Deerfield > Support > WinRoute Firewall > Release Notes

Kerio Control

+ Added feature
* Improved/changed feature
- Bug fixed

Version 7.3.3 — April 12, 2012

+ VPN Client can now use VPN as a default route (based on VPN Server configuration, both VPN Client and VPN Server must run version 7.3.1 or newer)
* Computer connected through Kerio VPN now prefers DNS server accessible through the VPN instead of the local one.
- Fixed: Routing problems with VPN (both clients and tunnels) when multiple Internet connections are used
* IPv6 connection logging can now be enabled/disabled in Security Settings
- Fixed: Connection going through NAT could be dropped under certain circumstances
- Fixed: Configuring autologin from Firewall for one user can lead to autologin configuration reset for another user (if Address Group was used)
- Fixed: Fixed: Administration Console: some DHCP options (option 21, option 33) were not saved
- Fixed: Dial-up/Hang-up RAS scripts were not executed
- Fixed: Policy routing did not work for Firewall host
- Fixed: IGMP multicasts were dropped and reported as Malformed packets
- Fixed: Bandwidth Management default rule matched IPv6 traffic
- Fixed: Several minor design issues in StaR email reports
- Fixed: Kerio Control Administration: custom route description was mandatory
- Fixed: Support incident cannot be opened for registered trial
- Fixed: Kerio Control Administration: auto refresh did not work in Active Hosts -> Connections
- Fixed: Administration Console: several minor bugs

Version 7.3.0 — November 8, 2011

* Kerio Web Filter server address changed
* All Windows drivers are now WHQL signed
* HTTP keywords filtering performance significantly improved
- Fixed: Automatic update did not work (product, antivirus, IPS)
- Fixed: Dial-in adapter did not work
- Fixed: IPv6 fragmented packets are not handled correctly and are dropped
- Fixed: outgoing IPv6 packets were not accounted into statistics
- Fixed: it was not possible to uninstall Linux VPN Client
- Fixed: valid ICMPv6 Packet Too Big packet was dropped under certain circumstances 4

Version 7.2 — May 24, 2011

+ StaR email reports
+ Basic IPv6 support
+ Daily IPS Blacklists updates
* Speed and stability of Kerio Control Administration has been improved with smart caching of data and resources
* Possibility to Suggest Idea to Kerio Technologies from the product
* Voluntary usage statistics gathering
* Web Filter categories can be reviewed in list of URL Rules in Kerio Control Administration
* Yandex added to list of search engines (StaR and HTTP policy)
+ CIDR notation can be used to specify network mask in Kerio Control Administration
* Kerio Control Administration suggests optimum values for some items, e.g. network masks
* Comma and space are converted to a delimiter while entered in field for IP address or mask in Kerio Control Administration
* Kerio Control Administration displays warning if Kerio Control runs on a computer with RAM size not meeting system requirements
* Connection log used to display DNS names if available IP addresses otherwise. Now the IP address is always displayed (together with the DNS name)
- Fixed: Several minor bugs in Microsoft Active Directory integration
- Fixed: Link Load Balancing can cause long HTTP session to expire
- Fixed: Antivirus scanning rules ignores URLs which begin with ’ftp://’
- Fixed: Server defined as IP:port was not handled properly in HTTP policy
- Fixed: Unable to login to Kerio Control Administration when primary domain is inaccessible and user account "Admin" is missing in local user database
- Fixed: Unable to open the administration interface from Kerio Control Monitor on Windows x64 platforms under certain circumstances
- Fixed: User name containing special characters is not displayed correctly in StaR
- Fixed: Deleted files are kept in the list of files until screen is refreshed in Clientless SSL-VPN
- Fixed: Direct SIP calls between two clients in Local network are reported as SIP VoIP in StaR
- Fixed: VPN Client: It was not possible to connect to VPN server defined by name with an underscore
- Fixed: Uninstallation could leave some files (upgrade backups) on disk
- Fixed: Error "(99) Socket error: Unable to bind socket for service" sometimes logged on firewall startup
- Fixed: Windows Firewall was not sometimes correctly stopped on Kerio Control engine startup
- Fixed: HTTP Protocol Inspector unnecessarily closed keepalive connection after HTTP 304 response had been received
- FTP over HTTP proxy: improved upload speed on high speed lines with high latency
- Improved error handling in configuration export/import
- Serial port removed from Parallels Virtual Appliance

