Bloomberg acquires Netbox Blue

Release Notes

Athena: 30.0

Athena (/əˈθiːnə/; Attic Greek: Ἀθηνᾶ, Athēnā, or Ἀθηναία, Athēnaia; Epic: Ἀθηναίη, Athēnaiē; Doric: Ἀθάνα, Athānā) or Athene (/əˈθiːniː/; Ionic: Ἀθήνη, Athēnē), often given the epithet Pallas (/ˈpæləs/; Παλλὰς), is the goddess of wisdom, courage, inspiration, civilization, law and justice, strategic war, mathematics, strength, strategy, the arts, crafts, and skill in ancient Greek religion and mythology. Minerva is the Roman goddess identified with Athena. [ Source: https://en.wikipedia.org/wiki/Athena (2015-03-23 ]

Also the goddess of renewal. [ Source: http://www.scns.com/earthen/other/seanachaidh/godgreece.html (2015-03-23) ]

Please also see the the technical release notes and changes page for changes to behavior for various services.

This release is will be a staged roll-out, initially to customers that have explicitly requested it at http://netboxblue.com/support/request. A notification will then be sent when your site has been scheduled to receive the update.

Recommendation: It is recommended that all existing HTTPS inspection exclusions be recorded, and then removed as many of these will no longer be necessary. When adding in HTTPS exclusions in 30.1, using Access Policies with a custom Category type of Domain List will typically now be the most effective as it supports subdomains. This does however require the application that is attempting to use the internet supports SNI.

30.1.9.5

Available for Installation
ItemTypeDetails
HTTPS inspection Resolution When a HTTPS inspection certificate expires, flush all site certificates that were issued using the old certificate and regenerate with the new one.
SafeChat Archive Resolution When archiving Microsoft Lync messages, provide better error reporting when the Lync database server refuses connections due to low memory.
SMTP server Resolution Make sure internal services running on the Netbox can still access the SMTP server even when all connections from outside are blocked.
802.1X Pass-Through Authentication Enhancement Default to ignoring 802.1X stop records, to improve compatibility with wireless vendors. Existing settings will not be changed.
BIC Agent (Windows) Enhancement Add workarounds for compatibility with OneDrive.

30.1.9.4

Past
ItemTypeDetails
 Internet Auth  Resolution Fix errors affecting certain SSH pass-through authentication configurations.

30.1.9.3

Past
ItemTypeDetails
Internet Auth Enhancement Support for SSH pass-through authentication on Mac OS X 10.11 (El Capitan).
Large Object Cache Enhancement Support for Magic Software eTextbook caching.

30.1.9.2

Past
ItemTypeDetails
Firmware Enhancement The latest Firmware for the IBM M4 series platforms is included in this release. The firmware update is applied post the update, and will be activated upon the following reboot.

30.1.9.1

Past
ItemTypeDetails
Kernel Enhancement Upgrade operating system kernel to enhance performance and reliability.
Agent Enhancement Add support for Mac OS X 10.11 (El Capitan).
Network Monitoring Resolution Correctly report data usage of YouTube videos when the YouTube Video Cache is enabled.
YouTube Video Cache Enhancement Add support for a new video format.
YouTube Video Cache Enhancement Better support for Safari on iOS devices.
SSH Pass-Through Authentication Enhancement Work-around for browsers that incorrectly fill out the username and password field in the Pass-Through Authentication configuration screen.
Web Proxy Resolution Proxy IP address access list now only applies to direct proxy mode (similar functionality is provided for transparent proxy users via Access Policies).

30.1.8

Past
ItemTypeDetails
NGFW Enhancement Improvements to the memory handling and performance for the network application detection, allowing tracking and identification of even more connections at once.
SafeChat Enhancement Detailed logging for Yieldbroker capture, providing for easier debugging should the need arise.
Traffic Shaping Enhancement Update the statistics view to remove redundant / inaccurate columns.
Online Help Enhancement A number of improvements and enhancements to the online help.
Email Scanning Resolution Address an issue where some global quarantine folders would not automatically have older emails removed.

30.1.7.2

Past
Major BIC Agent Update, Device Reboot Required
ItemTypeDetails
BIC Agent Enhancement Official release of the BIC agent for release 30. It's recommended that this BIC update be rolled out slowly as with all major upgrades to ensure full compatibility with all programs in your environment.

30.1.7.1

Past
ItemTypeDetails
Web Categorization Resolution It was found that in situations where the categorization was too fast at returning results, the requester assumed it was invalid, and retried, causing unnecessary delays when performing categorization, this release resolves this issue.

30.1.7

Past
ItemTypeDetails
Internet Auth Enhancement Continuing further back end changes to improved the performance and robustness of the internet auth service.
Archiving Emails Enhancement Use a trick to prevent browsers auto-filling the username and password field on the archive emails screen, making it more obvious when it's currently blank.
Suggested Policies Enhancement An updated set of suggested policies for SafeChat for commercial and government customers.

