Release notes from Beta release 2.00.001 to Beta release 2.00.010

Config

• Fix "*" parsing for port ranges

IPv6

• Fix issue with RA and ignore_dns that can cause subnets to be recreated

L2TP

• Report the correct number of packets for TX and RX
• Fix issue where damping could get stuck on

LACP

• Handle badly behaved link partner better

MQTT

• Fix issue where tx is available late

Web UI

• Reorder ping form
• Tweak upload styling

Release notes from Beta release 2.00.000 to Beta release 2.00.001

• Internal code changes to slightly improve performance

Release notes from Factory release 1.61.010 to Beta release 2.00.000

• Rework apps to run efficiently on the FB9000 platform - this is a major rework that may impact all platforms

ARP

• Recover faster from certain subnet changes
• Slightly improve ARP queue timeout handling for entries that do not resolve but are in constant use.

BGP

• Shutdown timeout - be tolerant of negative NTP adjustments
• Add profile to peer list in config editor
• Check that peers define unique connections
• Improvements to graceful restart
• Improve connection handling
• Fix issue with GET method for new SNMP OIDs
• Additional states for shutdown and preshutdown in new OIDs
• Add prefix limit info to SNMP
• Include held routes in the count of imported prefixes
• Improvements and bugfixes
• Intersperse connection handling better

Config

• Added auto-backup-url to config to POST changed config
• Improve config patch mechanism
• Small improvements to the auto backup feature to make it nicer

CQM

• Calculate times for XML output the same way as for images
• Handle extremely low ping latencies better

DNS

• Prevent forwarding of other types for overridden DNS entries

Ethernet

• Allow assignment of specific MAC addresses to subnets and interfaces

Firewall

• Only ARP targets in overlapping subnets if we would allow traffic to them
• Improve source IP selection when NAT is targetting overlapping subnets
• Add more detail to firewall diagnostic

Internal

• Improve resource utilisation of streams

IPsec

• Remove path by which eap-user restrictions could be evaded by some clients

IPv6

• Advertise a /64 for PD SLAAC (even if the delegated prefix is larger)
• Introduce a list of ra-subnet-template on interfaces to allow setting of options for RA generated subnets (replaces ra-client)
• Prevent prefix delegation on linked interfaces (including by implicit defaults)

L2TP

• Corrected handling of Framed-IPv6-Address as interface address in RADIUS
• Add calling/called station IDs to L2TP session status
• Fix crash with packets claiming different lengths in different ways
• Allow IPv6 DNS to be overridden via RADIUS
• Don't kill tunnels immediately when profiling off incoming

LACP

• Advertise additional links as standby when it makes sense to do so
• Put secondary links in hot standby when speed limited by hardware

LEDs

• Remove fast blink mode for efficiency
• Avoid rare race updating activity LEDs
• Fix rare stuck on LED when ports are disconnected/disabled

Logging

• Increase internal logging capacity

Manual

• Add more commands to the manual
• Improve MIB appendix

MQTT

• Reconnect faster on "external" config changes and improve status

OSPF

• Fix crash when config changed repeatedly very rapidly

Pcap

• Make labels on pcap form slightly better
• Support multiple IPs and ranges in the filtering

PPPoE

• Fix typo on PPP status page
• Don't accept PPPoE inbound connections if the matching incoming is profiled off
• Log sending the PADR

Profiles

• Add uptime test to allow staggered starting of services
• Evaluate conditions when adding (to avoid flapping without careful choice of initial)

Routing

• Remove 6to4 (2002:) IP mapping
• Add tunnel IDs to routing diagnostic summary
• Avoid sending packets with potentially inappropriate source IPs (applies to overlapping subnets mainly)
• Force immediate reconsideration routes when related gateways have expired

SNMP

• Add system memory utilisation to SNMP
• Make buffer statistics reflect new reality (that most buffers are in a global pool)

TCP

• Improve preempting of TCP connections in the timewait state
• Limit accept queues more consistently
• Reduce resource usage when in TIME-WAIT

