Jobs (DE)Terms of UsePrivacy PolicyLegal Notice

Reboot required

When finished, the system will reboot automatically. Please do not reboot manually.

Update of the Linux kernel

SSH server keys

So far we used installation packages based on Microsoft's CMAK, which are still using SHA1. We now offer our own, Powershell based solution. Besides using SHA2 it has the following advantages:
  • Configuration of additional routes in split tunnel configurations
  • Possibility to install multiple connections to different destinations
In contrast to CMAK it is now possible to configure the parameters of an installed connection afterwards.
While we still provide CMAK based profiles, we recommend to migrate to our new solution over time.
Both types of installation package now allow setting the Windows registry key required when the VPN server is located behind a NAT router.

SSH server keys

The RSA and ed25519 keys used by the SSH server are now available in the keyring menu, so you can now save or restore a backup of the keys or generate a new key.

Management access

It is now possible to grant management access to your device for your reseller or, when operating multiple devices, for a central device. Initially it is possible to retrieve some very basic information, open connections to technical support, trigger an update and access the administration interface.
The corresponding menu on the central device has been renamed from "Remote devices" to "Management server".

Truncated ping replies

In release 7.1-3.0 the tool ping has been updated. The new version however ignores truncated ping replies. As a consequence, devices testing the availability of the Google nameservers and no more than one other Internet IP for fallback purposes switched into fallback mode, as the Google nameservers answer large ping packets with a truncated reply packet.

Graphical firewall statistics

Since 7.1-3.0 the statistics were no longer updated.

Problems resolving DNS names

In particular after a reboot, name resolution errors occured for certain DNS names on systems resolving via the root nameservers.

Accepted IPs in SNMP server

The list of IPs which is allowed to connect to the SNMP server is now configurable.

Static passwords in Web Client

You can now configure the password of the destination system in each Web Client connection, so the user has to authenticate at the Web Client only. In general we do not recommend to enter a static password, however it may be useful e.g. to temporarily grant privileged access for an external service provider to an internal system without having to change or disclose its password.

Changes in model "Praxis-Wächter"

The IP object with the network required for issueing digital vaccination certificate via connector VPN has been added.
You may now select ipsec interfaces as connector interface.

Daily Tasks

Since version 7.1-3-0, the daily tasks, such as creating the statistics or rotating the log files, etc., were no longer performed.

WLAN security flaw FragAttacks

On devices with WLAN extension, the update protects the WLAN protocol stack against FragAttacks.

Certificate requests via ACME protocol

Requesting new certificates with ACME (Let's Encrypt) failed in 7.1-3.0. The new version of the tool used to interact with the ACME server wasn't able to verify the server's certificate.

VPN setup packages for Windows

The installation of IPsec-L2TP and OpenVPN setup packages for Windows (*.exe) which had been created with version 7.1-3.0 failed.

Sending mails with the Groupware App in version 4.x

In 7.1-3.0 sending emails from within the Groupware App failed if a 4.x release of the groupware was installed.

SPAM filter rules with any characters

Userdefined SPAM filter rules used to support ASCII characters only. Now any character is possible.

Verification of mail server certificates with DANE

It's not feasible to enable the verification of the destination server certificate whenever a mail server forwards a mail to an other mail server, as many mail servers have no valid certificate. With DANE, the operator of a mail server may publish in DNS that and how the certificate of his mail server may be verified. Support for the DANE variant DANE-EE may now be enabled in the mail server configuration.

Recording network dumps

In menu "Monitoring > Network > Tools" you can now create packet dumps. You can download a dump as pcap file or view the dump in text format.

Minor bugfixes and improvements

Secure

DEFENDO forces a collection of best-of-breed security modules like firewall, VPN, proxies, virus scanner and anti spam system to interact for one purpose:
To be protected from all online threats and unwanted contents like malicious code, spam and hacker attacks.

Flexible

Each IT scenario is different. The DEFENDO product family will adapt precisely to your demands.
DEFENDO applies for simple internet connections of small companies, for headquarters / branch office WANs, as well as for complex multi-tiered firewall systems.

More good reasons

  • No backdoors
  • More than 20 years of Internet security experience
  • Award-winning product
  • Support by our development engineers
  • Reseller loyalty
  • Made in Germany