Hermes
Release 25
Release Status:
Active Hermes (Greek: 'pile of marker stones'), in Greek mythology, is the god of boundaries and of the travellers who cross them. [ Source: http://en.wikipedia.org/wiki/Hermes (2005-03-07) ]
Additions for Hermes 25j
| Item | Type | Details |
|---|---|---|
| ClamAV Virus Scanner | Enhancement | The ClamAV virus scanning engine was updated to the latest version to improve detection capabilities. |
| Email Quarantine | Enhancement | It is now possible to mark email as being destined for a Quarantine folder instead of dropping it as an Email Scanning Action. In order to use the Quarantine, edit the Unwanted Content Action and remove the Block Message and Stop Processing subaction and add a Tag for Quarantine and Continue Scanning Action in its place. |
| Email Queue | Enhancement | When the email queue is very large, such as when an internal virus has been attempting to send spam from behind the NetBox, the Administration > Email Queue interface will notify the administrator that there is a very large amount of email waiting, and give the option of deleting all the email in the queue. |
| Bigpond Cable Links | Enhancement | The Bigpond Cable Client is no longer required to logon to the Bigpond cable network, such links will be automatically turned into DHCP connections. |
| External POP3 Accounts | Fix | When testing the external email accounts under Manage Users the mail would sometimes be delivered into the wrong email account. This has now been fixed. |
Additions for Hermes 25i
| Item | Type | Details |
|---|---|---|
| PPTP Remote Access Logging | Enhancement | All log messages concerning users who are logged in on PPTP will now have the users login name prepended to the log message. |
| Webmail Attachment Download | Fix | Email attachments with filenames containing non-ASCII data, would sometimes fail to download correctly. This issue has been addressed. |
| Webmail Message Quoting | Fix | When replying to a message, sometimes the html or text version of the email you are replying to did not get brought forward correctly. Quoting emails when replying is now more robust. |
| Innoculate Virus Scanner | Fix | Innoculate have moved the server that provides virus definition updates, so the NetBox now pulls the data from the new server. |
| Sophos Virus Scanner | Enhancement | The Sophos virus scanning engine was updated to version 4.19.0 to improve detection capabilities. |
| ClamAV Virus Scanner | Enhancement | The ClamAV virus scanning engine was updated to the latest version to improve detection capabilities. |
| URL Filtering | Enhancement | URL lists are now sorted by domain suffix to make it easier to scan through a large list of URLs and find one. |
| Web Interface | Fix | Some fields in the user interface that should have been allowed to be blank would require values unnecessarily. This has been resolved. |
Additions for Hermes 25h
| Item | Type | Details |
|---|---|---|
| SSL Certificates | Enhancement | Boxes with invalid SSL keys that were not accessible from the internet
when the site key was requested will now
automatically request new SSL keys from NetBox Blue. The SSL keys are used for
services such as the HTTPS web management interface, IMAP over SSL and
POP3 over SSL. The master certificate can be obtained from http://netboxblue.com/certs/ if you want to install it in your browser or email client. |
| Kernel update | Enhancement | The NetBox kernel has been updated to address security issues, and to provide an upgrade path for the exciting new NetBox firewall. |
| Web Proxy | Fix | Correct a problem that made it hard to configure an Upstream Web Proxy with the correct port number. |
| Users & Groups | Fix | Update the export functionality for Users and Aliases on the NetBox. Correct a problem that caused exporting the users to sometimes export the groups. Data is now exported in the default CSV dialect understood by Microsoft Excel. |
| McAfee/Uvscan Engine Update | Enhancement | The McAfee/Uvscan virus scanning engine was updated to improve detection capabilities and address security concerns. |
Additions for Hermes 25g
Note: This release contains new End User Terms that must be agreed to with in 30 days after the installation of the update. These new terms follow a different procedure, including requiring confirmation via email. Please carefully read the messages on the new screens.
| Item | Type | Details |
|---|---|---|
| End User Terms | Enhancement | New End User Terms agreement. There is a new process for agreeing to
the End User Terms that requires that an email be sent to the Site Contact
Email Address, and the Site Contact will have to agree to the new terms.
The instructions are provided on screen when logging in as a user with administrative privileges. Please read the messages and alerts closely to ensure you take the correct action. |
| Online Help | Enhancement | The online help has been significantly revised, and there is now a printable manual that can be accessed from Help > Search > printable version. |
| Traffic Shaping | Fix | Some user interface bugs that can occur in Traffic Shaping when the Back button in the browser is used have been corrected. |
| ClamAV engine updated | Enhancement | The ClamAV virus scanning engine was updated to improve detection abilities and address security issues. |
| NetBox Web Interface | Fix | The NetBox web interface will continue to function correctly when run on NB-SOHO units that are performing many tasks. |
| SMTP Rate Limiting | Enhancement | The mail server that is providing services to the LAN now by default will rate limit connections. This will mean that when someone brings an infected laptop onto the network, if that laptop starts sending unsolicited email, it will be throttled, and an alert sent to the alert email address. This can be configured under Configuration > SMTP Server. |
| IPsec upgrade | Enhancement | The IPSec library used by the NetBox has been upgraded for security reasons. |
| CD and VMWare Installations | Enhancement | The process of creating a Software NetBox, either via a CD install on physical hardware, or in a VMWare virtual machine has been revamped to make it even easier. |
| DNS Realtime blacklists | Fix | The infrastructure to support DNS Blacklists has been upgraded. Now advertising DNS servers (such as opendns.org) are supported, and blacklist providers who do not supply TXT records are now supported when scanning POP3 email. |
| SMTP Domain Name Matching | Enhancement | When configuring a SMTP Passthru domain, a Spam Whitelist or a Spam Blacklist, now use a dot prefixed domain (".example.com") to specify a domain and all its sub-domains. |
| Mail Queue | Enhancement | Mail Queue view now has more fine grained indication of the status of messages, the following states are now reported: Scanning, Waiting, Incoming, Outgoing, Deferred and On hold. |
| Active Directory Authentication | Enhancement | Active Directory support now scales to many more users than before. Previously, having several thousand users in your Active Directory could cause issues with the NetBox interface. |
| VLAN Interface | Enhancement | When adding networks to new VLANs via the Advanced LAN functionality, a reasonable DHCP allocation range is automatically selected. |
| Administrative Contacts | Enhancement | Administration > Site Contact now distinguishes between the Alert email address, which is for technical emails regarding the NetBox and the Site Contact's email address, which is the email address of the customer on site. |
| Site Key DNS | Enhancement | Site Key DNS records are now updated every 24 hours as
well as every time a new connection to the internet is detected, just in
case the internet facing IP address of the NetBox was changed upstream of
the NetBox, such as when the NetBox is behind a NATing firewall. Additionally, '.safenetbix.biz' DNS records now publish HTTPS SRV records, so that automated systems that talk to the web interface of a NetBox always know what port to connect on. SRV records are also used to automatically configure and update port forwards required to allow the update system to reach branch office NetBoxes. |
| Greylist Optimisation | Fix | Greylisting has been enhanced so that it will perform better on sites that have a very large volume of email going through the NetBox. |
| Internet Configuration - Ethernet | Enhancement | Make it harder to enter incorrect IP and Gateway details when configuring an ethernet internet connection with a static IP. It is now not possible to select a gateway that isn't in the correct subnet for the internet side IP. |
Additions for Hermes 25f.3
Note: This release contains updates that are only relevant to specific NetBox configurations. To minimise disruption, this release has only been applied to sites that will benefit from it.
