Reboot required

When finished, the system will reboot automatically. Please do not reboot manually.

Update of the Linux kernel

Two security vulnerabilities have been fixed which allow local users to gain privileged access.

More features for mail attachment filter

In previous releases unwanted attachments in emails have been replaced by a warning message. The modified mail was then delivered, the removed attachments were stored in a quarantine directory. Now an alternative second way of processing is available. When enabled, the email will be retained. The recipients will receive a notification email which includes information linke sender, subject and which attachments were rejected. With a single click in the administration interface an administrator can trigger the delivery of the quarantined email.
To relieve the administrator, recipients can be allowed to access the quarantine area themselves under certain conditions. Depending on the selected quarantine procedure, recipients will either receive links for downloading quarantined attachments or a link to trigger delivery of a quarantined email.
The following conditions are mandatory:
  • No virus has been discovered in the email yet
  • The email does not contain attachments with "dangerous file extensions". For emails with "dangerous" files, the recipients won't even receive a download link. You may want to move entries from the list of "dangerous" to the list of "forbidden" extensions if they are often quarantined although they are needed.
  • The administrator granted access and the configured additional prerequisits have been met
The following additional prerequesits can be configured:
  • The email must have been re-scanned with updated virusscanner signatures
  • In addition, the email must have been quarantined at least for a configurable amount of time

Filtering mail attachments of outbound emails

If the mail attachment filter has been enabled for outbound emails, too, it will reject outbound mails with unwanted attachments from now on. These mails will no longer be quarantined.

Import and export of configuration tables

In the administration interface you can now export and import the contents of many tables. So you can e.g. copy configurations between multiple systems or copy the configuration of one interface to another. It is also possible to import external data like e.g. address lists, if the data is available in the correct format.

Update of the Avira, F-Secure and Kaspersky virus scanner engines

The update fixes occasional crashes of the F-Secure scanner.
The configuration of the scanners has been modified, so that all scanners allow the same number of concurrent scan processes and run with the same process priorities.

Memory leak in IPsec server

On misconfigured systems which continuously initiate new connections without success, the IPsec server enventually used up all available memory.

Broken output in LCD display

On machines with LCD display the output was broken since release 7.0 in varying degree.

Configurable proxy IP for proxy autoconf file on clusters

URL for archiving reverse proxy logs now configurable in administration interface

IDS/IPS signatures for systems without maintenance contract

URL filter database

Update of various software components

Minor bugfixes and improvements

Reboot required

When finished, the system will reboot automatically. Please do not reboot manually.

Update of the Linux kernel

A security vulnerability has been fixed which allows local users to overwrite read-only files.

Removal of IPs from dynamic firewall block list

You can now unlock an IP which has been blocked by mistake in the dynamic firewall monitoring menu.

Block DNS replies with private IPs

Enable this new DNS forwarder option for better protection against DNS rebind attacks.

Test button for backup and logfile archive

You can now test the configuration of the automatic backups and the logfile archive.

"Pause" button in live log

Minor bugfixes and improvements

Inbound emails with local domain in sender address

Unsolicited emails often use the recipient domain in the sender address. There are two new options to deal with these emails, however you must not enable these options except when all emails from the local domain are sent to the Internet via local systems.
If the so called "envelope from" contains a local domain, the mail can be rejected. Previously this was only possible with the SPF filter enabled in combination with a restrictive SPF entry for the local domain.
The second option refers to emails with the local domain in the "From" header. The "From" header contains the sender address as displayed to the recipient. With a forged "From" header the recipient could be fooled into believing that the mail had been sent by e.g. the manager. When the new option is enabled, the subject will be prefixed with "*****FAKE***** [Sender]".

Optional IPS rulesets

You can now enable additional intrusion prevention rulesets if you run mail or web servers with direct access from the Internet.

Asymmetric LAN routing

Asymmetric routing in LAN didn't work in 7.0-1.0.

IPsec L2TP dial-in on cluster

The L2TP dial-in on cluster nodes didn't work in 7.0-1.0.

High load due to web proxy

The update fixes a problem in the web proxy content filter which could cause high load.

Syntax error in proxy autoconf file

In 7.0-1.0 there was a syntax error in the PAC file if no networks with direct connections had been configured.

Minor bugfixes and improvements

Secure

DEFENDO forces a collection of best-of-breed security modules like firewall, VPN, proxies, virus scanner and anti spam system to interact for one purpose:
To be protected from all online threats and unwanted contents like malicious code, spam and hacker attacks.

Flexible

Each IT scenario is different. The DEFENDO product family will adapt precisely to your demands.
DEFENDO applies for simple Internet connections of small companies, for headquarters / branch office WANs, as well as for complex multi-tiered firewall systems.

More good reasons

  • No backdoors
  • More than 20 years of Internet security experience
  • Award-winning product
  • Support by our development engineers
  • Reseller loyalty
  • Made in Germany