Skip to content

AXS Guard UTM Release Notes

The release notes provide information on new product features, improvements, known issues, and bug fixes for each AXS Guard version.

Individual software components are documented in the product manuals section. Carefully review this document to avoid configuration difficulties.

Version 11.1.6 - Latest

Update OpenSSH to Address regreSSHion Vulnerability (CVE-2024-6387)

A critical remote code execution (RCE) vulnerability, known as regreSSHion (CVE-2024-6387), has been identified in the OpenSSH server on glibc-based Linux systems.

Risk Assessment for AXS Guard:

While this vulnerability is severe, the risk on AXS Guard is considered minimal due to the following reasons:

  • AXS Guard operates on a 64-bit system with Address Space Layout Randomization (ASLR) enabled.
  • AXS Guard's SSH access is restricted and not exposed to the public internet.

Additional Information:

For further details on this vulnerability, please refer to the following resource: regreSSHion: Remote Unauthenticated Code Execution Vulnerability in OpenSSH server.

Version 11.1.5

Streamlined OpenVPN Access Server Setup

  • We've simplified the OpenVPN connection process for end-users! They can now import certificates directly using your company domain within the OpenVPN Connect application. For example, they can use openvpn.mycompany.com instead of the 0000-000XXXXX.appliances.axsguard.cloud URL provided by AXS Guard. This makes connecting to the company network through OpenVPN easier and more user-friendly. To configure the hostname of the OpenVPN access server and other Local Access Server settings, go to VPN > OpenVPN > Server, then select the Access Server tab.

  • System administrators can now customize the sender address for OpenVPN certificate expiry notifications, allowing them to be sent from a more recognizable address (e.g., admin@example.com) instead of the default root address. This improves transparency and user trust in the notification process.

MTA & Mail Filtering Improvements

  • Enhanced Spam Filtering with SecureDNS: We've boosted our email security with SecureDNS. When enabled, AXS Guard will analyze domains within emails using SecureDNS and DNS filters. If a domain is flagged as malicious, the spam score of the email will be automatically increased, ensuring it lands in the spam folder. The Deleted Spam info page now provides even greater detail, highlighting the specific malicious domains identified in each deleted email, along with their corresponding category.

  • Improved mail server stability: The mail server now handles restarts more gracefully, minimizing downtime. It can now efficiently handle large bursts of emails, ensuring smooth operation during peak usage.

Streamlined Internet Redundancy Checks for HA Setups

We've improved redundancy checks for High Availability (HA) setups to ensure optimal performance. AXS Guard will now automatically verify if your internet redundancy configuration is fully compatible. If any inconsistencies are detected (e.g., different device configurations on master and slave nodes, or mismatched filter priorities), an error message will be displayed on the dashboard. This proactive approach helps you identify and address potential issues before they impact your network's redundancy.

Scheduled Reboots and Filesystem Checks

We've empowered you with greater control over system maintenance! You can now schedule reboots at your convenience, ensuring minimal disruption during business hours. Simply access the tool under System > Tools > Actions and plan your reboot for a time that best suits your needs. A convenient countdown timer will appear in the top toolbar, keeping you informed of upcoming reboots.

Additionally, you can now customize the filesystem check interval. By default, AXS Guard automatically performs a filesystem check every 10 automatic reboots. This setting can be adjusted to meet your specific needs. Go to System > Tools > Automatic Reboot to configure the filesystem check interval.

Enhanced Configuration Management with Sortable Tables

We've improved usability within the configuration tool by making key tables sortable. This includes the Processes table under System > Status and the Mail Quota table under Email > Status. Now, you can easily organize and filter data for a more streamlined management experience.

Version 11.1.4

DNS Security

The DNS security logs now include the queried record types for better analysis.

Web Access

Enhanced browsing experience. WebSockets are now enabled for users accessing the web behind the proxy.

Statistics

We've expanded the proxy group and added dedicated groups for DNS and IPS, providing more granular insights into your network activity. To see the expanded process statistics, log in to your appliance and navigate to Statistics > Processes.

Version 11.1.3

Introducing the all-new Comfort Threat Protection Pack!

Formerly known as Cont. Scan Plus, our enhanced protection suite is now packed with even more robust features to shield you from cyber threats. And here's the best part: it's all yours at no extra cost!

  • DNS Filtering: Explore the web with confidence as our advanced DNS blacklists, centrally managed in the AXS Guard Cloud, ensure a safer browsing experience.
  • GeoIP Filtering: Take command of your network traffic by selectively blocking connections to and from specific regions.

Firewall Updates

  • The classification of DNS resolving failed for firewall rule status messages has been adjusted from error to notice.
  • DNS over TCP is now permitted within the default secure and forward policies.

MAC Address Spoofing

MAC address spoofing is now accessible in the administration tool. This feature enables you to replace devices without needing to update the authorized MAC address with your service provider. The original MAC address can be viewed on the Network > Status > Devices page. If the MAC address change process encounters an error, it will be shown on the dashboard.

OpenVPN Certificates

OpenVPN now records certificate usage, simplifying the identification and updating of outdated certificates within the PKI > Certificates section.

Viewing Certificate Information

Other Improvements & Bug Fixes

  • DHCP client errors now on the dashboard: Easily identify issues with DHCP clients directly on the dashboard.
  • OpenVPN status page improved: See traffic in Mb/Gb, country flags for connections, and relative timestamps for a more user-friendly experience.
  • Authentication log streamlined: Less clutter in the authentication log with the removal of some debug messages.
  • The CPU statistics now accurately reflect the current time.
  • Mailbox upgrades: All mailboxes will be automatically upgraded to the latest metadata version.
  • IPv6 disabled for legacy VPNs: SSTP, L2TP, and PPTP VPN.
Version 11.1.2

Web-based Configuration Tool

Any field that accepts network information input will now feature a calculator icon. Hovering over this icon will reveal comprehensive details about the network.

AXS Guard Cloud Advanced Threat Protection

  • Enhance performance by optimizing requests to the AXS Guard cloud.
  • Include transaction timing information for Cloud anti-virus.
Version 11.1.1

Lock down your admin account with free 2FA:

We're pleased to offer a free OATH license (1 token) in this release, which can be used to secure your administrator account. This enables you to activate 2FA for logging in to the web-based administration tool.

Web-based Configuration Tool:

Changes made in configuration pages with an Edit as list button will now be saved automatically, eliminating the need to save the field separately before saving the entire page.

OpenVPN & PAX:

Improve network stability for VPN connections by increasing the default Dead Pear Detection values. This leads to less unneeded reconnections when ping packets are accidentally dropped. The new default values are shown below.

Web Access:

Include timing information in Web Access logs for every request processed by the AXS Guard proxy. This feature assists in troubleshooting slow proxy issues.

Version 11.1.0

Increased SSL/TLS security:

Support for legacy protocols such as SSLv3, TLS 1.0, and TLS 1.1 has been removed. Only TLS 1.2 and 1.3 are now supported, along with HIGH-type ciphers. This may affect AXS Guard configurations where old Windows versions and clients are still being used (Windows Vista/Server 2008 and older). Navigate to System -> Security -> TLS for details.

Extended root partition:

The AXS Guard root partition size has been increased from 10GB to 15GB, to mitigate disk space issues and warnings.

Updated Base System:

Various software packages have been updated to their latest versions for improved security, performance, and stability.

Package Removals:

The following legacy features have been removed and are no longer supported:

  • SSL Web Portal (Adito)
  • SSL VPN (SSL explorer)
  • Sumo Logic SIEM

Reverse Proxy:

The following backends are deprecated and have been removed:

  • OWA2003
  • OWA2007
  • OWA2010