| Item | Type | Details |
|---|---|---|
| X3250 support | Enhancement | The NetBox kernel has been updated to support the hardware used in IBM X3250 servers. |
| RAID hardware stability | Enhancement | Improvements have been made for handling the RAID hardware used in some NetBox models. |
| Sophos engine update | Enhancement | The Sophos virus scanning engine was updated to version 4.15.0 to improve detection capabilities. |
Additions for Hermes 25f.2
| Item | Type | Details |
|---|---|---|
| Out-of-office notifications extended | Enhancement | The out-office-notification feature introduced in release 25f now has
two new functions:
|
| Database engine update | Enhancement | The database engine used internally by the NetBox has been updated to improve performance, fix bugs and address security concerns. |
| Improved storage checks | Enhancement | The checks of the storage hardware performed when the NetBox starts up have been made more efficient and thorough. |
| Robust update downloads | Enhancement | The NetBox automated update software is can now better handle problems during update downloads. It will try each download server at least once before giving up. |
| Network Monitoring robustness | Enhancement | The Network Monitoring system is now better at handling problems caused by corrupt data in it's internal caches. |
| Greylisting logs fixed | Fix | A problem with display of greylisting logs has been fixed. |
| Webmail UI fixes | Fix | A number of fixes have been made to the user interface of the webmail system. |
| Active Directory referrals disabled | Fix | The NetBox no longer follows LDAP referrals that may be returned by an Active Directory server. This avoids authentication issues that may arise in such a situation. |
Additions for Hermes 25f
| Item | Type | Details |
|---|---|---|
| Image spam detection | New |
The Email Scanning spam criteria now includes sophisticated algorithms to detect spam emails that use images. Image processing, character recognition and statistical techniques are used to identify such spam emails which are usually difficult to detect. The detection mechanisms used have been widely tested to ensure that false positives are avoided. Image spam detection will be enabled by default when this update is installed. It is implemented as part of the "Detects as spam" criteria in the Email Scanning module. |
| Out-of-office notifications | New |
It is now possible to configure out-of-office/vacation messages for user accounts. Notifications will only be sent once per day for each remote sender. The notification messages are fully customisable, with templating support. An optional date can be specified for notifications to automatically stop. To enable these notifications go to Users & Groups > Manage Groups in the NetBox web interface and enable notifications for the groups that require them. Then edit user accounts at Users & Groups > Manage Users to configure the notification messages. A primary email address must be set for each account before the notifications can be configured. |
| Custom real-time IP blacklists | New | The NetBox can now use any standard anti-spam real-time blacklist (RBL) available. Custom blacklists configured with NetBox can be used both at the email delivery time by the NetBox SMTP server as well as by the Email Scanning module (Spam criteria). To add custom blacklists go to Configuration > SMTP Spam Control > Custom IP Blacklists in the NetBox web interface. See the online help for more details. |
| Webmail revamp | Enhancement | The NetBox webmail user interface has been significantly changed to improve usability. The system now makes full use of the available screen space, handles large number of folders more efficiently and has many changes to make webmail easier and faster to use. |
| Testing and forcing of external POP3 pickup | Enhancement | It is now possible test external POP3 retrieval settings from the NetBox user interface. It is also possible to force immediate retrieval for a particular user. These new features can be found at Users & Groups > Manage Users > [edit a user] > External POP3 Accounts. |
| More concurrent email scanners | Enhancement | The Email Scanning module will now scan more emails concurrently on higher end NetBox hardware with multiple processors. This will increase email scanning throughput on such systems. |
| ClamAV engine updated | Enhancement | The ClamAV virus scanning engine was updated to improve detection abilities and address security issues. Internal settings were adjusted to avoid false positives when detecting compressed archive "bombs". |
| Contact address verification | Enhancement | The primary email address entered at Administration > Site Contact is now verified via SMTP (if possible). This helps to ensure that this important address is valid and exists. |
| Help updates | Enhancement | Many help articles were updated to improve clarity and detail. Some minor improvements to the help user interface have been made. |
| Email Monitoring report graph | Fix | The message frequency graph on the Email Monitoring report now always shows the number total, blocked and allowed messages, regardless of the settings that apply to other sections of the report. |
Additions for Hermes 25e.9
| Item | Type | Details |
|---|---|---|
| Inbound traffic shaping configurations increased | Enhancement | An internal limit for the maximum number of possible inbound traffic shaping configurations was increased to 128. |
| Dates in Email Monitoring CSV output | Enhancement | The date and time format used by the CSV output of the Email Monitoring module has been updated so that it is recognised by Microsoft Excel 2003 without modification. |
| Time zone data update | Enhancement | The time zone database used by the NetBox was updated to accommodate last minute changes to Western Australian daylight saving rules. Due to the urgent nature of these changes, this update was performed as a hotfix after 25e.8 was released. |
| Network Tools updates | Enhancement | A number of internal and user interface improvements have been made to the "Ping", "Traceroute" and "Test Email Domain" tools. These changes enhance the robustness and consistency of these tools. |
| DNS configuration update | Enhancement | The configuration of the NetBox DNS server and its' integration with the Internet Auth module has been improved. These updates avoid unnecessary DNS lookup delays delays when URL Filtering group policies are checked for remote VPN networks. A number of other minor issues were also been resolved. |
| User upload fix | Fix | A problem with error handling in the user upload feature was fixed. This problem prevented a useful error message from being displayed in some cases if an invalid group name was specified. |
| Traffic shaping user interface fixes | Fix | A number of minor problems were fixed with the Traffic Shaping user interface. These mainly related to error handling under unusual conditions. |
Additions for Hermes 25e.8
| Item | Type | Details |
|---|---|---|
| Centralised spam IP blacklist | New |
The njabl.org spam IP blacklist previously used by the NetBox has been replaced by a blacklist managed by NetBox Blue. This new blacklist aggregates several external blacklists (including njabl.org) and also allows NetBox Blue to instantly update listings in response to new spam sources. This new blacklist should make a significant impact on the amount of spam blocked by the NetBox. The new NetBox Blue IP blacklist will be automatically enabled on your NetBox if you had the njabl.org blacklist enabled with the previous firmware version. |
| Additional spam URL blacklist | New |
The spam detection criteria of the NetBox Email Scanning module now supports a new spam URL blacklist (uribl.com). This blacklist helps in detecting spam URLs that may be missed by the existing surbl.org, helping to block even more spam. The new uribl.com URL blacklist will be automatically enabled on your NetBox if you already have the surbl.org blacklist enabled. |
