Jobs (DE)Terms of UsePrivacy PolicyLegal Notice

Reboot required

When finished, the system will reboot automatically. Please do not reboot manually.

Security fixes in several components

The update fixes less critical security vulnerabilities in Java and the Linux kernel.

IPsec server

The update fixes an endless loop in the IPsec server that can occur if a dynamic DNS address is configured as peer.
If both, L2TP and server connections to dynamic IPs are configured, it could happen that a connection was associated with the wrong type and so got rejected.
Configurations with several hundreds of enabled tunnels caused the IPsec server to hang while starting.

Domains with wildcards

You can now enter domains with wildcards like e.g. example.* or server*.example.com in the web proxy configuration where domainlists are supported.

Group based authentication in reverse proxy

If user authentication is enabled in the reverse proxy, previously only users in group "system-proxy" were accepted. Now you can select an individual group with accepted users for each user-defined background server.

New version of the Intrusion Detection and Prevention

The new version requires different signatures. So even systems without maintenance contract or with disabled daily updates will receive new signatures.

Minor bugfixes and improvements

DNS forwarder

Two security vulnerabilities have been discovered, allowing to inject forged DNS information into the server's cache (cache poisoning).

IPsec to dynamic DNS

Since release 7.2-2.4 the VPN server occasionally crashed if a dynamic DNS address is configured as peer.

Additional options for configuring exception rules for web application firewall (WAF)

Minor bugfixes and improvements

IPsec server

In version 7.2-2.4 L2TP connections suffered from connection problems after re-keying if the server is behind a NAT router.
In the same version the VPN server crashed if an unresolvable DNS address is configured as peer.

Reverse proxy with Apache webserver

A security update for Apache webservers made it necessary that the reverse proxy forwards the SNI to the Apache backend server. The reverse proxy configuration has been changed accordingly.
In the same version the VPN server crashed if an unresolvable DNS address is configured as peer.

Definitions with download from URL

When configuring IP objects, domain lists or URL filter lists that are provided as a download from an URL, certain special characters where filtered out of the configuration data. This included characters that were necessary for downloading the data from certain providers.

Avira Antivirus

Minor bugfixes and improvements

Reboot required

When finished, the system will reboot automatically. Please do not reboot manually.

Security fixes in several components

A vulnerability in the UEFI bios of all "Thin Servers" shipped since May 2017 allows an attacker to overwrite areas of system management memory, allowing e.g. to implant malware into this hardware-related memory that is invisible to the operating system. The update includes an updated Linux kernel, preventing access to the system management interface for applications. Then the only way to abuse the vulnerability is from within the Linux kernel and its modules. For complete protection a BIOS update is required that we've made available in the download area of our website. The update log of affected systems will include a message with further instructions.
The update also fixes less critical security vulnerabilities in system libraries and tools.

URL download for IP objects and domain lists

Up to now only URL filter lists featured an automatic download from an URL. Now this is also possible for domain lists and IP objects. For IP objects there are two different types of lists available. A specialized type, limited to the use in firewall rules, that offers good performance also with high numbers of entries and a type that can be used everywhere but supports only a limited number of entries.

SMTP OAuth2 for Exchange Online

Microsoft is about to disable username and password based authentication for sending outbound mails starting in March 2026. You can now switch to the alternative OAuth2 authentication.

MIME type based filtering of email attachments

So far email attachment could only be filtered by filename extension. Now you can additionally enter MIME types like e.g. image/*.

Anomaly detection

An email notification is sent if an anomaly is detected in certain logs or in the throughput of the Internet interface. You can now adjust the sensitivity of the individual sensors or disable sensors.
On cluster backup nodes anomaly detection is now disabled.

IPsec server

The IPsec server is updated to a new major release.

Avira Antivirus

Minor bugfixes and improvements

Reverse proxy parameters for connection to backend servers

TLS parameters and the HTTP version for the connection from the reverse proxy to user-defined backend servers are now configurable for each virtual host.
After the TLS requirements were raised in release 7.2-2.0, it was no longer possible to connect with some technically outdated backend servers without the help of technical support. With the new parameter you can now solve the problem yourself.

Web application firewall and MS Exchange

Exception rules have been added for false positives while accessing Exchange Web Services, MAPI and Exchange Control Panel.

Sender address for system mails

Since 7.2-2.0 it is possible to set the complete sender address for notification emails and not only its domain. However if use was made of this new option, an error in the configuration generator caused problems. If mail virusscan is enabled, the scan module didn't start when the mailserver was restarted the next time and the mail server stopped to accept new emails. Furthermore invalid sender addresses were used for notifications of the attachment filter, out-of-office replies and in the groupware.

Kaspersky Antivirus

Minor bugfixes and improvements

Reboot required

When finished, the system will reboot automatically. Please do not reboot manually.

Security fixes in several components

The update fixes less critical security vulnerabilities in the Linux kernel, Intel CPU microcodes, Java and system libraries.

Problems connecting via web proxy content filter

The update fixes problems connecting to individual web servers or in individual configurations.

Runtime environment for apps

Minor bugfixes and improvements

Problems connecting via web proxy content filter

Connections to some web servers failed with transparent HTTPS proxying or if the SSL version check is enabled.

RPC-over-HTTP via reverse proxy

We planned to drop this protocol in the future, however there seems to be no alternative to access remote desktop gateways. The protocol didn't work in 7.2-2.0. Now it is available again.

Apps menu

Installed but no longer supported apps where not displayed in the apps menu.

Minor bugfixes and improvements

Secure

DEFENDO forces a collection of best-of-breed security modules like firewall, VPN, proxies, virus scanner and anti spam system to interact for one purpose:
To be protected from all online threats and unwanted contents like malicious code, spam and hacker attacks.

Flexible

Each IT scenario is different. The DEFENDO product family will adapt precisely to your demands.
DEFENDO applies for simple Internet connections of small companies, for headquarters / branch office WANs, as well as for complex multi-tiered firewall systems.

More good reasons

  • No backdoors
  • More than 20 years of Internet security experience
  • Award-winning product
  • Support by our development engineers
  • Reseller loyalty
  • Made in Germany