Jobs (DE)Terms of UsePrivacy PolicyLegal Notice

Bandwidth limitation in web proxy

The bandwidth may be limited based on the client IPs and/or the destination host name. If local user authentication is enabled, a limit by user group is possible, too.

Exception list for transparent proxying

In the firewall configuration of LAN and RAS interfaces there's now an exception list for destinations addresses. No transparent proxying will be applied to connections to these addresses.

Improved communication security

When the backup node connects to the master, it will now verify the master key.

Improved bandwidth management

With high bandwidth internet connections the priority classes "low" and "standard" will now benefit from higher and more even throughput.

Model "Praxis-Wächter" only: several modifications and improvements

It is now possible to enable and disable the firewall rule for access to the Connector administration in the "Telematikinfrastruktur" wizard.
The protocol "TI_sicct" which is used for communication between cardreader and connector is splitted into "TI_sicct_udp" (UDP only) and "TI_sicct" (TCP and UDP). The wizard "Telematikinfrastruktur" now adds an additional firewall rule for "TI_sicct_udp" from cardreader to connector. If the cardreader and connector networks are bridged, an other "TI_sicct_udp" rule is added from connector to the broadcast address. This is expected to solve problems when pairing the devices and it should speedup the recovery process after a reboot of the connector or a cardreader. To get the additional rules, please step through the firewall branch of the wizard again.
Running the firewall branch of the wizard will also allow ping from Praxis-Wächter to IPs in the networks "Verwaltung" and "Geräte".
An IP address is added to IP object "arvato/dns" where applicable.
An IP object for the insurance service provider ACTINEO has been added. If required, it can be added to IP object "TI_vpn/netze" to gain access to their servers via Telematikinfrastruktur VPN.
Improved support in the wizard for environments with Internet access via SIS through a parallel connector or through a serial connector which is not attached to the Internet interface of the Praxis-Wächter.

Update of several software components

Minor bugfixes and improvements

Configuration options for Web Client 1.2.0

The clipboard for RDP and VNC connections can be restricted to one direction or disabled completely. For file transfer via RDP can now also be restricted to one direction. Finally the additional keyboard layouts for RDP connections may be configured.

Redirect instead of error message for unknown paths in reverse proxy

Requests for URL paths with no configured backend server used to be rejected with an error message. As an alternative you can now redirect these requests to an arbitrary URL. The URL path of the original request may be kept or stripped. As a special use case each requests received via an unencrypted HTTP port may be redirected to its corresponding HTTPS URL.

Tables in the administration interface

In previous releases you could select the display method for sortable tables with more than 20 entries in the settings menu (upper right corner). Now you can select individually by table if its entries are displayed in groups or if you have to switch from page to page. The default for tables where you can select sub-objects is the grouped view. Tables with simple values have a pager by default.

Model "Praxis-Wächter": Supplement of T-Systems DNS servers

We finally learned the DNS IPs for TI connections via T-Systems, as configured on "Praxis-Wächter" models. The update modifies IP object "t-systems/dns". The reference to IP object "t-systems/de" (IP addresses in Germany) with the actual DNS IPs.

Archiving of IDS/IPS logs

Malfunction of DHCP relay in certain network environments

Minor bugfixes and improvements

Missing access permissions since 7.1-2.0

After updating the SElinux rules in 7.1-2.0 some operations failed due to missing access permissions. Affected were the hardware power button to switch off the device, archiving logs to a Windows share, the new OpenVPN one-time-password authentication and generating a new OpenVPN key for tls-crypt.

SPAM filter configuration changes

In 7.1-2.0 changes to the SPAM filter configuration didn't become effective until after a manual restart.

Adjusting the system time

Adjusting the system time via administration interface and time scheduled daily or weekly didn't work in 7.1-2.0. The continuous time synchronization via NTP service was not affected.

Minor bugfixes and improvements


DEFENDO forces a collection of best-of-breed security modules like firewall, VPN, proxies, virus scanner and anti spam system to interact for one purpose:
To be protected from all online threats and unwanted contents like malicious code, spam and hacker attacks.


Each IT scenario is different. The DEFENDO product family will adapt precisely to your demands.
DEFENDO applies for simple internet connections of small companies, for headquarters / branch office WANs, as well as for complex multi-tiered firewall systems.

More good reasons

  • No backdoors
  • More than 20 years of Internet security experience
  • Award-winning product
  • Support by our development engineers
  • Reseller loyalty
  • Made in Germany