| Spam control settings moved | Enhancement | The NetBox SMTP server Spam Control settings have been moved to their own screen to make it easier to locate options in the user interface. The new screen can be found at Configuration > SMTP Spam Control in the web interface. |
| Greylisting updates | Enhancement |
The NetBox now automatically adds entries to its' greylist database for emails sent from local users to the outside internet. This means that replies to emails sent by local users will not be subject to the inconvenience of the standard greylisting delay. Greylisting now supports optional sender only matching. This means that once a external sender has been accepted once by the greylisting module it will always be accepted regardless of the local recipient. This adds convenience for users at the expense of potentially missing some spam. A greylist training feature is now available. During a training period, email senders and recipients will by tracked by the greylist module as normal but emails will not be delayed. This allows for a useful greylist database to built up without inconveniencing users of the NetBox. Greylisting settings can be found at Configuration > SMTP Spam Control in the web interface. |
| Email header modifications | New | The Email Scanning module now supports an "Add or Modify Header" sub-action which allows email headers to be added or changed during scanning. New headers can now be conditionally added to emails; headers can be selectively modified. The normal Email Scanning substitution tokens are supported in the header value. |
| Invalid local SMTP senders are no longer allowed | Enhancement |
The NetBox now no longer accepts sender addresses where the sender domain is hosted on the NetBox but the sender address doesn't exist. This stricter checking helps improves spam rejection. NOTE: This change means that emails that were previously accepted by the NetBox may no longer be accepted. Users should ensure that email is being sent from valid addresses. |
| SAV sender address has changed | Enhancement | Due to a number of email servers rejecting all email from "postmaster@" addresses the NetBox will now perform Sender Address Verification checks from a address of "sav-[sitekey]@services.netboxblue.com". This avoid problems doing SAV checks against these misconfigured email servers. |
| Extra SMTP submission ports | Enhancement | Two new ports are now available on the NetBox to allow emails to be
sent by remote users when the standard SMTP port has been blocked by the
ISP. These ports are:
|
| Extensive help updates | Enhancement | Many new and existing help articles have been added and updated for a wide variety of NetBox functionality. |
| Administration tools renamed | Enhancement | To more accurately reflect their functionality the following
administration tools have been renamed:
|
| Rogue DHCP server detection | Enhancement | The Test Configuration tool now tests for DHCP servers that shouldn't be present on a network. Each network interface of the NetBox is checked. This can help detect and avoid problems caused by illegal DHCP servers on a network. This tool can be found at Administration > Test Configuration in the NetBox web interface. |
| Whois tool | New | A new tool is now available under Administration > Network Tools to perform Whois (domain registration) lookups on arbitrary domain names. |
| ClamAV engine updated | Enhancement | The ClamAV virus scanning engine was updated to improve detection abilities and address security issues. |
| Sophos engine update | Enhancement | The Sophos virus scanning engine was updated to version 4.11.0 to improve detection capabilities. |
| SMTP Access Control comments | Enhancement | The SMTP Access Control screen now allows a comment to be attached to any entry. These comments can act as reminders as to why a particular item was added. |
| Advanced Configuration reboots | Enhancement | The Configuration > Advanced screen will now only require a reboot of the NetBox during an Apply when strictly required. This avoids unnecessary reboots when some settings are changed. |
| Email address resolution optimised | Enhancement | The internal services used to resolve email address on the NetBox have been significantly optimised to reduce resource usage and increase processing speed. |
| Kernel update | Enhancement | The NetBox kernel has been updated to address security issues and support new hardware on some IBM server platforms. |
| Web content filtering update | Fix | The third party engine used by the Web Content Filtering module was updated to fix a major problem triggered by downloading large files. |
| Network Monitoring name upload problem | Fix | A problem that could cause accidental removal of entries using the bulk name upload feature of the Network Monitoring module was fixed. |
Additions for Hermes 25e.7
| Item | Type | Details |
|---|---|---|
| Encryption library update | Enhancement | A major encryption library used by multiple NetBox components was updated to address a newly discovered security vulnerability. |
| Clarifications on the site Contact screen | Enhancement | The site contact screen has been updated to clarify what should go into each field. To confirm your details are correct log in to your NetBox and go to Administration > Site Contact. |
Additions for Hermes 25e.6
| Item | Type | Details |
|---|---|---|
| Sitekey request proxying | New | Sitekey requests can now be proxied through a NetBox running in Internet/VPN Gateway mode. This is intended to allow new nodes to have site keys configured even if they do not have internet access. As long as a node can route to an online I/VPN gateway node it can request a sitekey. A proxy option is now available on the Configuration > Site Key screen. |
| Site Contact screen | New | There is now a new Site Contact screen where details such as the physical site address and contact person can be entered. This information will be used by resellers and NetBox Blue to facilitate support contact and shipping. The new screen can be found at Administration > Site Contact. Please update the contact details on your NetBoxes. |
| Automatic Active Directory plugin tests | Enhancement |
The NetBox will now regularly test any configured Active Directory plugins for configuration and runtime errors. If a problem is detected the administrator email address will be notified. This will help ensure that critical AD issues are resolved quickly. User interface error checking and help for the AD plugin has also been improved to minimise configuration errors. |
| Email queue forcing | Enhancement | Re-delivery for items in the NetBox email queue can now be forced. |
| Improved hard disk checks | Enhancement | The automated online hard disk checks performed by the NetBox have been improved to provide more useful information. |
| Encryption library update | Enhancement | A major encryption library used by multiple NetBox components was updated to address a newly discovered security vulnerability. |
| DDNS IP detection | Enhancement | The NetBox DDNS client software now has an improved algorithm for detecting the public NetBox IP address. This should fix robustness issues experienced at some sites with updates of the site key DDNS name. |
| Longer usernames | Enhancement | The maximum username length allowed by the NetBox has been increased to 50 characters. |
| Email Monitoring UI sorting fix | Fix | A sorting problem in the Email Monitoring query interface was fixed. |
| Traffic Shaping range fix | Fix | A problem with the handling of large numbers in the Traffic Shaping configuration was fixed. |
Additions for Hermes 25e.5
| Item | Type | Details |
|---|---|---|
| Interface status display | New | A new Interface Status display is now available in the NetBox web interface. It shows detailed troubleshooting information for all network interfaces including Ethernet speed, cable status, IP and MAC addresses. The new display can be found at Administration > Interface Status in the NetBox web interface. |
