoA fails to connect properly
IPS pattern up2date not working correctly
Portscan detection not working at all
HTTP Proxy does not honor the defer-user-agent setting
Domain setting in the SMTP Proxy is case-sensitive

Limitations

With the provided ISO image there are maybe still some limitations. Please check the Known Issue List before you test ASL V6 RC1! Astaro does not recommend to use ASL V6 RC1 in productive environments but for home use. There is no manual for ASL V6 RC1 but the Online Help is nearly complete.

It is possible to import configuration backup files from ASL V5.2X and in the end we will support a config import from ASL V6 RC1 into the GA version. Please update your test installation regularly. The ASL V6 RC1 does not include a test license but you can use your ASL V5 licenese or generate a new one in MyAstaro.

A hardware compatibility list and a Known Issues List for the RC1 release are available at: http://docs.astaro.org

Hardware requirements

Astaro minimum recommendation for V6 RC1 installations:

Intel Pentium III 900 MHz
256MB RAM
9 GB hard disk drive and above.

Best performance results running on:

Dual Xeon or Athlon
512MB/1GB RAM
36 GB SCSI 15krpm hard disk drive and above.

For testing purpose you can also use a VMware Workstation (http://www.vmware.com/products/desktop/ws_features.html).

Download Information

To our regret we were not able to release any Up2Date due to their size (over 100MB).

Download asl-5.900-050624-1.iso
size: 302 MB (302,409,728 Byte)
md5sum: 8f25ed7aa7ed520b688114cecd1aace2
Astaro FTP server: ftp://ftp2.astaro.de/pub/ASL/v6.0/iso_i386/BETA/
Astaro HTTP server: http://download2.astaro.de/ASL/v6.0/iso_i386/BETA/
BitTorrent: http://download2.astaro.de/ASL/v6.0/iso_i386/BETA/asl-5.900-050624-1.iso.torrent

Feedback

Astaro is trying to build the security solutions that you need. We greatly appreciate your input, comments and suggestions!

Thx in advance for your tests,
Astaro R&D team

[Middle] Up2Date 4.027

Markus Hennig — Mon, 20 Jun 2005 16:31:35 +0000

Urgency: Middle (low, Middle, HIGH)
Size: 6MB (6,538,583 byte)
md5sum: e6dc52b3c8269a0abda56fcd591a3d3d

Up2Date 4.027

Remarks

Required previous version is 4.026
Existing configuration will not be changed
!!! ATTENTION - FIREWALL WILL REBOOT AFTER UP2DATE !!!

New/Changed/Improved

PPP-DoS-Patch (CAN-2005-0384)

Download Information

Log on to WebAdmin, navigate to "System -> Up2Date Service" and start a "Update now" in "System Up2Date. An extra browser window will show the progress of the Up2Date process and the System Administrator will receive a notification email once the Up2Date process has finished successfully.
Log on to WebAdmin, navigate to "System -> Up2Date Service" and enable "Prefetch Up2dates". The System Administrator will receive a Notification email after an Up2Date package has been succesfully fetched and can install the Up2Date by clicking "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server:
HTTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
Log on to WebAdmin, navigate to "System -> Up2Date Service", start "Import from file" and import the downloaded Up2Date package. After a successful upload click "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System Administrator will receive a notification email once the Up2Date process has finished successfully.

To install Astaro Security Linux, you need the installation ISO image, available on our download page.

BETA Up2Date 5.841

Markus Hennig — Fri, 10 Jun 2005 21:35:31 +0000

Astaro is pleased to announce the availability of the third Astaro Security Linux V6 BETA and invites you to test it! This third one is just a Up2Date package, for an initial installation you need ISO 5.838. Please check here the detailed first announcement.

Size: 77M (77,230,215 bytes)
md5sum: 9e1b2965f480ef5c53bfdbb40e08c8fd

Up2Date 5.841

Remarks

Required previous version is 5.838
Existing configuration will not be changed
!! Firewall will reboot after Up2Date !!

New/Changed/Improved

Added switch to allow/deny ARP broadcasts
Removed almost all debugging code
Lots of small fixes

Bugfix

(please refer to the known issue list on http://docs.astaro.org)
ID2085 Greylist_db not replicated to Slave
ID2319 HA master-master situation not handled correctly
ID2498 Bootsplash does not switch to login prompt automatically
ID2513 L2TP over IPSec fails for NAT-Traversal
ID2529 Anomaly detection issues too many alerts
ID2537 Greylisting stops SMTP Proxy from accepting emails
ID2538 Virusprotection for SMTP does not count viruses
ID2545 Recipient Verification does not work correctly
ID2548 Spamassassin DoS vulnarability
ID2551 Surf Protection Blocked page does not show Reason
ID2556 Block ARP broadcasts in bridge mode
ID2561 Time Events not deletable

Download Information

Log on to WebAdmin, navigate to "System -> Up2Date Service" and start a "Update now" in "System Up2Date. An extra browser window will show the progress of the Up2Date process and the System Administrator will receive a notification email once the Up2Date process has finished successfully.
Log on to WebAdmin, navigate to "System -> Up2Date Service" and enable "Prefetch Up2dates". The System Administrator will receive a Notification email after an Up2Date package has been succesfully fetched and can install the Up2Date by clicking "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server:
HTTP: Astaro Germany
FTP: Astaro Germany
Log on to WebAdmin, navigate to "System -> Up2Date Service", start "Import from file" and import the downloaded Up2Date package. After a successful upload click "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System Administrator will receive a notification email once the Up2Date process has finished successfully.

Next ASL V6 BETA ISO

Markus Hennig — Thu, 02 Jun 2005 16:52:31 +0000

Astaro is pleased to announce the availability of the second Astaro Security Linux V6 BETA and invites you to test it!

Please check here the detailed first announcement.

New

eDirectory Support (completed now, including group and container support, HTTP profile assignments based on eDirectory groups)

Fixed

Reporting not working completely
IPsec encryption/hash algorithms incomplete
IPsec Connections - Status viewer
PPTP/L2TP Roadwarriors using DHCP Server
eDirectory support not yet completed
NTLM/LDAP/Radius Authentication for HTTP Proxy
ASC Config export
Lots of small fixes in WebAdmin and backend
(all known issue stuff and a lot more...)

Changed

Redirect for Allowed Networks in Transparent HTTP Proxy
Removed most of the debugging code
Policy Routing for local services enabled (needs SNAT)
Hardware detection - We are highly interested in your feedback about your used hardware!!!

Limitations

With the provided ISO image there are maybe some limitations (remember: its a BETA :-)

Please check the Known Issue List (http://docs.astaro.org) before you test ASL V6 BETA! Astaro does not recommend to use ASL V6 BETA in productive environments but for home use.
There is no manual for ASL V6 BETA and the Online Help may still contain some gaps.

It is possible to import configuration backup files from ASL V5.2X and in the end we will support a config import from ASL V6 BETA into the GA version. We will provide Up2Date packages as well as ISO images for ASL V6 BETA. Please update your test installation regularly. The ASL V6 BETA includes a test license with unlimited users and all features activated. There is no need to request a new or special license.

A hardware compatibility list and a Known Issues List for the BETA release are available at: http://docs.astaro.org

Hardware requirements

Astaro minimum recommendation for V6 BETA installations:

Intel Pentium III 900 MHz
256MB RAM
9 GB hard disk drive and above.

Best performance results running on:

Dual Xeon or Athlon
512MB/1GB RAM
36 GB SCSI 15krpm hard disk drive and above.

For testing purpose you can also use a VMware Workstation (http://www.vmware.com/products/desktop/ws_features.html).

Download Information

To our regret we were not able to release any Up2Date due to their size (over 100MB), but we plan a small one within next days.

asl-5.838.iso
size: 301MB (301,557,760 Byte)
md5sum: 422398f5af24cffbdcd8b8dab6c65b95
Astaro FTP server: ftp://ftp2.astaro.de/pub/ASL/v6.0/iso_i386/BETA/
Astaro HTTP server: http://download2.astaro.de/ASL/v6.0/iso_i386/BETA/
BitTorrent: http://download2.astaro.de/ASL/v6.0/iso_i386/BETA/asl-5.838-050602-1.iso.torrent

Feedback

Astaro is trying to build the security solutions that you need. We greatly appreciate your input, comments and suggestions! Thx in advance for your tests!

Astaro R&D team

[Middle] Up2Date 5.203

Markus Hennig — Fri, 27 May 2005 15:10:17 +0000

Urgency: Middle(low, Middle, HIGH)
Size: 29MB (29,209,545 bytes)
md5sum: 54619ea9d59538d273ec88f91827718c

Up2Date 5.203

Remarks

Required previous version is 5.202
Existing configuration will not be changed
Middleware will not be restarted
Active IP and VPN connections will not be restarted

New/Changed/Improved

IPsec Client Config Export now supports ASC
Improved backend kernel access to avoid crashes
Improved backend connection tracking handling

Bugfix

(please refer to the known issue list on http://docs.astaro.org)
ID2086 "Phantom" Interfaces in Network->Accounting after renaming
ID2193 Selfmonitor improvement for licensing daemon
ID2280 Virus Pattern Up2dates latest update shows 1969 on some firewalls

Download Information

Log on to WebAdmin, navigate to "System -> Up2Date Service" and start a "Update now" in "System Up2Date. An extra browser window will show the progress of the Up2Date process and the System Administrator will receive a notification email once the Up2Date process has finished successfully.
Log on to WebAdmin, navigate to "System -> Up2Date Service" and enable "Prefetch Up2dates". The System Administrator will receive a Notification email after an Up2Date package has been succesfully fetched and can install the Up2Date by clicking "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server:
HTTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
Log on to WebAdmin, navigate to "System -> Up2Date Service", start "Import from file" and import the downloaded Up2Date package. After a successful upload click "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System Administrator will receive a notification email once the Up2Date process has finished successfully.

To install Astaro Security Linux, you need the installation ISO image, available on our download page.

Minimum Hardware Requirements

CPU: PII > 400MHz
RAM: 128 MB (256 recommended)
CDROM: IDE or SCSI (see HCL for supported SCSI controller)
Harddisk: > 5GB IDE or SCSI (see HCL for supported SCSI controller)
NIC: at least 2 PCI NICs (see HCL for support chipsets)

Astaro Security Client V8.2

Markus Hennig — Fri, 27 May 2005 15:19:13 +0000

We are pleased to announce Astaro Security Client V8.2

This new release includes the following new features:

Enhanced Personal Firewall capabilities:

advanced options to configure stateful packet inspection rules for individual applications
all firewall mechanisms are optimized for Remote Access applications and are activated when the computer is started
Personal Firewall is activated as soon as the computer starts

Automatic Hotspot Logon

automatically detects hotspot websites in a public WLAN area
dynamically releases the ports for http or https for hotspot logon or logoff
prohibits client from direct communication to the Internet bypassing the VPN tunnel

Import of Configuration Data from ASL

Profile settings created by Astaro Security Linux can be exported from the gateway (starting with Release 5.203) and imported directly into the Astaro Secure Client

Support of compression type Deflate

compression type Deflate can now be used in conjunction with ASL to speed up data transfer

Automatic detection of familiar and unfamiliar networks

different firewall rule sets can be deployed and activated automatically for each type of network

Download Information

The new release of Astaro Secure Client is available immediately. Customers currently using Astaro Secure Client 8.1x can upgrade to the new release free of charge.
Use MyAstaro for Downloads and Licenses.

You can get to MyAstaro three ways:

Go directly to MyAstaro
From the Astaro web site (astaro.com or astaro.de) click the link in the upper left of that says "Log in" or the tab in the upper right corner that says "MyAstaro"
Click on any link on the Astaro Registration Portal

For more information please visit our website

Next ASL V6 BETA ISO

Markus Hennig — Fri, 20 May 2005 14:46:40 +0000

Astaro is pleased to announce the availability of the second Astaro Security Linux V6 BETA and invites you to test it!

Please check here the detailed first announcemnet.

New

Multiple PPPoE Interfaces configurable in WebAdmin
eDirectory Support (not yet completed)

Fixed

WebAdmin definitions may not show up immediately
HTTP Proxy: Timebased Contentfiltering (Surfprotection)
HTTP Proxy: Contentfilter Progressbar
HTTP Proxy: support for WebDAV
HTTP Proxy: Strip Embedded Objects/Scripts not working correctly
Quarantined POP3 emails are not shown in Proxy Content Manager
Selfmonitoring for POP3 and HTTP Proxy
Ipsec routing in bridge mode (transparent mode)
Wrong Policy Routes sort order
Owner match for outgoing connections may fail
Reporting->Virus Protection
Reporting->Content filter->POP3
Error Messages in installer

Limitations

With the provided ISO image there are maybe some limitations (remember: its a BETA :-) Please check the Known Issue List (http://docs.astaro.org) before you test ASL V6 BETA!
Astaro does not recommend to use ASL V6 BETA in productive environments. There is no manual for ASL V6 BETA and the Online Help may still contain some gaps.

A hardware compatibility list and a Known Issues List for the BETA release are available at: http://docs.astaro.org

Hardware requirements

Astaro minimum recommendation for V6 BETA installations:

Intel Pentium III 900 MHz
256MB RAM
9 GB hard disk drive and above.

Best performance results running on:

Dual Xeon or Athlon
512MB/1GB RAM
36 GB SCSI 15krpm hard disk drive and above.

For testing purpose you can also use a VMware Workstation (http://www.vmware.com/products/desktop/ws_features.html).

Download Information

To our regret we were not able to release any Up2Date due to their size (over 100MB).

asl-5.816.iso
size: 298MB (298,113,024 Byte)
md5sum: af7b6ab3b0f83c2534e36e92c97668cc
Astaro FTP server: ftp://ftp2.astaro.de/pub/ASL/v6.0/iso_i386/BETA/
Astaro HTTP server: http://download2.astaro.de/ASL/v6.0/iso_i386/BETA/
BitTorrent: http://download2.astaro.de/ASL/v6.0/iso_i386/BETA/asl-5.816-050520-1.iso.torrent

Feedback

Astaro is trying to build the security solutions that you need. We greatly appreciate your input, comments and suggestions!
Thx in advance for your tests.

Astaro R&D team

Try the ASL V6 BETA!

Markus Hennig — Fri, 06 May 2005 14:48:37 +0000

Astaro is pleased to announce the availability of the Astaro Security Linux V6 BETA and invites you to test it!

Highlights of the BETA release

Transparent Firewall Mode
Packets can traverse the firewall without modifying any of the source or destination information in the IP packet header (acting like a layer 2 switch or bridge). There is no need to reconfigure IP space from currently assigned addresses. (Previously a subnet had to be split in at least two different subnets in order to put ASL in between). It is easy to pull a firewall out of the loop to diagnose network problems and to accurately map problem IP addresses.

Time-Based Packet Filter and Surf Protection Configuration
You can apply configuration options for packet and URL filters for specified time periods. For example, you can enable a set of firewall rules that allows a specific group access to specific servers only on Monday through Friday, from 8:00AM to 5:00PM.

Support for the Linux Kernel 2.6
Astaro Security Linux V6 utilizes the new Linux kernel 2.6. Benefits include:

Support for S-ATA disks
Increased performance for multithreaded applications (e.g. the content filter) via use of new NPTL thread library and support of Hyper-Threading Technology. This enables a single physical processor to execute two or more separate code streams (threads) concurrently.
Support of new hardware and new devices

Policy-Based Routing
Traffic can be forwarded and routed based on source IP address, source port and destination port (in addition to normal routing, which is based on the destination IP address). With this feature traffic can be spread over multiple Internet uplinks to improve application performance, improve the use of bandwidth, and control costs.

SIP (Session Initiation Protocol) Proxy
The SIP Proxy increases flexibility, security and performance when supporting Voice over IP (VoIP) communications. SIP software clients (like kphone, xlite) and SIP hardware clients (Voice over IP phones which are SIP-compatible, such as those from Cisco, Grandstream or Snom) can work behind an IP masquerading firewall or NAT router.

Anomaly-Based Intrusion Protection
Increased protection against "zero-day-attacks" (malicious threats that attack enterprise networks before signatures have been developed). To guard against these early attacks, Astaro Security Linux analyzes the behavior of "normal" traffic and identifies anomalies that indicate a possible new attack, for example, new services, previously unseen hosts, and unusual amounts of traffic.

And a lot of more stuff visible or under the hood....

There are two things no longer included: Support for old CPUs (INTEL Pentium I, AMD K5/K6, VIA older then C3 Eden/Nehemiah) and WLAN.

Limitations

With the provided ISO image there are maybe some limitations (remember: its a BETA :-) Please check the Known Issue List (http://docs.astaro.org) before you test ASL V6 BETA! Astaro does not recommend to use ASL V6 BETA in productive environments. There is no manual for ASL V6 BETA and the Online Help may still contain some gaps.

A hardware compatibility list and a Known Issues List for the BETA release are available at: http://docs.astaro.org

Hardware requirements

Astaro minimum recommendation for V6 BETA installations:

Intel Pentium III 900 MHz
256MB RAM
9 GB hard disk drive and above.

Best performance results running on:

Dual Xeon or Athlon
512MB/1GB RAM
36 GB SCSI 15krpm hard disk drive and above.

For testing purpose you can also use a VMware Workstation (http://www.vmware.com/products/desktop/ws_features.html).

Download Information

asl-5.800.iso
size: 294MB (294,766,592 Byte)
md5sum: b7d62f45114774d113f405c182885875
Astaro FTP server: ftp://ftp2.astaro.de/pub/ASL/v6.0/iso_i386/BETA/
Astaro HTTP server: http://download2.astaro.de/ASL/v6.0/iso_i386/BETA/
BitTorrent: http://download2.astaro.de/ASL/v6.0/iso_i386/BETA/asl-5.800.iso.torrent

(If you are not familiar with BitTorrent, please check out this detailed description: http://en.wikipedia.org/wiki/Bittorrent). Search for "how to burn" on our Knowledge Base (http://www.astaro.com/kb/) if you have trouble to burn a CD from the ISO image.

Feedback

Feedback, problem reports and comments should be posted on our User Bulletin Board in the "BETA Version / ASL Hackers" forum. Please take care to add always(!) the version you refer to (e.g. "[5.801] problem with POP3 proxy in bridge mode"). Astaro is trying to build the security solutions that you need. We greatly appreciate your input, comments and suggestions!
Thx in advance for your tests!

Astaro R&D team

[Middle] Up2Date 5.202

Markus Hennig — Fri, 29 Apr 2005 13:50:48 +0000

Urgency: Middle(low, Middle, HIGH)
Size: 6MB (6,411,644 bytes)
md5sum: 32807f12f5ef8cc8639a07b5ecb940ca

Up2Date 5.202

Remarks

Required previous version is 5.201
Existing configuration will not be changed
Please do not reboot the firewall before applying this Up2Date
Middleware will be restarted
Active IP and VPN connections will be restarted
Depending on the speed of the CPU the Up2Date installation will take a few minutes

Bugfix

(please refer to the known issue list on http://docs.astaro.org)
ID2276 Network and service definitions not saved to disk
ID2277 Roadwarrior-Connections with X509 and IPV4 are not working

Download Information

Log on to WebAdmin, navigate to "System -> Up2Date Service" and start a "Update now" in "System Up2Date. An extra browser window will show the progress of the Up2Date process and the System Administrator will receive a notification email once the Up2Date process has finished successfully.
Log on to WebAdmin, navigate to "System -> Up2Date Service" and enable "Prefetch Up2dates". The System Administrator will receive a Notification email after an Up2Date package has been succesfully fetched and can install the Up2Date by clicking "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server:
HTTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
Log on to WebAdmin, navigate to "System -> Up2Date Service", start "Import from file" and import the downloaded Up2Date package. After a successful upload click "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System Administrator will receive a notification email once the Up2Date process has finished successfully.

To install Astaro Security Linux, you need the installation ISO image, available on our download page.

Minimum Hardware Requirements

CPU: PII > 400MHz
RAM: 128 MB (256 recommended)
CDROM: IDE or SCSI (see HCL for supported SCSI controller)
Harddisk: > 5GB IDE or SCSI (see HCL for supported SCSI controller)
NIC: at least 2 PCI NICs (see HCL for support chipsets)

[Middle] Up2Date 5.201

Markus Hennig — Mon, 25 Apr 2005 11:56:39 +0000

Urgency: Middle(low, Middle, HIGH)
Size: 45MB (45,848,735 bytes)
md5sum: 8ec5af6aabc25a3ef7d33a2fe7b4cba1

Up2Date 5.201

Remarks

Required previous version is 5.200
Existing configuration will not be changed
!! Firewall will reboot after Up2Date !!

New/Changed/Improved

Fixed remote DoS attack in PPP code [CAN-2005-0384]
Improved Contentfilter messages for POP3 Proxy

Bugfix

(please refer to the known issue list on http://docs.astaro.org)
ID1275 Proxy Content Manager hangs on large e-mails
ID1863 Backup may not contain storage.xml file
ID2056 DNS hostnames with a single character are not allowed
ID2073 Adding a network group to itself causes trouble
ID2126 License graph not updating in Reporting
ID2144 "Pattern Up2Date" is incorrectly shown as "not licensed"

Download Information

Log on to WebAdmin, navigate to "System -> Up2Date Service" and start a "Update now" in "System Up2Date. An extra browser window will show the progress of the Up2Date process and the System Administrator will receive a notification email once the Up2Date process has finished successfully.
Log on to WebAdmin, navigate to "System -> Up2Date Service" and enable "Prefetch Up2dates". The System Administrator will receive a Notification email after an Up2Date package has been succesfully fetched and can install the Up2Date by clicking "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server:
HTTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
Log on to WebAdmin, navigate to "System -> Up2Date Service", start "Import from file" and import the downloaded Up2Date package. After a successful upload click "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System Administrator will receive a notification email once the Up2Date process has finished successfully.

To install Astaro Security Linux, you need the installation ISO image, available on our download page.