TLS

• Add connection count to 1 second stats

VoIP

• Improve how VOIP logging reads

VRRP

• Take notice of the profile on the parent interface

Web UI

• Improve profile switch behaviour when clicked fast repeatedly
• Show dBm in addition to uW for SFPs when possible
• Config option to change colours of user interface
• Add buttons to config editor for reordering items in ordered lists
• Darker background for select multiple selections
• Avoid underflow when showing number of seconds remaining for config test (cosmetic)
• Added warning that config save is recommended
• Tidy up config edit page
• Improve layout of BGP buttons
• Show reboot now option when shutting down
• Wrap lines in XML editor on first load
• Buttons to delete flash blocks as a DEBUG user
• Click on headings to sort status tables
• Provide load indicator on Status page
• Suppress iphone phone number autodetection (so it doesn't pick up the serial number)
• Add arrows (ascending and descending) to sorting
• Record txnodesc more like other ethernet stats
• Add ability to view old configurations and boot alternative images to flash contents (as DEBUG)

Release notes from Beta release 1.60.057 to Beta release 1.61.000

No changes reported for this platform.

Release notes from Factory release 1.60.010 to Beta release 1.60.057

Certificates

• Avoid panic on reboot if FB private key gets deleted

Config

• Enforce list max occurrences limits for all config items

CQM

• Small change to SVG to make loss/latency squared off like png

DHCP

• Treat a profile on a DHCP config entry with a restriction consistently with other config profile usage.

DHCPv6

• Various improvements (especially in the client)
• Make DHCPv6 work better with larger prefixes
• Allow larger server DUIDs

Ethernet

• Share MAC address on VLAN 0 between bootloader and app for each port

IKE

• Send out of band error when INIT request negotiation fails

IPv6

• Improved reliability of RA handling

MQTT

• Bigger MQTT messages
• Additional options on MQTT external
• MQTT crash fix
• Sending cleaner CONNACK for error cases

PPP

• Bug fix for issues with PPP client corrupting subnets

PPPoE

• Increase number of allowed PPP sessions (and fix crash loading configs with more than 20)

RADIUS

• Juniper ERX ingress/egress policy name in RADIUS server
• Correct defaulting of RADIUS server settings

VoIP

• Subtle change to message handling in VoIP (getting actual 408 response to INVITE)
• CLI settings not always passing through

Web UI

• Improve layout on XML edit page
• Improve button placement on system info pages
• Explanation added regarding TCP stress test blob output
• Further improve XML edit and reduce vertical height of top bar
• Make XML download links look like links
• Add line numbers to XML editor
• Reject paths with extraneous middle segments
• Various UI improvements
• Add a config option to prevent refreshing the CQM image lists
• Make graphs on the image list page clickable
• Editor - fix colour picker with 3 digit hex colours
• Force text colour in buttons to black (apparently ipads can default it to white)
• Warn on most pages when config is no longer valid

Release notes from Beta release 1.59.030 to Beta release 1.60.000

No changes reported for this platform.

Release notes from Factory release 1.59.000 to Beta release 1.59.030

CLI

• Show thread stats for longer sample period

DHCP

• Improved controls over DHCP logging

DHCP/DNS

• Additional "latest IP allocated" DNS name for DHCP - see auto-dhcp-new in DNS settings

DHCPv6

• Simple DHCPv6 client mode (experimental)
• Updated IPv6 SLAAC/RA logic to allow control of extra flags and simple ethernet side DHCPv6 server

Diagnostics

• Provide info about HTTP connections for debug users on web and telnet

HA

• Fix HA groups D-G
• Improve handling of HA bonded tunnels with extremely mismatched latency (seconds)

HTTP

• Be more tolerant of lack of Content-length in HTTP client

IP

• Use the table's default source IP in more places

IPv6

• Interface setting ra-client now default if wan set, else not default
• Interface setting now define PD (prefix delegation), default if wan/ra-client/ra not set

L2TP

• Respect table setting for MTU calculation for outgoing and relayed L2TP connections
• Add mechanism for advising LAC of tx speed when needed
• Put serial number in calling station ID if explicitly set to ''

Logging

• Fix issue with emailed logs - were sending to last MX not first, and leaving TCP open causing issues if too many emails sent

MQTT

• Added MQTT console

PPP

• Handle missed PAP reply on PPP

RADIUS

• Added allow list for RADIUS CoA requests as alternative to host IP match
• Add logging on RADIUS match
• Added top level IP allow check on RADIUS
• Faster RADIUS failover (and updated documentation)