| NetBox services access via I/VPN gateways | Enhancement | NetBoxes acting as Internet/VPN gateway nodes now automatically allow access to all NetBox update services for it's Internet/VPN clients. Access is provided regardless of firewall or Internet Auth settings. A technician installing a NetBox doesn't need to remember to allow access to these services thus eliminating configuration errors. |
| Network Monitoring graphs | Enhancement | The graphs generated by the Network Monitoring module have been reworked to improve presentation and consistency. |
| Email folder cleanup | Enhancement | To minimise management effort and reduce storage requirements, archived email folders belonging to deleted users are now automatically deleted after 12 weeks. This archive period can be changed by setting the "Purge deleted user mailboxes" setting on the Configuration > Advanced page in the NetBox web interface. |
| ClamAV engine updated | Enhancement | The ClamAV virus scanning engine was updated to improve detection abilities and address security issues. |
| Kernel update | Enhancement | The NetBox kernel has been updated to address security concerns and fix reliability issues with some networking hardware used on the NetBox. |
| Web server update | Enhancement | The server that drives the NetBox web interface was updated to address security concerns. |
| Web proxy report cleanup | Fix | Due to faults in a third party product used on the NetBox, old web proxy reports were being cleaned up incorrectly. This problem has now been worked around. Daily reports will now be kept for two months. Weekly reports will be kept for 6 months. |
Additions for Hermes 25e.4
| Item | Type | Details |
|---|---|---|
| SMTP AUTH support for outbound email host | Enhancement | SMTP authentication may now be used for the optional outbound email host used by the NetBox. This is required if the ISP or other external mail server used as a relay requires SMTP authentication. The authentication details can be entered at Configuration > SMTP Server in the NetBox web interface. |
| Sophos engine update | Enhancement | The Sophos virus scanning engine was updated to version 4.0.7 to improve detection capabilities. |
| Blank ADSL passwords | Enhancement | Blank passwords are now allowed for ADSL internet connections. This is required for some ISP's in the United Kingdom. |
| Maximum PPTP connections | Enhancement | The maximum number of concurrent PPTP connections supported by the NetBox has been increased to 128. |
| VPN status warnings | Enhancement | The NetBox VPN status display now shows more warnings and errors to aid in troubleshooting VPN problems. This display can be found at Administration > NetBox VPN Nodes in the NetBox web interface. |
| Network Monitoring free space handling | Enhancement | Data collection for the Network Monitoring module will now stop if storage space on the NetBox is low. This will avoid more serious problems that may occur if storage space is completely exhausted. |
| Robustness of SMTP configuration screens | Enhancement | The robustness of the SMTP configuration screens has been improved to better handle duplicate domain entry and multi-user concurrency. |
| Internal web interface changes | Enhancement | Many internal changes have been made to the NetBox web interface to improve validation capabilities. |
| Unusual usernames in IMAP/POP3 server | Enhancement | The NetBox IMAP and POP3 servers have been extended to better handle unusual characters in user and mailbox names. This allows for more reliable integration with Active Directory configurations. |
Additions for Hermes 25e.3
| Item | Type | Details |
|---|---|---|
| Network driver update | Enhancement | A network driver required for some NetBox hardware models was updated to improve performance and stability. |
| IPSec firewall updates | Enhancement | The internal firewall structure relating to IPSec traffic was modified to better handle outbound traffic. |
| Update related upgrades | Enhancement | Several low level systems were upgraded to avoid problems during NetBox firmware updates. |
Additions for Hermes 25e.2
| Item | Type | Details |
|---|---|---|
| Test Link tool | New |
A new diagnostic tool is now available to test the configuration of the internet link used by the NetBox. The tool tests outbound access for common protocols such as DNS, HTTP and SMTP as well as checking for duplicate IP addresses and external availability of services on the NetBox. It can be used to verify correct installation and should be used as the first step to diagnose connectivity issues. The Test Link tool can be found at Administration > Internet Tools > Test Link in the NetBox web interface. |
| Enhanced Active Directory testing | Enhancement | The Active Directory authentication plugin now includes a more comprehensive configuration test that shows both the primary AD group name and the mapped NetBox group name. Up to 500 AD users are now queried during the test. Troubleshooting of AD integration issues should now be much easier. |
| Extended POP3 and IMAP logs | Enhancement | The NetBox POP3 and IMAP logs now show the IP address and port of the client. This aids troubleshooting of email retrieval problems. |
| Internet Auth logs | Enhancement | A log is now available at Administration > View Logs that shows login and logout activity for the Internet Auth module. This may aid in diagnosing Internet Auth login issues. |
| Database engine update | Enhancement | The database engine used internally by the NetBox has been updated to address several security concerns. |
| ClamAV engine updated | Enhancement | The ClamAV virus scanning engine was updated to improve detection abilities and address security issues. |
| DNS Configuration Change | Enhancement | The NetBox DNS server will now accept query requests from all internal hosts. This means the DNS service of the gateway node in an Internet Over VPN setup can be accessed from all nodes on the VPN. |
| Internet Over VPN client improvements | Enhancement | The network configuration used on Internet Over VPN client NetBoxes has been made more efficient and changed to avoid ARP problems that can occur. |
| Email Monitoring query fix | Fix | A problem with the Email Monitoring query interface was fixed. It was possible to cause the screen to fail under very specific conditions. |
Additions for Hermes 25e.1
| Item | Type | Details |
|---|---|---|
| Kernel upgrade | Enhancement | The NetBox kernel has been upgraded to address security issues and improve stability. |
| Core system library update | Enhancement | A critical system library was updated to address newly discovered security concerns. |
| ClamAV engine updated | Enhancement | The ClamAV virus scanning engine was updated to improve detection abilities and address security issues. |
| Shutdown and reboot confirmation | Enhancement | The Shutdown facility (Configuration > Shutdown) now requires user confirmation before immediate shutdowns or reboots are performed. |
| NetBox VPN firewall and routing changes | Enhancement | The firewall and routing setup used for the NetBox VPN client mode was restructured to better accommodate unusual network configurations. |
| Web proxy reverse DNS optimisation | Enhancement | The NetBox web proxy has been modified to not attempt reverse DNS lookups when performing access control checks on IP URLs (eg. "http://1.2.3.4/"). This improves responsiveness when there is no reverse DNS record or when the DNS server fails to respond to the reverse DNS query. |
| Active Directory enhancements | Enhancement | The Active Directory authentication plugin has been improved to better handle certain types of users listed in the directory. |
| Email Monitoring report totals | Fix | The totals shown in the Email Monitoring report now correctly honour the "include blocked emails" setting. |
| DNS failure with duplicate LAN networks | Fix | A problem with the NetBox DNS server failing due to overlapping or duplicate LAN networks has been fixed. |
Additions for Hermes 25e
| Item | Type | Details |
|---|---|---|