Version 7.1.2 — April 28, 2011

* Support for Internet Explorer 9 has been added to Web administration
+ Support for Firefox 4.0 has been added to Web administration
+ Support for Firefox 3.0 has been dropped in Web administration
* Kerio VPN Client is now supported also on Debian 6.0
* Russian and Dutch localizations have been improved
+ Added ability to block IPv6 over IPv4 tunnels
- Fixed: Software and hardware appliance editions no longer performs SLAAC
- Fixed: Kerio Control Administration: Session was lost after saving changes (WebAssist with "-32000 Error")
- Fixed: Kerio Control Administration: WebAssist "config.useSsl" is null or not an object
- Fixed: Kerio Control Administration: Unable to export configuration including SSL certificate
- Fixed: Unable to perform downloads using FTP over proxy when link contained spaces or "+"
- Fixed: User who was logged in automatically by their IP address was never logged out
- Fixed: Kerio Control failed to authenticate Active Directory users with empty userPrincipalName
- Fixed: Some MAC addresses were not blocked by MAC Filter

Version 7.1.1 — March 3, 2011

* Web administration now remembers settings such as visibility, order, width of columns, and sorting in tables
* Performance of the web administration, namely when editing policies, has been improved
* Status screens such as Active Hosts now remember cursor position upon refresh. The page size has been increased too
* WINS automatic detection is now supported on Appliance and Box editions
* Direct editing of host file has been replaced by an ordinary editor
* Web Administration screens are successfully unmasked after loading data
* Weak RC4 cipher is now disabled in SSL
* DialUp interface is now dialed with default route if and only if it is in Internet group
* Improved detection of broken VPN data connection
* Appliance Edition, Box: VPN Server can now automatically detect WINS settings
* Appliance Edition, Box: It is now possible to join Windows Domain even with DNS forwarders set to both ISP and domain controller
- Fixed: HTTP Proxy slows down browsing significantly
- Fixed: NTP synchronization sometimes failed on engine startup
- Fixed: StaR failed to save statistics if any used user account had too long description with national characters in it
- Fixed: Automatic login settings were preserved from previously deleted user
- Fixed: Problems with Asus NX1101 network interface on 32-bit Windows
- Fixed: Packets on the Dial-In interface (used e.g. for PPTP connections) were dropped with the "3-way handshake not completed" error
- Fixed: POP3 inspector failed to process malformed messages causing the POP3 connection to restart
- Fixed: Proxy server doesn't generate links to parent folder on when browsing FTP server content
- Fixed: Kerio Control consumed 100% CPU on startup on Windows 7 x86 running on single core CPU
- Fixed: Mac OS X: VPN client connection does not pass any data due to incorrectly set broadcast address
- Fixed: Appliance Edition, Box: Joining domain failed if the domain controller address was entered manually
- Fixed: Appliance Edition, Box: It was not possible to join Kerio Control to Windows 2008 domain other than the forest root domain
- Fixed: Kerio Control created too many LDAP/Kerberos connections to the domain controller
- Fixed: Appliance Edition, Box: Control failed to join domain with too many domain controllers (due to truncated DNS response)
- Fixed: Upgrade sometimes failed due to incorrect location of the kwfdriver.sys file
- Fixed: Kerio Control did not work properly if it was installed in a path with national characters
- Fixed: Kerio Control sometimes failed to authenticate Active Directory user
- Fixed: Kerio Control Administration: it was possible to configure invalid port interval in IPS properties which caused that IPS engine failed to start
- Fixed: SSL-VPN failed to display network content - infinite 'Loading...'
- Fixed: Kerio Control Administration: Unable to use @ symbol in user name field when creating a PPPoE connection
- Fixed: Kerio Control Administration: Unable to set link bandwidth 0 in connectivity type Load balancing
- Fixed: Kerio Control Administration: Unable to use domain\user to authenticate on parent proxy host

Version 7.1.0 Patch 2 - December 21, 2010

- fixed handling of connections through the Dial-In interface (Windows)