Hardware Requirements

(Hardware Calculator):

CPU: PII > 400MHz
RAM: 128 MB (256 recommended)
CDROM: IDE or SCSI (see HCL for supported SCSI controller)
Harddisk: > 5GB IDE or SCSI (see HCL for supported SCSI controller)
NIC: at least 2 PCI NICs (see HCL for support chipsets)

[Middle] Up2Date 5.200

Markus Hennig — Thu, 03 Mar 2005 18:13:24 +0000

Urgency: Middle(low, Middle, HIGH)
Size: 55MB (55,495,150 bytes)
md5sum: 6eaa229c562d9445f85e090af76402e9

Up2Date 5.200

Remarks

Required previous version is 5.103
Existing configuration will not be changed
!! Firewall will reboot after Up2Date !!

New/Changed/Improved

HTTP content filter option "Spyware Protection" added:
Detects and blocks spyware before it enters the organization and infects computers
Intercepts and blocks spyware communication from already infected computers to the internet
Optionally blocks all suspicious and unknown sites to even protect against spyware originating from websites, which have not been categorized yet
additionally this option enhances protection against phishing attacks by blocking communication to these fraudulent links
HTTP proxy (SQUID) security and bug fixes (CAN-2005-0094, CAN-2005-0095, CAN-2005-0096, CAN-2005-0097, CAN-2005-0173, CAN-2005-0174, CAN-2005-0175, CAN-2005-0211, CAN-2005-0241 and some non-critical fixes)
Redesign of HTTP content filter info/status/error pages
new linux kernel (incl. new Broadcom bcm57xx driver, support for HP/Compaq DL 360 with RAID Controller SmartArray 6i, H323 conntrack helper fix, RLIMIT poll size exploit fix, and some non-critical fixes)

Bugfix

(please refer to the known issue list on http://docs.astaro.org)
ID1725 Squid Icons for FTP pages do not work
ID1840 Up2Date installation fails if package download is still in progress
ID1925 MaxReceipients for SMTP commections limited to 1
ID1942 Tables in Exceutive Reports are not updating
ID1947 Password with $ in lilo
ID1989 Receipient-Verification does not work on Bounces
ID2024 BATV does not work for capital letters
ID2030 Spelling incompatibility in bandwidth monitoring settings
ID2032 Data table in executive report is one huge line
ID2036 Virus Scaner Test-Restart may take some time
ID2059 ASL sends notification but everything seems to be ok

Download Information

Log on to WebAdmin, navigate to "System -> Up2Date Service" and start a "Update now" in "System Up2Date. An extra browser window will show the progress of the Up2Date process and the System Administrator will receive a notification email once the Up2Date process has finished successfully.
Log on to WebAdmin, navigate to "System -> Up2Date Service" and enable "Prefetch Up2dates". The System Administrator will receive a Notification email after an Up2Date package has been succesfully fetched and can install the Up2Date by clicking "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server:
HTTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
Log on to WebAdmin, navigate to "System -> Up2Date Service", start "Import from file" and import the downloaded Up2Date package. After a successful upload click "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System Administrator will receive a notification email once the Up2Date process has finished successfully.

To install Astaro Security Linux, you need the installation ISO image, available on our download page.

Hardware Requirements

(Hardware Calculator):

CPU: PII > 400MHz
RAM: 128 MB (256 recommended)
CDROM: IDE or SCSI (see HCL for supported SCSI controller)
Harddisk: > 5GB IDE or SCSI (see HCL for supported SCSI controller)
NIC: at least 2 PCI NICs (see HCL for support chipsets)

[Middle] Up2Date 5.103

Markus Hennig — Thu, 17 Feb 2005 22:50:57 +0000

Urgency: Middle(low, Middle, HIGH)
Size: 14MB (14,033,062 bytes)
md5sum: 3a768c67f0c2a74db600031e787eafdf

Up2Date 5.103

Remarks

Required previous version is 5.102
Existing configuration will not be changed
Middleware will be restarted
Active IP and VPN connections will be restarted
Depending on the speed of the CPU the Up2Date installation will take a few minutes

New/Changed/Improved

Fixed BIND vulnerability (CAN-2005-0033)

Bugfix

(please refer to the known issue list on http://docs.astaro.org)
ID1992 Reporting interface graphs missing

Download Information

Log on to WebAdmin, navigate to "System -> Up2Date Service" and start a "Update now" in "System Up2Date. An extra browser window will show the progress of the Up2Date process and the System Administrator will receive a notification email once the Up2Date process has finished successfully.
Log on to WebAdmin, navigate to "System -> Up2Date Service" and enable "Prefetch Up2dates". The System Administrator will receive a Notification email after an Up2Date package has been succesfully fetched and can install the Up2Date by clicking "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server:
HTTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
Log on to WebAdmin, navigate to "System -> Up2Date Service", start "Import from file" and import the downloaded Up2Date package. After a successful upload click "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System Administrator will receive a notification email once the Up2Date process has finished successfully.

To install Astaro Security Linux, you need the installation ISO image, available on our download page.

Hardware Requirements

(Hardware Calculator):

CPU: PII > 400MHz
RAM: 128 MB (256 recommended)
CDROM: IDE or SCSI (see HCL for supported SCSI controller)
Harddisk: > 5GB IDE or SCSI (see HCL for supported SCSI controller)
NIC: at least 2 PCI NICs (see HCL for support chipsets)

[Middle] Up2Date 4.026

Markus Hennig — Tue, 15 Feb 2005 23:47:45 +0000

Urgency: Middle (low, Middle, HIGH)
Size: 1MB ( 484,219 bytes)
md5sum: eea1653a321c270bce72d523c8537dc0

Up2Date 4.026

Remarks

Required previous version is 4.025
Existing configuration will not be changed
Active VPN connections will not be restarted

New/Changed/Improved

Kaspersky Virus Scan Engine license renewal

Download Information

Log on to WebAdmin, navigate to "System -> Up2Date Service" and start a "Update now" in "System Up2Date. An extra browser window will show the progress of the Up2Date process and the System Administrator will receive a notification email once the Up2Date process has finished successfully.
Log on to WebAdmin, navigate to "System -> Up2Date Service" and enable "Prefetch Up2dates". The System Administrator will receive a Notification email after an Up2Date package has been succesfully fetched and can install the Up2Date by clicking "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server:
HTTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
Log on to WebAdmin, navigate to "System -> Up2Date Service", start "Import from file" and import the downloaded Up2Date package. After a successful upload click "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System Administrator will receive a notification email once the Up2Date process has finished successfully.

To install Astaro Security Linux, you need the installation ISO image, available on our download page.

[Middle] Up2Date 5.102

Markus Hennig — Fri, 04 Feb 2005 11:14:50 +0000

Urgency: Middle(low, Middle, HIGH)
Size: 1MB (193,774 bytes)
md5sum: bd1ab0150cebae797597d1255c3dda02

Up2Date 5.102

Remarks

Required previous version is 5.101
Existing configuration will not be changed
HTTP proxy will be restarted
Active IP and VPN connections will not be restarted

Bugfix

(please refer to the known issue list on http://docs.astaro.org)
ID2006 Runaway HTTP proxy uses up all 99,9% CPU

Download Information

Log on to WebAdmin, navigate to "System -> Up2Date Service" and start a "Update now" in "System Up2Date. An extra browser window will show the progress of the Up2Date process and the System Administrator will receive a notification email once the Up2Date process has finished successfully.
Log on to WebAdmin, navigate to "System -> Up2Date Service" and enable "Prefetch Up2dates". The System Administrator will receive a Notification email after an Up2Date package has been succesfully fetched and can install the Up2Date by clicking "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server:
HTTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
Log on to WebAdmin, navigate to "System -> Up2Date Service", start "Import from file" and import the downloaded Up2Date package. After a successful upload click "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System Administrator will receive a notification email once the Up2Date process has finished successfully.

To install Astaro Security Linux, you need the installation ISO image, available on our download page.

Hardware Requirements

(Hardware Calculator):

CPU: PII > 400MHz
RAM: 128 MB (256 recommended)
CDROM: IDE or SCSI (see HCL for supported SCSI controller)
Harddisk: > 5GB IDE or SCSI (see HCL for supported SCSI controller)
NIC: at least 2 PCI NICs (see HCL for support chipsets)

[Middle] Up2Date 5.101

Markus Hennig — Wed, 26 Jan 2005 22:19:59 +0000

Urgency: Middle(low, Middle, HIGH)
Size:42MB (42,497,650 bytes)
md5sum: 4db176203f3b523bf3620d66a1318d59

Up2Date 5.101

Remarks

Required previous version is 5.100
Existing configuration will not be changed
!! Firewall will reboot after Up2Date !!

New/Changed/Improved

Improved HTTP Proxy performance and content handling
New Kernel fixing local root exploit

Bugfix

(please refer to the known issue list on http://docs.astaro.org)
ID1695 PDF Files not shown in browser while VP is enabled
ID1715 Proxy authentication fails if the startsite is a https URL
ID1914 SMTP sender blacklist groups do not work correctly
ID1924 Changing a network definition will no affect SMTP Routing Targets

Download Information

Log on to WebAdmin, navigate to "System -> Up2Date Service" and start a "Update now" in "System Up2Date. An extra browser window will show the progress of the Up2Date process and the System Administrator will receive a notification email once the Up2Date process has finished successfully.
Log on to WebAdmin, navigate to "System -> Up2Date Service" and enable "Prefetch Up2dates". The System Administrator will receive a Notification email after an Up2Date package has been succesfully fetched and can install the Up2Date by clicking "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server:
HTTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
Log on to WebAdmin, navigate to "System -> Up2Date Service", start "Import from file" and import the downloaded Up2Date package. After a successful upload click "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System Administrator will receive a notification email once the Up2Date process has finished successfully.

To install Astaro Security Linux, you need the installation ISO image, available on our download page.

Hardware Requirements

(Hardware Calculator):

CPU: PII > 400MHz
RAM: 128 MB (256 recommended)
CDROM: IDE or SCSI (see HCL for supported SCSI controller)
Harddisk: > 5GB IDE or SCSI (see HCL for supported SCSI controller)
NIC: at least 2 PCI NICs (see HCL for support chipsets)

ASL V5.1 available

Markus Hennig — Wed, 01 Dec 2004 23:22:55 +0000

We are pleased to announce Astaro Security Linux V5.1!

Updates/Bugfixes

Upgrade to SpamAssassin 3.01 with the following powerful extensions:
+ Razor2 (online database spam check)
+ DCC (online database spam check)
+ SURBL (spam realtime blocklist)
Backend bugfixes for backup converter/licensing/logging/reporting
Overall system performance increase
new kernel with bugfixed conntrack code

New Features

Additional features for better junk mail control:
+ Greylisting (Advanced spam blocking method)
+ BATV reverse path signing (Block virus and spam backscatter)
+ Checking SPF records (Joe-Job/Phishing protection)
SNMP trap support
Bandwidth monitoring capabilities with notifications if bandwidth usage exceeds/below defined percentage
Improved Proxy Content Manager
Daily proxy content manager digest sent by email for every user

Backup files from ASL V5.027 will work on ASL V5.1, backup files from the public BETA will work on the final V5.1 too. ASL V5.1 does not need a new license or a special license. This ASL V5 ISO image includes all recently released Up2Date packages. For documentation, please see the documentation section of the Astaro web site: docs.astaro.org

For pricing information please contact:

Europe: sales@astaro.com
Americas: salesus@astaro.com
Asia Pacific: sales@astaro.com

Related documents:

Hardware Requirements

(Hardware Calculator):

CPU: PII > 400MHz
RAM: 128 MB (256 recommended)
CDROM: IDE or SCSI (see HCL for supported SCSI controller)
Harddisk: > 5GB IDE or SCSI (see HCL for supported SCSI controller)
NIC: at least 2 PCI NICs (see HCL for support chipsets)

Licensing

Use MyAstaro for Downloads and Licenses. Astaro downloads and licenses will now be handled through the new MyAstaro web site (https://my.astaro.com), which is replacing the Astaro Registration Portal.

You can get to MyAstaro three ways:

Go directly to https://my.astaro.com
From the Astaro web site (www.Astaro.com or www.Astaro.de) click the link in the upper left of that says "Log in" or the tab in the upper right corner that says "MyAstaro"
Click on any link on the Astaro Registration Portal

If you want an evaluation copy of Astaro Security Linux V5, go to MyAstaro and complete a short form to create a MyAstaro account. You will then be taken to a screen where you can request a V5 evaluation license and then download a free evaluation version of Astaro Security Linux.

Up2Date 5.100

Remarks

Required previous version is 5.027
SMTP configuration will be converted, please check
!! Firewall will reboot after Up2Date !!

New/Changed/Improved

Added new SMTP Proxy features (Greylisting, SPF, BATV)
Improved Spam Protection
Added SNMP trap support
Added bandwidth monitoring support

Bugfix

(please refer to the known issue list on http://docs.astaro.org)
ID1229 Peaks in network graphs after reboot
ID1433 HA linkbeat check does not support Intel and gigabit NICs
ID1468 SysKonnect NICs not supported by kernel
ID1538 Backupconverter does not set IPSec Auto-Packetfilters correctly
ID1551 HA Takeover event will not appear in reporting

Download Information

Urgency: Middle(low, Middle, HIGH)
Size:54MB (54,693,631 bytes)
md5sum: 426c681197aae0ea923798281ad18b29

Log on to WebAdmin, navigate to "System -> Up2Date Service" and start a "Update now" in "System Up2Date. An extra browser window will show the progress of the Up2Date process and the System Administrator will receive a notification email once the Up2Date process has finished successfully.
Log on to WebAdmin, navigate to "System -> Up2Date Service" and enable "Prefetch Up2dates". The System Administrator will receive a Notification email after an Up2Date package has been succesfully fetched and can install the Up2Date by clicking "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server:
HTTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
Log on to WebAdmin, navigate to "System -> Up2Date Service", start "Import from file" and import the downloaded Up2Date package. After a successful upload click "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System Administrator will receive a notification email once the Up2Date process has finished successfully.

ASL V5.1 BETA available (named "ASL 5.050")

Markus Hennig — Fri, 19 Nov 2004 17:35:20 +0000

We are pleased to invite you to test the public BETA of Astaro Security Linux V5.1 For testing purpose we named the test image ASL 5.050, it includes the following:

Updates/Bugfixes

Upgrade to SpamAssassin 3.01 with the following powerful extensions:
+ Razor2 (online database spam check)
+ DCC (online database spam check)
+ SURBL (spam realtime blocklist)
Backend bugfixes for backup converter/licensing/logging/reporting
Overall system performance increase
new kernel with bugfixed conntrack code

New Features

Additional features for better junk mail control:
+ Greylisting (Advanced spam blocking method)
+ BATV reverse path signing (Block virus and spam backscatter)
+ Checking SPF records (Joe-Job/Phishing protection)
SNMP trap support
Bandwidth monitoring capabilities with notifications if bandwidth usage exceeds/below defined percentage
Improved Proxy Content Manager
Daily proxy content manager digest sent by email for every user

We do not recommend to use the BETA on larger production servers (even if we already use it to filter our own mail - and it works great)

The public BETA ISO image carry the version number 5.050. We will neither provide a Up2Date package to upgrade your existing V5 to this BETA release nor will we publish an Up2Date Package to upgrade from the pubic BETA to the final ASL V5.100.

Backup files from ASL V5.027 will work on the public BETA, backup files from the public BETA will work on the final V5.100. This upgrade does not need a new license or a special license. Any ASL V5 license can be used.

Download Information

Download the BETA iso image from our HTTP or FTP Server:

asl-5.050-041119-3.iso
277,479,424 Bytes
md5sum: bede64f994178d65baf045afb4415c2e

asl-5.050-041122-4.iso
281,673,728 Bytes
md5sum: 7cd9022f4611e984927c5fe975ff8ec7

HTTP: Astaro - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror

We looking forward to receiving your feedback!

Pre-announcement of ASL V5.100

Markus Hennig — Wed, 17 Nov 2004 16:49:01 +0000

We are pleased to invite you to test the upcoming public BETA of Astaro Security Linux V5.100

Updates/Bugfixes

Upgrade to SpamAssassin 3.01 with the following powerful extensions:
+ Razor2 (online database spam check)
+ DCC (online database spam check)
+ SURBL (spam realtime blocklist)
Backend bugfixes for backup converter/licensing/logging/reporting
Overall system performance increase

New Features

Additional features for better junk mail control:
+ Greylisting (Advanced spam blocking method)
+ BATV reverse path signing (Block virus and spam backscatter)
+ Checking SPF records (Joe-Job/Phishing protection)
SNMP trap support
Bandwidth monitoring capabilities with notifications if bandwidth usage exceeds/below defined percentage
Improved Proxy Content Manager
Daily proxy content manager digest sent by email for every user

We are planning to publish the public BETA ISO image on Friday, November 19th, on our download servers and mirros. It will be announced here. We do not recommend to use the BETA on larger production servers (even if we already use it to filter our own mail - and it works great)

The public BETA ISO image will carry the version number 5.050. We will neither provide a Up2Date package to upgrade your existing V5 to this BETA release nor will we publish an Up2Date Package to upgrade from the pubic BETA to the final ASL V5.100.

Backup files from ASL V5.027 will work on the public BETA, backup files from the public BETA will work on the final V5.100.

Licensing

This upgrade does not need a new license or a special license. Any ASL V5 license can be used.

Looking forward to receiving your feedback next week!

[Middle] Up2Date 4.025

Markus Hennig — Sat, 13 Nov 2004 08:22:03 +0000

Urgency: Middle (low, Middle, HIGH)
Size: 3MB ( 2,818,536 bytes)
md5sum: a2b192d648c41abfe1d8700759f6aabb

Up2Date 4.025

Remarks

Required previous version is 4.024
Existing configuration will not be changed
Active VPN connections will be restarted
MiddleWare will be restarted

Bugfixes

ID1828 Too much rules in FIX_CONNTRACK table

Download Information

Log on to WebAdmin, navigate to "System -> Up2Date Service" and start a "Update now" in "System Up2Date. An extra browser window will show the progress of the Up2Date process and the System Administrator will receive a notification email once the Up2Date process has finished successfully.
Log on to WebAdmin, navigate to "System -> Up2Date Service" and enable "Prefetch Up2dates". The System Administrator will receive a Notification email after an Up2Date package has been succesfully fetched and can install the Up2Date by clicking "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server:
HTTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
Log on to WebAdmin, navigate to "System -> Up2Date Service", start "Import from file" and import the downloaded Up2Date package. After a successful upload click "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System Administrator will receive a notification email once the Up2Date process has finished successfully.

To install Astaro Security Linux, you need the installation ISO image, available on our download page.

[Middle] Up2Date 5.027

Markus Hennig — Thu, 11 Nov 2004 18:37:39 +0000

Urgency: Middle(low, Middle, HIGH)
Size:27MB (27,347,507 bytes)
md5sum: c57ab1a335b70a8d082d2a14654a24e7

Up2Date 5.027

Remarks

Required previous version is 5.026
Existing configuration will not be changed
!! Firewall will reboot after Up2Date !!

New/Changed/Improved

Added new kernel with a lot of bugfixes
Added extra e100/e1000 drivers with NAPI support
(the new intel modules are 'optional' which means they are not used by default. they are named e100_asl and e1000_asl)

Bugfix

(please refer to the known issue list on http://docs.astaro.org)
ID1120 Dynamic packet filter rules do not work correctly
ID1144 IP address of HA slave is always 0.0.0.0
ID1740 Some websites not reachable via PPTP
ID1746 Spam Score visible in the body of an email
ID1764 PPTP server gives out information about its version

Download Information

Log on to WebAdmin, navigate to "System -> Up2Date Service" and start a "Update now" in "System Up2Date. An extra browser window will show the progress of the Up2Date process and the System Administrator will receive a notification email once the Up2Date process has finished successfully.
Log on to WebAdmin, navigate to "System -> Up2Date Service" and enable "Prefetch Up2dates". The System Administrator will receive a Notification email after an Up2Date package has been succesfully fetched and can install the Up2Date by clicking "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server:
HTTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
Log on to WebAdmin, navigate to "System -> Up2Date Service", start "Import from file" and import the downloaded Up2Date package. After a successful upload click "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System Administrator will receive a notification email once the Up2Date process has finished successfully.

To install Astaro Security Linux, you need the installation ISO image, available on our download page.

Hardware Requirements

(Hardware Calculator):

CPU: PII > 400MHz
RAM: 128 MB (256 recommended)
CDROM: IDE or SCSI (see HCL for supported SCSI controller)
Harddisk: > 5GB IDE or SCSI (see HCL for supported SCSI controller)
NIC: at least 2 PCI NICs (see HCL for support chipsets)

[Low] Up2Date 4.024

Markus Hennig — Tue, 02 Nov 2004 16:40:44 +0000

Urgency: low (low, Middle, HIGH)
Size: 3MB (3,867,824 bytes)
md5sum: 0b0188c2c850924cacb901ccc611e380

Up2Date 4.024

Remarks

Required previous version is 4.023
Existing configuration will not be changed
Active VPN connections will be restarted
MiddleWare will be restarted

Bugfixes

ID1763 PPTP server gives out information about its version
ID1727 Firewall replies to SYN-FIN packets

Download Information

Log on to WebAdmin, navigate to "System -> Up2Date Service" and start a "Update now" in "System Up2Date. An extra browser window will show the progress of the Up2Date process and the System Administrator will receive a notification email once the Up2Date process has finished successfully.
Log on to WebAdmin, navigate to "System -> Up2Date Service" and enable "Prefetch Up2dates". The System Administrator will receive a Notification email after an Up2Date package has been succesfully fetched and can install the Up2Date by clicking "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server:
HTTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
Log on to WebAdmin, navigate to "System -> Up2Date Service", start "Import from file" and import the downloaded Up2Date package. After a successful upload click "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System Administrator will receive a notification email once the Up2Date process has finished successfully.

To install Astaro Security Linux, you need the installation ISO image, available on our download page.

[High] Up2Date 3.222

Markus Hennig — Sat, 23 Oct 2004 21:34:29 +0000

Urgency: HIGH (low, Middle, HIGH)
Size: 0.1MB (1,917 bytes)
md5sum: 43b92c049470f746c08c1225fd29ba29

Remarks

Required previous version is 3.221
Existing configuration will not be changed

Notice Regarding Possible Discontinuance of Support: Astaro Security Linux V3.2.