| NetBox VPN Module | New | The NetBox VPN module has been redeveloped to be more flexible and
easier to configure. Notable changes include:
|
| Internet Auth Caching | New | The Internet Auth client login screen now allows users to cache their username and password on their own machine meaning that they can be logged in automatically. The administrator can configure this feature at Internet Auth > Config > Remember username and password in the web interface. |
| Email Monitoring CSV Output | New | The Email Monitoring browse screen now allows for output to CSV for any query. All query results or just the currently displayed page can be downloaded. Performance for large queries has been improved. |
| SMTP AUTH On LAN | New | An option has been added to control whether or not SMTP AUTH is available on the LAN interfaces of the NetBox. This setting only has effect if SMTP AUTH is enabled. It can be found under Configuration > SMTP Server in the web interface. |
| Active Directory Plugin Improvements | Enhancement | The Active Directory authentication plugin has been enhanced to provide more reliable and comprehensive searching of the LDAP tree. A new test function performs an actual query against the AD server and shows the users found to help verify the configuration. |
| Blocked Emails in the Email Monitoring Report | Enhancement | The Email Monitoring report now has an option to control whether blocked emails are shown in the report. This defaults to not showing blocked emails to avoid confusingly high statistics caused by spam and virus attacks. |
| Email Monitoring Recipient Handling | Enhancement | The method used to record recipients in the Email Monitoring module has modified to provide clearer statistics. Previously all email recipients were recorded regardless of whether they were local or not. Now only the envelope recipients of emails as received by the NetBox are logged. |
| SMTP Sender Whitelist Before Greylisting | Enhancement | The SMTP sender whitelist now applies before greylisting so that email from whitelisted senders bypass greylisting. |
| SMTP Domain Interface | Enhancement | The SMTP pass-thru domain screen has been updated to be more consistent with the rest of the NetBox interface. It is now not possible to enter the same domain in both the local and pass-thru domains sections. |
| Web Server Update | Enhancement | The server that drives the NetBox web interface was updated to address security concerns. |
| Web Proxy Update | Enhancement | The NetBox web proxy server was updated to address various security issues. |
| Sophos Engine Update | Enhancement | The Sophos virus scanning engine was updated to improve detection capabilities. |
| Firewall UI Fixes | Fix | Issues with the user interface on the LAN to Internet firewall screen have been resolved. |
Additions for Hermes 25d.3
| Item | Type | Details |
|---|---|---|
| Database Time Zone Data Update | Update | A database backend on the NetBox was using its own copy of the the time zone and daylight savings rules causing mismatches in time handling internally on the NetBox. The database now uses the system-wide time zone rules. |
Additions for Hermes 25d.2
| Item | Type | Details |
|---|---|---|
| Time Zone Data Update | Update | The time zone database used internally on the NetBox was updated to account for recent changes in daylight saving rules. |
Additions for Hermes 25d.1
| Item | Type | Details |
|---|---|---|
| Kernel Upgrade | Enhancement | The NetBox kernel has been upgraded to address security issues and improve hardware support. Additionally, users should see increased stability for PPTP connections forwarded through and terminated at the NetBox. |
| Update System Transport Upgraded | Enhancement | The encrypted transport used by the NetBox update system has been upgraded to patch various security issues. |
| ClamAV engine updated | Enhancement | The ClamAV virus scanning engine was updated to fix problems with handling of certain zip archives. |
| NetBox VPN Access From LAN Interfaces | Enhancement | The NetBox VPN server is now accessible from the LAN interfaces of the NetBox to accommodate unusual VPN setups. |
| Compatibility for Older Browsers in Webmail | Enhancement | The webmail interface should now be usable with older web browsers that don't support the IFRAME tag. Users of such browsers will now see a link for viewing the email body. |
| Email Scanning Re-encoding | Fix | A problem was resolved in the Email Scanning module that was causing some emails to be incorrectly re-encoded after processing. |
| Network Monitoring Local Names Fix | Fix | A fault was fixed which prevented updates on the Network Monitoring Local Names screen from taking immediate effect when apply changes was performed. |
| Archiving Fixed for Large Mailboxes | Fix | A problem with the archiving of large mailboxes has been fixed. Previously archiving of mailboxes containing many thousands of emails would fail and leave the mailbox behind. |
Additions for Hermes 25d
| Item | Type | Details |
|---|---|---|
| Active Directory Support | New | The NetBox now supports LDAP authentication against Microsoft Active
Directory servers. Full integration with most NetBox services is
supported including email mailboxes and email aliases. This new
authentication plugin includes auto-detection functionality to
automate the more difficult parts of the configuration process.
NetBox authentication is configured under Configuration > Authentication in the web interface. |
| Grey Listing Support (Anti-spam) | New | SMTP greylisting is now available on the NetBox as another tool to
help reduce spam. For more information on grey listing see the
Grey listing
knowledge base article.
Grey listing is not enabled by default. The setting can be found at Configuration > SMTP Server > Enable greylisting in the NetBox web interface. |
| IPSec Configuration Interface | New | The NetBox now has a web interface for configuring IPSec tunnels. The
interface is designed so that minimal configuration is required in most
cases. The default settings will work with most third-party IPSec
gateways.
The configuration screen can be found at Configuration > IPSec in the NetBox web interface. Additionally, IPSec logs are now available via the View Logs interface. NOTE: sites currently running IPSec tunnels manually configured by NetBox Blue engineers will need to be reconfigured to use the new IPSec system. Please contact NetBox Blue to arrange a configuration conversion before this update is applied. |
| User Configurable SNAT | New | Flexible control over Source Network Address Translation
(SNAT/masquerading) for all network interfaces is now available.
Specific hosts, networks and interfaces can be configured as requiring
or not requiring SNAT. This can be of use when integrating NetBoxes into
more complex network environments.
This new screen can be found at Advanced Firewall > SNAT in the NetBox web interface. |
| Webmail Large Email Handling | Enhancement | The NetBox webmail system has been refactored to better handle large emails and attachments. Interface response times and general robustness has been significantly improved. In addition, several minor faults were corrected. |
| NetBox VPN TCP Compression | Enhancement | The NetBox VPN subsystem now supports compressed TCP connections. This provides vastly increased compression performance at the price of reduced security. TCP VPN links recommended for use on private links where bandwidth is at a premium. Reports on compression performance are given regularly in the NetBox VPN logs. |
| DNS Forward Zones | Enhancement | The NetBox Local DNS feature now supports forward zones. Lookups for particular DNS zones can be forwarded to specified DNS servers. This is useful in intranet scenarios where particular DNS zones must be resolved by an internal DNS server. |
| Web Proxy Enhancements | Enhancement | All web proxy related settings have been moved from the Advanced
screen to their own screen. This means reboots are no longer required
during an Apply Changes when web proxy configuration changes are made.