Version 7.1.0 Patch 1 - December 20, 2010

- HTTP cache security vulnerability fixed

Version 7.1.0 - November 30, 2010

* Connectivity warnings will protect you before disconnecting from server while changing configuration
* Configuration assistant - most useful configuration tools at one place
* Connectivity and Traffic Policy can be configured easily with wizard
* Activation wizard will assist you to activate all purchased features
* Context help
* Interfaces and Policy rules can be configured easily using drag&drop
* Support for Parallels in virtual appliance
* System Health - overview and manage system resources
* System Tasks - restart/shutdown system (Appliance Edition only)
* Control 7.0 should be used to upgrade correctly from versions older than 6.7.0 final
* Kerio Control Administration - transition from Qt to web-based administration has been finished
* User can override MTU on Appliance Edition
* Advanced PPP parameters in Appliance Edition
* Possibility to edit server name on Windows has been restored
* Status of interfaces is updated repeatedly in Web Administration
* Links to export and import have been moved to the Configuration Assistant in Web Administration
* Background colors used in Policy screens have been improved in Web Administration
* After trial expiration, the product does not stop completely. It is possible to login and register a license or upload a license file.
* GUI completely localized to all supported languages
* ClamAV 0.94 and Visnetic antivirus plugins have been completely replaced by Sophos
* Redirection target in HTTP rule is now implicitly allowed by HTTP policy
* Dial on Demand is not supported in Appliance Edition
* Fixed: Redirection by HTTP Policy: implicitly allow redirection target
* Fixed: Kerio Control VMware Virtual Appliance hangs on 1st boot
* Fixed: Authentication against Windows 2008 Server R2 fail
* Fixed: UPnP multicast TTL problem on Windows with RRAS service enabled
* Fixed: Malformed UTF-8 characters with diacritics
* Fixed: Terminal server users cannot unlock URL rules, the Unlock button is missing
* Fixed: Web Filter: Potential security vulnerability
* Fixed: Timeout during network adapter installation (error 28201, result 0x800705B4)
* Fixed: Crash caused by improper handling of changed IP address group in configuration
* Fixed: Possible crash when exiting HTTP Proxy service
* Fixed: Some services are not started correctly when two NICs are bridged to the same physical interface in Appliance Edition
* Fixed: On some systems it is possible that Internet interface is treated as local/other interface
* Fixed: Several issues in Logs
* Fixed: Progress bar jumps semi-randomly when downloading Sophos updates
* Fixed: SSL secured interfaces cannot start when corrupted certificate/key pair is used
* Fixed: System Health: size of RAM bigger than 4GB displayed incorrectly
* Fixed: Problem with availability detection
* Fixed: DHCP server is able to assign obviously incorrect address
* Fixed: Sophos reported "Check failed" for PDF mail attachment
* Fixed: Editing rule name in traffic policy is unusably slow
* Fixed: design broken by new localizations
* Fixed: many minor issues

Version 7.0.2 - November 9, 2010

- Fixed: Appliance: User authentication against Microsoft Windows 2008 Server R2 can fail with error NT_STATUS_PIPE_DISCONNECTED
- Fixed: Appliance: Fragmented packets can get corrupted when forwarded between interfaces with different MTUs

Version 7.0.1 - August 4, 2010

+ VPN: Added workaround for devices with MTU fragmentation problems causing VPN dropouts (Zyxel ADSL modems)
- Fixed: IPS failed to load rules when installed in path with long filenames on filesystem with disabled 8.3 names creation (Windows Server 2008 R2)
+ Added support for intermediate SSL certificates
+ Re-added option to allow non-secure access to Web Interface
- Fixed: Dynamic DNS client could cause crash under certain circumstances
+ Software Appliance: Added support for Broadcom (R) NetXtreme II NICs
* Software Appliance: It is now possible to use '@' in username for PPPoE connection

Version 7.0.0 - June 1, 2010

+ New Intrusion Prevention System (IPS/IDS)
+ Added MAC Filter
+ Multiple IP addresses on an adapter
* License counting and policy changed
* Rebranding
+ DHCP scopes autoconfiguration (only available in the Kerio Control Administration web interface)
* McAfee Antivirus engine replaced by the new Sophos engine
+ VMware Virtual Appliance available in OVF format
+ Kerio Control Software Appliance: Added SCSI HDD drivers
+ Kerio Control Software Appliance: Added E100 network drivers
+ Kerio Control Software Appliance: Fixed 'winroute blocked for more than 120 seconds' error
+ Kerio Control Administration web interface: DHCP screen added
+ Kerio Control Administration web interface: Advanced Options screen added
+ Kerio Control Administration web interface: Logs viewer added
- Kerio Control Administration web interface: Fixed: Cannot set 0 MB/s as link bandwidth
- Kerio Control Administration web interface: Various design improvements and minor bug fixes
+ Kerio Administration Console: added link to WebFilter recategorization page
- Fixed: DNS forwarder does not work when WAN IP has been changed
- VPN Client for Mac: Fixed DNS problems on Snow Leopard
- VPN Client for Mac: Fixed: It was not possible to use some strong passwords
* Slovak localization was removed from administration interfaces
* Syslog: User cannot change Facility and Severity. These values are reset to Kerio defaults on upgrade. Check warning log after upgrade
* User cannot change paths to Control internal directories. These values are reset to Kerio defaults on upgrade. Check warning log after upgrade
* User cannot change paths to RAS before/after dial scripts. Kerio defined script names are used. Check warning log after upgrade
- Software Appliance: Fixed: Ctrl-C in Kerio Console can terminate Kerio Control
- Administration Console: Fixed: VPN IP Pool Dump crashes engine
- StaR: Fixed: Activity log was off by several hours in some time zones
- Fixed: Kerio Web Filter sometimes failed to categorize long URLs
- Fixed: NTLM authentication does not work if user name contains national characters
- Fixed: Random crash in login to Kerio Control Administration
- Added workaround in HTTP inspector for HTTP servers violating RFC by terminating headers with '0a 0a' (
- Fixed potential crash in communication with Domain Controller over LDAP
- Fixed potential memory corruption in HTTP protocol inspector
- Fixed: Kerio Control Software Appliance can crash if a lot of (20) IP addresses are configured on an interface
- Fixed: Kerio Control Software Appliance can crash if Safari browser authenticates using NTLM

