Brano
Premium,MVM
join:2002-06-25
Burlington, ON
 ·TekSavvy Solutions..
·ELECTRONICBOX
edit:
October 31st, @04:04PM
|  ZyWall 5 V4.00 (XD.2) released
Download: »ftp://ftp.zyxel.com/ZyWALL5UTM/firmwar···dard.zip
Features:
Modifications in V4.00(XD.2) | 10/26/2005
Modify for formal release.
Modifications in V4.00(XD.2)b2| 10/19/2005
1. [BUG FIX] 051013130
Symptom: Convert rom file from 3.64 to 4.00, Max. Concurrent session Per Host has
some problem.
Condition:
(1) Upgrade firmware from 3.64 to 4.00.
(2) In eWC->ADVANCE->NAT, Max. Concurrent Sessions Per Host is 6000, it should
be 4000.
2. [BUG FIX] 051014221, 051014222, 051014223
Symptom: Spelling error in eWC->Registration page.
Condition:
(1) In eWC->REGISTRATION-> Registration page, set two different passwords.
(2) Press "Apply" button, the status shows "Password and Confirm password are different".
(3) A word "differencet" spells error. It should be "different".
3. [BUG FIX]
AS fail count will not be increased even the real timeout occurs
4. [BUG FIX] 050928542, 051012075, 051012076, 051012077
Symptom: The added source IPs of Firewall rule will be lost.
Condition:
(1) Go to GUI->FIREWALL->RULE EDIT page.
(2) Edit a firewall rule.
(3) Add a source IP(or destination IP) that exceeds its maximum size(20 for ZW5).
(4) The added item will be lost.
5. [FEATURE CHANGE] 051018364 , 051018365, 051018366
In eWC->Registration page, change Username field behavior.
WAS: "-" character is not allowed to key in.
IS: "-" character is allowed to key in.
6. [BUG FIX] 051018403
Symptom: PPTP (GRE) cannot pass through NAT.
Condition:
PPTP
Server(192.168.1.33)--(LAN:192.168.1.1)DUT(WAN:192.168.11.100)--PC(192.168.1
1.200)
(1) Add PPTP Server(192.168.1.33) as Default Server in Port Forwarding
(2) Firewall is disabled.
(3) PC(192.168.11.200) can not dial in PPTP on 192.168.11.100
7. [BUG FIX] 051014198, 051014199, 051014200
Symptom: Use registration wizard to enable service, and last page wording error.
Condition:
(1) In eWC->HOME->Internet Access button, go to the last page.
(2) Registration status wording was wrong.
Modifications in V4.00(XD.2)b1| 10/08/2005
1. [BUG FIX] 050906259
Symptom: Disable bridge mode Firewall "Log Broadcast Frame". Broadcast logs
always appear.
Condition:
(1) In bridge mode, disable all Firewall -> Default Rule -> "Log Broadcast Frame".
(2) Broadcast logs always appear.
2. [BUG FIX] 050825052
Symptom: Tfgen tool causes router crash.
Condition:
(1) Use tfgen to send 40000 to 172.21.0.254 and turn it off.
(2) Use "dev chan disp enet3" to make sure the sending bit is 1.
(3) Unplug and plug wan2 and router will crash.
3. [BUG FIX]050912438
Symptom: Device will hang and reboot after "Email Log Now" in bridge mode.
Condition:
(1) Topology(Public IP): PC(211.72.158.115) ---
[LAN]ZW70_BridgeMode(211.72.158.116)[WAN] ---
Internet/MailServer/MailRecipient.
(2) Set the device as Bridge mode.
(3) Configure eWC->LOGS: "E-mail Log Settings".
(4) Click eWC->"Email Log Now" to send log mail.
(5) System will hang and then reboot by software watchdog.
4. [BUG FIX]050905192
Symptom: Anti-Spam causes memory leak in bridge mode.
Condition:
(1) Topology: Mail Client --- ZyWALL --- Mail Server
(2) Turn on Anti-Spam at ZyWALL (Bridge Mode).
(3) Mail Client sents mail to Mail Server. (You can try 500 mails with 2 attachments,
total size is about 30k).
(4) ZyWALL memory leaks.
5. [BUG FIX] 050922955
Symptom: After updating signature, sometimes the server IP address is incorrect in
centralized log.
Condition:
(1) In SMT 24.8, type "sys update signatureUpdate".
(2) After updating signature, type "sys log dis".
(3) Sometimes you can see a signature update log with incorrect server IP "127.0.0.1".