Additionally, it is now possible to specify remote sites that are excluded from the web proxy when it is running in transparent mode. This is useful if the remote site should not be cached or if there is some compatibility issue with the site and the proxy. |
| Increased Concurrent PPTP Connections | Enhancement | The maximum number of concurrent connections to the NetBox PPTP server has been increased to 128. |
| DNS Tunnelling Prevention for Internet Authentication | Enhancement | It is now very difficult for unauthenticated users to tunnel data over the DNS protocol if they are not logged in (this only applies if Internet Auth is enabled). Unauthenticated users are only allowed to make restricted, rate-limited DNS queries with small response sizes. This makes DNS tunnelling an unattractive way to transfer data. |
| Help Formatting | Enhancement | The layout and formatting of NetBox help articles has been improved to enhance readability and print-ability. |
| Email Scanning Report Improvements | Enhancement | The email scanning report now includes sub-totals to give an overview of number of messages blocked and accepted. Emails blocked due to grey listing is now included in the report. |
| Handling When No NetBox Authentication Plugin is Configured | Enhancement | The functionality of the Users and Groups module is now restricted if there is no NetBox authentication plugin configured. This is to avoid confusion as the users and aliases defined on the NetBox will have no affect without the NetBox authentication plugin. |
| Email Server Modified To Handling Unusual Characters | Enhancement | The NetBox POP3 and IMAP server has been modified to better handle unusual characters in user and mailbox names. This is required to provide consistent support for usernames allowed by Active Directory. |
| Character Handling in External POP3 Pickup | Fix | A fault with character handling in the external POP3 pickup service was corrected. The fault was only triggered under rare circumstances by specific emails. |
Additions for Hermes 25c.1
| Item | Type | Details |
|---|---|---|
| ClamAV Engine Update | Enhancement | The ClamAV virus scanning engine was updated to improve detection capabilities and address security concerns. |
| Sophos Engine Update | Enhancement | The Sophos virus scanning engine was updated to improve detection capabilities and address security concerns. |
| McAfee/Uvscan Engine Update | Enhancement | The McAfee/Uvscan virus scanning engine was updated to improve detection capabilities and address security concerns. |
| Web Proxy Log File Handling | Enhancement | The NetBox web proxy was updated to improve handling of huge log files (> 2GB). |
| Bogon List Updated | Enhancement | The list of "bogon" (unused or private) addresses used by the firewall and other NetBox components has been updated to match the current official list. |
| Encryption Library Update | Enhancement | An encryption library used by multiple NetBox components was updated to address a newly discovered security vulnerability. |
| Email Alias Validation Problem Fixed | Fix | An email alias input validation problem was fixed. The input validation was too strict to allow otherwise valid aliases. |
| Mailbox Archiving Matching Fix | Fix | A problem existed which meant email mailboxes could be incorrectly archived under rare conditions. This issue has been fixed. |
| Email Queue Paging Issue Fixed | Fix | The total number of pages displayed on the email queue screen could be incorrect in some circumstances. This has been rectified. |
Additions for Hermes 25c
| Item | Type | Details |
|---|---|---|
| Internet Auth: IP and MAC Based Login | New |
The Internet Authentication module now supports automated login by IP or MAC address. This allows unattended systems on the network to be associated with a NetBox user for quota and logging purposes. It is also useful for avoiding the need for manual logins in low security environments. |
| Remote NetBox Authentication | New |
It is now possible for a NetBox to utilise user accounts defined on an external NetBox. This allows for centralised management of user accounts when multiple NetBoxes are in use. The "client" NetBox sees all users in authentication stack of the "server" NetBox. If the "server" NetBox is querying other authentication sources the "client" will see these too. Remote NetBox authentication can be configured under Configuration > Authentication in the NetBox web interface. |
| Email Monitoring Report | New |
The NetBox Reporting section now supports an Email Monitoring report. Detailed analysis of SMTP and POP3 email traffic is provided including top local and remote senders, recipients and domains. This report type only functions for sites with the Email Monitoring NetBox module. It will be automatically added to the default Detailed report if this report exists in your configuration. |
| Link State Notification | New | The NetBox can now send notification emails when the internet link goes down or comes up. One or more notification addresses can be configured. See Administration > Alerts in the NetBox web interface. |
| Internet Auth: Major Improvements | Enhancement | Multiple improvements have been made to Internet Auth module:
|
| URL Filtering and Internet Auth Integration | Enhancement | URL Filtering policies can now be configured to apply to specific NetBox user groups. A user's group is determined via their Internet Auth login session. This allows URL Filtering policies to be easily and correctly applied in dynamic LAN environments. |
| Filtering in the Connection Monitoring Screen | Enhancement | The Administration > Connection Monitoring interface now allows for filtering by specific IP addresses or networks. This is useful when diagnosing connections on a busy NetBox. |
| Support for IP Style Domains | Enhancement |
The NetBox now accepts email recipients of the form "user@[1.2.3.4]" where 1.2.3.4 is the IP address of the NetBox. This style of domain was previously not supported. To avoid abuse by spammers the NetBox must be explicitly configured to accept email for such a domain. To have the NetBox accept an IP style domain enter the domain on the Configuration > SMTP Local Domains screen (eg. "[12.34.12.257]"). |
| Email Monitoring Optimisations | Enhancement | The Email Monitoring interface has been optimised. Response times for most common queries should be significantly faster. |
| Resource Optimisations | Enhancement | Various core systems of the NetBox have been optimised to reduce startup time and reduce resource usage. This allows the NetBox to run more efficiently and support more concurrent functionality. |
| Webmail Fixes | Fix | Several problems in the webmail interface have been repaired. These fixes relate to handling of errors when an external email client deletes messages during an active webmail session. Some minor message parsing issues were also resolved. |
Additions for Hermes 25b.1
| Item | Type | Details |
|---|---|---|
| Authentication Logs | New | Logging for the NetBox authentication system has been improved. These logs are now available under Administration > View Logs in the NetBox web interface. |
| ClamAV Update | Enhancement | The ClamAV virus scanning engine was updated to address security concerns and increase detection ability. |
| Kernel Update | Enhancement | Several patches were applied to the NetBox kernel to address various security issues. |
| Web Proxy Update | Enhancement | Several patches were applied to the NetBox web proxy to address various security issues. |
| Runtime Update | Enhancement | A major software runtime system used on the NetBox was updated to address security concerns and provide a more suitable environment for future software updates. |
| Compression Library Update | Enhancement | A low-level compression library used on the NetBox was updated to address security issues. |
| Indexing Tool Update | Enhancement | An indexing tool used internally on the NetBox was updated to address security concerns. |
Additions for Hermes 25b
| Item | Type | Details |
|---|---|---|
| RADIUS/Microsoft Windows Authentication | New |