30.1.6.1

Past
ItemTypeDetails
Internet Auth Resolution Address an issue where when a user exceeded quota, and logged in again within 15 seconds, the login for that IP would fail.

30.1.6

Past
ItemTypeDetails
Microsoft Lync Enhancement Increase the speed and robustness of the Lync capture service. This requires an upgrade to the server service.
HTTPS Inspection Resolution Accommodate null SSL data payloads, rather than treating this as an error, continue to leave the connection open. This is required for some very specific servers that send empty SSL payloads from time to time.
Internet Auth Enhancement Internal changes to the caching and storage of information to increase performance and reliability of the Internet Auth services.

30.1.5.1

Past
ItemTypeDetails
AD Auth Enhancement The AD Pass-through authentication service now has a lot less logging by default to the Event Viewer. This is interface compatible and is not a required upgrade, but is recommended for all customers using this service.
Net Auth Resolution Accommodate loosing connectivity and other transient errors more gracefully such that authentication continues to work in all situations.

30.1.4

Past
ItemTypeDetails
Web Proxy Enhancement Improved memory handling and more robust support when applying major changes that would require the service to restart.
IPSec Enhancement Update the UI to more accurately reflect the configuration options.

30.1.3.1

Past
ItemTypeDetails
YouTube Cache Resolution Due to recent changes in YouTube, an update has been made to the YouTube cache. This update will also enable the YouTube cache again which was automatically disabled to prevent problems accessing the platform.

30.1.3

Past
ItemTypeDetails
YouTube Restricted Mode Enhancement The text and wording in the Netbox interface has been updated to reflect the new name for YouTube Safety Mode, it's now called YouTube Restricted Mode.
Filtering Changes Resolution In some situations clicking Apply Changes didn't take effect when some changes to filtering and other options were changed, this has been addressed and changes will apply correctly without the need to reboot.
Large Object Cache Enhancement A new option has been added to rate-limit the Large Object Cache download speed. This is still experimental, and will not rate-limit in all situations, however will will to provide a level of control previously unavailable to this specific service.
802.1X Authentication Resolution When responding to packets from an NPS server, a specific response header is required, there was a regression in release 30 that meant this was no longer happening. This has been resolved, and the NPS server should again accept the response packets from the Netbox.
Internet Auth Enhancement Should there be issues with the internet auth service, more mechanisms have been put in place to identify this, and automatically resolve the issue before users notice.

30.1.2

Past
ItemTypeDetails
Microsoft Lync Archive Enhancement For servers that are very busy or otherwise slow, the connection to the Netbox could time out during the creation of bundles. The internal timeouts have been increased to minimize the chance of them being hit, and ensure successful delivery.
Email Scanning Enhancement Detect and block another specific form of malformed headers, preventing these entering the network.
BIC Agent Enhancement The BIC Agent will now detect the production release of Windows 10, in preparation for it's full release 30 build.
1:1 NAT Enhancement Previously a reboot was required on release 30 to apply 1:1 NAT changes, this update removes that need, and allows changes to be applied with the system running.
Email Aliases Resolution An issue was identified where a massive email alias list (typically over 100 recipients) would exceed internal limits, causing delivery to not complete. This has been addressed and the limit on email aliases removed.
Internal Services Enhancement A number of changes have been made to internal services to ensure they are more reliable, and notifications are sent should there be an unexpected issue.

30.1.1

Past
ItemTypeDetails
Internet Authentication Enhancement Some minor updates have been made to Internet Authentication to accelerate logins for users that are already active at an IP address, this can happen when users are roaming between access points and each AP is sending updates to the Netbox.
Connection Monitoring Resolution There was an issue that prevented the live connection monitoring feature working in all situations in the initial release 30, this has now been resolved.
Logs Resolution An issue with the large object cache logs was identified, this has now been resolved and logs can be viewed again for the large object cache, this includes logs prior to the update.
802.1X Integration Enhancement When receiving packets from AP's, previously, invalid packets that were correctly signed would be ignored and no reply would be sent. Due to buggy AP's the Netbox will now reply to a packet that is correctly signed, but then ignore it internally if it is invalid.