VoIP

• Limit email addresses for recording to 2000 chars

Web UI

• Add details of L2TP states session states on tunnel status pages

Release notes from Beta release 1.58.000 to Beta release 1.58.100

MQTT

• Correct mapped MQTT messages erroneously setting retain
• Made IP a link on mqtt status
• MQTT mapping connection linking (e.g. for retained)
• Fix outgoing mqtt bug

OSPF

• Correct OSPF checksum issue for certain auth types

TLS

• Added TLS stateless session resumption - without this newer versions of some browsers were very slow to load FB web pages

Release notes from Factory release 1.57.010 to Beta release 1.58.000

Certificates

• Removed expired DST Root CA X3 certificate

CLI

• Added CLI command to view port status

Config

• Allow numeric value with 0x prefix in config

DHCP

• DHCP client will now attempt to renew leases when ports go down and come back up. This will automatically reconfigure the subnet if plugged into a different network.
• Added mac-local test in DHCP pool
• Improved DHCP allocation logging and MQTT logging

Diagnostics

• Add diagnostic command and status page for buffer usage
• Include uptime information in automatic crash reports
• Log highest buffer users in case of exhaustion

Ethernet

• Allow link forcing the SFP port
• Improved SFP alarm/warning reporting
• Bug fix for recovery from ethernet stalling conditions
• Improve setting of default port config on startup (may be faster startup in some cases)

Firewall

• Added option to set DSCP

IPsec

• Increase max number of simultaneous IKE/IPsec connections
• Fixed problem with IKE message fragmentation causing connection failures with some clients
• Fixed occasional "Response not pending" panic.

L2TP

• Added session-timeout to L2TP incoming

MQTT

• Simple MQTT message mapping option
• Improvements to MQTT broker (better error reports and sanity checks)
• MQTT payload pattern match
• Started some MQTT v5 handling (a config option, experimental, not recommend yet)

Profiles

• Added profile test for "DHCP allocated"
• Nicer web socket based profile control switches.
• MQTT profile control fixed
• Minor change, only sending MQTT if corresponding payload set (even if empty)

TLS

• Improve server authentication security and work around problems with some servers by using the signature algorithm extension.
• Fix TLS connection failover

VoIP

• Double VOIP capacity limits
• Double number of simultaneous call recordings
• Tweak outgoing registrations for SIP servers that mash up the registered Contact rather than just using it as is.
• Fixed issue with very long SIP registrations using IPv6 addresses
• Added a simple BLF report state via MQTT

Web UI

• Provide port status information on the web interface

Release notes from Factory release 1.56.010 to Beta release 1.57.000

ACME

• Allow specifying of the source IP for ACME requests

Certificates

• Fix problem with cross-signed certificates causing IPsec connection issues with Windows clients

Config

• Allow delayed automatic upgrades

DHCP

• DHCP option to force broadcast offer/ack to address edge case with some APs and devices

Ethernet

• Fix over zealous ether damping
• Show connector type of plugged in SFP

HTTP

• Fixed issue where http client (e.g. ping graph download, etc) gets non 2XX response causing later problems

IPsec

• Increase internal packet buffer size to help with IKE certificates
• Fixed IP pool leakage
• An IKE session was sometimes shown in waiting state as well as connected.
• Further IPsec tweak to avoid losing connection in some circumstances
• Add workaround to avoid repeated reauthentications when peer is StrongSwan and mode is immediate
• Fix bad config status entry after deleting a live connection
• Implemented IKE fragmentation to improve authentication with long certificate chains

L2TP

• Slightly faster outgoing L2TP connect (proxy auth sent)
• Handle incoming local match password check for PAP

MQTT

• Experimental MQTT broker function added

PPPoE

• Issue with some PPPoE sessions restarting on config change

Shaping

• Additional control on shapers (burst limit in ms)

TLS

• Added support for simple TLS clients with limited storage

VoIP

• Fix error handling unusual SIP packets

VRRP

• Make VRRP clearer when used with profiles (status page and manuals)

Web control pages

• Configurable intro text and links on login page
• Web access security update

Web UI

• Add ethernet counters to web

Release notes from Beta release 1.55.100 to Beta release 1.55.101

Release

• Corrected release name