The NetBox can now authenticate against external RADIUS servers. This means that user accounts for the NetBox web interface, PPTP and more can now exist on an external server and need not be defined on the NetBox. Many systems including Microsoft Windows support RADIUS meaning that user accounts on those systems can now be used directly by the NetBox. The NetBox online help provides detailed instructions on how to configure the RADIUS server on Microsoft Windows 2003. The new NetBox authentication subsystem (including RADIUS support) can be configured at Configuration > Authentication in the NetBox web interface. |
| New Users and Groups Management | New | The Users and Groups section of the NetBox web interface has been
completely redesigned to make user management easier, more
powerful and more efficient when handling large amounts of users. New
developments include:
|
| Email Scanning Subject Searching | Enhancement | The Email Scanning Text Search criteria now supports searching of the message subject in addition to other message parts. This helps avoid double entry if specific text could be located in either the message body or the subject. Previously a separate Header Search criteria would have to be used. |
| MTU Settings for Additional Routes | Enhancement | It is now possible to configure specific per-route MTU values for custom routes on the Configuration > Additional Routes screen. This can be useful to work around Path MTU discovery problems to certain networks. |
| Security Updates | Enhancement | Numerous security updates were made to various NetBox components:
|
| Web proxy Subversion support | Enhancement | The NetBox web proxy was configured to allow support for the Subversion source code change control software. |
| Consistent Date Display | Fix | The display of dates in the web interface is now consistent and correctly handled for the languages supported by the NetBox. |
| Web Interface Cannot Be Disabled | Fix | A fault was corrected on the Configuration > Web Interface screen. It is now not possible to completely disable the web interface. |
Additions for Hermes 25a.2
| Item | Type | Details |
|---|---|---|
| Language Selection | New | It is now possible to change the NetBox web interface language to Japanese or Spanish. Reports generated by the NetBox Reporting module will also use the selected language. The option can be found under Configuration > Web Interface > Web interface language. |
| IBM x306 and x336 Support | New | The NetBox firmware has been updated to support IBM's x306 and x336 server platforms. The kernel and various support systems were upgraded to support the RAID controllers in these servers. |
| ClamAV Update | Enhancement | The ClamAV virus scanning engine has been updated to address security concerns and improve scanning capability. |
| Sophos Update | Enhancement | The Sophos virus scanning engine has been updated to address security concerns and improve scanning capability. |
| Compression Library Update | Enhancement | A compression library used internally within the NetBox was updated to address security concerns. |
| Japanese Font Fixes | Fix | The font used to display Japanese fonts in the reports has been replaced to improve output quality. |
Additions for Hermes 25a.1
| Item | Type | Details |
|---|---|---|
| Immediate reboot/power-off | Enhancement | The scheduled reboot screen has been updated to support immediate power-off and reboot in addition to scheduled shutdowns. This screen can be found under Administration > Shutdown in the NetBox web interface. |
| Web proxy update | Enhancement | The NetBox web proxy has been updated to provide better protection against various HTTP attacks for computers using the proxy. |
| Database engine update | Enhancement | The database engine used internally by the NetBox has been updated to improve performance and robustness. |
| Storage performance tuning | Enhancement | The IO scheduling algorithm for NetBox storage access has been modified. This should improve disk access performance, especially for busy sites. |
| Preventing internet link tests | Enhancement | It is now possible to prevent the NetBox from performing internet link tests. If this is done, the NetBox will assume the link is always up. For more information, see the help of the Configuration > internet screen in the NetBox web interface. |
| ICMP source-quench blocking | Enhancement | A minor change was made to the NetBox firewall to block all ICMP source-quench packets. These packets may be used as part of remote Denial-of-Service (DoS) attacks and are not required for normal operation. |
| Sender Policy Framework (SPF) removed | Enhancement | The Sender Policy Framework (SPF) test in the Email Scanning spam criteria has been removed due to a poor understanding of the standard and incorrect configurations by ISPs causing false positives. |
| Help updates | Enhancement | Several help articles for the Configuration section of the NetBox web interface have been updated. |
| Email queue screen updates | Enhancement | Some minor display updates were made to the new email queue screen. |
| ClamAV engine updated | Enhancement | The ClamAV virus scanning engine was updated to improve detection abilities. |
| DNS service upgrade | Enhancement | The NetBox DNS server has been upgraded to improve stability and performance. |
| Simplified handling of port forward NAT from the LAN | Fix | The NetBox will now only apply NAT for internal port forwards to traffic coming from the LAN that the port forward is hosted on. This avoids problems with port forward NAT interfering with inter-LAN traffic. |
Additions for Hermes 25a
| Item | Type | Details |
|---|---|---|
| Internationalisation | New | The NetBox web interface has been upgraded to support multi-language display. This is required as NetBox Blue moves into overseas markets. A language selection option will be available in the NetBox web interface soon. |
| Kernel and core component updates | Enhancement | A major update of the NetBox kernel and core system components has been undertaken. This provides performance enhancements as well as laying the foundation for exciting new features in future firmware releases. |
| Improved email queue screen | Enhancement | The NetBox email queue screen has been reworked to provide numerous
improvements including:
|
| PPTP MPPC support | Enhancement | The NetBox PPTP server now supports the Microsoft Point-to-Point Compression (MPPC) extension. This means that compression can be used for PPTP connections, reducing bandwidth requirements. Compression is enabled by default for Windows XP clients. |
| Email Scanning improvements | Enhancement |
|
| Webmail improvements | Enhancement |
|
| NetBox VPN performance | Enhancement | The NetBox VPN subsystem has been updated. This should result in both throughput and latency improvements. |
| Web Filtering upgrade | Enhancement | The 3rd party engine used for the NetBox Web Filtering module has been upgraded to improve performance, stability and NetBox integration. |
| ClamAV engine updated | Enhancement | The ClamAV virus scanning engine was updated to improve detection abilities. |
| Configurable FTP connection tracking ports | Enhancement | The ports that the NetBox will watch when performing FTP connection tracking can now be configured. This may be required if a FTP server is hosted behind a NetBox on a non-standard port or if a remote FTP service is frequently accessed on a non-standard port. This setting can be found under Configuration > Advanced > FTP Connection Tracking in the NetBox web interface. |
| URL Filtering policy interface | Enhancement | The URL Filtering policy screen has had some minor improvements. The handling of the time field has been made more intuitive and a warning is displayed if certain required values have not been entered. |
| Email test tool improvements | Enhancement | The email test tool now performs a more thorough test of all MX's of the address being tested and a timeout option is now available. This tool can be found under Administration > internet Tools > Email Test Tool in the NetBox web interface. |