6. [ENHANCEMENT]
In eWC->FIREWALL->EDIT RULE page, we added the limitation on the number of
source ip address and destination ip address. The limitation is 20.
7. [ENHANCEMENT]
The device will not retry to update the signature if the update is triggered by user. Ex. CI
command "sys update signatureUpdate", "idp update start", "av update start" or
"Update Now" button in eWC.
8. [ENHANCEMENT]
In eWC>Anti-Spam>General>Action taken when mail sessions threshold is reached,
the wording of "Discard" will mislead user to think the system will "drop the mail"
when mail session reach the system's limit. In fact, the system doesn't drop the mail, it
just drop the mail connection until system have an available mail session to process
incoming connection. We replaced "Discard" with "Block" and the wording of "Block"
will be explained in web help and User's Guide by "System will Block this mail until a
mail session is available".
9. [BUG FIX]
Symptom: Sometimes device will crash when receiving special mails.
Condition:
Topology: Mail_Client --- ZyWALL --- Mail_Server
(1) ZyWALL turn on Anti-Spam, turn on external DB, threshold = 0.
(2) Mail_Client receive mail from Mail Server
(3) Sometimes ZyWALL will crash due to ”Data Abort”, ”not mbuf cookie”, ”mbuf
double free”, or mail did not tagged with spam string.
10. [BUG FIX] SPR ID: 050926383,050926384,050926385
Symptom: AS+AV Enable, it can’t send or receive mail if attached virus files.
Condition:
(1) AS and AV enable.
(2) AV General Setup select all.
(3) Send or receive a mail with attached virus files.
(4) It will can’t send or receive mail.
11. [BUG FIX] 051003282
Symptom: PC cannot transfer file from server (172.20.0.38)
Condition:
Topology: PC ---- ZyWALL(WAN:172.x.x.x)(Bridge/Router) --- trunk (172.20.0.38)
(1) Restore default romfile.
(2) PC get file from trunk, but it always fails after several seconds.
12. [BUG FIX] SPR ID: 050930643
Symptom: Edit NAT port forwarding default server = 192.168.1.33, then ping from
DUT2 to DUT1, it should show W to L logs, but it show W to W logs.
Condition: PC1-------LAN DUT1 WAN-------PQA LAB-----------WAN DUT2 LAN
(1) Set with CI commend ”sys romr|y”
(2) Edit web eWC/WAN/WAN1,My WAN IP Address =172.202.77.121,My WAN IP
Subnet Mask=255.255.0.0 ,Gateway IP Address=172.202.77.1
(3) Edit NAT port forwarding default server = 192.168.1.33, then ping from DUT2 to
DUT1, it should show W to L logs, but it show W to W logs.
-> If we telnet from DUT2 to DUT1, it shows W to L logs, and this right.
-> If we ping from DUT2 to DUT1, it shows W to W logs, but it should show W to
L logs.
13. [BUG FIX] 051003323
Symptom: NAT many one to one cannot work.
Condition:
(1) Edit web eWC/NAT/Address Mapping,WAN Interface =WAN2,Insert a Many
One-to-One rule (Local Start IP=192.168.1.41,Local End IP=192.168.1.42,Global
Start IP=192.168.12.100,Global End IP=192.168.12.101) on eWC/NAT/Address
Mapping page
(2) Set with CI command ”ip nat reset enif1”
(3) 192.168.12.110 do port scan 192.168.12.100(port 1-100) and 192.168.12.101(port
1-100)
(4) 192.168.1.41 and 192.168.1.42 cannot capture all port scan packets.
14. [BUG FIX] 050930647
Symptom: Some mails should have SPAM tag or NoScore tag but they didn't have any
tag
Condition:
(1) Enable AS
(2) eWC->AS->ExternalDB-: Enable external DB, set the threshold=0, fill the tag for no
spam score
(3) MS Outlook Express received a lot of mails from the mail server
(4) Some mails did not have any Spam/No Score tag.
15. [FEATURE CHANGE]
WAS: Allow timeouted ConeNAT session to recreate NAT session from WAN to LAN.
IS: Do not allow timeouted ConeNAT session traffic to recreate NAT session from
WAN to LAN
|
|
Shootist
Premium
join:2003-02-10
Decatur, GA
edit:
October 31st, @09:44PM
| DHCP still not working correctly. I'm wondering if it the 3COM integrated NICs in my notebooks. I'm going to run some tests with other PC and NICs.