30.1

Past
Major BIC Agent Update, Device Reboot Required
ItemTypeDetails
Authentication Enhancement Better manage a subset of users on a massive AD servers (i.e.: more than 10,000 users), by providing a filter for desired users for a specific location by security group. Desired groups for a site can be set under Configuration > Authentication in the AD plugin, there is a new field titled "Active Groups", which is an optional group filter applied to all lookups.
Web Proxy Enhancement The logging for the web proxy has been enhanced to include a lot more data on each request, including categories, user agent, and matching policy for allow rules. A new detailed log option is available for the Web Proxy logs to access all of this information.
Note: If using automated log parsing tools, these will need to be updated to support this new format.
NGFW Enhancement Decide if HTTPS inspection should be done on a specific request based on the SNI header only (not the IP address) this provides more accurate and faster categorization for "Bypass HTTPS Inspection" policies.
NGFW Enhancement Allow the use of custom domain categories for "Bypass HTTPS Inspection". This includes the matching of subdomains (e.g.: .example.com to match example.com and all subdomains). This is now the preferred method for HTTPS exclusions, and some of these will be automatically migrated from the configuration screen.
NGFW Enhancement On the Block Activity report, introduce a new protocol column to match what is available in Network Monitoring.
NGFW Enhancement Block the use of the non-standard QUIC protocol by default for all traffic, enforcing the use of standards based web traffic. This option can be set under Access Policies > General.
NGFW Enhancement A new permission level has been introduced to allow for "Test policies and recategorization". This means users can be given the ability to request a recategorization, without the ability to change policies.
Pipe Plus Enhancement If DNS servers have been configured for a specific link, and force route is now automatically added for each of the DNS servers to push the traffic out that link, removing the need to do this manually.
HTTPS Inspection Enhancement If an upstream SSL certificate changes or is temporarily broken, more rapidly detect this and generate a new local certificate.
Redirection Enhancement For captive portal logins and other redirected pages on HTTPS, use SNI for the certificate generation.
BIC Agent Enhancement Enhanced memory management for big local uploads, minimizing the use of local memory.
BIC Agent Enhancement Better handle the corruption of settings on the agent side, and use a different format to prevent leakage of corruption of settings should this occur.
BIC Agent Enhancement In some instances on Mac OS X, the agent is not notified that the system has come back from sleep, causing traffic to be block for extended periods, use a secondary method to detect this, and more quickly recover when coming back from sleep.
BIC Agent Enhancement Use the newer SHA256 when generating HTTPS inspection certificates.
BIC Agent Enhancement If a reboot is required on the agent, more regularly notify the user that a reboot is required to encourage this to happen sooner.
BIC Agent Resolution When testing policies for the BIC agent under Access Policies, more closely match what would happen on the BIC Agent to provide an accurate representation of the policies that would be applied.
Reporting Resolution When displaying user generated content in a report, if the content is HTML, correctly escape it to prevent display issues.
BYOD Installer Enhancement A new MSI BYOD certificate installer is now available, this is ideal for sites that wish to distribute the certificate installer via group policy. This same installer can run as either a local machine account or a domain admin account, depending on your AD configuration.
Archive Emails Enhancement For archive emails and Symantec EV integration, provide more detailed logs on both success and failure.
Direct Proxy Enhancement Provide the ability to exclude local networks and IP's from authentication on the direct proxy (in addition to remote servers).
Direct Proxy Enhancement If using automatic proxy configuration, a new field is now available to create a custom proxy.pac file, at the bottom of the Configuration > Web Proxy screen. If this is set, the automatic proxy.pac file is not generated, and the custom one is use instead.
Web Mail Resolution In some views, the ordering by date was not working correctly, this has been addressed.

30 / 30.0.1

Past

This release is a rebuild of the Netbox core OS to the latest generation enterprise platform. This includes everything from the kernel to the userspace environment.

ItemTypeDetails
Netbox OS Enhancement A complete rebuild of the core OS, from the base kernel upwards. Providing improved boot times (now 3 times faster), more rapid service restart (50%-95% faster), and support for the latest network technologies.
Web Proxy Enhancement Support for SNI (Server Name Identification) for outbound HTTPS requests. This will provide compatibility for those clients and servers utilizing these extensions.
HTTPS Inspection Enhancement Using the SNI header, the ability to exclude hosts from HTTPS inspection is now possible using wildcards, providing the ability to exclude an entire domain, and all its subdomains in a single rule. This requires the clients to be using SNI to get this benefit.
POP3 Server Enhancement The POP3 server now supports multiple simultaneous logins. Although technically a violation of the RFC, the implementation provides each client with a point in time view, that is then merged at the end of the transaction. This allows for the use of multiple devices that keep the connection open without interference.
DNS Server Change The DNS server will no longer automatically provide forward and reverse DNS lookups for local IPs. For example the reverse of a LAN IP of 1.1.1.1 would yield ip-1-1-1-1.lan, and there would be a forward lookup for the same.

Support

Release Information

The Netbox Blue update management system schedules updates automatically for each Netbox unless requested not to do so for updates in Rollout status.

A manual update can be requested on the Netbox (Administration > Updates). This will update to the latest release in the Available for Installation status (or Rollout if that is the most recent release shown).

To have the Netbox download and install updates at a scheduled time, use the Schedule Firmware Update section. To begin downloading and updating immediately, choose 'Run Update Now' in the Immediate Firmware Update section.

A status of Installation Upon Request indicates the release may have some major changes, and is available by contacting support, who can schedule this update in conjunction with you.