| Real-time SPF removed | Enhancement | Due to a lack of forwarding support (SRS) by most mail servers required for SPF to function properly, the real-time SMTP SPF check has been removed. This is to avoid false positives in some situations. The SPF scanning check performed by the Email Scanning Spam criteria is not subject to this problem and will be left in place. |
| Security updates | Enhancement | Several internal utilities use by the NetBox have been updated to address security concerns. |
Additions for Hermes 25.5
| Item | Type | Details |
|---|---|---|
| Spam/virus email subject detection | Enhancement |
The Email Scanning modules Spam Criteria can now detect message subjects from spam or virus related messages. This helps block messages such as those related to the recent "German spam" outbreak caused by Sober.H virus. The database of messages subjects to detect is maintained by NetBox Blue and will updated regularly and automatically. This feature will be automatically enabled on all NetBoxes when they receive this firmware update. |
| ClamAV update | Enhancement | The ClamAV virus scanning engine was updated to improve detection capabilities and robustness. |
| Custom DNS overrides | Enhancement | The Local DNS feature can now be used to override any built-in DNS zones that the NetBox provides. Previously only selected internal zones could be overridden. |
| Handling of large Email Monitoring data sets | Enhancement | The Email Monitoring subsystem has been tuned to improve responsiveness to queries over huge data sets. |
| Virus definition update robustness | Enhancement | The error handling ability of the virus definition update system has been improved. |
| Reporting robustness | Enhancement | The NetBox Reporting module data collection subsystem has been improved to to better handle specific error conditions. |
| Traffic Shaping help articles | Enhancement | More help articles for the Traffic Shaping module have been added. |
Additions for Hermes 25.4
| Item | Type | Details |
|---|---|---|
| Network Associates definition verification | Enhancement | The virus definitions downloaded for the Network Associates virus scanning engine are now verified before being applied to avoid problems with invalid definition files. |
| Asymmetric inter-LAN traffic handling | Enhancement | Stateful firewall checks are now not enforced for inter-LAN traffic as these packets are often routed in an asymmetric fashion. Previously, the NetBox would block such traffic because it appears to be invalid. |
| Email Scanning help | Enhancement | Help articles for the NetBox Email Scanning module have been updated. |
| Webmail DSN handling | Fix | The display of Delivery Status Notification messages in the NetBox webmail system has been corrected. |
Additions for Hermes 25.3
| Item | Type | Details |
|---|---|---|
| Ranges when port forwarding | Enhancement | The 'Advanced Firewall > Port Forwarding' screen now allows forwarding of ranges of ports to internal hosts. This is useful when forwarding certain protocols. |
| SMTP spam URLs | Enhancement | The NetBox SMTP server now directs SMTP clients and users to explanatory URLs on the NetBox Blue web site when performing real-time message rejects. These pages give explanations on why the message was rejected and how anti-spam technologies used by the NetBox work. |
| Email Scanning help | Enhancement | More Email Scanning help articles have been added. |
| Network driver updates | Enhancement | Several kernel network drivers have been updated to improve performance and support new hardware used in the NetBox. |
| Case handling for HTTP and SMTP logins | Fix | A fix was made to authorisation back-end for HTTP and SMTP logins with respect to users that were created with mixed letter case in the username. |
Additions for Hermes 25.2
| Item | Type | Details |
|---|---|---|
| Local DNS Reverse Zones | Enhancement | The Local DNS feature (Administration > Local DNS) now allows creation of reverse zones and PTR records. |
| Database System Upgrade | Enhancement | The NetBox's internal database engine has been upgraded to improve performance and security. |
| Large Email Aliases | Fix | A problem that caused SMTP failures when delivering to aliases that expand to large number of users has been fixed. |
Additions for Hermes 25.1
| Item | Type | Details |
|---|---|---|
| "Allow inter-LAN access" option | New | It is now possible to specify whether or not different LAN networks connected to the NetBox can communicate with each other via the NetBox. This option can be found under Configuration > Advanced in the web interface. |
| MAC Locking Updates | Enhancement | Downloading of the MAC Locking configuration is now available (CSV format). Duplicate checking is now performed for IP and MAC addresses that are to be used for DHCP reservations. |
| DHCP Server Update | Enhancement | The NetBox DHCP server has been upgraded to improve behaviour in high-demand environments and allow for enhanced DHCP functionality in the future. |
| Web Proxy Changes | Enhancement |
|
| Help Updates | Enhancements | Help articles have been added and updated for many NetBox modules including Reporting, Email Scanning and URL Filtering. |
| Dialup (PPP) Fix | Fix | Handling of dialup (PPP) connection attempts has been improved to reduce unnecessarily long inter-dial wait intervals. |
Release 25
| Item | Type | Details |
|---|---|---|
| internet Auth | New |
Control internet usage on your network with the new Internet Auth module. When enabled, users must log in via a web interface before they have access to the internet. This system supports usage quotas to limit the amount of time or data a user has available to them. Any combination of quota types can be used:
This module integrates with the Network Monitoring module so that all traffic is recorded against the logged in username. This simplifies monitoring in dynamic IP environments. Contact your NetBox Blue reseller or distributor if you are interested in purchasing this module. |
| MAC Locking | New |
Protect against unauthorised internet usage and MAC spoofing by locking down access to specific IP and MAC address pairs. All other traffic from the LAN will be ignored. This feature is included as part of the standard Advanced Firewall module and can be configured at Advanced Firewall > MAC Locking in the web interface. This feature also integrates with the DHCP server to allow the creation of fixed DHCP reservations. It is now possible to run the DHCP without allocating dynamic addresses (reservations only) or with mixed dynamic/fixed allocations. |
| View Logs Filtering | New | It is now possible to apply a filter when viewing logs in Administration > View Logs. When used, only log entries containing the specified string are shown. |
| Webmail Enhancements | Enhancement |
|
| LAN Configuration Protection | Enhancement | To avoid situations where the NetBox can not be contacted from the LAN it is now not possible to remove all LAN IPs from the NetBox. Additionally, setup via the LCD display (using Ctrl-Alt-Delete) can now fix a wider variety of configuration problems. |
| Changed internet Link Test Hosts | Enhancement | The default internet link test hosts have be changed so that some hosts are tested on ports other than HTTP. This stops the NetBox believing the link is down when the ISP web proxy is unreliable but the actual internet link itself is up. |
| Web Interface TRACE/TRACK Disabled | Enhancement | The HTTP TRACE and TRACK methods were disabled for the NetBox web interface to tighten security. |
| Public IP Test Avoids Web Proxy | Enhancement | The public IP test for the Configuration > Set Site Key domain name entry to actual public IP setting now works over a non-web port. This prevents the NetBox Site Key domain name entry being set to the IP of the ISP's web proxy. |
| TTL of Internal DNS Entries Changes | Enhancement | The Time-to-Live (TTL) of all internal name entries returned by the NetBox) DNS server (eg. www.netbox) is now 60 seconds to allow caching on client PC's (was 1 second). |
| Email Scanning Help Updates | Enhancement | Various Email Scanning help screens have been added or updated. |
| Extra Routes Screen Fix | Fix | When changes are made to the Extra Routes screen, a reboot is now required on the Apply Changes screen. This fixes problems with previously configured routes not being removed. |