Version 6.7.1 Patch 2 - March 9, 2010

- DNS did not work when VPN client ran on Mac OS X
- Software Appliance: Fixed: IP fragmentation now works correctly
- Fixed: Random crash in login to Administration web interface
- Fixed: Long URLs are now categorized by Kerio Web Filter
- Timezone database was updated
- Software Appliance: support for more network cards and hard drives was added
- Fixed: NTLM authentication works if user name contains national characters

Version 6.7.1 - November 3, 2009

+ Software Appliance / VMware Virtual Appliance Edition
+ Active Directory Domain Integration
+ Support for Microsoft Windows 7
+ Workaround added for devices with broken PPTP support

Version 6.7.0 Patch 1 - August 17, 2009

- Fixed issue with connection to Active Directory/LDAP

Version 6.7.0 - August 1, 2009

+ Web Administration (https://:4081/admin)
+ Configuration Export/Import
* ISS OrangeWeb Filter replaced by Kerio Web Filter
+ Mac OS X Snow Leopard preliminary support
+ Microsoft Windows 7 preliminary support

Version 6.6.0 - March 31, 2009

+ VPN client for Mac OS X and Linux
+ VPN client for Windows runs as a service (it is possible to have VPN established before login to Windows)
+ VPN server propagates WINS servers and DNS domain suffix to VPN client
+ VPN client now uses primary IP address on VPN adapter (improved Network Neighborhood browsing)
+ Added support for Eset NOD32 Antivirus 3.0/4.0
- Fixed CPU load peak every 3 seconds caused by DHCP renew on VPN adapter
* The Kerio VPN Client does not allow multiple concurrent VPN connections.
* The extended and the basic mode of the Kerio VPN Client have been merged.

Version 6.5 - September 9, 2008

New Features:
+ Link Load Balancing
+ Added languages: German, Italian, French, Dutch, Portuguese, Swedish, Polish, Hungarian, Croatian, Japanese, Chinese
+ Improved UPnP support, now compliant with Microsoft Internet Connectivity Evaluation Tool:
+ Web-based dial-up management (readded feature, removed in version 6.3)
+ Nesting of URL groups is now allowed
+ Kernel drivers are now WHQL-certified and digitally signed by Microsoft (no more warnings during installation)
+ AVG 8 Anti-virus support added

Version 6.4.0 - September 17, 2007

+ User activity logs in StaR
+ Printer ready version of StaR
+ Improved overall throughput performance NAT was made more traversal
+ friendly for VoIP applications Added support for popular dynamic DNS
+ services Added URL based web exclusions from StaR Added support for
+ weekly quotas Added possibility to select users' preferred language

Version 6.3.0 - March 29, 2007

Major new features:
+ Statistics and reporting (StaR)
* Improved overall performance
+ Support for 64 bit systems
+ Support for Windows Vista
* Improved P2P Eliminator

Version 6.2.3 - October 12, 2006

+ added support for Internet Explorer 7 to Kerio Clientless SSL-VPN
- fixed corruption of configuration file when incorrect MAC address was entered in DHCP server configuration (This caused further changes to configuration to be mysteriously lost after reboot.)
- fixed crash when a malformed DNS response is received
- fixed crash when more than 3 custom forward DNS servers were specified
- McAfee now works even if its subscription is expired (without updates though)
- further fixes to video streaming (Amazon Music Sampler)
- fixed malformed reverse DNS queries being incorrectly resolved to valid names
- fixed missing error messages on unresponsive WWW sites
- fixed "user transfer quota exceeded" alert being sent too often
- fixed NOD32 plugin not working for SSL-VPN file transfers