Customers should be aware that technical support and the Up2Date service for Astaro Security Linux V3.2 may be terminated on June 30, 2005. Sales of Astaro Security Linux V3.2 were discontinued at the end of June 2002, three years prior to this date.

Customers on this release should strongly consider upgrading to Astaro Security Linux V5. Please contact your vendor or sales representative.

New/Changed/Improved

Virus scan engine license key updated

Download Information

Log on to WebAdmin, navigate to "System -> Up2Date Service" and start a "Update now" in "System Up2Date. An extra browser window will show the progress of the Up2Date process and the System Administrator will receive a notification email once the Up2Date process has finished successfully.
Log on to WebAdmin, navigate to "System -> Up2Date Service" and enable "Prefetch Up2dates". The System Administrator will receive a Notification email after an Up2Date package has been succesfully fetched and can install the Up2Date by clicking "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.

To install Astaro Security Linux, you need the installation ISO image, available on our download page.

End of life announcement: ASL 3.2

Markus Hennig — Thu, 21 Oct 2004 22:41:41 +0000

Notice Regarding Possible Discontinuance of Support: Astaro Security Linux V3.2 Customers should be aware that technical support and the Up2Date service for Astaro Security Linux V3.2 may be terminated on June 30, 2005. Sales of Astaro Security Linux V3.2 were discontinued at the end of June 2002, three years prior to this date.

Customers on this release should strongly consider upgrading to

Astaro Security Linux V5.

Please contact your vendor or sales@astaro.com representative.

End of life announcement: ASL 2

Markus Hennig — Thu, 21 Oct 2004 22:44:33 +0000

Discontinuance of Support Announcement: Astaro Security Linux V2

Sales of Astaro Security Linux V2 were discontinued at the end of 2001, three years prior to the end of support announced in this notice. Customers on this release should strongly consider upgrading to Astaro Security Linux V5, which is fully supported and contains many additional features.

Please contact your vendor or sales@astaro.com representative.

[Middle] Up2Date 5.026

Markus Hennig — Fri, 22 Oct 2004 00:26:49 +0000

Urgency: Middle(low, Middle, HIGH)
Size:16MB (16,714,106 bytes)
md5sum: 80a5b7a9cadc206b8d83f361d4d8e6b1

Up2Date 5.026

Remarks

Required previous version is 5.025
Existing configuration will not be changed
Middleware will be restarted
Active IP and VPN connections will be restarted
Depending on the speed of the CPU the Up2Date installation will take a few minutes

New/Changed/Improved

Addressed HTTP Proxy performance issues

Bugfix

(please refer to the known issue list on http://docs.astaro.org)
ID1442 Virtual IP addresses don't work in mixed L2TP/non-L2TP environments
ID1552 FTP with username and password not working
ID1607 HTTP Virus Scanning fails Windows Update
ID1756 Packetfilterrules may not be set correctly after MiddleWare restart

Download Information

Log on to WebAdmin, navigate to "System -> Up2Date Service" and start a "Update now" in "System Up2Date. An extra browser window will show the progress of the Up2Date process and the System Administrator will receive a notification email once the Up2Date process has finished successfully.
Log on to WebAdmin, navigate to "System -> Up2Date Service" and enable "Prefetch Up2dates". The System Administrator will receive a Notification email after an Up2Date package has been succesfully fetched and can install the Up2Date by clicking "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server:
HTTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
Log on to WebAdmin, navigate to "System -> Up2Date Service", start "Import from file" and import the downloaded Up2Date package. After a successful upload click "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System Administrator will receive a notification email once the Up2Date process has finished successfully.

To install Astaro Security Linux, you need the installation ISO image, available on our download page.

Hardware Requirements

(Hardware Calculator):

CPU: PII > 400MHz
RAM: 128 MB (256 recommended)
CDROM: IDE or SCSI (see HCL for supported SCSI controller)
Harddisk: > 5GB IDE or SCSI (see HCL for supported SCSI controller)
NIC: at least 2 PCI NICs (see HCL for support chipsets)

[Low] Up2Date 2.036

Markus Hennig — Fri, 22 Oct 2004 19:03:59 +0000

Urgency: low (low, Middle, HIGH)
Size: 0.1 MB (1962 Bytes)

Remarks

Required previous version is 2.035
Existing configuration will not be changed

Discontinuance of Support Announcement Astaro Security Linux V2

This notice announces that technical support and the Up2Date service for Astaro Security Linux V2 will be terminated on December 31, 2004. No additional support requests will be accepted after that date. Sales of Astaro Security Linux V2 were discontinued at the end of 2001, three years prior to the end of support announced in this notice.

Customers on this release should strongly consider upgrading to Astaro Security Linux V5, which is fully supported and contains many additional features. Please contact your vendor or sales representative.

New/Changed/Improved

Virus scan engine license key updated

Download Information

All Up2Dates are GNUPG-signed! The Astaro Up2Date technology makes it easy to upgrade your installed Astaro Security Linux to the latest version. To apply an Up2Date package to the system:

Log on to WebAdmin, navigate to "System -> Up2Date Service" and start a "Update now" in "System Up2Date. An extra browser window will show the progress of the Up2Date process and the System Administrator will receive a notification email once the Up2Date process has finished successfully.

Astaro Report Manager released

Markus Hennig — Sun, 17 Oct 2004 12:44:38 +0000

Astaro Report Manager is a security data collection and reporting tool that makes it easy to collect, correlate and analyze data from Astaro Security Linux and other security products. It collects and correlates data related to firewalls, network activities, attacks and intrusions, VPN usage, email, viruses, and web usage by employees. Data is presented in a wide variety of easy-to-understand tables, charts and graphs that can be viewed online, printed, and emailed. Configuration is automatic.

System administrators can use the information collected by Astaro Report Manager to

Respond rapidly to attacks
Measure activity and effectiveness
Tune defenses
Audit security preparedness

Astaro Report Manager presents data in several formats:

A dashboard, to show the status of the security infrastructure “at-a-glance.”
Standard reports, with hundreds of tables, charts and graphs.
Custom reports, to drill down on key data.

Reports can combine data from multiple Astaro Security Linux installations, and from other security products.

For more information please visit our home page.
Free download here.
Sample report here.

New Astaro Secure Client released

Markus Hennig — Sun, 17 Oct 2004 12:58:15 +0000

Astaro Secure Client for VPN Networks. A Virtual Private Network (VPN) allows organizations to use the Internet for communication with mobile employees and remote offices at a low cost while maintaining excellent security.

The Astaro Secure Client ensures the highest levels of security for VPN. It provides strong user authentication and end-to-end encryption so that mobile workers, home workers, and remote offices can communicate securely over the Internet with a central VPN gateway. The Astaro Secure Client also includes an integrated dialer and a personal packet inspection firewall to simplify operations and improve the security of the remote systems.

Advanced Features
The Astaro Secure Client offers an impressive feature set, including:

IPSec, Internet Key Exchange (IKE), Main Mode
NAT-Traversal for passing Network Address Translation (NAT) devices
Virtual IP address support
Perfect Forward Secrecy (PFS)
An API for controlling the client with internally-developed applications
Compatibility with Astaro Security Linux and other IPSec-compliant VPN gateways

Strong Authentication
The Astaro Secure Client works with a number of strong authentication methods to prevent unauthorized users from gaining access to the corporate network:

Pre-Shared Key (PSK)
X.509 certificates
PKCS#11
PKCS#12
Smart Cards
USB Tokens
Biometric devices

Network Topologies
By supporting a wide variety of communications technologies, the client can be used in any networking environment:

LAN/Ethernet
Wireless LAN (WLAN)
DSL, PPPoE, PPPoA
ISDN (channel bundling)
Modem
GPRS, UMTS

Personal Firewall
A stateful personal firewall prevents hackers from taking control of the remote system and causing damage or creating a "backdoor" into the organization's central network (denial of split tunneling).

Integrated Dialer
By providing an integrated dialer and line management, the client makes it easy to connect to central offices and manage the connections. Features include:

International dial-in
Dialer Protection - preventing Trojan dialers and spyware from dialing out to unknown telephone numbers
Multiple remote subnets for the same connection definition
Specification of connection-specific DNS and WINS servers
Failover to an alternative gateway
Prevention of misconfiguration by users

Easy to Use
Astaro Secure Client offers a user-friendly access to the VPN:

Easy installation
Configuration wizard
Automatic or manual VPN dialing mode

For more information please visit our home page - Free download here

[Middle] Up2Date 5.025

Markus Hennig — Thu, 14 Oct 2004 08:26:17 +0000

Urgency: Middle(low, Middle, HIGH)
Size: 34MB (34,355,762 bytes)
md5sum: beacad4d0cc04d29595720589ed968d0

Up2Date 5.025

Remarks

Required previous version is 5.024
Existing configuration will not be changed
Middleware will be restarted
Active IP and VPN connections will be restarted
Depending on the speed of the CPU the Up2Date installation will take a few minutes

New/Changed/Improved

Added support for Astaro Report Manager

Bugfix

(please refer to the known issue list on http://docs.astaro.org)
ID1696 Internet Explorer can not open HA Livelog

Download Information

Log on to WebAdmin, navigate to "System -> Up2Date Service" and start a "Update now" in "System Up2Date. An extra browser window will show the progress of the Up2Date process and the System Administrator will receive a notification email once the Up2Date process has finished successfully.
Log on to WebAdmin, navigate to "System -> Up2Date Service" and enable "Prefetch Up2dates". The System Administrator will receive a Notification email after an Up2Date package has been succesfully fetched and can install the Up2Date by clicking "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server:
HTTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
Log on to WebAdmin, navigate to "System -> Up2Date Service", start "Import from file" and import the downloaded Up2Date package. After a successful upload click "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System Administrator will receive a notification email once the Up2Date process has finished successfully.

To install Astaro Security Linux, you need the installation ISO image, available on our download page.

Hardware Requirements

(Hardware Calculator):

CPU: PII > 400MHz
RAM: 128 MB (256 recommended)
CDROM: IDE or SCSI (see HCL for supported SCSI controller)
Harddisk: > 5GB IDE or SCSI (see HCL for supported SCSI controller)
NIC: at least 2 PCI NICs (see HCL for support chipsets)

[Middle] Up2Date 5.024

Markus Hennig — Wed, 06 Oct 2004 09:41:15 +0000

Urgency: Middle(low, Middle, HIGH)
Size: 33MB (33,858,039 bytes)
md5sum: 29c946e3c6ab0ef18c375b62e5565d44

Up2Date 5.024

Remarks

Required previous version is 5.023
Existing configuration will not be changed
Middleware will be restarted
Active IP and VPN connections will be restarted
Depending on the speed of the CPU the Up2Date installation will take a few minutes

New/Changed/Improved

Improved HTTP Proxy performance for persistent connections
when using HTTP/1.1, transparent mode, user authentication

Bugfixes

(please refer to the known issue list on http://docs.astaro.org)
ID938 Middleware restarts when applying new Intrusion Protection pattern
ID1092 USB keyboards not working
ID1399 Selecting English (UK) during installation causes failure
ID1673 Selfmonitor restarts POP3 Proxy very often
ID1703 HTTP Proxy does not work with IE6 on Windows NT 4.0 SP6a

Download Information

Log on to WebAdmin, navigate to "System -> Up2Date Service" and start a "Update now" in "System Up2Date. An extra browser window will show the progress of the Up2Date process and the System Administrator will receive a notification email once the Up2Date process has finished successfully.
Log on to WebAdmin, navigate to "System -> Up2Date Service" and enable "Prefetch Up2dates". The System Administrator will receive a Notification email after an Up2Date package has been succesfully fetched and can install the Up2Date by clicking "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server:
HTTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
Log on to WebAdmin, navigate to "System -> Up2Date Service", start "Import from file" and import the downloaded Up2Date package. After a successful upload click "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System Administrator will receive a notification email once the Up2Date process has finished successfully.

To install Astaro Security Linux, you need the installation ISO image, available on our download page.

Hardware Requirements

(Hardware Calculator):

CPU: PII > 400MHz
RAM: 128 MB (256 recommended)
CDROM: IDE or SCSI (see HCL for supported SCSI controller)
Harddisk: > 5GB IDE or SCSI (see HCL for supported SCSI controller)
NIC: at least 2 PCI NICs (see HCL for support chipsets)

[Middle] Up2Date 5.023

Markus Hennig — Wed, 15 Sep 2004 22:22:42 +0000

Urgency: Middle(low, Middle, HIGH)
Size: 23MB (23,672,123 bytes)
md5sum: 76c1c10df79bfbe1e506f86b13c3250c

Up2Date 5.023

Remarks

Required previous version is 5.022
Existing configuration will not be changed
Middleware will be restarted
Active IP and VPN connections will be restarted
Depending on the speed of the CPU the Up2Date installation will take a few minutes

New/Changed/Improved

Added NTLM authentication (Single Sign On with Active Directory)
Added DNS hostname support to parent proxy for HTTP and Up2Date
Improved HTTP Proxy performance when using authentication

Bugfix

(please refer to the known issue list on http://docs.astaro.org)
ID1463 Check for renaming Network Definitions is incomplete
ID1482 Dead IPSec roadwarrior connections remain in system
ID1491 Wrong formating in Proxy Content Manager
ID1496 High Availability logs have wrong timestamp in WebAdmin
ID1557 Uplink failover may not work correctly
ID1564 HTTP uploads limited to 1 MB

Download Information

All Up2Dates are GNUPG-signed! The Astaro Up2Date technology makes it easy to upgrade your installed Astaro Security Linux to the latest version.There are three ways to apply an Up2Date package to the system.

Log on to WebAdmin, navigate to "System -> Up2Date Service" and start a "Update now" in "System Up2Date. An extra browser window will show the progress of the Up2Date process and the System Administrator will receive a notification email once the Up2Date process has finished successfully.
Log on to WebAdmin, navigate to "System -> Up2Date Service" and enable "Prefetch Up2dates". The System Administrator will receive a Notification email after an Up2Date package has been succesfully fetched and can install the Up2Date by clicking "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server:
HTTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
Log on to WebAdmin, navigate to "System -> Up2Date Service", start "Import from file" and import the downloaded Up2Date package. After a successful upload click "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System Administrator will receive a notification email once the Up2Date process has finished successfully.

To install Astaro Security Linux, you need the installation ISO image, available on our download page.

Hardware Requirements (Hardware Calculator):

CPU: PII > 400MHz
RAM: 128 MB (256 recommended)
CDROM: IDE or SCSI (see HCL for supported SCSI controller)
Harddisk: > 5GB IDE or SCSI (see HCL for supported SCSI controller)
NIC: at least 2 PCI NICs (see HCL for support chipsets)

[High] Up2date 4.023

Markus Hennig — Fri, 03 Sep 2004 21:13:51 +0000

Urgency: HIGH (low, Middle, HIGH)
Size: 1MB (760,396 bytes)
md5sum: 60bec4f8e36a403fc39998b5e5d79270

Up2Date 4.023

Remarks

Required previous version is 4.022
Existing configuration will not be changed
Active VPN connections will be restarted

Bugfixes

ID1560 Apache DoS-able (CAN-2004-0748)
ID1446 PKCS#7 DoS-able
ID1304 X.509 certificate bug with PKCS#7
ID0869 Error in ASN.1 parser for X.509 certificates
ID0747 Unresolved hostnames problems with PPTP and Radius

Download Information

Log on to WebAdmin, navigate to "System -> Up2Date Service" and start a "Update now" in "System Up2Date. An extra browser window will show the progress of the Up2Date process and the System Administrator will receive a notification email once the Up2Date process has finished successfully.
Log on to WebAdmin, navigate to "System -> Up2Date Service" and enable "Prefetch Up2dates". The System Administrator will receive a Notification email after an Up2Date package has been succesfully fetched and can install the Up2Date by clicking "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server:
HTTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
Log on to WebAdmin, navigate to "System -> Up2Date Service", start "Import from file" and import the downloaded Up2Date package. After a successful upload click "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System Administrator will receive a notification email once the Up2Date process has finished successfully.

To install Astaro Security Linux, you need the installation ISO image, available on our download page.

[Middle] Up2Date 5.022

Markus Hennig — Fri, 03 Sep 2004 21:46:02 +0000

Urgency: Middle(low, Middle, HIGH)
Size: 4MB (4,028,520 bytes)
md5sum: 19da5947cedb35fd3b2e9f9a58e60fc5

Up2Date 5.022

Remarks

Required previous version is 5.021
Existing configuration will not be changed
Middleware will not be restarted
Active IP and VPN connections will not be restarted

New/Changed/Improved

Improved notification for license counting

Bugfix

(please refer to the known issue list on http://docs.astaro.org)
ID1556 HTTPS / SSL vulnerable to DoS attack (CAN-2004-0748)

Download Information

Log on to WebAdmin, navigate to "System -> Up2Date Service" and start a "Update now" in "System Up2Date. An extra browser window will show the progress of the Up2Date process and the System Administrator will receive a notification email once the Up2Date process has finished successfully.
Log on to WebAdmin, navigate to "System -> Up2Date Service" and enable "Prefetch Up2dates". The System Administrator will receive a Notification email after an Up2Date package has been succesfully fetched and can install the Up2Date by clicking "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server:
HTTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
Log on to WebAdmin, navigate to "System -> Up2Date Service", start "Import from file" and import the downloaded Up2Date package. After a successful upload click "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System Administrator will receive a notification email once the Up2Date process has finished successfully.

To install Astaro Security Linux, you need the installation ISO image, available on our download page.

Hardware Requirements (Hardware Calculator):

CPU: PII > 400MHz
RAM: 128 MB (256 recommended)
CDROM: IDE or SCSI (see HCL for supported SCSI controller)
Harddisk: > 5GB IDE or SCSI (see HCL for supported SCSI controller)
NIC: at least 2 PCI NICs (see HCL for support chipsets)

[Middle] Up2date 5.020

Markus Hennig — Fri, 27 Aug 2004 09:54:16 +0000

Urgency: Middle(low, Middle, HIGH)
Size: 16MB (16,043,972 bytes)
md5sum: ba0544e200970742006c863ce3d2875c

Up2Date 5.020

Remarks

Required previous version is 5.019
Existing configuration will not be changed
Middleware will be restarted
Active IP and VPN connections will be restarted
Depending on the speed of the CPU the Up2Date installation will take a few minutes

New/Changed/Improved

Improved IP counting and handling
Improved notification scheme for license features

Bugfix

(please refer to the known issue list on http://docs.astaro.org)

Download Information

Log on to WebAdmin, navigate to "System -> Up2Date Service" and start a "Update now" in "System Up2Date. An extra browser window will show the progress of the Up2Date process and the System Administrator will receive a notification email once the Up2Date process has finished successfully.
Log on to WebAdmin, navigate to "System -> Up2Date Service" and enable "Prefetch Up2dates". The System Administrator will receive a Notification email after an Up2Date package has been succesfully fetched and can install the Up2Date by clicking "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server:
HTTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
Log on to WebAdmin, navigate to "System -> Up2Date Service", start "Import from file" and import the downloaded Up2Date package. After a successful upload click "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System Administrator will receive a notification email once the Up2Date process has finished successfully.

To install Astaro Security Linux, you need the installation ISO image, available on our download page.

Hardware Requirements (Hardware Calculator):

CPU: PII > 400MHz
RAM: 128 MB (256 recommended)
CDROM: IDE or SCSI (see HCL for supported SCSI controller)
Harddisk: > 5GB IDE or SCSI (see HCL for supported SCSI controller)
NIC: at least 2 PCI NICs (see HCL for support chipsets)

[Middle] Up2Date 5.021

Markus Hennig — Fri, 27 Aug 2004 16:42:24 +0000

Urgency: Middle(low, Middle, HIGH)
Size: 3MB (3,590,211 bytes)
md5sum: e18412da6ceff0dd82d02195cceefe45

Up2Date 5.021

Remarks

Required previous version is 5.020
Existing configuration will not be changed
Middleware will not be restarted
Active IP and VPN connections will not be restarted

Bugfix

(please refer to the known issue list on http://docs.astaro.org)
ID1532 Notifications about exceeding 100% user count
ID1533 IPS Pattern update fails with valid license

Download Information

Log on to WebAdmin, navigate to "System -> Up2Date Service" and start a "Update now" in "System Up2Date. An extra browser window will show the progress of the Up2Date process and the System Administrator will receive a notification email once the Up2Date process has finished successfully.
Log on to WebAdmin, navigate to "System -> Up2Date Service" and enable "Prefetch Up2dates". The System Administrator will receive a Notification email after an Up2Date package has been succesfully fetched and can install the Up2Date by clicking "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server:
HTTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
Log on to WebAdmin, navigate to "System -> Up2Date Service", start "Import from file" and import the downloaded Up2Date package. After a successful upload click "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System Administrator will receive a notification email once the Up2Date process has finished successfully.

To install Astaro Security Linux, you need the installation ISO image, available on our download page.

Hardware Requirements

(Hardware Calculator):

CPU: PII > 400MHz
RAM: 128 MB (256 recommended)
CDROM: IDE or SCSI (see HCL for supported SCSI controller)
Harddisk: > 5GB IDE or SCSI (see HCL for supported SCSI controller)
NIC: at least 2 PCI NICs (see HCL for support chipsets)

[Middle] Up2date 5.019

Markus Hennig — Thu, 19 Aug 2004 15:42:22 +0000

Urgency: Middle(low, Middle, HIGH)
Size: 29MB (29,358,715 bytes)
md5sum: 27360d724554e6f0d773c8599e3c930d

Up2Date 5.019

Remarks

Required previous version is 5.018
Existing configuration will not be changed
Middleware will not be restarted
Active IP and VPN connections will not be restarted

New/Changed/Improved

Changed SSH daemon to support protocol version 2 only
Improved session expiration check for popup windows
Improved selfmonitoring checks

Bugfix

(please refer to the known issue list on http://docs.astaro.org)
ID1405 Selfmonitor does not send notifications
ID1410 Blocked HTTP pages are not transferred via remote syslog
ID1479 Changing Interface definition does not work

Download Information

Log on to WebAdmin, navigate to "System -> Up2Date Service" and start a "Update now" in "System Up2Date. An extra browser window will show the progress of the Up2Date process and the System Administrator will receive a notification email once the Up2Date process has finished successfully.
Log on to WebAdmin, navigate to "System -> Up2Date Service" and enable "Prefetch Up2dates". The System Administrator will receive a Notification email after an Up2Date package has been succesfully fetched and can install the Up2Date by clicking "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server:
HTTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
Log on to WebAdmin, navigate to "System -> Up2Date Service", start "Import from file" and import the downloaded Up2Date package. After a successful upload click "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System Administrator will receive a notification email once the Up2Date process has finished successfully.