See my post »"UPDATE" DHCP on Z5 Problem
--
Shooter Ready--Stand By BEEP ******** |
|
StorminNorm
Stormin
Premium
join:2003-01-02
Keller, TX |  reply to Brano
Noticed the link is for Zywall 5 UTM. Is this firmware compatible with the standard Zywall 5 series?
--
Lets Kick it... |
|
OnHeL
Angel
Premium
join:2000-09-11
Jamaica, NY | Yes it is. |
|
Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
| reply to Brano
Take a look at the spec sheets for the two different products........ the diff being firmware, the UTM 4.0 and beyond for all three models 5/35/70 has less throughput and less concurrent sessions in order to (in conjunction with the turbo card) handle the AV/IDP subscription...
--
Ain't nuthin but the blues! "Albert Collins". Leave your troubles at the door! "Pepe Peregil" De Sevilla. Just Don't Wifi without WPA, "Yul Brenner"LlamaWorks Equipment |
|
bbarrera
Premium,MVM
join:2000-10-23
Sacramento, CA
clubs:
| Throughput is normally a function of features enabled, so if AV/AS/IDP are disabled then throughput should be same between UTM and non-UTM firmware. I believe the number of concurrent session is compiled into the firmware and does not change based on features enabled. |
|
Shootist
Premium
join:2003-02-10
Decatur, GA
| I'm wondering IF I can bump up the NAT session back to 6000 since I'm never going to use a turbo card but I do look forward to the next version firmware so I can assign 1 port to WLAN, without having a WLAN PC card installed.
Is the NAT sessions a hard coded part of the firmware or could it be changed in autoexec.net file??
--
Shooter Ready--Stand By BEEP ******** |
|
Brano
Premium,MVM
join:2002-06-25
Burlington, ON | No, you won't be able to change it. It's set to 4000 sessions for ZyWall5 since ZyNOS4.00. |
|
Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS | Hmm I sense differing opinions.......  |
|
bbarrera
Premium,MVM
join:2000-10-23
Sacramento, CA
clubs: | No differing opinions. My understanding is that # sessions is hard coded (compiled) into current 4.00 firmware. |
|
Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS | Then Brano would be correct. |
|
bbarrera
Premium,MVM
join:2000-10-23
Sacramento, CA
clubs: | Yes, Brano's post was in agreement with my earlier post. |
|
jig
join:2001-01-05
Hacienda Heights, CA | hmm. why is it hard coded? seems like something worth being able to change. |
|
Shootist
Premium
join:2003-02-10
Decatur, GA
| said by jig  :hmm. why is it hard coded? seems like something worth being able to change. Well you can change it, up to the MAX allowed. Which on the Z5 is now 4000. It uses to be 6000. No real biggy being at 4000 for normal use. 4000 should handle many users with normal browsing and a couple of users with heavy P2P use.
--
Shooter Ready--Stand By BEEP ******** |
|
jig
join:2001-01-05
Hacienda Heights, CA | ah, ok. so for single home use, probably plenty.
just wondering, is there a way to get current sessions on an old rt314? |
|
Shootist
Premium
join:2003-02-10
Decatur, GA
| Well even for a business with ?# users, maybe 40-60+. Normal web browsing doesn't use up a lot of NAT session. It's when you have 2-3-4-5-6 people using a P2P app that eat away at them.
--
Shooter Ready--Stand By BEEP ******** |
|
jig
join:2001-01-05
Hacienda Heights, CA | well.... home use with some p2p... |
|
PVU
join:2005-08-29
Silver Spring, MD
| reply to Anav
Lama wrote:
Take a look at the spec sheets for the two different products........ the diff being firmware, the UTM 4.0 and beyond for all three models 5/35/70 has less throughput and less concurrent sessions in order to (in conjunction with the turbo card) handle the AV/IDP subscription... I have no turbo card. Less throughput: Would it be best to use the latest 3x firmware? I have no AV/IDP. I'm having some speed problems since upgrading to 4x. Is anyone else? |
|
Shootist
Premium
join:2003-02-10
Decatur, GA
| None here. From looking at the data sheets it looks like the FW throughput has been lowered on all models with the V4 firmware compared with the 3.64. Z5 80 v3.64, 65 v4, Z35/70 down 10 instead of the 15 for the Z5. The VPN is also down a little on the Z35/70 but the same for the Z5.
Just what type of speed problem are you having and how fast is your connection.
--
Shooter Ready--Stand By BEEP ******** |
|
jig
join:2001-01-05
Hacienda Heights, CA | reply to jig
i guess my only hesitation is that whoever decided on nat sessions for the 551 thought that 16000 was appropriate...
? |
|