Version 6.2.2 - August 7, 2006

+ added TCP MSS altering to work around nonworking PMTU discovery due to blocked ICMP (this typically fixes nonworking HTTPS pages on PPPoE connections)
* Administration Console now remembers last view in IP Address Groups, DHCP Scopes and Leases, HTTP URL Groups, Time Ranges screens
* cache memory size configuration value has been removed (the best value is now auto-detected)
* the timeout for half-open TCP connections has been decreased
- fixed deadlock in UPnP service if an interface goes up or down
- in SSL-VPN downloaded files are now forced to be saved to disk instead of opened in IE
- fixed creating of huge antivirus temporary files even though size limit was configured
- fixed occasional WinRoute service crashes during system shutdown
- fixed crashing when loading user configuration where no user has administrative rights
- fixed opened Administration Console aborting normal system shutdown
- fixed problem with temporary files occasionally remained on disk after the antivirus scanning
- fixed a potential bug that antivirus process(es) won't start during WinRoute initialization
- fixed national characters handling in the administrative password dialog in the installation wizard
- fixed loading of web pages on nonstandard TCP ports when going through multiple proxies
- fixed nonworking CNN pipeline stream videos
- fixed possibility to remove some interface statistics for some interfaces
- fixed IP addresses for hostnames in the traffic policy not being updated often enough
- fixed old half-closed FTP connections through the firewall sometimes remaining open for very long times
- antivirus scanning failures are now logged into security log
- fixed client FTP connections not being correctly reset if virus was found during the transfer.
- fixed FTP inspector could parse certain (illegal) responses incorrectly causing the affected connection to hang
- fixed bandwidth limiter behaving incorrectly if the IP address group selected there was deleted
- fixed inability to send mail through certain rare servers if TLS transfers are denied by WinRoute
- fixed possible file corruption during antivirus scanning on chunked HTTP connections
- fixed nonworking quarantine storage of infected files found in FTP transfers
- fixed changes to the default SSL web interface TCP port of 4081 not being applied until restart of WinRoute
- user manually imported from AD now have their email addresses imported (affects only newly imported users)
- fixed file and folder icons failures to load when browsing FTP via the HTTP proxy server

Version 6.2.1 - May 3, 2006

- fixed service crash in email protocol inspectors
- fixed occasional high CPU usage of the service
- fixed handling of HTTP/0.9 responses (this caused false positives of binary characters in HTTP headers)
- fixed ignoring traffic policy rules when host names were used
- fixed nonworking Windows Update via proxy server
- fixed monthly rotation of logs
* denial pages no longer use SSL (this caused unexpected SSL certificate warnings in browsers)
* improved handling of ICMP destination unreachable messages (this sometimes caused VPN tunnels to stop working)
+ added ability to select custom port for SMTP relay server

Version 6.2.0 - March 23, 2006
+ Bandwidth Limiter
+ Dual anti-virus

Version 6.1.4 - January 5, 2006
+ added protection against the recent Windows metafiles vulnerability
+ TCP sequence numbers awareness
* updated antivirus plugin for Eset NOD32
* ICSA certificate renewed
- fixed DoS caused by improper data handling in HTML content filtering
- fixed DoS when too long strings are fetched from Active Directory
- fixed engine's inability to start due to improper loading of statistics
- fixed HTML content filtering was sometimes incorrectly activated even if disabled
- fixed application of antivirus scanning rules to certain file names
- improved RTSP protocol inspector compatibility with certain servers
- fixed removal of custom service could sometimes disable related traffic policy rules

Version 6.1.3 - November 10, 2005
- fixed possible crash when trying to receive streams from certain RTSP servers
- fixed possible hang when querying AD in some circumstances
- fixed memory leak in Active Directory mapping
- fixed filter errors in Active Directory queries
- fixed possible successful authentication of users with disabled accounts
- fixed local database users with "@" character in their login name were not able to login
- fixed detection of RRAS demand-dial interfaces
- fixed statistics sometimes showing negative/incorrect values
- bookmarks on the SSL-VPN page are now correctly sorted
- NTLM is now disabled for Opera browser
* the MAC address/vendor database has been updated to be more accurate
* Windows Firewall service is now disabled during the installation due to persisting conflicts

Version 6.1.2 - September 7, 2005
+ Russian translation of all user interfaces excluding admin console
+ Admin console now warns if a new traffic policy could disconnect it
+ All domain controllers may now be detected automatically
* Windows Update HTTP rule was changed to work with current Windows Update
- Wrong HTTP rules were sometimes applied immediately after user login
- Possible crash after deleting user's statistics
- Possible crash when in lack of system resources
- Certain combination of routes to VPN tunnels could cause 100% CPU
- Changing 'VPN Tunnel' to 'VPN Clients' in Traffic Policy could corrupt configuration
- Scripts/ActiveX filtering often corrupted pages
- Newly created group could be assigned wrong rights
- Nested AD groups didn't work properly for primary groups
- Account used to access AD database did not support non-ASCII characters
- Quota counter was is not reset at the end of its time interval
- Quota was not applied immediately when reached, only after several seconds
- Mail temporary files were sometimes left on disk
- Cannot open folder in SSL-VPN if its name contained an ampersand (&)
- Admin console runtime error when deleting address group
- "Error: function called with invalid parameters" when killing connections
- Changes in configuration of users were not logged into config log
- HTTP log did not log username for all requests
- P2P alert message sometimes showed incorrect ports
- Gzip encoding for HTTP servers in LAN was always turned off
- Parent proxy password was unencrypted in configuration
- VPN was not able to deliver very small fragmented UDP packets
- Hibernation was not allowed even if VPN is not installed
- Sometimes connection failover alert might not be sent
- Alert messages in Spanish and Slovak were displayed as plain text only
- Update checker didn't indicate failures