To install Astaro Security Linux, you need the installation ISO image, available on our download page.

Hardware Requirements

(Hardware Calculator):

CPU: PII > 400MHz
RAM: 128 MB (256 recommended)
CDROM: IDE or SCSI (see HCL for supported SCSI controller)
Harddisk: > 5GB IDE or SCSI (see HCL for supported SCSI controller)
NIC: at least 2 PCI NICs (see HCL for support chipsets)

[Middle] Up2Date 5.018

Markus Hennig — Tue, 17 Aug 2004 21:52:09 +0000

Urgency: Middle(low, Middle, HIGH)
Size: 28MB (28,061,115 bytes)
md5sum: 568e1f27de4a5ecba42abf12cf55ac99

Up2Date 5.018

Remarks

Required previous version is 5.017
Existing configuration will not be changed
Middleware will be restarted
Active IP and VPN connections will be restarted
Depending on the speed of the CPU the Up2Date installation will take a few minutes

New/Changed/Improved

Added Parent Proxy functionality for HTTP Proxy
Re-enabled HTTP caching if Contentfilter is used
Improved HTTP Proxy/Contentfilter performance
Improved compatibility of HTTP Proxy/Contentfilter with unusual Webservers/Webclients

Bugfix

(please refer to the known issue list on http://docs.astaro.org)
1143 Packetfilter: not possible to drop IGMP multicasts packets
1182 Proxy Content Manager: not possible to delete content when all mails are selected
1187 SSH Accession can not handle certificates generated with ASL V5
1207 Anonymity level in squid removes the authentication headers for the parent cache
1321 Webadmin can be set to operate on already used Ports
1324 Major HTTP Proxy improvement and reactivate caching with contentfilter
1329 Improved ICMP selection in Definition Services
1334 Changing the name of an interface makes it unresolvable in Definitions-->Networks
1351 FTP Proxy download with SP and IE: shows lot of XML-content displayed in the browser
1352 Content Filter is logging also if Log Level is set to None in HTTP-Proxy
1359 WebAdmin: admin accidentally deleted by saving new credentials
1365 Media Streams do not work if Content Filter is enabled
1379 HTTP Usage Report -> Accessed Sites do not map to user names
1380 Error Message for changing interface name is incomplete
1384 sundance driver: produces gigabytes of log entries
1386 www.wetter.com does not work if Content Filter is enabled
1392 Using a 'blank' (space) in comment field anticipate editing the comment field again
1400 Reporting->Content Filter does not show SP/VP values under certain cirumstances
1401 Content removal doesn't work with MSN or Yahoo
1402 POP3 Spam Average is incorrect under certain circumstances
1407 SMTP Proxy option labeling needs to be improved
1411 Some sites are not working if Content Filter is enabled: HTTP Accept-Encoding workaround
1416 ip_nat_ftp connection tracking helper module not loaded
1417 Block embedded objects and Java Script is not working in certain cases
1444 Visual Bug after entering custom rule into intrusion protection rules
1454 Syslog Patch for Squid (improve logging speed)

Download Information

Log on to WebAdmin, navigate to "System -> Up2Date Service" and start a "Update now" in "System Up2Date. An extra browser window will show the progress of the Up2Date process and the System Administrator will receive a notification email once the Up2Date process has finished successfully.
Log on to WebAdmin, navigate to "System -> Up2Date Service" and enable "Prefetch Up2dates". The System Administrator will receive a Notification email after an Up2Date package has been succesfully fetched and can install the Up2Date by clicking "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server:
HTTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
Log on to WebAdmin, navigate to "System -> Up2Date Service", start "Import from file" and import the downloaded Up2Date package. After a successful upload click "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System Administrator will receive a notification email once the Up2Date process has finished successfully.

To install Astaro Security Linux, you need the installation ISO image, available on our download page.

Hardware Requirements

(Hardware Calculator):

CPU: PII > 400MHz
RAM: 128 MB (256 recommended)
CDROM: IDE or SCSI (see HCL for supported SCSI controller)
Harddisk: > 5GB IDE or SCSI (see HCL for supported SCSI controller)
NIC: at least 2 PCI NICs (see HCL for support chipsets)

[Middle] Up2Date 5.017

Markus Hennig — Tue, 03 Aug 2004 21:53:52 +0000

Urgency: Middle(low, Middle, HIGH)
Size: 19MB (19821481 bytes)
md5sum: 7cd7b062cc5fc84c99312fb11f591563

Up2Date 5.017

Remarks

Required previous version is 5.016
Existing configuration will not be changed
MiddleWare will be restarted
Active IP and VPN connections will be restarted
Depending on the speed of the CPU the Up2Date, the installation will take a few minutes

New/Changed/Improved

Improved SYN Rate Limiter

Bugfix

(please refer to the known issue list on http://docs.astaro.org)
ID1066 Radius for PPTP may not work with all radius servers
ID1220 Static IPs for PPPoE interfaces may cause trouble
ID1270 Up2Date Parent Proxy feature may not work correctly
ID1361 System hangs after removing all allowed networks for SNMP
ID1372 Bootup sequence needs improvement for first boot
ID1377 RBLs not working in ASL V5 Version 5.015

Download Information

Log on to WebAdmin, navigate to "System -> Up2Date Service" and start a "Update now" in "System Up2Date. An extra browser window will show the progress of the Up2Date process and the System Administrator will receive a notification email once the Up2Date process has finished successfully.
Log on to WebAdmin, navigate to "System -> Up2Date Service" and enable "Prefetch Up2dates". The System Administrator will receive a Notification email after an Up2Date package has been succesfully fetched and can install the Up2Date by clicking "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server:
HTTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
Log on to WebAdmin, navigate to "System -> Up2Date Service", start "Import from file" and import the downloaded Up2Date package. After a successful upload click "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System Administrator will receive a notification email once the Up2Date process has finished successfully.

To install Astaro Security Linux, you need the installation ISO image, available on our download page.

Hardware Requirements

(Hardware Calculator):

CPU: PII > 400MHz
RAM: 128 MB (256 recommended)
CDROM: IDE or SCSI (see HCL for supported SCSI controller)
Harddisk: > 5GB IDE or SCSI (see HCL for supported SCSI controller)
NIC: at least 2 PCI NICs (see HCL for support chipsets)

[Middle] Up2Date 5.016

Markus Hennig — Thu, 22 Jul 2004 21:37:10 +0000

Urgency: Middle(low, Middle, HIGH)
Size: 0.5MB (425,135 bytes)
md5sum: b71e68f0d02d22d9d1d782d9b320b5a2

Up2Date 5.016

Remarks

Required previous version is 5.015
Existing configuration will not be changed
POP3 Proxy will be restarted

Bugfix

(please refer to the known issue list on http://docs.astaro.org)
1153 POP3 Proxy gives "-ERR proxy error" on special mails
1314 POP3 proxy timed out if there are two headers in the POP3 mailbox

Download Information

Log on to WebAdmin, navigate to "System -> Up2Date Service" and start a "Update now" in "System Up2Date. An extra browser window will show the progress of the Up2Date process and the System Administrator will receive a notification email once the Up2Date process has finished successfully.
Log on to WebAdmin, navigate to "System -> Up2Date Service" and enable "Prefetch Up2dates". The System Administrator will receive a Notification email after an Up2Date package has been succesfully fetched and can install the Up2Date by clicking "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server:
HTTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
Log on to WebAdmin, navigate to "System -> Up2Date Service", start "Import from file" and import the downloaded Up2Date package. After a successful upload click "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System Administrator will receive a notification email once the Up2Date process has finished successfully.

To install Astaro Security Linux, you need the installation ISO image, available on our download page.

Hardware Requirements

(Hardware Calculator):

CPU: PII > 400MHz
RAM: 128 MB (256 recommended)
CDROM: IDE or SCSI (see HCL for supported SCSI controller)
Harddisk: > 5GB IDE or SCSI (see HCL for supported SCSI controller)
NIC: at least 2 PCI NICs (see HCL for support chipsets)

[Middle] Up2Date 5.015

Markus Hennig — Mon, 12 Jul 2004 16:16:32 +0000

Urgency: Middle(low, Middle, HIGH)
Size: 1MB (999,172 bytes)
md5sum: b25d620c9f3712e17dff335ce430dba3

Up2Date 5.015

Remarks

Required previous version is 5.014
Existing configuration will not be changed
MiddleWare will be restarted
Active IP and VPN connections will be restartedepending on the speed of the CPU the Up2Date installation will take a few minutes

New/Changed/Improved

Performance improvement for Surf Protection in case of dynamic websites

Download Information

Log on to WebAdmin, navigate to "System -> Up2Date Service" and start a "Update now" in "System Up2Date. An extra browser window will show the progress of the Up2Date process and the System Administrator will receive a notification email once the Up2Date process has finished successfully.
Log on to WebAdmin, navigate to "System -> Up2Date Service" and enable "Prefetch Up2dates". The System Administrator will receive a Notification email after an Up2Date package has been succesfully fetched and can install the Up2Date by clicking "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server:
HTTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
Log on to WebAdmin, navigate to "System -> Up2Date Service", start "Import from file" and import the downloaded Up2Date package. After a successful upload click "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System Administrator will receive a notification email once the Up2Date process has finished successfully.

To install Astaro Security Linux, you need the installation ISO image, available on our download page.

Hardware Requirements

(Hardware Calculator):

CPU: PII > 400MHz
RAM: 128 MB (256 recommended)
CDROM: IDE or SCSI (see HCL for supported SCSI controller)
Harddisk: > 5GB IDE or SCSI (see HCL for supported SCSI controller)
NIC: at least 2 PCI NICs (see HCL for support chipsets)

[Middle] Up2Date 5.014

Markus Hennig — Fri, 09 Jul 2004 19:27:51 +0000

Urgency: Middle(low, Middle, HIGH)
Size: 10MB (10,524,310 bytes)
md5sum: f568a2665fb53f6fd47aa5181d7cbc89

Up2Date 5.014

Remarks

Required previous version is 5.013
Existing configuration will not be changed
Middleware will be restarted
Active IP and VPN connections will be restarted
Depending on the speed of the CPU the Up2Date installation will take a few minutes

Bugfix

(please refer to the known issue list on http://docs.astaro.org)
1169 https pages don't work over HTTP proxy with content scanning enabled
1171 http Proxy - https does not work with SP enabled (Ebay)
1305 after 1-3 hours of http usage, SP stops working
1339 Downloaded files from firewall containing HTML code (e.g. IPSec certificates, SSH sentinel config)
1340 POP3: missing iptables rules if destination network is !Any
1343 "Authentication Methods" and "Profile Assignment via" problem

Download Information

Log on to WebAdmin, navigate to "System -> Up2Date Service" and start a "Update now" in "System Up2Date. An extra browser window will show the progress of the Up2Date process and the System Administrator will receive a notification email once the Up2Date process has finished successfully.
Log on to WebAdmin, navigate to "System -> Up2Date Service" and enable "Prefetch Up2dates". The System Administrator will receive a Notification email after an Up2Date package has been succesfully fetched and can install the Up2Date by clicking "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server:
HTTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
Log on to WebAdmin, navigate to "System -> Up2Date Service", start "Import from file" and import the downloaded Up2Date package. After a successful upload click "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System Administrator will receive a notification email once the Up2Date process has finished successfully.

To install Astaro Security Linux, you need the installation ISO image, available on our download page.

Hardware Requirements

(Hardware Calculator):

CPU: PII > 400MHz
RAM: 128 MB (256 recommended)
CDROM: IDE or SCSI (see HCL for supported SCSI controller)
Harddisk: > 5GB IDE or SCSI (see HCL for supported SCSI controller)
NIC: at least 2 PCI NICs (see HCL for support chipsets)

ASL V5 ISO 5.013 available

Markus Hennig — Tue, 06 Jul 2004 21:28:42 +0000

This ASL V5 ISO image includes all recently released Up2Date packages.

For documentation, please see the documentation section of the Astaro web site:

docs.astaro.org

For pricing information please contact:

Europe: sales@astaro.com
Americas: salesus@astaro.com
Asia Pacific: sales@astaro.com

Related documents:

Hardware Requirements (Hardware Calculator):

CPU: PII > 400MHz
RAM: 128 MB (256 recommended)
CDROM: IDE or SCSI (see HCL for supported SCSI controller)
Harddisk: > 5GB IDE or SCSI (see HCL for supported SCSI controller)
NIC: at least 2 PCI NICs (see HCL for support chipsets)

Interoperability and Migration

ASL V4 back-up files can be imported into V5.
The recommended way of upgrading from V4 to V5 is to (1) save a back-up file, (2) install V5, (3) re-import the back-up file, (4) perform a manual configuration. There will not be a V4-to-V5 migration kit, because of changes in the Linux kernel.
Moving from V4 to V5 will not have any impact on the use of the Astaro IPSec Client (AIC) or other IPSec VPN clients.
Astaro Configuration Manager (ACM) 5.3 can be used with Astaro Security Linux V5. However, initially it will configure only the features that have been available in ASL V4. Features that are new with ASL V5, including Intrusion Protection, need to be configured through WebAdmin. Later in the year ACM will be enhanced to support the new features in ASL V5. The ACM releases with enhancements will be announced on this bulletin board.

New! Use MyAstaro for Downloads and Licenses

Astaro downloads and licenses will now be handled through the new MyAstaro web site (https://my.astaro.com), which is replacing the Astaro Registration Portal. You can get to MyAstaro three ways:

Go directly to https://my.astaro.com
From the Astaro web site (www.Astaro.com or www.Astaro.de) click the link in the upper left of that says "Log in" or the tab in the upper right corner that says "MyAstaro"
Click on any link on the Astaro Registration Portal

[Middle] Up2Date 5.013

Markus Hennig — Tue, 06 Jul 2004 21:34:06 +0000

Urgency: Middle(low, Middle, HIGH)
Size: 30MB (30,277,169 bytes)
md5sum: b3e4a50464174d2c2391b88fa6a53733

Up2Date 5.013

Remarks

Required previous version is 5.012
Existing configuration will not be changed
Middleware will be restarted
Active IP and VPN connections will be restarted
Depending on the speed of the CPU the Up2Date installation will take a few minutes

New/Changed/Improved

Added possibility to fetch Up2Dates via Proxy
Added user idle time for WebAdmin takeover
Improved downloader capabilities for Contentfilter
Improved Spamscore handling for Contentfilter
Improved POP3 Extensionfilter
Fixed Openswan vulnerability CAN-2004-0590

Bugfix

(please refer to the known issue list on http://docs.astaro.org)
ID1069 NAT-Traversal does not work with Sentinel 1.4
ID1157 NAT for local connections does not work
ID1189 Listbox element order can not be changed
ID1235 False alerts on loopback traffic ("BAD-TRAFFIC same SRC/DST")
ID1245 PPPoA Interface may not be able to establish connection
ID1262 IPSec section may not restart correctly
ID1264 Surfprotection profile can be accidently removed
ID1268 Remote Logging to SMB-Share may not work correctly
ID1283 Network groups for SNMP not working
ID1296 Packetfilterrule for SMTP Authentication missing

We know there is in some cases with HTTPS and Surf Protection. We are aware of this and will fix it in the next Up2Date.

Download Information

Log on to WebAdmin, navigate to "System -> Up2Date Service" and start a "Update now" in "System Up2Date. An extra browser window will show the progress of the Up2Date process and the System Administrator will receive a notification email once the Up2Date process has finished successfully.
Log on to WebAdmin, navigate to "System -> Up2Date Service" and enable "Prefetch Up2dates". The System Administrator will receive a Notification email after an Up2Date package has been succesfully fetched and can install the Up2Date by clicking "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server:
HTTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
Log on to WebAdmin, navigate to "System -> Up2Date Service", start "Import from file" and import the downloaded Up2Date package. After a successful upload click "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System Administrator will receive a notification email once the Up2Date process has finished successfully.

To install Astaro Security Linux, you need the installation ISO image, available on our download page.

Hardware Requirements (Hardware Calculator):

CPU: PII > 400MHz
RAM: 128 MB (256 recommended)
CDROM: IDE or SCSI (see HCL for supported SCSI controller)
Harddisk: > 5GB IDE or SCSI (see HCL for supported SCSI controller)
NIC: at least 2 PCI NICs (see HCL for support chipsets)

[Middle] Up2Date 5.012

Markus Hennig — Thu, 24 Jun 2004 22:31:41 +0000

Urgency: Middle(low, Middle, HIGH)
Size: 20MB (20,132,969 bytes)
md5sum: 1b8ef28cee5b81530d393a8edcee051c

Up2Date 5.012

Remarks

Required previous version is 5.011
Existing configuration will not be changed
Active IP and VPN connections will not be restarted

New/Changed/Improved

Improved Up2Date backend

Bugfix

(please refer to the known issue list on http://docs.astaro.org)
ID1150 Internet Explorer does not show 'Pause'-Button in livelog

We know there is in some cases with IPSec configurations still an open issue with the displayed Licensed Users (IPs) . We are aware of this and will fix it in one of the next Up2Dates.

Download Information

Log on to WebAdmin, navigate to "System -> Up2Date Service" and start a "Update now" in "System Up2Date. An extra browser window will show the progress of the Up2Date process and the System Administrator will receive a notification email once the Up2Date process has finished successfully.
Log on to WebAdmin, navigate to "System -> Up2Date Service" and enable "Prefetch Up2dates". The System Administrator will receive a Notification email after an Up2Date package has been succesfully fetched and can install the Up2Date by clicking "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server:
HTTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
Log on to WebAdmin, navigate to "System -> Up2Date Service", start "Import from file" and import the downloaded Up2Date package. After a successful upload click "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System Administrator will receive a notification email once the Up2Date process has finished successfully.

To install Astaro Security Linux, you need the installation ISO image, available on our download page.

Hardware Requirements (Hardware Calculator):

CPU: PII > 400MHz
RAM: 128 MB (256 recommended)
CDROM: IDE or SCSI (see HCL for supported SCSI controller)
Harddisk: > 5GB IDE or SCSI (see HCL for supported SCSI controller)
NIC: at least 2 PCI NICs (see HCL for support chipsets)

Astaro Security Linux earns ICSA Certification

Markus Hennig — Wed, 09 Jun 2004 15:53:49 +0000

Astaro is proud of announce that we achieved highest level of ICSA Labs Firewall Certification under Corporate Category

BURLINGTON, Mass. - June 8, 2004 - Astaro Corp., developers of the most popular Open Source based all-in-one security product, today announced that its flagship network security application, Astaro Security Linux Version 5, has fulfilled the criteria and passed the 4.0 test for ICSA Labs' Firewall Product Certification.

ICSA Labs, an independent division of TruSecure Corporation, tests and certifies over 90 percent of the security technology products in the world. Certification ensures customers that Astaro Security Linux offers the highest level of firewall protection.

"Security continues to be increasingly important as organizations develop and deploy networks," said George Japak, vice president of ICSA Labs. "By subjecting its product to the ICSA Labs testing, Astaro demonstrates its commitment to providing superior network security. Products like Astaro Security Linux can play a significant role at every stage of development for a network."

Astaro CEO and co-founder Jan Hichert said, "Our customers place a high level of trust in ICSA Labs and value its certification process as verification of our security products. We consider ICSA Labs certification an important part of our overall product cycle. It demonstrates the commitment of the Linux developer community at large, one that has contributed immensely to helping Astaro users lock down their networks."

Comprised of some 80 Open Source projects plus the Company's own management platform and update service, Astaro Security Linux is a comprehensive network security product for midsized to large businesses. It combines a firewall, VPN gateway, intrusion protection, virus protection, spam protection and surf protection (URL filtering). This complete software solution bundles a hardened Linux operating system that can run on any x86-compatible hardware, and is also available as a pre-installed appliance solution.

The company also offers its Astaro Configuration Manager, an automated policy definition tool that creates and distributes security policy configurations for multiple locations.

About Astaro
Astaro provides a network security solution that is complete, simple to manage, affordable and effective. Astaro selects and integrates the best of open source security software to provide the widest range of innovative security technology available in a single package: Astaro Security Linux. Astaro's software has won numerous awards, and is in use on over 20,000 networks in more than 60 countries. Astaro Security Linux is distributed by a worldwide network of solutions partners who offer local support and services.

About ICSA Labs
ICSA Labs, an independent division of TruSecure Corporation, offers vendor-agnostic testing and certification of security products. Hundreds of the world's top security vendors submit their products for testing and certification at ICSA Labs. The end-users of security technologies rely on ICSA Labs to authoritatively set and apply objective testing and certification criteria for measuring product compliance and reliability. The organization tests products in key technology categories such as anti-virus, firewall, IPSec VPN, cryptography, intrusion detection, PC firewall, content security, SSL-VPN and wireless LAN. For more information about ICSA Labs, visit http://www.icsalabs.com.

ICSA, ICSA Labs and TruSecure are registered trademarks of TruSecure Corporation. All other trademarks and service marks mentioned herein are property of their respective owners.

[Middle] Up2Date 5.011

Markus Hennig — Tue, 08 Jun 2004 20:46:49 +0000

Urgency: Middle(low, Middle, HIGH)
Size: 20MB (20,817,204 bytes)
md5sum: abc450b89c81757505d5a37a2b5cf19b

Up2Date 5.011

Remarks

Required previous version is 5.010
Existing configuration will not be changed
Middleware will be restarted
Active IP and VPN connections will be restarted
Depending on the speed of the CPU the Up2Date installation will take a few minutes

New/Changed/Improved

Improved backend performance

Bugfix

(please refer to the known issue list on http://docs.astaro.org)
ID1021 Importing a V5 backup deletes IPsec policy MS_DEFAULT
ID1039 Configuring Contentfilter related parts
ID1046 Importing a V4 backup causes packetfilter issues
ID1090 RSA connections may fail when using X.509 and RSA keys
ID1109 Possibility to bypass Contentfilter/HTTP Proxy needed
ID1195 User Authentication does not work with all passwords
ID1198 Periodic services may not work after updating
ID1200 Network definitions may not be edited/deleted
ID1204 Uplink Failover ignores editing the 'Check IP'
ID1211 POP3 File Extension / Expression filter does not work
ID1217 Selfmonitoring does not check DNS proxy

We know there is in some cases with IPSec configurations still an open issue with the displayed Licensed Users (IPs) . We are aware of this and will fix it in one of the next Up2Dates.

Download Information

Log on to WebAdmin, navigate to "System -> Up2Date Service" and start a "Update now" in "System Up2Date. An extra browser window will show the progress of the Up2Date process and the System Administrator will receive a notification email once the Up2Date process has finished successfully.
Log on to WebAdmin, navigate to "System -> Up2Date Service" and enable "Prefetch Up2dates". The System Administrator will receive a Notification email after an Up2Date package has been succesfully fetched and can install the Up2Date by clicking "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server:
HTTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
Log on to WebAdmin, navigate to "System -> Up2Date Service", start "Import from file" and import the downloaded Up2Date package. After a successful upload click "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System Administrator will receive a notification email once the Up2Date process has finished successfully.

To install Astaro Security Linux, you need the installation ISO image, available on our download page.

Hardware Requirements (Hardware Calculator):

CPU: PII > 400MHz
RAM: 128 MB (256 recommended)
CDROM: IDE or SCSI (see HCL for supported SCSI controller)
Harddisk: > 5GB IDE or SCSI (see HCL for supported SCSI controller)
NIC: at least 2 PCI NICs (see HCL for support chipsets)

[Middle] Up2Date 5.010

Markus Hennig — Fri, 28 May 2004 19:26:17 +0000

Urgency: Middle(low, Middle, HIGH)
Size: 26MB (26,405,401 bytes)
md5sum: 9503652b0f3306d35cb0f29bae7d1541

Up2Date 5.010

Remarks

Required previous version is 5.009
Existing configuration will not be changed
Middleware will be restarted ()
Active IP and VPN connections will be restarted
Depending on the speed of the CPU the Up2Date installation will take a couple minutes

Bugfix

(please refer to the known issue list on http://docs.astaro.org)
ID0921 Local and radius users with . (dot) inside are not working
ID1052 HTTP Proxy - changing default port affects target services
ID1053 HTTP Proxy/Contentfilter download bar not showing 100%
ID1071 HTTP Proxy - blacklist has higher priority than whitelist
ID1076 LDAP authentication doesn't work if user is nested in several OUs
ID1084 HTTP Proxy/UserAuth - first profile always matching
ID1093 Reset licensed users (IPs) listing does not work
ID1094 HTTP proxy with Virus Protection forgets file extension
ID1095 Dell Perc4 RAID controller not detected by installer
ID1104 Config download for IPsec roadwarriors may be unavailable
ID1119 In some cases the Contentfilter reduces download sizes
ID1152 Possible issues with FTP over HTTP Proxy
ID1173 Surf Protection configuration not tolerating config errors

We know there is in some cases with IPSec configurations still an open issue with the displayed Licensed Users (IPs) . We are aware of this and will fix it in one of the next Up2Dates.

Download Information

Log on to WebAdmin, navigate to "System -> Up2Date Service" and start a "Update now" in "System Up2Date. An extra browser window will show the progress of the Up2Date process and the System Administrator will receive a notification email once the Up2Date process has finished successfully.
Log on to WebAdmin, navigate to "System -> Up2Date Service" and enable "Prefetch Up2dates". The System Administrator will receive a Notification email after an Up2Date package has been succesfully fetched and can install the Up2Date by clicking "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server:
HTTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
Log on to WebAdmin, navigate to "System -> Up2Date Service", start "Import from file" and import the downloaded Up2Date package. After a successful upload click "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System Administrator will receive a notification email once the Up2Date process has finished successfully.

To install Astaro Security Linux, you need the installation ISO image, available on our download page.

Hardware Requirements (Hardware Calculator):

CPU: PII > 400MHz
RAM: 128 MB (256 recommended)
CDROM: IDE or SCSI (see HCL for supported SCSI controller)
Harddisk: > 5GB IDE or SCSI (see HCL for supported SCSI controller)
NIC: at least 2 PCI NICs (see HCL for support chipsets)

ASL V5 ISO 5.010 available

Markus Hennig — Fri, 28 May 2004 19:49:25 +0000

This ASL V5 ISO image includes all recently released Up2Date packages, bugfixes in the installer and new hardware support for SCSI RAID controllers (COMPAQ DL 360, Dell PowerEdge 1750, AHA-39160). Please check the HCL for a complete list. As an improvement the installer displays know the MAC address of the detected interfaces.

For documentation, please see the documentation section of the Astaro web site:

docs.astaro.org

For pricing information please contact:

Europe: sales@astaro.com
Americas: salesus@astaro.com
Asia Pacific: sales@astaro.com

Related documents:

Hardware Requirements (Hardware Calculator):

CPU: PII > 400MHz
RAM: 128 MB (256 recommended)
CDROM: IDE or SCSI (see HCL for supported SCSI controller)
Harddisk: > 5GB IDE or SCSI (see HCL for supported SCSI controller)
NIC: at least 2 PCI NICs (see HCL for support chipsets)

Interoperability and Migration

ASL V4 back-up files can be imported into V5.
The recommended way of upgrading from V4 to V5 is to (1) save a back-up file, (2) install V5, (3) re-import the back-up file, (4) perform a manual configuration. There will not be a V4-to-V5 migration kit, because of changes in the Linux kernel.
Moving from V4 to V5 will not have any impact on the use of the Astaro IPSec Client (AIC) or other IPSec VPN clients.
Astaro Configuration Manager (ACM) 5.3 can be used with Astaro Security Linux V5. However, initially it will configure only the features that have been available in ASL V4. Features that are new with ASL V5, including Intrusion Protection, need to be configured through WebAdmin. Later in the year ACM will be enhanced to support the new features in ASL V5. The ACM releases with enhancements will be announced on this bulletin board.

New! Use MyAstaro for Downloads and Licenses

Astaro downloads and licenses will now be handled through the new MyAstaro web site (https://my.astaro.com), which is replacing the Astaro Registration Portal. You can get to MyAstaro three ways:

Go directly to https://my.astaro.com
From the Astaro web site (www.Astaro.com or www.Astaro.de) click the link in the upper left of that says "Log in" or the tab in the upper right corner that says "MyAstaro"
Click on any link on the Astaro Registration Portal

[Middle] Up2Date 5.009

Markus Hennig — Fri, 21 May 2004 18:07:33 +0000

Urgency: Middle(low, Middle, HIGH)
Size:29 MB (29,832,589 bytes)
md5sum: 20a8fba1b4d9595b98201b1b231175d7

Up2Date 5.009

Remarks

Required previous version is 5.008
Existing configuration will not be changed
Active IP and VPN connections will not be restarted

New/Changed/Improved

Packetfilter livelog colorized

Bugfix

(please refer to the known issue list on http://docs.astaro.org)
ID1037 Licensed Users (IPs) shows ASLs' interface IPs
ID1080 Possible to upload two signing CAs
ID1117 Downloading files from WebAdmin may not work
ID1129 Can't add static mappings to DHCP config

We know there is in some cases with IPSec configurations still an open issue with the displayed Licensed Users (IPs) . We are aware of this and will fix it in one of the next Up2Dates.

Download Information

Log on to WebAdmin, navigate to "System -> Up2Date Service" and start a "Update now" in "System Up2Date. An extra browser window will show the progress of the Up2Date process and the System Administrator will receive a notification email once the Up2Date process has finished successfully.
Log on to WebAdmin, navigate to "System -> Up2Date Service" and enable "Prefetch Up2dates". The System Administrator will receive a Notification email after an Up2Date package has been succesfully fetched and can install the Up2Date by clicking "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server:
HTTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
Log on to WebAdmin, navigate to "System -> Up2Date Service", start "Import from file" and import the downloaded Up2Date package. After a successful upload click "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System Administrator will receive a notification email once the Up2Date process has finished successfully.

To install Astaro Security Linux, you need the installation ISO image, available on our download page.

Hardware Requirements (Hardware Calculator):

CPU: PII > 400MHz
RAM: 128 MB (256 recommended)
CDROM: IDE or SCSI (see HCL for supported SCSI controller)
Harddisk: > 5GB IDE or SCSI (see HCL for supported SCSI controller)
NIC: at least 2 PCI NICs (see HCL for support chipsets)

[Middle] Up2Date 4.022

Markus Hennig — Wed, 19 May 2004 12:34:53 +0000

Urgency: Middle (low, Middle, HIGH)
Size: 3MB (3,422,477 bytes)
md5sum: 7a4e5c0193b52c0934d8514bdd1e1eb8

Up2Date 4.022

Remarks

Required previous version is 4.021
Existing configuration will not be changed
Active IP and VPN connections will be restarted
MiddleWare will be restarted

Bugfix

ID1036 Exim vulnerabilities (OpenSSL and stack overflow)
ID833 License key replication in HA mode
ID713 LogAllow rules may drop packets in FIX_CONNTRACK chain

Download Information

Log on to WebAdmin, navigate to "System -> Up2Date Service" and start a "Update now" in "System Up2Date. An extra browser window will show the progress of the Up2Date process and the System Administrator will receive a notification email once the Up2Date process has finished successfully.
Log on to WebAdmin, navigate to "System -> Up2Date Service" and enable "Prefetch Up2dates". The System Administrator will receive a Notification email after an Up2Date package has been succesfully fetched and can install the Up2Date by clicking "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server:
HTTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
Log on to WebAdmin, navigate to "System -> Up2Date Service", start "Import from file" and import the downloaded Up2Date package. After a successful upload click "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System Administrator will receive a notification email once the Up2Date process has finished successfully.

To install Astaro Security Linux, you need the installation ISO image, available on our download page.

[Middle] Up2Date 5.008

Markus Hennig — Mon, 17 May 2004 22:12:25 +0000

Urgency: Middle(low, Middle, HIGH)
Size: 14MB (14,189,268 bytes)
md5sum: 8d4e41d60d3fb084fa67a45d60e6dc4d

Up2Date 5.008

Remarks

Required previous version is 5.007
Existing configuration will not be changed
Active IP and VPN connections will not be restarted

Bugfix

(please refer to the known issue list on http://docs.astaro.org)
ID1024 More information needed when deleting interfaces
ID1029 WebAdmin timesettings to not match system time
ID1043 Dyndns username not editable

Download Information

Log on to WebAdmin, navigate to "System -> Up2Date Service" and start a "Update now" in "System Up2Date. An extra browser window will show the progress of the Up2Date process and the System Administrator will receive a notification email once the Up2Date process has finished successfully.
Log on to WebAdmin, navigate to "System -> Up2Date Service" and enable "Prefetch Up2dates". The System Administrator will receive a Notification email after an Up2Date package has been succesfully fetched and can install the Up2Date by clicking "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server:
HTTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
Log on to WebAdmin, navigate to "System -> Up2Date Service", start "Import from file" and import the downloaded Up2Date package. After a successful upload click "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System Administrator will receive a notification email once the Up2Date process has finished successfully.

To install Astaro Security Linux, you need the installation ISO image, available on our download page.

Hardware Requirements (Hardware Calculator):

CPU: PII > 400MHz
RAM: 128 MB (256 recommended)
CDROM: IDE or SCSI (see HCL for supported SCSI controller)
Harddisk: > 5GB IDE or SCSI (see HCL for supported SCSI controller)
NIC: at least 2 PCI NICs (see HCL for support chipsets)

ASL V5 ISO 5.007 available

Markus Hennig — Mon, 17 May 2004 21:25:19 +0000

This ASL V5 ISO image includes all recently released Up2Date packages.

For documentation, please see the documentation section of the Astaro web site:

docs.astaro.org

For pricing information please contact:

Europe: sales@astaro.com
Americas: salesus@astaro.com
Asia Pacific: sales@astaro.com

Related documents:

Hardware Requirements (Hardware Calculator):

CPU: PII > 400MHz
RAM: 128 MB (256 recommended)
CDROM: IDE or SCSI (see HCL for supported SCSI controller)
Harddisk: > 5GB IDE or SCSI (see HCL for supported SCSI controller)
NIC: at least 2 PCI NICs (see HCL for support chipsets)

Interoperability and Migration

ASL V4 back-up files can be imported into V5.
The recommended way of upgrading from V4 to V5 is to (1) save a back-up file, (2) install V5, (3) re-import the back-up file, (4) perform a manual configuration. There will not be a V4-to-V5 migration kit, because of changes in the Linux kernel.
Moving from V4 to V5 will not have any impact on the use of the Astaro IPSec Client (AIC) or other IPSec VPN clients.
Astaro Configuration Manager (ACM) 5.3 can be used with Astaro Security Linux V5. However, initially it will configure only the features that have been available in ASL V4. Features that are new with ASL V5, including Intrusion Protection, need to be configured through WebAdmin. Later in the year ACM will be enhanced to support the new features in ASL V5. The ACM releases with enhancements will be announced on this bulletin board.

New! Use MyAstaro for Downloads and Licenses

Astaro downloads and licenses will now be handled through the new MyAstaro web site (https://my.astaro.com), which is replacing the Astaro Registration Portal. You can get to MyAstaro three ways:

Go directly to https://my.astaro.com
From the Astaro web site (www.Astaro.com or www.Astaro.de) click the link in the upper left of that says"Log in" or the tab in the upper right corner that says "MyAstaro"
Click on any link on the Astaro Registration Portal

[High] Up2Date 5.007

Markus Hennig — Wed, 12 May 2004 22:26:07 +0000

Urgency: HIGH (low, Middle, HIGH)
Size: 13MB (13,469,710 bytes)
md5sum: 3cc69246c99f3e4987eabd19f18b8489

Up2Date 5.007

Remarks

Required previous version is 5.006
Existing configuration will not be changed
Middleware will be restarted
Active IP and VPN connections will be restarted
HTTP proxy will be restarted
Depending on the speed of the CPU the Up2Date installation will take a couple minutes

Bugfixes

(please refer to the known issue list on http://docs.astaro.org)
ID1018 XML-Content displayed in Internet Explorer when downloading files
ID1058 HTTP Proxy with Surfprotection blocks sites ( '.' )

Download Information

Log on to WebAdmin, navigate to "System -> Up2Date Service" and start a "Update now" in "System Up2Date. An extra browser window will show the progress of the Up2Date process and the System Administrator will receive a notification email once the Up2Date process has finished successfully.
Log on to WebAdmin, navigate to "System -> Up2Date Service" and enable "Prefetch Up2dates". The System Administrator will receive a Notification email after an Up2Date package has been succesfully fetched and can install the Up2Date by clicking "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server:
HTTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
Log on to WebAdmin, navigate to "System -> Up2Date Service", start "Import from file" and import the downloaded Up2Date package. After a successful upload click "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System Administrator will receive a notification email once the Up2Date process has finished successfully.

To install Astaro Security Linux, you need the installation ISO image, available on our download page.

Hardware Requirements (Hardware Calculator):

CPU: PII > 400MHz
RAM: 128 MB (256 recommended)
CDROM: IDE or SCSI (see HCL for supported SCSI controller)
Harddisk: > 5GB IDE or SCSI (see HCL for supported SCSI controller)
NIC: at least 2 PCI NICs (see HCL for support chipsets)

[High] ASL V5 GA Version: Up2Date 5.005

Markus Hennig — Fri, 07 May 2004 13:49:55 +0000

Astaro would like to clarify that the 5.005 version of Astaro Security Linux, available on Up2Date 5.005, is the General Availability Release.

Urgency: HIGH (low, Middle, HIGH)
Size: 43.3MB (45,405,085 bytes)
md5sum: aa91da2f4006fd9dc243ad0a9efd214b

Up2Date 5.005

Remarks

Required previous version is 5.004
Existing configuration will not be changed
!! ATTENTION !! Firewall will reboot after updating !!

New/Changed/Improved

New kernel with security fixes

fix for the memleak in do_fork()
fix for the MCAST/setsockopt() buffer overflow (CAN-2004-0424)
fix for a permission problem on /proc/scsi/qla2300/HbaApiNode
fix for the buffer overflow in panic() (CAN-2004-0394)

New exim with security fixes

fix for Header syntax overflow (CAN-2004-0400)

Bugfix

(please refer to the known issue list on http://docs.astaro.org)
ID912 Interfaces names in Reporting->Networks missing
ID914 Many ppp interfaces in reports
ID918 Reporting->Administration->Config changes does not work
ID940 Older videocards may not support framebuffer/bootsplash
ID946 Contentfilter does not support special characters
ID959 Importing backup with '$' in password does not work
ID974 NAS Identifier for Radius authentication (PPTP / L2TP)
ID996 SurfProtection license expires May 6th, 2004
ID998 POP3 does not move fetched emails into quarantine
ID999 WebAdmin does not support special characters
ID1006 Dropdown content not sorted in Packetfilter->Rules
ID1013 SMTP Whitelist/Blacklist regular expression error
ID1020 IPS pattern update does not work correctly

Download Information

Log on to WebAdmin, navigate to "System -> Up2Date Service" and start a "Update now" in "System Up2Date. An extra browser window will show the progress of the Up2Date process and the System Administrator will receive a notification email once the Up2Date process has finished successfully.
Log on to WebAdmin, navigate to "System -> Up2Date Service" and enable "Prefetch Up2dates". The System Administrator will receive a Notification email after an Up2Date package has been succesfully fetched and can install the Up2Date by clicking "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server:
HTTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
Log on to WebAdmin, navigate to "System -> Up2Date Service", start "Import from file" and import the downloaded Up2Date package. After a successful upload click "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System Administrator will receive a notification email once the Up2Date process has finished successfully.

To install Astaro Security Linux, you need the installation ISO image, available on our download page.

Hardware Requirements (Hardware Calculator):

CPU: PII > 400MHz
RAM: 128 MB (256 recommended)
CDROM: IDE or SCSI (see HCL for supported SCSI controller)
Harddisk: > 5GB IDE or SCSI (see HCL for supported SCSI controller)
NIC: at least 2 PCI NICs (see HCL for support chipsets)

ASL V5 GA Version: 5.005 ISO image

Markus Hennig — Fri, 07 May 2004 13:51:13 +0000

Astaro is pleased to announce the availability of the Astaro Security Linux V5 General Availability Release.

Thanks to anybody on this board who contributed to this release! We received helpfull feedback to the V5 Release Candidate.

New Features of ASL V5

Astaro Security Linux V5 includes two major new capabilitiesï¿½Intrusion Protection and Virus Protection for the Webï¿½as well as many enhancements that improve security, management, and scalability.

Key features of this latest release include:

Intrusion Protection
Virus Protection for the Web (HTTP traffic)
Transparent POP3 spam protection
Improvements to WebAdminï¿½ for even greater ease of use and flexibility
Enhanced reporting, with pre-defined metrics and automated report generation
Support for symmetric multi-processing (SMP) systems and up to 4GB of memory
ISP-uplink failover and dynamic VPN support

A detailed description of the new features is included in the package. Astaro Security Linux V5 is a free update to all customers with an active Up2Date service.

For documentation, please see the documentation section of the Astaro web site:

docs.astaro.org

For pricing information please contact:

Europe: sales@astaro.com
Americas: salesus@astaro.com
Asia Pacific: sales@astaro.com

Related documents:

Hardware Requirements (Hardware Calculator):

CPU: PII > 400MHz
RAM: 128 MB (256 recommended)
CDROM: IDE or SCSI (see HCL for supported SCSI controller)
Harddisk: > 5GB IDE or SCSI (see HCL for supported SCSI controller)
NIC: at least 2 PCI NICs (see HCL for support chipsets)

Interoperability and Migration

ASL V4 back-up files can be imported into V5.
The recommended way of upgrading from V4 to V5 is to (1) save a back-up file, (2) install V5, (3) re-import the back-up file, (4) perform a manual configuration. There will not be a V4-to-V5 migration kit, because of changes in the Linux kernel.
Moving from V4 to V5 will not have any impact on the use of the Astaro IPSec Client (AIC) or other IPSec VPN clients.
Astaro Configuration Manager (ACM) 5.3 can be used with Astaro Security Linux V5. However, initially it will configure only the features that have been available in ASL V4. Features that are new with ASL V5, including Intrusion Protection, need to be configured through WebAdmin. Later in the year ACM will be enhanced to support the new features in ASL V5. The ACM releases with enhancements will be announced on this bulletin board.

New! Use MyAstaro for Downloads and Licenses

Astaro downloads and licenses will now be handled through the new MyAstaro web site (https://my.astaro.com), which is replacing the Astaro Registration Portal. You can get to MyAstaro three ways:

Go directly to https://my.astaro.com
From the Astaro web site (www.Astaro.com or www.Astaro.de) click the link in the upper left of that says "Log in" or the tab in the upper right corner that says "MyAstaro"
Click on any link on the Astaro Registration Portal

If you are a returning Astaro customer or home user, you will be asked for the email address and password you used when you created your Registration Portal account. MyAstaro will take this information and create a MyAstaro account for you. If you have already registered licenses, you will see a list of those licenses when you log on. You can click any license name to see its properties.

If you want to upgrade a V4 license that you registered to a V5 license and install V5:

Log onto MyAstaro and click on the link of the license you want to upgrade, you will be taken to a license detail page.
Press the button that says "Upgrade to a V5 license for free!" A download link will appear at the top of the license detail page.
Click on the link for the new license, then download and save the license file (the license file is in text format, so you can open it to see the features that are included in your license).
Download and install the Astaro Security Linux V5 software, go to the license page in WebAdmin, press the browse button, find and select the license file you downloaded in step #3, and press "Start" to upload the license to WebAdmin.