Changes in Kerio VPN Client:
+ Russian translation
- Autoconnect only works for the first server in advanced mode
- Taskbar notification area messages were incorrectly formatted

Version 6.1.1 - July 15, 2005
- Possible hang when hostnames are used in policies Possible crash when changing interface name Traffic policy corruption with certain interface names Possible temporary hang while sending messages to users Authentication of users when installed on a domain controller Active Directory mapping problems with nested groups Active Directory mapping problems with cross-domain group membership Authentication of users that are members of groups with national characters in names

Version 6.0.11 - April 7, 2005
- fixed possible crash in RTSP protocol inspector
- fixed possible crash on systems with more than 64 network interfaces
- fixed several bugs in statistics calculation
- fixed incorrect logging of broadcast packets in anti-spoofing
- fixed several issues in the remote administration protocol

Version 6.0.10 - March 22, 2005
- fixed possible crash when establishing / closing VPN connection (error 10038)
- fixed possible hang of WinRoute service when changing SSL certificate for VPN server
- fixed minor bugs in VPN server
- fixed resource leak in SMTP protocol inspector with unconfigured relay (error 10035)
- fixed collision with running ICF service on Microsoft Windows XP Service Pack 2
- fixed problem with setting user rights for installation directory on startup
- fixed problem with DNS names in traffic rules and address groups
- fixed crash caused by Avast module if it was simultaneusly used in both KWF and KMS
- several minor improvements / bug fixes in SMTP protocol inspector
- several minor bug fixes in Administration Console
+ protection of firewall host against Land attack packets
* improved antivirus scanning of files being download using download managers

Version 6.0.9 - December 9, 2004
- fixed possibility to poison DNS cache
- fixed possible CPU/memory DoS in SMTP inspector
- reduced access rights to WinRoute's directory
- fixed handling of HEAD method in HTTP proxy server
- fixed bad date in file names quarantine directory
- blocking and logging of P2P traffic is now more accurate
- invalid domain name in NT import no longer display local users
- administration console now checks passwords for maximum length
- administration console now behaves correctly if connection to the engine is lost
- fixed up&down arrow buttons in Antivirus/HTTP scanning rules
- transferred data for multimedia streams are now displayed correctly
- improved logging of ISS orange filter categorization failures
- removed SMTP NOTIFY extension from alert emails
- SCCP (Cisco Skinny) protocol inspector now correctly handles conference calls
- added ability to highlight certain lines of logs
- support for hibernation (if VPN is not installed)

Version 6.0.8 - November 4, 2004
- fixed nonfunctional user accounts that were imported from WinRoute Pro 4.x in the past

Version 6.0.7 - November 4, 2004
* passwords for local users are now stored using stronger encryption
* workaround for strange behavior of IE back button when dropping HTTP
requests (e.g. ad-blocking HTTP rule is enabled)
- fixed some HTTP and FTP rules not working randlomly
- fixed non-working HTTP and Web log in upgraded installations
- fixed FTP handling when configured to use parent proxy
- VPN routes marked as 'unknown' no longer remain in the routing table
- fixed possibility to edit int16 type options in DHCP server
- fixed support for more than 255 routes in VPN
- fixed crash of administration console in Status/Interfaces screen
- actual traffic is now displayed correctly in statistics
- fixed character coding in slovak version of web interface

Version 6.0.6 - October 7, 2004
+ HTTP, FTP, SMTP and POP3 inspectors now check JPEG files against the recent GDIPLUS.DLL vulnerability
* Cobion OrangeFilter has been renamed to "ISS OrangeWeb Filter", functionality remains the same
- fixed hanging of WinRoute service in DNS resolver
- zero quotas are no longer ignored
- fixed editing of inbound policy in the traffic wizard
- alert when hanging up failover RAS line now displays line name correctly
- fixed blocked communication after boot if Windows Firewall is detected on Windows XP SP2
- fixed handling of messages in SIP protocol inspection

Version 6.0.5 - September 27, 2004
+ VPN clients can now be configured with custom IP routes
+ VPN clients can now be assigned fixed IP addresses
+ resizeable traffic histograms
* improved routing table screen in administration console
- fixed conflict with 3rd party applications that install custom layered service providers
- fixed boot problem on Windows 2000
- fixed handling of emails sent as attachment
- fixed transfer rate bug in traffic histograms
- fixed automatic login for IP address groups
- denying of unscannable or corrupted files now works correctly
- fixed blinking of text in logs
- SSL certificates with national characters are now displayed correctly
- fixed false installer complaint about WinRoute Pro being installed

Version 6.0.4 - August 19, 2004
- fixed dropping of NAT connections when user logs in or out

Version 6.0.3 - August 17, 2004
+ support for Windows Security Center in Windows XP SP2
- fixed incorrect handling of TLS-secured POP3 and SMTP
- dates in alert emails are now properly formated
- traffic rules with interface source no longer permit packets from firewall
- fixed file name matching in ftp policy when using MS IE as client
- "Error: function called with invalid parameters" no longer appears when clearing a log

Version 6.0.2 - August 10, 2004
+ possibility to specify file size limit for antivirus
+ possibility to duplicate rule in HTTP/FTP policy
+ firewall can be excluded from quota actions
* address group can be used for user automatic login
* several minor improvements in administration console
- fixed several bugs in SMTP protocol inspector and antivirus
- fixed memory leak if DNS forwarder was disabled
- fixed non working proxy if DNS forwarder was not configured
- fixed crash when removing DHCP scope exclusion
- fixed bug in SIP inspector
- fixed minor bug in IRC protocol inspector
- installer sometimes failed to update Kerio VPN Adapter driver and returned error 0x80070103 - fixed
- Kerio VPN adapter sometimes lost it's primary IP address - fixed
- authentication method for user imported manually from NT domain is now correctly set
- fixed non working automatic login from firewall host

Version 6.0.1 - June 23, 2004
- fixed 100% CPU usage on Windows servers with DNS system service enabled
- fixed DNS forwarder on Windows Server 2003 (error 4507:10013)
- fixed handling of STLS command in POP3 protocol inspector
- proxy server now works if DNS forwarder is disabled
- proxy server now does not always require NTLM authentication
- authenticating via proxy server no longer sometimes ends with a blank page
- VPN server no longer stops working when the system is under heavy load
- deleting interface no longer changes traffic rules which refer it to 'any'
- fixed crash of administration console in interface statistics
- fixed ability to edit network interfaces when VPN is not installed
- fixed disappearing of settings in the AD/NT authentication screen
- fixed wrong sorting of antivirus rules for HTTP/FTP
- log rotation is no longer grayed out when set to keep 0 files
- the number of consumed licenses is now displayed also for trial license

Version 6.0.0 - June 7, 2004
+ Integrated client/server and server-to-server VPN solution
+ Alerts and notifications
+ Antivirus protection for emails (POP3 and SMTP)
+ Improved real-time user monitoring and traffic statistics
+ P2P Eliminator - universal P2P blocking
+ Support for VisNetic Antivirus Plug-in

Version 5.1.10 - March 1, 2004
- fixed crash in HTTP header parser
- fixed handling of time intervals that pass midnight
- fixed dialing of lines defined in custom phonebook
- fixed disappearing of dial-up lines that contain international characters

Version 5.1.9 - January 12, 2004
* Larger default NAT port pool
- Fixed bug with incorrectly installed driver
- Fixed bug when proxy user has no password defined
- Fixed incorrect handling of fragmented traffic
+ Added detection of Windows XP Service Pack 2 during installation (automatically disabling of ICF)

Version 5.1.8 - December 18, 2003
+ Support for IEEE1394 (Firewire) networks
* License BASE-ID is no longer displayed on webadmin pages
* Traffic wizard recognizes broadband satellite internet connection
- Fixed bug with connections sometimes not being displayed
- Fixed handling of user and group names with spaces
- Fixed accounting of traffic generated by firewall host
- Fixed handling of IP traffic logging expression
- Fixed handling of BOOTP requests
- Fixed backward searching in logs
- Fixed handling of IRC DCC send message
- Fixed bug in UPnP

Version 5.1.7 - November 21, 2003
This is a service release mainly for the Windows NT 4.0 platform.
MS recommended high security settings were removed from the installation.

More info:

Version 5.1.6 - November 18, 2003
* New driver
* Improved speed of web browsing if Cobion is enabled
- Improved handling of the HTTP keep-alive connections in proxy server
- Fixed user import from Active directory (LDAP) on localhost
- Fixed RAS line dialing in Web Administration interface requiring user authentication
- Fixed occassional proxy server freeze related to the RAS line hangup

Version 5.1.5 - October 30, 2003
- Fixed bug causing very large system resources usage after some time
- Fixed bug in the HTTP cache causing occasional crash

Version 5.1.4 - October 21, 2003
- Fixed bug causing very large memory usage after some time
- Fixed non-working HTTPS through parent proxy
- Fixed bug in initialization of eTrust CA antivirus

Version 5.1.3 - October 16, 2003
+ Safer configuration saving to prevent data losses
+ FTP antivirus checking can now be enabled or disabled per rule
* Mapped HTTP connections are now excluded from HTTP policy by default (See Advanced options in HTTP policy screen.)
- Fixed Cobion in HTTP proxy server
- Fixed browser language detection in HTTP proxy server
- Fixed engine sometimes failed to stop properly
- Fixed crash when traffic policy configuration is corrupted
- Fixed date and time sometimes weren't logged in connection log