If you want to upgrade a V4 license that was registered for you by an Astaro partner and install V5:

Log onto MyAstaro.
Copy the license key from your V4 WebAdmin, paste it into the "V4 license key" box located at the bottom of the license list, and press the "Find license" button, this will generate a license file for you.
Download and save the license file (the license file is in text format, so you can open it to see the features that are included in your license).
Download and install the Astaro Security Linux V5 software.
Go to the license page in WebAdmin, press the browse button, find and select the license file you downloaded in step #3, and press "Start" to upload the license to WebAdmin.

Note that you can only do this once; after the license has been upgraded it will display only on the license list of the Astaro partner or other party who originally registered the license, and it will not appear on your license list.

If you have purchased a new license for Astaro Security Linux V5, then:

Obtain an Astaro Security Linux V5 activation key from your Astaro partner or Astaro sales person,
Sign onto MyAstaro, paste the activation key into the box that says "Enter activation key here" and click on the button - a new license will be added to your license list.
Click on the link for the new license, go to the license detail page, then download and save the license file (the license file is in text format, so you can open it to see the features that are included in your license).
Download and install the Astaro Security Linux V5 software.
Go to the license page in WebAdmin, press the browse button, find and select the license file you downloaded in step #3, and press "Start" to upload the license to WebAdmin.

[Middle] Up2Date 5.006

Markus Hennig — Fri, 07 May 2004 18:24:46 +0000

Urgency: Middle (low, Middle, HIGH)
Size: 13MB (13,675,362 bytes)
md5sum: 8b38523f1532be9d1209d95ad2c2dacc

Up2Date 5.006

Remarks

Required previous version is 5.005
Existing configuration will not be changed
Active IP and VPN connections will not be restarted

Bugfix

(please refer to the known issue list on http://docs.astaro.org)
ID1003 Pattern Up2Date does not work in some rare config conditions

Download Information

Log on to WebAdmin, navigate to "System -> Up2Date Service" and start a "Update now" in "System Up2Date. An extra browser window will show the progress of the Up2Date process and the System Administrator will receive a notification email once the Up2Date process has finished successfully.
Log on to WebAdmin, navigate to "System -> Up2Date Service" and enable "Prefetch Up2dates". The System Administrator will receive a Notification email after an Up2Date package has been succesfully fetched and can install the Up2Date by clicking "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server:
HTTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
Log on to WebAdmin, navigate to "System -> Up2Date Service", start "Import from file" and import the downloaded Up2Date package. After a successful upload click "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System Administrator will receive a notification email once the Up2Date process has finished successfully.

To install Astaro Security Linux, you need the installation ISO image, available on our download page.

Hardware Requirements (Hardware Calculator):

CPU: PII > 400MHz
RAM: 128 MB (256 recommended)
CDROM: IDE or SCSI (see HCL for supported SCSI controller)
Harddisk: > 5GB IDE or SCSI (see HCL for supported SCSI controller)
NIC: at least 2 PCI NICs (see HCL for support chipsets)

[High] Up2Date 5.004 - RC3

Markus Hennig — Thu, 29 Apr 2004 09:35:58 +0000

Astaro would like to clarify that the 5.004 version of Astaro Security Linux, available on Up2Date 5.004, belong to Release Candidate #3, it is not the General Availability Release. The GA version will follow soon and it will be 5.005. ASL 5.005 includes some kernel updates and requires a reboot. It will be availiable as an Up2Date and as an ISO image. This Up2Date fixes only a problem with the virus scan engine. You should install this Up2Date immediatly, if you use virus scanning for HTTP, SMTP or POP3. Please watch this bulletin board for announcements about the upcoming General Availability Release.

Urgency: HIGH (low, Middle, HIGH)
Size: 1.5MB (1,606,408 bytes)
md5sum: 1e123bd0ed0236db5593cff9cee8589b

Up2Date 5.004

Remarks

Required previous version is 5.003
Existing configuration will not be changed
Active IP and VPN connections will not be restarted
Contentscanner will be restarted

Bugfix

(please refer to the known issue list on http://docs.astaro.org)
ID995 Kaspersky Antivirus scanner key expires on April 30th, 2004

Download Information

Log on to WebAdmin, navigate to "System -> Up2Date Service" and start a "Update now" in "System Up2Date. An extra browser window will show the progress of the Up2Date process and the System Administrator will receive a notification email once the Up2Date process has finished successfully.
Log on to WebAdmin, navigate to "System -> Up2Date Service" and enable "Prefetch Up2dates". The System Administrator will receive a Notification email after an Up2Date package has been succesfully fetched and can install the Up2Date by clicking "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server:
HTTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
Log on to WebAdmin, navigate to "System -> Up2Date Service", start "Import from file" and import the downloaded Up2Date package. After a successful upload click "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System Administrator will receive a notification email once the Up2Date process has finished successfully.

To install Astaro Security Linux, you need the installation ISO image, available on our download page.

Hardware Requirements (Hardware Calculator):

CPU: PII > 400MHz
RAM: 128 MB (256 recommended)
CDROM: IDE or SCSI (see HCL for supported SCSI controller)
Harddisk: > 5GB IDE or SCSI (see HCL for supported SCSI controller)
NIC: at least 2 PCI NICs (see HCL for support chipsets)

[High] Up2Date 5.003 - RC3

Markus Hennig — Wed, 28 Apr 2004 09:59:08 +0000

Astaro would like to clarify that the 5.003 version of Astaro Security Linux, available on Up2Date 5.003, is Release Candidate #3, not the General Availability Release. RC3 will be split in 2 Up2Date packages for technical reasons, this means that 2 Up2Dates will be released today 5.002 and 5.003 and they both belong to RC3.

The GA version will follow soon and it will be 5.005. ASL 5.005 includes some kernel updates and require a reboot. It will be availiable as an Up2Date and as an ISO image.

This release candidate fixes a number of problems reported for Release Candidate #2. As with the previous candidate release, 5.003 is suitable for testing, for home use, and for basic production environments. However, corporate customers with large or complex configurations should test the release in their labs before deployment.

Please watch this bulletin board for announcements about the upcoming General Availability Release.

Urgency: HIGH (low, Middle, HIGH)
Size: 20MB (21,563,158 bytes)
md5sum: 7d82fc2553bdc5d522a2cfcbee351bb8

Up2Date 5.003

Remarks

Required previous version is 5.002
Existing configuration will not be changed
Active IP and VPN connections will not be restarted
Selfmonitor will be restarted

New/Changed/Improved

V4 backup importing improved
Selfmonitoring improved

Bugfix

(please refer to the known issue list on http://docs.astaro.org)
ID964 Importing a V4 backup with two default gateways fails

Download Information

Log on to WebAdmin, navigate to "System -> Up2Date Service" and start a "Update now" in "System Up2Date. An extra browser window will show the progress of the Up2Date process and the System Administrator will receive a notification email once the Up2Date process has finished successfully.
Log on to WebAdmin, navigate to "System -> Up2Date Service" and enable "Prefetch Up2dates". The System Administrator will receive a Notification email after an Up2Date package has been succesfully fetched and can install the Up2Date by clicking "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server:
HTTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
Log on to WebAdmin, navigate to "System -> Up2Date Service", start "Import from file" and import the downloaded Up2Date package. After a successful upload click "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System Administrator will receive a notification email once the Up2Date process has finished successfully.

To install Astaro Security Linux, you need the installation ISO image, available on our download page.

Hardware Requirements (Hardware Calculator):

CPU: PII > 400MHz
RAM: 128 MB (256 recommended)
CDROM: IDE or SCSI (see HCL for supported SCSI controller)
Harddisk: > 5GB IDE or SCSI (see HCL for supported SCSI controller)
NIC: at least 2 PCI NICs (see HCL for support chipsets)

[High] Up2Date 5.002 - RC3

Markus Hennig — Wed, 28 Apr 2004 09:50:15 +0000

Astaro would like to clarify that the 5.002 version of Astaro Security Linux, available on Up2Date 5.002, is Release Candidate #3, not the General Availability Release. RC3 will be split in 2 Up2Date packages for technical reasons, this means that 2 Up2Dates will be released today 5.002 and 5.003 and they both belong to RC3. The GA version will follow soon and it will be 5.005. ASL 5.005 includes some kernel updates and require a reboot. It will be availiable as an Up2Date and as an ISO image.

This release candidate fixes a number of problems reported for Release Candidate #2. As with the previous candidate release, 5.002 is suitable for testing, for home use, and for basic production environments. However, corporate customers with large or complex configurations should test the release in their labs before deployment.

Please watch this bulletin board for announcements about the upcoming General Availability Release.

Urgency: HIGH (low, Middle, HIGH)
Size: 25.7MB (26,984,398 bytes)
md5sum: 862a90bdd25b5ebd5a20b36d3f915f24

Up2Date 5.002

Remarks

Required previous version is 5.001
Existing configuration will not be changed
Active IP and VPN connections will be restarted
MiddleWare will be restarted
Depending on the CPU speed this Up2Date takes some minutes to install

New/Changed/Improved

WebAdmin logging (packetfilter) now configurable

Bugfix

(please refer to the known issue list on http://docs.astaro.org)
ID958 DHCP client does not work after booting up
ID956 DSL reconnect does not work correctly
ID952 POP3 mail retrieving/deleting with Outlook Express 6
ID932 WebAdmin clock always shows GMT
ID910 HTTP proxy restarts too often
ID875 WebAdmin needs a lot of RAM for large packetfilter rulesets

Download Information

Log on to WebAdmin, navigate to "System -> Up2Date Service" and start a "Update now" in "System Up2Date. An extra browser window will show the progress of the Up2Date process and the System Administrator will receive a notification email once the Up2Date process has finished successfully.
Log on to WebAdmin, navigate to "System -> Up2Date Service" and enable "Prefetch Up2dates". The System Administrator will receive a Notification email after an Up2Date package has been succesfully fetched and can install the Up2Date by clicking "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server:
HTTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
Log on to WebAdmin, navigate to "System -> Up2Date Service", start "Import from file" and import the downloaded Up2Date package. After a successful upload click "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System Administrator will receive a notification email once the Up2Date process has finished successfully.

To install Astaro Security Linux, you need the installation ISO image, available on our download page.

Hardware Requirements (Hardware Calculator):

CPU: PII > 400MHz
RAM: 128 MB (256 recommended)
CDROM: IDE or SCSI (see HCL for supported SCSI controller)
Harddisk: > 5GB IDE or SCSI (see HCL for supported SCSI controller)
NIC: at least 2 PCI NICs (see HCL for support chipsets)

Home user subscription bundle...

Markus Hennig — Mon, 26 Apr 2004 20:40:18 +0000

Home user subscription bundle and Intrusion Protection for home user licenses

The home user subscription bundle is now available for purchase at a price of EUR 59 (approximately USD 70). This bundle includes:

Surf Protection Subscription for 10 User, 1 year
Virus Protection for Email Sub. for 10 User, 1 year
Virus Protection for Web Sub. for 10 User, 1 year

To purchase this bundle, go to our shop.

Additionally, one year of Intrusion Protection is automatically included in all new home user licenses generated between April 23, 2004 and September 30, 2004. After September 30, Intrusion Protection will be included in the home user subscription bundle.

One year of Intrusion Protection has also been added to all existing V5 home use licenses at no cost. To use it, you will need to download the revised license from MyAstaro and then install it in WebAdmin.

This can be done using the same procedure in which you downloaded and installed the original license:

Log into MyAstaro
Click the license nickname to view details
Click the download link and save the license file to your hard drive
To install in WebAdmin, when prompted for the license in the license section or initial screen, press the browse button in WebAdmin, navigate to the directory in which you saved the license file, select the license, and press Start to upload.

New Home User and Power User Policies for ASL

Markus Hennig — Mon, 12 Apr 2004 17:13:35 +0000

Intrusion Protection free (through September 2004)
Low-cost subscription bundle available
Change in the role of the Power User

Reduced Fees for Home User Subscriptions

Astaro has been offering the base level components of Astaro Security Linux for up to 10 users at no cost for home users for personal, non-commercial and non-revenue generating use in a private home. This base license includes the firewall, VPN Gateway, management platform, reporting, and Spam Protection subscription.

In recognition of the contribution of home users in testing, supporting and recommending our software, Astaro would like to make it even easier for home users to utilize the Astaro Security Linux subscriptions. Through September 30, 2004:

One year of the Intrusion Protection subscription will be included with the Astaro Security Linux V5 home user license at no cost.
For a total cost of €59, home users will be able to license the three other subscriptions (Virus Protection for Email, Virus Protection for the Web, and Surf Protection) for one year.

The V4 subscriptions were €49 each, so €59 for three V5 subscriptions is a significant cost reduction.

After September 30, the Intrusion Protection subscription will be included in the €59 subscription bundle.

The home user version of Astaro Security Linux V5 including Intrusion Protection, and the home user subscription bundle, will be available on MyAstaro (https://my.astaro.com) some time on the week of April 19. A 30-day trial version of Astaro Security Linux is also available at this site.

Change in the Role of the Power User

With Astaro Security Linux V4, some home users found themselves restricted by the limitation of the V4 home user license to 3 NICs and 5 SMTP domains. Astaro created a "Power Home User" license without those limitations to help these people.

Now, the Astaro Security Linux V5 home user license does not place any restrictions on NICs or SMTP domains. The only limitations are 10 users and 2,000 concurrent connections, which should be sufficient for home use. Therefore, there is no longer a technical need for a special Power Home User license.

However, Astaro would still like to recognize people who make a significant contribution to the development and use of Astaro Security Linux.

Therefore we would like to provide the home user subscription bundle (€59) at no cost to home users who have a history of active, visible participation on the Astaro UBB, including valuable input regarding bug reports, and who have generally supported the UBB on an on-going basis.

If you have a V4 Power Home User license, or believe that you qualify as a power user for your active, valuable participation in the UBB, please check this UBB thread on April 19 for a Power Home User application form.

[High] Up2Date 5.001 (new V5 ISO) - RC2

Markus Hennig — Fri, 09 Apr 2004 22:45:44 +0000

Astaro would like to clarify that the 5.001 version of Astaro Security Linux, available on Up2Date 5.001, is Release Candidate #2, not the General Availability Release. This release candidate fixes a number of problems reported for Release Candidate #1. We are continuing to improvements to the release. As with the previous candidate release, 5.001 is suitable for testing, for home use, and for basic production environments. However, corporate customers with large or complex configurations should test the release in their labs before deployment.

Please watch this bulletin board for announcements about the upcoming General Availability Release.

Urgency: HIGH (low, Middle, HIGH)
Size: 23.4MB (24.589.940 bytes)
md5sum: f2a2f563faaceeac1c8bbe5222857d0b

Up2Date 5.001

Remarks

Required previous version is 5.000
Existing configuration will not be changed
Active IP and VPN connections will be restarted
Remote SSH connections will be lost
MiddleWare will be restarted

New/Changed/Improved

HTTP Proxy improvements (speed, downloads, stability)
QoS packet classification improvements

Bugfix

(please refer to the known issue list on http://docs.astaro.org)
ID916 Accounting not working properly
ID911 Traffic on VLAN interfaces not reported
ID905 Broken SMTP messages - Spam header is seen in email body
ID904 Pattern Up2date not possible - even with valid license
ID901 IPS license improperly checked
ID892 POP3 proxy blocks all messages
ID886 SNMP daemon consumes too much CPU
ID882 User authentication page may be blank
ID875 WebAdmin needs a lot of RAM for large packetfilter rulesets
ID872 PPTP assigns same IP address to multiple clients

Download Information

Log on to WebAdmin, navigate to "System -> Up2Date Service" and start a "Update now" in "System Up2Date. An extra browser window will show the progress of the Up2Date process and the System Administrator will receive a notification email once the Up2Date process has finished successfully.
Log on to WebAdmin, navigate to "System -> Up2Date Service" and enable "Prefetch Up2dates". The System Administrator will receive a Notification email after an Up2Date package has been succesfully fetched and can install the Up2Date by clicking "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server:
HTTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
Log on to WebAdmin, navigate to "System -> Up2Date Service", start "Import from file" and import the downloaded Up2Date package. After a successful upload click "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System Administrator will receive a notification email once the Up2Date process has finished successfully.

To install Astaro Security Linux, you need the installation ISO image, available on our download page.

Hardware Requirements (Hardware Calculator):

CPU: PII > 400MHz
RAM: 128 MB (256 recommended)
CDROM: IDE or SCSI (see HCL for supported SCSI controller)
Harddisk: > 5GB IDE or SCSI (see HCL for supported SCSI controller)
NIC: at least 2 PCI NICs (see HCL for support chipsets)

ASL V5 Release Candidate is Available

Markus Hennig — Thu, 01 Apr 2004 00:11:41 +0000

Astaro is pleased to announce the availability of the Astaro Security Linux V5 Release Candidate. Thanks to anybody on this board who contributed to this release! We received a tremendous amount of excellent feedback during the past year and during our Beta test.

We are planning to ship the General Availability release within a week. The next few days will give us extra time to validate improvements made in Astaro Security Linux V5 during the final days of beta testing. The Release Candidate available today is suitable for testing, for home use, and for production environments. However, we recommend that corporate customers with large or complex configurations test the release in their labs before deployment. If you install the Release Candidate, the upgrade to the General Availability release will be performed transparently by an Up2Date update package.

New Features

Key features of this latest release include:

Intrusion Protection
Virus Protection for the Web (HTTP traffic)
Transparent POP3 spam protection
Improvements to WebAdminï¿½ for even greater ease of use and flexibility
Enhanced reporting, with pre-defined metrics and automated report generation
Support for symmetric multi-processing (SMP) systems and up to 4GB of memory
ISP-uplink failover and dynamic VPN support
Stateful failover functionality in High Availability installations

A detailed description of the new features is included in the package. Astaro Security Linux V5 is a free update to all customers with an active Up2Date service.

For documentation, please see the documentation section of the Astaro web site:

docs.astaro.org

For pricing information please contact:

Europe: sales@astaro.com
Americas: salesus@astaro.com
Asia Pacific: sales@astaro.com

Related documents:

Hardware Requirements (Hardware Calculator):

CPU: PII > 400MHz
RAM: 128 MB (256 recommended)
CDROM: IDE or SCSI (see HCL for supported SCSI controller)
Harddisk: > 5GB IDE or SCSI (see HCL for supported SCSI controller)
NIC: at least 2 PCI NICs (see HCL for support chipsets)

Interoperability and Migration

ASL V4 back-up files can be imported into V5.
The recommended way of upgrading from V4 to V5 is to (1) save a back-up file, (2) install V5, (3) re-import the back-up file, (4) perform a manual configuration. There will not be a V4-to-V5 migration kit, because of changes in the Linux kernel.
Moving from V4 to V5 will not have any impact on the use of the Astaro IPSec Client (AIC) or other IPSec VPN clients.
Astaro Configuration Manager (ACM) 5.3 can be used with Astaro Security Linux V5. However, initially it will configure only the features that have been available in ASL V4. Features that are new with ASL V5, including Intrusion Protection, need to be configured through WebAdmin. Later in the year ACM will be enhanced to support the new features in ASL V5. The ACM releases with enhancements will be announced on this bulletin board.

New! Use MyAstaro for Downloads and Licenses

Astaro downloads and licenses will now be handled through the new MyAstaro web site (https://my.astaro.com), which is replacing the Astaro Registration Portal. You can get to MyAstaro three ways:

Go directly to https://my.astaro.com
From the Astaro web site (www.Astaro.com or www.Astaro.de) click the link in the upper left of that says "Log in" or the tab in the upper right corner that says "MyAstaro"
Click on any link on the Astaro Registration Portal

If you want to upgrade a V4 license that you registered to a V5 license and install V5:

Log onto MyAstaro and click on the link of the license you want to upgrade, you will be taken to a license detail page.
Press the button that says"Upgrade to a V5 license for free!" A download link will appear at the top of the license detail page.
Click on the link for the new license, then download and save the license file (the license file is in text format, so you can open it to see the features that are included in your license).
Download and install the Astaro Security Linux V5 software, go to the license page in WebAdmin, press the browse button, find and select the license file you downloaded in step #3, and press "Startï" to upload the license to WebAdmin.

If you want to upgrade a V4 license that was registered for you by an Astaro partner and install V5:

Log onto MyAstaro.
Copy the license key from your V4 WebAdmin, paste it into the "V4 license key" box located at the bottom of the license list, and press the "Find license"- button, this will generate a license file for you.
Download and save the license file (the license file is in text format, so you can open it to see the features that are included in your license).
Download and install the Astaro Security Linux V5 software.
Go to the license page in WebAdmin, press the browse button, find and select the license file you downloaded in step #3, and press "Start" to upload the license to WebAdmin.

If you have purchased a new license for Astaro Security Linux V5, then:

Obtain an Astaro Security Linux V5 activation key from your Astaro partner or Astaro sales person,
Sign onto MyAstaro, paste the activation key into the box that says "Enter activation key here" and click on the button - a new license will be added to your license list.
Click on the link for the new license, go to the license detail page, then download and save the license file (the license file is in text format, so you can open it to see the features that are included in your license).
Download and install the Astaro Security Linux V5 software.
Go to the license page in WebAdmin, press the browse button, find and select the license file you downloaded in step #3, and press "Start" to upload the license to WebAdmin.

[High] Up2Date 4.021

Markus Hennig — Wed, 18 Feb 2004 21:34:32 +0000

Urgency: HIGH (low, Middle, HIGH)
Size: 6.5MB (6,554,231 bytes)
md5sum: 6ec38b96f9cecb9d03c16696470b6098

Up2Date 4.021

Remarks

Required previous version is 4.020
Existing configuration will not be changed
!!! ATTENTION - FIREWALL WILL REBOOT AFTER UP2DATE !!!

New/Changed/Improved

Kernel mremap (CAN-2003-0077) vulnerability fixed
Antispam setting for emails from MS Outlook reseted

Download Information

Log on to WebAdmin, navigate to "System -> Up2Date Service" and start a "Update now" in "System Up2Date. An extra browser window will show the progress of the Up2Date process and the System Administrator will receive a notification email once the Up2Date process has finished successfully.
Log on to WebAdmin, navigate to "System -> Up2Date Service" and enable "Prefetch Up2dates". The System Administrator will receive a Notification email after an Up2Date package has been succesfully fetched and can install the Up2Date by clicking "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server:
HTTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
Log on to WebAdmin, navigate to "System -> Up2Date Service", start "Import from file" and import the downloaded Up2Date package. After a successful upload click "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System Administrator will receive a notification email once the Up2Date process has finished successfully.

To install Astaro Security Linux, you need the installation ISO image, available on our download page.

[Low] Up2Date 4.020

Markus Hennig — Thu, 29 Jan 2004 17:08:55 +0000

Urgency: low (low, Middle, HIGH)
Size: 0.01 MB (1,316 bytes)
md5sum: a7df1b7aa24601593e8452eacbc1cc7b

Up2Date 4.020

Remarks

Required previous version is 4.019
Existing configuration will not be changed

New/Changed/Improved

Virus Scan Engine License Key updated

Download Information

Log on to WebAdmin, navigate to "System -> Up2Date Service" and start a "Update now" in "System Up2Date. An extra browser window will show the progress of the Up2Date process and the System Administrator will receive a notification email once the Up2Date process has finished successfully.
Log on to WebAdmin, navigate to "System -> Up2Date Service" and enable "Prefetch Up2dates". The System Administrator will receive a Notification email after an Up2Date package has been succesfully fetched and can install the Up2Date by clicking "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server:
HTTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
Log on to WebAdmin, navigate to "System -> Up2Date Service", start "Import from file" and import the downloaded Up2Date package. After a successful upload click "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System Administrator will receive a notification email once the Up2Date process has finished successfully.

To install Astaro Security Linux, you need the installation ISO image, available on our download page.

[Middle] Up2Date 4.019

Markus Hennig — Wed, 14 Jan 2004 11:51:51 +0000

Urgency: Middle (low, Middle, HIGH)
Size: 0.05 MB (6,891 bytes)
md5sum: b5a2ede613999e8f5cc46ff1e20dc556

Up2Date 4.019

Remarks

Required previous version is 4.018
Existing configuration will not be changed
!!! ATTENTION - some HA Systems reboot after Up2Date
!!! The System will selfdetect if a reboot of the HA Systems is
!!! necessary and informs the administrators via email.

Bugfix

(please refer to the known issue list on http://docs.astaro.org)
config update bugfix for HA Systems

Download Information

Log on to WebAdmin, navigate to "System -> Up2Date Service" and start a "Update now" in "System Up2Date. An extra browser window will show the progress of the Up2Date process and the System Administrator will receive a notification email once the Up2Date process has finished successfully.
Log on to WebAdmin, navigate to "System -> Up2Date Service" and enable "Prefetch Up2dates". The System Administrator will receive a Notification email after an Up2Date package has been succesfully fetched and can install the Up2Date by clicking "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server:
HTTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
Log on to WebAdmin, navigate to "System -> Up2Date Service", start "Import from file" and import the downloaded Up2Date package. After a successful upload click "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System Administrator will receive a notification email once the Up2Date process has finished successfully.

To install Astaro Security Linux, you need the installation ISO image, available on our download page.

[High] Up2Date 4.018

Markus Hennig — Mon, 05 Jan 2004 14:28:57 +0000

Urgency: HIGH (low, Middle, HIGH)
Size: 6.5MB (6,541,571 bytes)
md5sum: 97c14820a2c3d765fb215ac186938d4a

Up2Date 4.018

Remarks

Required previous version is 4.017
Existing configuration will not be changed
!!! ATTENTION - FIREWALL WILL REBOOT AFTER UP2DATE !!!
!!! Astaro recommends always to test Up2Date packages with a new kernel
and reboot on non-production systems first. !!!

Bugfix

(please refer to the known issue list on http://docs.astaro.org)
Kernel vulnerability CAN-2003-0985 fixed

Download Information

Log on to WebAdmin, navigate to "System -> Up2Date Service" and start a "Update now" in "System Up2Date. An extra browser window will show the progress of the Up2Date process and the System Administrator will receive a notification email once the Up2Date process has finished successfully.
Log on to WebAdmin, navigate to "System -> Up2Date Service" and enable "Prefetch Up2dates". The System Administrator will receive a Notification email after an Up2Date package has been succesfully fetched and can install the Up2Date by clicking "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server:
HTTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
Log on to WebAdmin, navigate to "System -> Up2Date Service", start "Import from file" and import the downloaded Up2Date package. After a successful upload click "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System Administrator will receive a notification email once the Up2Date process has finished successfully.

To install Astaro Security Linux, you need the installation ISO image, available on our download page.

Additional note to Up2Date 4.017

Markus Hennig — Tue, 02 Dec 2003 22:22:00 +0000

Astaro recommends that Up2date 4.017 should **not** be applied to any production system at this time because of the included kernel upgrade and reboot.

ASL Up2Date 4.017 was released on December 2 at 10:00 am Central European Time. In the 12 hours since the release was made available, a problem has been reported that appears to be related to an unusual hardware configuration. Astaro Quality Assurance is working to assess the cause of the problem.

Until this assessment is completed, Astaro recommends that this release **not** be applied to any production system.

If you do apply Up2Date 4.017 to a lab or test system, Astaro would appreciate it if you would inform us if the installation was successful or encountered any problems: support@astaro.com or on this UBB thread.

Thx!

We will post updates on this as soon as additional information is available.

[High] New Up2Date 4.017

Markus Hennig — Wed, 03 Dec 2003 17:29:26 +0000

Urgency: HIGH (low, Middle, HIGH)
Size: 14.8MB (14,805,335 bytes)
md5sum: 03ec527ef9dde9b8e9b04d4951c1629a

After updating from 4.015 or earlier to 4.017, a new kernel (2.4.22) is used for enhanced hardware features and drivers. This new kernel has new ACPI/APIC handling and may conflict with faulty ACPI BIOS implementations. By default we did not change any ACPI/APIC settings, which resulted in full ACPI/APIC support for users having started with a 4.000 and APIC support (without ACPI) for users having started with a 4.008 ISO installation.

In case you encounter a problem with 4.017 Up2Date when booting up the system (NICs/controllers not recognized/working), please try the following:

On the LILO boot prompt, type: "default noapic"
Boot up and check your system
In case this did not help, type: "default noapic acpi=off"
Boot up and check your system
Add the needed parameters to the append line in /emergency/boot/etc/lilo.conf
Call: "lilo -r /emergency/boot"

We republished the Up2Date 4.017, making sure everybody has both parameters in his configuration file for compatibility reasons. In case you want to use ACPI/APIC either use 4.017 ISO or remove the parameters mentioned above in the lilo config file.

In case you still have problems with ACPI/APIC please check for a newer BIOS version or try disabling ACPI/APIC in the BIOS. This new version of Up2Date 4.017 will automatically replace prefetched but not applied prior version of the package. After fetching this Up2Date 4.017 again you will receive an additional notification by email.

If you did not encounter any problems with the prior version there is no need to reapply the Up2Date 4.017.

Up2Date 4.017

Remarks

Required previous version is 4.016
Existing configuration will not be changed
!!! ATTENTION - FIREWALL WILL REBOOT AFTER UP2DATE !!!
!!! Astaro recommends always to test Up2Date packages with a new kernel
and reboot on non-production systems first. !!!

New/Changed/Improved

New kernel for supporting new hardware
Extended PCMCIA card support (Prism 2/2.5/3)
Added more ACPI functions - ASL will power off after a shutdown
Added DMA support for speeding up newer harddisks
Fixed kernel vulnerability (CAN-2003-0961)

Bugfix

(please refer to the known issue list on http://docs.astaro.org)
ID718 USB keyboards may not work after installation
ID690 Only Prism 2 PCMCIA cards supported
ID676 LDAP Base DN is deleted when creating a new user
ID672 Forward to postmaster does not work for virus-emails
ID655 Portscan Notification not working
ID625 DMA mode for harddisks not available
ID603 PPTP sessions through ASL may fail with error 619
ID598 Incoming PPTP connections may fail

Download Information

Log on to WebAdmin, navigate to "System -> Up2Date Service" and start a "Update now" in "System Up2Date. An extra browser window will show the progress of the Up2Date process and the System Administrator will receive a notification email once the Up2Date process has finished successfully.
Log on to WebAdmin, navigate to "System -> Up2Date Service" and enable "Prefetch Up2dates". The System Administrator will receive a Notification email after an Up2Date package has been succesfully fetched and can install the Up2Date by clicking "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server:
HTTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
Log on to WebAdmin, navigate to "System -> Up2Date Service", start "Import from file" and import the downloaded Up2Date package. After a successful upload click "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System Administrator will receive a notification email once the Up2Date process has finished successfully.

To install Astaro Security Linux, you need the installation ISO image, available on our download page.

[Low] Up2Date 4.016

Markus Hennig — Mon, 01 Dec 2003 22:07:00 +0000

Urgency: low (low, Middle, HIGH)
Size: 0MB (713 bytes)
md5sum: 456243e0b98de30453542905beb93bc5

Up2Date 4.016

Remarks

Required previous version is 4.015
Existing configuration will not be changed

New/Changed/Improved

Preparation for 4.017 kernel Up2Date

Download Information

Log on to WebAdmin, navigate to "System -> Up2Date Service" and start a "Update now" in "System Up2Date. An extra browser window will show the progress of the Up2Date process and the System Administrator will receive a notification email once the Up2Date process has finished successfully.
Log on to WebAdmin, navigate to "System -> Up2Date Service" and enable "Prefetch Up2dates". The System Administrator will receive a Notification email after an Up2Date package has been succesfully fetched and can install the Up2Date by clicking "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server:
HTTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
Log on to WebAdmin, navigate to "System -> Up2Date Service", start "Import from file" and import the downloaded Up2Date package. After a successful upload click "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System Administrator will receive a notification email once the Up2Date process has finished successfully.

To install Astaro Security Linux, you need the installation ISO image, available on our download page.

[High] Up2date 4.017

Markus Hennig — Tue, 02 Dec 2003 08:55:11 +0000

Urgency: HIGH (low, Middle, HIGH)
Size: 14.8MB (14,804,112 bytes)
md5sum: b5ab00defc14baba0cd64a16df4f9702

Up2Date 4.017

Remarks

Required previous version is 4.016
Existing configuration will not be changed
!!! ATTENTION - FIREWALL WILL REBOOT AFTER UP2DATE !!!

New/Changed/Improved

New kernel for supporting new hardware
Extended PCMCIA card support (Prism 2/2.5/3)
Added more ACPI functions - ASL will power off after a shutdown
Added DMA support for speeding up newer harddisks
Fixed kernel vulnerability (CAN-2003-0961)

Bugfix

Download Information

Log on to WebAdmin, navigate to "System -> Up2Date Service" and start a "Update now" in "System Up2Date. An extra browser window will show the progress of the Up2Date process and the System Administrator will receive a notification email once the Up2Date process has finished successfully.
Log on to WebAdmin, navigate to "System -> Up2Date Service" and enable "Prefetch Up2dates". The System Administrator will receive a Notification email after an Up2Date package has been succesfully fetched and can install the Up2Date by clicking "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server:
HTTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
Log on to WebAdmin, navigate to "System -> Up2Date Service", start "Import from file" and import the downloaded Up2Date package. After a successful upload click "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System Administrator will receive a notification email once the Up2Date process has finished successfully.

To install Astaro Security Linux, you need the installation ISO image, available on our download page.

Astaro Security Linux 4.017 (new V4 ISO)

Markus Hennig — Tue, 02 Dec 2003 09:02:28 +0000

This is the fourth V4 ISO: asl-4.017.
It includes the released V4-Up2Dates 4.001-4.016 and some new features and bugfixes. An Up2Date 4.017 for Astaro Security Linux Version 4.016 is already released.

Remarks

This new ISO adds a new 30days trial license with all features enabled.

New/Changed/Improved

New kernel for supporting new hardware
Fixed kernel vulnerability (CAN-2003-0961)

Bugfix

(please refer to the known issue list on http://docs.astaro.org)
ID718 USB keyboards may not work after installation
ID655 Portscan Notification not working

Astaro Security Linux V4 is a free update to all users current in their Up2Date services.

For pricing information please contact:

Europe/Asia Pacific: sales@astaro.com
America's: salesus@astaro.com

To update to V4 please use the backup feature to save your configuration, load the V4 CD and then restore the backup file. All configurations will be transferred, but please review the settings carefully especially if using V3.3 (Beta) backup files.

Related documents:

Hardware compatibility list
Known Issues
Manual (English Deutsch)
Datasheets

Software ist available for free download at our HTTP and FTP server:

HTTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror

asl-4.017.iso.gz
size: 121,974,682 Bytes
md5sum: 750b222c5b7d6ecd9a4fc2c6c7515742

asl-4.017.iso
size: 284,655,616 Bytes
md5sum: 3e6a546a64edb497de6624ca20e0b5c2

Astaro Security Linux 4.016 (new V4 ISO)

Markus Hennig — Wed, 22 Oct 2003 15:26:48 +0000

This is the third V4 ISO: asl-4.016.
It includes the released V4-Up2Dates 4.001-4.015 and some new features and bugfixes. An Up2Date 4.016 for Astaro Security Linux Version 4.015 will be released within next 20 days.

Remarks

This new ISO adds a new 30days trial license with all features enabled.

New/Changed/Improved

New kernel for supporting new hardware
Extended PCMCIA card support (Prism 2/2.5/3) for WLAN
Added more ACPI functions - ASL will power off after a shutdown
Added DMA support for speeding up newer harddisks

Bugfix

(please refer to the known issue list on http://docs.astaro.org)
ID690 Only Prism 2 PCMCIA cards supported
ID676 LDAP Base DN is deleted when creating a new user
ID672 Forward to postmaster does not work for virus-emails
ID625 DMA mode for harddisks not available
ID603 PPTP sessions through ASL may fail with error 619
ID598 Incoming PPTP connections may fail

Astaro Security Linux V4 is a free update to all users current in their Up2Date services.

For pricing information please contact:

Europe/Asia Pacific: sales@astaro.com
America's: salesus@astaro.com

Related documents:

Hardware compatibility list
Known Issues
Manual (English Deutsch)
Datasheets

Software ist available for free download at our HTTP and FTP server:

HTTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror

asl-4.016.iso.gz
size: 121,719,134 Bytes
md5sum: b98b63dffb3d65e31b8659561ae21bbf

asl-4.016.iso
size: 284,590,080 Bytes
md5sum: 3e1e27739375f6565a9033a7fc766ba5

[High] Sun Cobalt Up2Date 2.034

Markus Hennig — Wed, 17 Sep 2003 00:11:51 +0000

Urgency: HIGH (low, Middle, HIGH)
Size: 0.3 MB (323,895 Bytes)

Remarks

Required previous version is 2.033
Existing configuration will not be changed
sshd will be restarted

Bugfix

sshd vulnerability CAN-2003-0693 fixed

Download Information

All Up2Dates are GNUPG-signed! The Astaro Up2Date technology makes it easy to upgrade your installed Astaro Security Linux to the latest version. To apply an Up2Date package to the system:

Log on to WebAdmin, navigate to "System -> Up2Date Service" and start a "Update now" in "System Up2Date. An extra browser window will show the progress of the Up2Date process and the System Administrator will receive a notification email once the Up2Date process has finished successfully.

To install Astaro Security Linux, you need the installation ISO image, available on our download page.

[High] Up2Date 2.034

Markus Hennig — Wed, 17 Sep 2003 00:12:04 +0000

Urgency: HIGH (low, Middle, HIGH)
Size: 0.3 MB (323,895 Bytes)

Remarks

Required previous version is 2.033
Existing configuration will not be changed
sshd will be restarted

Bugfix

sshd vulnerability CAN-2003-0693 fixed

Download Information

All Up2Dates are GNUPG-signed! The Astaro Up2Date technology makes it easy to upgrade your installed Astaro Security Linux to the latest version. To apply an Up2Date package to the system:

Log on to WebAdmin, navigate to "System -> Up2Date Service" and start a "Update now" in "System Up2Date. An extra browser window will show the progress of the Up2Date process and the System Administrator will receive a notification email once the Up2Date process has finished successfully.

To install Astaro Security Linux, you need the installation ISO image, available on our download page.

[High] Sun Cobalt Up2Date 2.035

Markus Hennig — Wed, 17 Sep 2003 19:33:11 +0000

Urgency: HIGH (low, Middle, HIGH)
Size: 0.3 MB (327,205 Bytes)

Remarks

Required previous version is 2.034
Existing configuration will not be changed
sshd will be restarted

Bugfix

second sshd vulnerability CAN-2003-0693 fixed

Download Information

All Up2Dates are GNUPG-signed! The Astaro Up2Date technology makes it easy to upgrade your installed Astaro Security Linux to the latest version.
To apply an Up2Date package to the system:

Log on to WebAdmin, navigate to "System -> Up2Date Service" and start a "Update now" in "System Up2Date. An extra browser window will show the progress of the Up2Date process and the System Administrator will receive a notification email once the Up2Date process has finished successfully.

To install Astaro Security Linux, you need the installation ISO image, available on our download page.

[High] Up2Date 2.035

Markus Hennig — Wed, 17 Sep 2003 19:36:43 +0000

Urgency: HIGH (low, Middle, HIGH)
Size: 0.3 MB (327,205 Bytes)

Remarks

Required previous version is 2.034
Existing configuration will not be changed
sshd will be restarted

Bugfix

Second sshd vulnerability CAN-2003-0693 fixed

Download Information

All Up2Dates are GNUPG-signed! The Astaro Up2Date technology makes it easy to upgrade your installed Astaro Security Linux to the latest version. To apply an Up2Date package to the system:

Log on to WebAdmin, navigate to "System -> Up2Date Service" and start a "Update now" in "System Up2Date. An extra browser window will show the progress of the Up2Date process and the System Administrator will receive a notification email once the Up2Date process has finished successfully.

To install Astaro Security Linux, you need the installation ISO image, available on our download page.

[High] Up2Date 3.221

Markus Hennig — Wed, 17 Sep 2003 19:39:58 +0000

Urgency: HIGH (low, Middle, HIGH)
Size: 0.3MB (334,876 bytes)
md5sum: c761bd29843e76b4ed05780419623ff0

Remarks

Required previous version is 3.220
Existing configuration will not be changed
sshd will be restarted

Bugfix

econd sshd vulnerability CAN-2003-0693 fixed

Download Information

Log on to WebAdmin, navigate to "System -> Up2Date Service" and start a "Update now" in "System Up2Date. An extra browser window will show the progress of the Up2Date process and the System Administrator will receive a notification email once the Up2Date process has finished successfully.
Log on to WebAdmin, navigate to "System -> Up2Date Service" and enable "Prefetch Up2dates". The System Administrator will receive a Notification email after an Up2Date package has been succesfully fetched and can install the Up2Date by clicking "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server:
HTTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
Log on to WebAdmin, navigate to "System -> Up2Date Service", start "Import from file" and import the downloaded Up2Date package. After a successful upload click "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System Administrator will receive a notification email once the Up2Date process has finished successfully.

To install Astaro Security Linux, you need the installation ISO image, available on our download page.

[High] Up2Date 4.015

Markus Hennig — Wed, 17 Sep 2003 19:48:07 +0000

Urgency: HIGH (low, Middle, HIGH)
Size: 0.3MB (334,782 bytes)
md5sum: 3ee81135781c7ad4ef85a82568966653

Remarks

Required previous version is 4.014
Existing configuration will not be changed
sshd will be restarted

Bugfix

(please refer to the known issue list on http://docs.astaro.org)
second sshd vulnerability CAN-2003-0693 fixed

Download Information

Log on to WebAdmin, navigate to "System -> Up2Date Service" and start a "Update now" in "System Up2Date. An extra browser window will show the progress of the Up2Date process and the System Administrator will receive a notification email once the Up2Date process has finished successfully.
Log on to WebAdmin, navigate to "System -> Up2Date Service" and enable "Prefetch Up2dates". The System Administrator will receive a Notification email after an Up2Date package has been succesfully fetched and can install the Up2Date by clicking "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server:
HTTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
Log on to WebAdmin, navigate to "System -> Up2Date Service", start "Import from file" and import the downloaded Up2Date package. After a successful upload click "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System Administrator will receive a notification email once the Up2Date process has finished successfully.

To install Astaro Security Linux, you need the installation ISO image, available on our download page.

[High] Up2Date 3.220

Markus Hennig — Tue, 16 Sep 2003 22:35:20 +0000

Urgency: HIGH (low, Middle, HIGH)
Size: 0.3MB (330,226 bytes)
md5sum: 799478603dad1bd8240f8d03b3d73789

Remarks

Required previous version is 3.219
Existing configuration will not be changed
sshd will be restarted

Bugfix

sshd vulnerability CAN-2003-0693 fixed

Download Information

Log on to WebAdmin, navigate to "System -> Up2Date Service" and start a "Update now" in "System Up2Date. An extra browser window will show the progress of the Up2Date process and the System Administrator will receive a notification email once the Up2Date process has finished successfully.
Log on to WebAdmin, navigate to "System -> Up2Date Service" and enable "Prefetch Up2dates". The System Administrator will receive a Notification email after an Up2Date package has been succesfully fetched and can install the Up2Date by clicking "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server:
HTTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
Log on to WebAdmin, navigate to "System -> Up2Date Service", start "Import from file" and import the downloaded Up2Date package. After a successful upload click "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System Administrator will receive a notification email once the Up2Date process has finished successfully.

To install Astaro Security Linux, you need the installation ISO image, available on our download page.

[High] Up2Date 4.014

Markus Hennig — Tue, 16 Sep 2003 22:40:06 +0000

Urgency: HIGH (low, Middle, HIGH)
Size: 0.3MB (330,258 bytes)
md5sum: 08661dcd6424802c051972ec8c69b252

Remarks

Required previous version is 4.013
Existing configuration will not be changed
sshd will be restarted

Bugfix

(please refer to the known issue list on http://docs.astaro.org)
sshd vulnerability CAN-2003-0693 fixed

Download Information

Log on to WebAdmin, navigate to "System -> Up2Date Service" and start a "Update now" in "System Up2Date. An extra browser window will show the progress of the Up2Date process and the System Administrator will receive a notification email once the Up2Date process has finished successfully.
Log on to WebAdmin, navigate to "System -> Up2Date Service" and enable "Prefetch Up2dates". The System Administrator will receive a Notification email after an Up2Date package has been succesfully fetched and can install the Up2Date by clicking "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server:
HTTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
Log on to WebAdmin, navigate to "System -> Up2Date Service", start "Import from file" and import the downloaded Up2Date package. After a successful upload click "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System Administrator will receive a notification email once the Up2Date process has finished successfully.

To install Astaro Security Linux, you need the installation ISO image, available on our download page.

[Middle] Up2Date 4.013

Markus Hennig — Tue, 16 Sep 2003 19:50:48 +0000

Urgency: Middle (low, Middle, HIGH)
Size: 2MB (2,002,059 bytes)
md5sum: 92dec17c59b45b2f13185630d8a2d57f

Remarks

Required previous version is 4.012
Existing configuration will not be changed
Active IP and VPN connections will not be restarted
HTTP and SMTP proxy will be restarted

New/Changed/Improved

Fixed minor security hole in exim (smtp relay)
Improved SurfProtection to scan images as well
Added NICs with Realtek 8139too chipset to HA linkbeat check

Bugfix

(please refer to the known issue list on http://docs.astaro.org)
ID548 Webbugfinder for HTTP proxy not working
ID471 HA Master does not broadcast its ARP address after takeover

Download Information

Log on to WebAdmin, navigate to "System -> Up2Date Service" and start a "Update now" in "System Up2Date. An extra browser window will show the progress of the Up2Date process and the System Administrator will receive a notification email once the Up2Date process has finished successfully.
Log on to WebAdmin, navigate to "System -> Up2Date Service" and enable "Prefetch Up2dates". The System Administrator will receive a Notification email after an Up2Date package has been succesfully fetched and can install the Up2Date by clicking "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server:
HTTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
Log on to WebAdmin, navigate to "System -> Up2Date Service", start "Import from file" and import the downloaded Up2Date package. After a successful upload click "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System Administrator will receive a notification email once the Up2Date process has finished successfully.

To install Astaro Security Linux, you need the installation ISO image, available on our download page.

[Low] Up2Date 4.012

Markus Hennig — Mon, 01 Sep 2003 20:46:05 +0000

Urgency: low (low, Middle, HIGH)
Size: 0.1MB (3836 bytes)
md5sum: b7e2b0a1c398d9d370fc6609ecfda95f

Remarks

Required previous version is 4.011
Existing configuration will not be changed
Active IP and VPN connections will be restarted
MiddleWare will be restarted

Bugfix

(please refer to the known issue list on http://docs.astaro.org)
588 SMTP subdomains may get routed to the wrong server

Download Information

Log on to WebAdmin, navigate to "System -> Up2Date Service" and start a "Update now" in "System Up2Date. An extra browser window will show the progress of the Up2Date process and the System Administrator will receive a notification email once the Up2Date process has finished successfully.
Log on to WebAdmin, navigate to "System -> Up2Date Service" and enable "Prefetch Up2dates". The System Administrator will receive a Notification email after an Up2Date package has been succesfully fetched and can install the Up2Date by clicking "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server:
HTTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
Log on to WebAdmin, navigate to "System -> Up2Date Service", start "Import from file" and import the downloaded Up2Date package. After a successful upload click "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System Administrator will receive a notification email once the Up2Date process has finished successfully.

To install Astaro Security Linux, you need the installation ISO image, available on our download page.

[Middle] Up2Date 4.011

Markus Hennig — Fri, 29 Aug 2003 20:58:18 +0000

Urgency: Middle (low, Middle, HIGH)
Size: 3.9MB (3,980,951 bytes)
md5sum: b3416957f208e34c85fbea72b8289e4e

Remarks

Required previous version is 4.010
Existing configuration will not be changed
Active IP and VPN connections will be restarted
MiddleWare will be restarted
WebAdmin will be restarted

New/Changed/Improved

Added LOGACCEPT to packetfiltering
Added year support for logfiles

Bugfix

(please refer to the known issue list on http://docs.astaro.org)
402 After importing a backup, WebAdmin port is not changed
426 Autofilter doesn't work at all when authenticating with PSK
479 Iptables rules / DNSproxy settings conflict when proxy disabled
491 PPTP Daemon connections limited to 100
572 Some POP3 clients do not wait for connection to terminate

Download Information

Log on to WebAdmin, navigate to "System -> Up2Date Service" and start a "Update now" in "System Up2Date. An extra browser window will show the progress of the Up2Date process and the System Administrator will receive a notification email once the Up2Date process has finished successfully.
Log on to WebAdmin, navigate to "System -> Up2Date Service" and enable "Prefetch Up2dates". The System Administrator will receive a Notification email after an Up2Date package has been succesfully fetched and can install the Up2Date by clicking "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server:
HTTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
Log on to WebAdmin, navigate to "System -> Up2Date Service", start "Import from file" and import the downloaded Up2Date package. After a successful upload click "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System Administrator will receive a notification email once the Up2Date process has finished successfully.

To install Astaro Security Linux, you need the installation ISO image, available on our download page.

[Middle] Up2Date 4.010

Markus Hennig — Mon, 11 Aug 2003 21:28:59 +0000

Urgency: Middle (low, Middle, HIGH)
Size: 8.9MB (9,305,313 bytes)
md5sum: 98a9064614ab74e52bb16a58d4a644d9

Remarks

Required previous version is 4.009
Existing configuration will not be changed
Active IP and VPN connections will be restarted
MiddleWare will be restarted
WebAdmin will be restarted

New/Changed/Improved

Added new SMTP Features (MIME Error Checking, Global Whitelist,
Auth for Smarthost, Antispam config options)

Bugfix

(please refer to the known issue list on http://docs.astaro.org)
ID414 o 4.000 Port 25 always open, even if no incoming domains are defined
ID476 o 4.000 A huge amount of mails in the queue won't be deleted
ID507 o 4.000 TLS-Cert for SMTP Proxy not recreated on special action
ID523 o 4.009 POP3 Proxy does not log to syslog / logfiles
ID524 o 4.008 Some of the timezones are not working properly
ID544 o 4.008 Internal Server Error may appear after restarting WebAdmin

Download Information

Log on to WebAdmin, navigate to "System -> Up2Date Service" and start a "Update now" in "System Up2Date. An extra browser window will show the progress of the Up2Date process and the System Administrator will receive a notification email once the Up2Date process has finished successfully.
Log on to WebAdmin, navigate to "System -> Up2Date Service" and enable "Prefetch Up2dates". The System Administrator will receive a Notification email after an Up2Date package has been succesfully fetched and can install the Up2Date by clicking "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server:
HTTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
Log on to WebAdmin, navigate to "System -> Up2Date Service", start "Import from file" and import the downloaded Up2Date package. After a successful upload click "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System Administrator will receive a notification email once the Up2Date process has finished successfully.

To install Astaro Security Linux, you need the installation ISO image, available on our download page.

Migration Package ASL 3.219 -> 4.008

Markus Hennig — Wed, 02 Jul 2003 12:31:00 +0000

The Migration Package for upgrading Astaro Security Linux 3.2X to V4 is available for download. We strongly recommend an installation with an Astaro Security Linux 4.0 Installation CD!

If this is not possible, please check the hardware compatibility list on docs.astaro.org before starting. Some (rare) hardware supported on ASL 3.2 will not be supported on ASL 4.0.
In then case you use a SCSI RAID controller, please contact support first.

Please enable WebAdmin access ('System->Settings') temporary from "ANY" because of the unfrequently case that the numbering of network cards will change. Please reset the WebAdmin access settings after a successful migartion to your needs.

After starting migration there is no way back! Your configuration will be converted to ASL 4.0, but all reports and logs will be deleted. A migration takes up to 20 minutes and includes four automatically reboots.

Please make sure you have a pure Astaro version of ASL (Astaro Logos, grey background,..) before starting the migration process with the files provided. In other cases please contact your vendor or Astaro support.

The following 10 files are required for a migration from ASL 3.219 to 4.008:

chunk.md5 387 bytes
chunk.aa 10.485.760 bytes
chunk.ab 10.485.760 bytes
chunk.ac 10.485.760 bytes
chunk.ad 10.485.760 bytes
chunk.ae 10.485.760 bytes
chunk.af 10.485.760 bytes
chunk.ag 10.485.760 bytes
chunk.ah 10.485.760 bytes
chunk.ai 8.007.680 bytes

They are avialabe on our FTP/HTTP servers and the mirrors:

HTTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
The MD5-sums of the migration package files will be checked while the upload to the WebAdmin.

[Middle] Up2Date 4.009

Markus Hennig — Tue, 01 Jul 2003 14:05:15 +0000

Urgency: Middle (low, Middle, HIGH)
Size: 4.2MB (4,276,358 bytes)
md5sum: 51559e81ea27037fdba2fae64f9d7806

Remarks

Required previous version is 4.008
Existing configuration will not be changed
Active IP and VPN connections will be restarted
MiddleWare will be restarted

New/Changed/Improved

Improved performance for POP3 and SMTP AntiVirus scanning

Bugfix

(please refer to the known issue list on http://docs.astaro.org)
ID475 POP3 extension filter matches whole filenames
ID447 POP3 Proxy ignores selected network groups

Download Information

Log on to WebAdmin, navigate to "System -> Up2Date Service" and start a "Update now" in "System Up2Date. An extra browser window will show the progress of the Up2Date process and the System Administrator will receive a notification email once the Up2Date process has finished successfully.
Log on to WebAdmin, navigate to "System -> Up2Date Service" and enable "Prefetch Up2dates". The System Administrator will receive a Notification email after an Up2Date package has been succesfully fetched and can install the Up2Date by clicking "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server:
HTTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
Log on to WebAdmin, navigate to "System -> Up2Date Service", start "Import from file" and import the downloaded Up2Date package. After a successful upload click "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System Administrator will receive a notification email once the Up2Date process has finished successfully.

To install Astaro Security Linux, you need the installation ISO image, available on our download page.

[Low] Up2Date 3.219

Markus Hennig — Mon, 30 Jun 2003 17:07:02 +0000

Urgency: low (low, Middle, HIGH)
Size: 3.9MB (3,903,673 bytes)
md5sum: 27a33ef1d3b48170e0a3f8590f8d2ef4

Remarks

Required previous version is 3.218
Existing configuration will not be changed

New/Changed/Improved

V4 Upgrade functionality added in System->Up2Date

Download Information

Log on to WebAdmin, navigate to "System -> Up2Date Service" and start a "Update now" in "System Up2Date. An extra browser window will show the progress of the Up2Date process and the System Administrator will receive a notification email once the Up2Date process has finished successfully.
Log on to WebAdmin, navigate to "System -> Up2Date Service" and enable "Prefetch Up2dates". The System Administrator will receive a Notification email after an Up2Date package has been succesfully fetched and can install the Up2Date by clicking "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server:
HTTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
Log on to WebAdmin, navigate to "System -> Up2Date Service", start "Import from file" and import the downloaded Up2Date package. After a successful upload click "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System Administrator will receive a notification email once the Up2Date process has finished successfully.

To install Astaro Security Linux, you need the installation ISO image, available on our download page.

[High] Up2Date 4.008

Markus Hennig — Mon, 23 Jun 2003 14:36:51 +0000

Urgency: HIGH (low, Middle, HIGH)
Size: 11MB (11,611,628 bytes)
md5sum: 8764ffe4179490fd57e91ced8becede4

Remarks

Required previous version is 4.007
Existing configuration will not be changed
Firewall will reboot with a new kernel
!!! Attention !!! Firewall will reboot !!! ATTENTION !!!

New/Changed/Improved

This Up2Date adds support for AMD K6, Intel P1 and VIA C3 CPUs as well as modern boards with dual-CPU support and interrupt controller programming (APIC). It also updates all occurrences of glibc (security fix). The new Linux kernel includes the security routing-cache-hash and TCP/IP fragment reassembly handling patch, the tty expolit patch, an ext3 bugfix, new modules for PPTP, drivers for NICs, support for the Toshiba-LCD and support for Compaq SmartArray 5 and Adaptec I2O RAID. The Pyramid LCD with enabled keyboard is supported. A new exim (SMTP-Proxy) is for a small AV-interaction bugfix also included.

Bugfix

(please refer to the known issue list on http://docs.astaro.org)
375 sundance.o does not work with newer D-Link580TX
389 Network adapters with class 0x0280 will be not recognized
394 Compaq Smart Array 431 not recognized
415 POP3: default setting ANY-ANY leads to reachable port 8110 from outside
420 missing /dev/sr* in the initrd (SCSI-CDROM for installation)
451 Accounting daemon not running messages
494 Wrong settings in backupdata for email intervall

Download Information

Log on to WebAdmin, navigate to "System -> Up2Date Service" and start a "Update now" in "System Up2Date. An extra browser window will show the progress of the Up2Date process and the System Administrator will receive a notification email once the Up2Date process has finished successfully.
Log on to WebAdmin, navigate to "System -> Up2Date Service" and enable "Prefetch Up2dates". The System Administrator will receive a Notification email after an Up2Date package has been succesfully fetched and can install the Up2Date by clicking "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server:
HTTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
Log on to WebAdmin, navigate to "System -> Up2Date Service", start "Import from file" and import the downloaded Up2Date package. After a successful upload click "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System Administrator will receive a notification email once the Up2Date process has finished successfully.

To install Astaro Security Linux, you need the installation ISO image, available on our download page.

Astaro Security Linux 4.008 (new V4 ISO)

Markus Hennig — Tue, 10 Jun 2003 22:18:22 +0000

This is the second V4 ISO: asl-4.008.
It includes the released V4-Up2Dates 4.001-4.007 and some new features and bugfixes.

Remarks

This ISO adds support for AMD K6, Intel P1 and VIA C3 CPUs as well as modern boards with dual-CPU support and interrupt controller programming (APIC). It also updates all occurrences of glibc (security fix).

New/Changed/Improved

The new Linux kernel includes the security routing-cache-hash and TCP/IP fragment reassembly handling patch, the tty expolit patch, an ext3 bugfix, new modules for PPTP, drivers for NICs, support for the Toshiba-LCD and support for Compaq SmartArray 5 and Adaptec I2O RAID. The Pyramid LCD with enabled keyboard is supported. A new exim (SMTP-Proxy) is for a small AV-interaction bugfix also included.

We will use this ISO to build the 3.2->V4 Migration Package and the Up2Date 4.008 for existing 4.007 installations.

Bugfix

Astaro Security Linux V4 is a free update to all users current in their Up2Date services.

For pricing information please contact:

Europe/Asia Pacific sales@astaro.com
America's salesus@astaro.com

Related documents:

Hardware compatibility list
Known Issues
Manual (English Deutsch)
Flyer (English Deutsch)

Software ist available for free download at our HTTP and FTP server:

HTTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror

asl-4.008.iso.gz
size: 102,293,279 Bytes
md5sum : d2b6d5e20380c084cce8a06a5f3f9a5a

asl-4.008.iso
size: 259,246,080 Bytes
md5sum: 9527df7881f98f7b5745f4f7181336b9

[Low] Up2Date 4.007

Markus Hennig — Tue, 27 May 2003 22:12:54 +0000

Urgency: low (low, Middle, HIGH)
Size: 1.5MB (1,585,848 bytes)
md5sum: f7f068d21bb2ed17ba25df90b770d258

Remarks

Required previous version is 4.006
Existing configuration will not be changed
WebAdmin will be restarted - connection will be lost

Bugfix

(please refer to the known issue list on http://docs.astaro.org)
ID481 WebAdmin does not allow to enter an initial virtual IP

Download Information

Log on to WebAdmin, navigate to "System -> Up2Date Service" and start a "Update now" in "System Up2Date. An extra browser window will show the progress of the Up2Date process and the System Administrator will receive a notification email once the Up2Date process has finished successfully.
Log on to WebAdmin, navigate to "System -> Up2Date Service" and enable "Prefetch Up2dates". The System Administrator will receive a Notification email after an Up2Date package has been succesfully fetched and can install the Up2Date by clicking "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server:
HTTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
Log on to WebAdmin, navigate to "System -> Up2Date Service", start "Import from file" and import the downloaded Up2Date package. After a successful upload click "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System Administrator will receive a notification email once the Up2Date process has finished successfully.

To install Astaro Security Linux, you need the installation ISO image, available on our download page.

[Middle] Up2Date 4.006

Markus Hennig — Fri, 09 May 2003 15:15:44 +0000

Urgency: Middle (low, Middle, HIGH)
Size: 0.2MB (197,288 bytes)
md5sum: a4c2cf0a960e5cee3d49550d6976c859

Remarks

Required previous version is 4.005
Existing configuration will not be changed
HTTP proxy will be restarted
POP3 proxy will be restarted

Bugfix

(please refer to the known issue list on http://docs.astaro.org)
ID467 POP3 proxy fills up partition with large attachments
ID478 HTTPS connections via HTTP proxy may be very slow

Download Information

Log on to WebAdmin, navigate to "System -> Up2Date Service" and start a "Update now" in "System Up2Date. An extra browser window will show the progress of the Up2Date process and the System Administrator will receive a notification email once the Up2Date process has finished successfully.
Log on to WebAdmin, navigate to "System -> Up2Date Service" and enable "Prefetch Up2dates". The System Administrator will receive a Notification email after an Up2Date package has been succesfully fetched and can install the Up2Date by clicking "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System administrator will receive a notification email once the Up2Date process has finished successfully.
Download the Up2Date package from our HTTP or FTP Server:
HTTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
FTP: Astaro US - Astaro Germany - Australian Mirror - Austria Mirror - Japanese Mirror
Log on to WebAdmin, navigate to "System -> Up2Date Service", start "Import from file" and import the downloaded Up2Date package. After a successful upload click "[install]" on the now available menu item "Unapplied Up2Dates". An extra browser window will show the progress of the Up2Date installation and the System Administrator will receive a notification email once the Up2Date process has finished successfully.

To install Astaro Security Linux, you need the installation ISO image, available on our download page.

Astaro Blog Feed

Astaro Security Gateway V7 End-of-Life Reminder

You, Us, and the Amazon Cloud

Up2Date 8.302 Released

Create your malware monster: And the winners are...

Complete Security Buzz at CeBIT 2012

The Sophos-Astaro Roadshow 2012

Recognized as a Leader in 2012 Magic Quadrant for UTM by Gartner

Sophos UTM 9 Public Beta Begins

SC Top Rating for Astaro Security Gateway

Up2Date 8.301 Released

Bringing in the white!

Astaro Command Center V3.002 Released

Are Wireless Access Points part of your network?

Who can help your business offer secure wireless?

Astaro Command Center V3.001 Released

Create your own Lego Malware monster and win a Nintendo DSi!

Evolution of online attacks mirrors the history of advertising

Astaro Security Gateway V8.300 Released

Five Security Resolutions for 2012

Konnichiwa! - Japanese Website Available

RED – How to connect your remote location in less than 2 minutes?

ASG Up2Date 8.203 Released

National Cyber Security Awareness Month Contest Winners

Your IT-land needs you!

More Air Traffic Control For Your Network with the Sophos AP50

Astaro Security Gateway V8.2 Competition Results

Hacktivism: How to stay one step ahead of this troublesome trend

Astaro Security Gateway Public Beta 8.300

Making sense of log management

Astaro enters Cloud Security Alliance

A new internet threat every 4.5 seconds

Astaro Command Center V3.0 Released

it-sa 2011: Astaro exhibits at IT security fair

Astaro pillars GITEX Technology Week

Astaro Security Gateway Up2Date 8.202 Released

More Astaro Security Gateway Tips & Tricks!

Astaro celebrates Cyber Security Awareness Month

3 reasons that make mail archiving a priority

ASG Up2Date 8.201 Released

New Website Languages Available!

Astaro Supports Charity in Friendly Soccer Tournament

Astaro’s Regina Vignone Recognized as One of the Top Women of the Channel

Successful Completion of MSPAlliance Vendor Accreditation Program

Astaro Security Gateway Version 8.200 Released

Common Criteria certificate presented by Mr. Michael Hange, president of the BSI

Astaro actively supports underprivileged children

ASG Up2Date 7.511 Released

Sophos Broadens Security Portfolio with Completion of Astaro Acquisition

Astaro Partner Roadshow 2011 – again a great success!

Worldwide IPv6 Day – Business As Usual for the Astaro Security Gateway

For all those who still want to test their IPv6 readiness: Here is a short guide on how to enable IPv6 on your Astaro Security Gateway.

Goodbye to an Uncommon Security Professional

Telemedicine and improving patient care

Astaro Supports Roparun 2011

Up2Date 8.103 Released

Hacking at the highest level of excellence

Demystifying Cloud Computing

Sophos to Acquire Astaro to Meet Demand for Complete, Layered Security Protection

Our EMEA Headquarter Location Has Moved!

Introducing the New Pacific Australia Dream Team

Revision 4 of the Astaro Security Gateway 110-120 Available

InterOp Conference 2011 is back

ComputerWorld Singapore Security Summit 2011 (A post-event report)

Upcoming Event: AusCERT 2011

Social media marketing tips for VARs

Celebrate the Mail Archiving iPhone App and join our contest!

6th Annual 2011 Hot Companies and Best Products Awards

6 Tips on How To Make Your Wireless Networks Unbreakable

Do you really understand cloud computing?

Astaro Log Management in Beta Status

Getting the most out of your vendor relationship

Review: Astaro at CeBIT 2011

RSA Summary and Coverage

Astaro Awarded 5 Stars by SC Magazine for Web Content Filtering

Up2Date 7.510 Released

Better Archive Your E-Mails – Because E-Mail Outages Do Happen!

iPhone App for Astaro Mail Archiving – now available

Astaro at CeBIT 2011 - Three new product previews

Security Pattern Updates

For all those who still want to test their IPv6 readiness:
Here is a short guide on how to enable IPv6 on your Astaro Security Gateway.