Version 5.1.2 - September 24, 2003
- Fixed crash when installing license.
- Fixed DNS cache in forwarder
- Fixed DNS resolving in proxy server
- Fixed parent proxy chaining in proxy server
- Fixed content filtering problems with redirects
- Fixed handling of gzipped and chunked pages

Version 5.1.0 - August 25, 2003
+ Improved online user monitoring (Hosts/Users screen)
+ Support for internet connection failover (Interfaces screen)
+ SIP protocol inspector - transparent handling of SIP through NAT
+ Advanced logging options - log rotation and syslog support
+ Customizable DNS forwarding
+ Customizable redirect page for denying HTTP rules
+ Added detection of clients using P2P networks
+ Automatic checking for new versions
+ Ability to use DNS names instead of IP's in traffic policy
+ Support for NTLM for Mozilla-based browsers (Mozilla 1.4 or higher)

Version 5.0.9 - August 4, 2003
- Fixed boot error on Windows 98/Me
- Fixed "Driver error: WRDRV: TcpInfoInit: Unable to open 'TCP' device"
- Fixed "Driver error: WRDRV: RtIsLocalAddress: RtTable == NULL"

Version 5.0.8 - July 25, 2003
* ICSA required changes
- Fixed HTTP Proxy server starting
- Fixed FTP filtering based on filename

Version 5.0.7 - July 8, 2003
- Fixed bug causing message "Invalid buffer size (10 != 12)"
- Fixed non-working connections over dialup or VPN

Version 5.0.5 - July 2, 2003
- Fixed antivirus rules for FTP traffic
- Fixed content filtering for users with no right to override settings
- Fixed editing of denial reason in URL rules
- Fixed counting of remaining users in license
- Fixed user login for long usernames
- Fixed HTTP proxy server refusing to restart
- Fixed concurrent active transfers from mapped FTP server
- Fixed problem with DHCP renewal for interfaces that already have IP
- Fixed broken handling of broadcast packets

! The "Do not screen firewall traffic on this interface" feature was removed and it is no more functional. Please disable this option, otherwise there might appear a lot of messages in the Error log.

Version 5.0.4 - May 15, 2003
+ Ability to turn antivirus off for individual HTTP rules
+ Cobion white list to override Cobion categorization
* Improved dialing on demand based on static routes
- Cobion Orange filter no longer goes offline on some URL's
- McAfee plugin automatically uses parent proxy server
- Fixed buggy displaying of tray control application (Windows 98/Me/NT4)
- HTTP/0.9 responses are now handled correctly
! Non-working NTLM authentication on Windows Server 2003
! Deny reason cannot be added or updated in Administration Console for new/existing URL rules. If you need, you can do this in configuration file.

Version 5.0.3 - May 7, 2003
- Interface exclude from firewall sometimes didn't work properly
- More Dial-In clients can now be connected simultaneously
- Fixed line dialing for connections forbidden by traffic policy
- Fixed non-working antivirus after several hours of run
- Fixed possible crash in HTTP protocol handler
- Fixed forwarding of HTTP POST requests to parent proxy
- Fixed occasional dropping of destination NAT connections
- Fixed Cobion "no license" warning message
- Fixed security bug in remote administration
* .pac script now excludes ftp protocol from proxy server
* HTTP cache can now be up to 4GB
* Web titles logged in UTF-8 charset
+ Support for Windows Server 2003
+ FTP antivirus filtering based on filename
+ Customized external commands on dialing events
+ Enhanced content rules settings
+ Ethernet adapter vendor names in DHCP leases
+ Default DHCP options
+ Support for Symantec Antivirus

Version 5.0.2 - April 3, 2003
+ Exclude interface from firewall
+ DHCP supports Microsoft RRAS server
+ Keyword filtering configurable in HTTP Rules
+ Rule unlocking can now be allowed/denied on per user basis
+ FTP 'REST' hidden rule is now visible (and removable)
+ FTP rules have ability to completely permit/deny access to a server
+ IPSec pass-through
+ Status/Connections screen now shows traffic rule names
+ Filter log now shows traffic rule names
+ DNS resolving in Admin console whereever IP address is required
+ Number of remaining licenses displayed on information screen
+ Support for outside proxy servers in HTTP filtering
+ Support for F-Secure antivirus
* Reorganized antivirus configuration in McAfee version
* Reorganized Cobion settings
* Users from Active Directory can be imported from any container (only "Users" previously)
- Fix for DoS vulnerability (Bugtraq ID 7245)
- Strange anti spoofing logging with DHCP server turned on
- NT domain authentication in proxy server
- Bad traffic rules behavior when editing address groups
- Bad international characters in Active Directory import
- Very long HTTP rules caused a hang in web admin

Version 5.0.1 - March 7, 2003
- fixed bug in FTP protocol parser

Version 5.0.0 - February 21, 2003
* First version

Select a Product: