Version 9.4.2
Released: October 11, 2022
New:
- Kernel upgrade
- 2FA token expiration configuration for VPN
- HTTP/S redirection in reverse proxy
Fixes:
- Issues with Mac upload speed degradation
- Updated IPSec VPN
- Updated IPsec SNAT
- WiFi authentication errors with Radius
Загрузки и Обновления:
Для скачивания инсталляционных файлов и возможности обновления Kerio Control, посетите Центр Обновлений GFI.
Если у вас есть дополнительные вопросы об этих изменениях , свяжитесь с нами или уполномоченным партнёром GFI напрямую.
Version 9.4.1
Released: May 16, 2022
Release notes
Fixes:
- Fixed automatic upgrade function.
Version 9.4
Released: May 9, 2022
Release notes
New:
- New Kernel
- New 2FA token expiration configuration for VPN 2FA
- New HTTP/S redirect function in reverse proxy
Fixes:
- KerioControl update server rejects upgrade from the latest HW box series.
- HA stats temporary files are not being cleared.
- Expired build-in "Let’s Encrypt certificates" have been renewed.
- Fixed XSS security vulnerability in WebAdmin.
- Getting checksum alert after upgrade to 9.3.6p1.
- Free radius server fails to start.
- Weekly and monthly reports are not being sent automatically.
- Google remote desktop is not blocked once configured in content filtering rules.
- Incorrect low free disk alert when data encryption is on.
- Login page customizations are not working on Logic/Guest/User alerts pages.
- Alert column info is blank for user transfer quota.
Version 9.3.6.1
Released: May 31, 2021
Release notes
Product Changes:
-
M1 MAC VPN client support
-
Interface mapping of NG511 Fixed
-
macOS VPN client updated to fix a script that was preventing installation on Big Sur
-
Update Windows VPN Client to make it compatible with Windows 20H2
-
New configuration ""L2TPUpScriptWaitSeconds"" and "L2TPUpScriptConnectTryCount"" introduced to recover stuck LT2P connections
-
New configuration ""DisableUniqueIDs"" introduced to prevent IPSec VPN disconnects
-
New traffic patterns added to properly block Teamviewer connections
-
Introduce new configuration ""InternetLinkAutoGatewayInterfaceList"" to stop probing interfaces which doesn't have a gateway
-
Fix HA interface name validation failure happens when one of HA machine has legacy interface names
-
OpenSSL library is upgraded from 1.0.2j to 1.1.1d
-
HSTS (Strict-Transport-Security) Header added
-
Upgrade and Factory-reset scripts are failing because of signature image issue
-
Links on the IP Blacklist screen were either wrong or timing out. Now all links corrected
-
Info message displayed after distrusting a certificate updated for VPN connections
-
Fix crash in HA Slave machine happens when slave account host activity
-
TLS triple handshake vulnerability fixed by updating /etc/sshd_config configuration file
Patch resolution details:
-
Using Active Directory authentication (only). It causes authentication with Active Directory to fail making AD user connections not possible.
-
HSTS causes 2FA fail on Kerio VPN
Версия 9.3.5
Выпущена: 27 августа 2020
Сведения о версии
Исправления:
- Пользовательский логотип не отображается на страницах входа или отказа
- Неверный код страны для Сербии
- Активные соединения - страна назначения отсутствует информация в таблице
- Активные подключения - информация в таблице отсутствует
- Правила фильтрации содержимого не блокируют Teamviewer
- Обновление страницы / закрытие отображения диалогового окна ошибки в Google Chrome
- Невозможно завершить обнаружение PPPoE (соединение NBN)
- Драйвер VPN не устанавливается в Windows 10 Update 2004
- Подчиненное устройство Kerio Control не может набрать PPPoE
- Строка локализации "Alert-HA" не найдена ни на одном языке
- Статистика сообщает об ошибках в управлении HA-Slave
- Невозможно отличить отчет по электронной почте от главного или подчиненного
- Исправления проблем совместимости NG110, NG310, NG510 / 511
Версия 9.3.4
Выпущена: 13 Февраля, 2020
Сведения о версии
Новое:
Поддержка широкого спектра адаптеров USB WIFI - добавлены драйверы для:
- rtl818x_pci.ko
- rtl8187.ko
- btcoexist.ko
- rtl8188ee.ko
- rtl8192c-common.ko
- rtl8192ce.ko
- rtl8192cu.ko
- rtl8192de.ko
- rtl8192se.ko
- rtl8723be.ko
- rtl8723-common.ko
- rtl8821ae.ko
- rtl_pci.ko
- rtl_usb.ko
- rtlwifi.ko
- rt2400pci.ko
- rt2500pci.ko
- rt2500usb.ko
- rt2800lib.ko
- rt2800mmio.ko
- rt2800pci.ko
- rt2800usb.ko
- rt2x00lib.ko
- rt2x00mmio.ko
- rt2x00pci.ko
- rt2x00usb.ko
- rt61pci.ko
- rt73usb.ko
Исправления:
- Последние несколько записей списка активных соединений не отображаются правильно в Firefox
- Таблица активных соединений не отображает записи столбца при изменении порядка
Версия 9.3.3
Выпущена: 27 Декабря 2019
Сведения о версии
Новое:
- HyperScan engine in SNORT for increased performance
- VPN Tunnel supports SHA2 in Phase2
Fixes:
- Cannot add multiple VPNs into traffic rules
Version 9.3.2
Released: November, 21 2019
Release notes
New:
- VPN Client Support for macOS Catalina
- VPN Client compatibility with Microsoft Windows 10 (1903)
Fixes:
- PPPoE Interface not saved on Edit
- SACK Vulnerability patches to Kernel
- Problem with port forwarding by source IP with DHCP
- ScreenConnect application keeps disconnecting
- DHCP allocated incorrect number shown on UI
- "Single Internet Link" forwards all traffic to a dead-end if 1 WAN link present
- Web filter not blocking streaming websites
- Microsoft Discovery Service not finding devices over VPN
- Source NAT preselects first entry in list repeatedly
- User not able to configure tcp_min_snd_mss
- HA - Active Slave does not apply MAC filter rules properly
- HA - Sync not working correctly due to incorrect archive filesize
- VPN Client not opening browser when 2FA configured (Linux)
Version 9.3.1
Released: September, 17 2019
Release notes
Fixes:
- HA Disconnect Kerio VPN on passive slave
- HA VLANs removed on sync from Master to Slave
- HA Bandwidth management link speed is not persistent on slave
- HA Fails to Start
- HA Several improvement and network compatibility fixes
- Some Web pages are not blocked and can be accessed via Bing search
- 3rd party IPsec VPN tunnel not being established due to unknown crypto suites
- Update to driver for PCI Network Card Intel X710-T4
- IPSec VPN tunnel failed to reconnect after an interruption on the remote side since 9.3.0
- Kerio Interfaces staying "no connectivity" even when there is a connection
- An unauthorized user can access the internet with the help of authorized users
- Malicious URL to KerioControl login page can be used to inject code in session
Version 9.3
Released: April, 9 2019
Release notes
New:
- High Availability - Active/Passive - Enable a secondary (Slave) identical KerioControl to take over when the primary (Master) device is offline
- IKEv2 Support (enable via console)
Fixes:
- Primary IP for WAN interface changes after reboot
- Last few entries of DHCP reservation list not displayed correctly in Firefox
- Address group still visible after being deleted
- IPSEC Tunnel drops in certain circumstances
- Configuration restore wizard IP addresses not populating
- Teamviewer application not blocked by Content Filter
- SafeSearch blocks Yandex
Version 9.2.9
Released: January, 31 2019
Release notes
New:
Fixes:
- Kerio VPN - Disabled insecure and vulnerable protocol Blowfish
- Change snort nice value to -4 to improve traffic
- IRQ improvements for snort process to improve traffic
- HW NG500 crash
Note: Older Kerio VPN Clients are not able to connect using this build. To allow please follow the following steps.
Open ssh connection or from console
Go to /opt/kerio/winroute folder
Run ./tinydbclient "Update VPN set AllowBlowfishCipher=1"
Version 9.2.8
Released: November 27, 2018
Release notes
New:
- Limit Bandwidth Per Host
- Optimize Application Awareness memory footprint
- Reconfigure Kerio AV to optimize memory usage
- Kerio VPN new encryption protocol AES
- Kerio VPN Client supports the new protocol
- Force hostname for VPN clients
Fixes:
- Accessing User and Groups crashes WebAdmin on IE11
- User Statistics not getting updated
- Installation of VPN Client fails on Ubuntu 18.04 LTS 64-bit Desktop version
- No traffic over VPN after enabling 2FA on iPhone running iOS 11.4.1
- Kerio VPN 2-Step Verification Unable to resolve hostname
- Filtering Web Content by word occurrence returns broken HTML
- User details not getting updated in Active hosts
Note: KerioControl VPN Client does not work with previous versions of KerioControl (version 9.2.7 and earlier)
Version 9.2.7
Released: September 4, 2018
Release notes
New:
- 2-Step verification UI improvements
- DHCP leases column added in DHCP
- DST notification added to time zone settings page
- IPv6 anti-spoofing functionality added
- Linux VPN client now supports systemd
- Unify approach to entering URL in rules
- Upgraded Firefox install CA walkthrough screenshots
Fixes:
- Categories are not getting merged one when testing the miscategorized URLs in Content filter
- Changing description for multiple users changes only those who have separate configuration
- Crash with error handling during domain joining/leaving
- Disable view user statistic when multiple users are selected
- Entries with multiple members in Service list not getting searched
- HTTP Cache dump should works without selected cache any message type
- Interface group ordering disabled
- IPSec connection is dropped every 3 hours
- IPsec: Some fields are cleared when Cipher configuration dialog is closed
- P2P suspicious connection detection
- Preventing license usage when there is spoofing IPv6 connection
- Show details while joining AD fails because of time skew
- Technical support button on dashboard redirects to GFI support now
- Tunnel reset when cipher config dialog is closed
- User right column sort by rendered value
- SafeSearch blocking Google Cloud Messaging
- View Guest users in KerioControl Statistics opens stats of "Not logged in" user
Version 9.2.6
Released: May 16, 2018
KerioControl 9.2.6 includes security enhancements to allow encryption of personal and sensitive data collected and stored by the product.
Release notes
New:
- Added support for Encrypting personal/sensitive data stored on the disk
Fix:
- Crash in some occasions due to empty HTTP header name
Version 9.2.5
Released: March 22, 2018
KerioControl 9.2.5 provides security improvements with an upgrade to the IPSEC VPN encryption key and complete removal of PHP code in the server code base. This release also includes over 20 customer reported fixes.
Release notes
New:
- Removal of PHP server-side scripting from Web Interface
- Upgrade of strongSwan 5.5.1
- Improved starting/stopping of VPN Client on Debian 8
- VPN Client now supports macOS High Sierra
Fixes:
- Translation issues
- User preferences automatic language set to detected language
- Installation of VPN Client fails on Windows 7, 8
- The WiFi driver has been updated for better compatibility and stability
- Dashboard Traffic Chart Tile does not show relevant units
- Changing description for multiple users changes only those who have separate configuration
- Empty exclusions for connection limit corrupts config
- View Guest users in KerioControl Statistics opens stats of "Not logged in" user
- WebAdmin error during configuration import
- Install CA screenshots are from old FireFox
- Menu bar icon not optimized for Mac with retina
- Remote Services: Data are not reloaded when changes are discarded on screen reload
- Bandwidth management traffic dialog: wrong info text
- Crash in ThreadCpuTime, when gdata.start_error = 1
- Assert in DhcpLeaseTab::save()
- W10 Edge cannot login and access web interface if IPv6 is enabled
- Missing limiter of AV check failed alert
- Russian Business Network blacklist is missing in IPS update
- Remove unsecure DES-CBC3-SHA from cipherlist
- Wi-Fi should be WiFi (legal requirement)
- Kerio VPN tunnels are using local networks defined in IPsec section (as Remote networks)
- Exported cfg. backup is corrupted
- Sending notifications from KerioControl - InCorrect Format of notification
- On Groups page, "Rights" column is not sorted in correct order
9.2.5 Patch 1
- Crash every hour when sending email for invalid user after antivirus scanning
9.2.5 Patch 2
- NTLM Authentication issue
- 2 Step Authentication issue
- Recompilation of WIFI driver with different flags for more compatibility
9.2.5 Patch 3
- Crash when SNAT missing target interface
9.2.5 Patch 4
- Crash when multiple pages denied occur while first deny is delayed
- Crash when internal page requests using same "lang" parameter
- UPnP not listening on all interfaces
9.2.5 Patch 5
- 2 Step Verification for user does not show QR Code
Version 9.2.4
Released: October 26, 2017
KerioControl 9.2.4 provides a WiFi security update to the WPA2 protocol for the NG100W and NG300W hardware appliances.
Release notes
New:
- Updated hostapd for enhanced WiFi security
Version 9.2.3
Released: August 21, 2017
KerioControl 9.2.3 brings fixes for customer reported issues including a Security Settings error and fixes a possible loop that resulted in the CPU locking.
Release notes
New:
- OpenSSL upgraded from 1.0.1u to 1.0.2j
- Updated country list used in SSL Certificate definition
Fix:
- CPU lock due to winroute loop
Version 9.2.2
KerioControl 9.2.1 brings you significant performance improvements in all KerioControl's security and inspection methods and filters. For example:
- KerioControl now supports 64-bit hardware, which can improve performance by 15-20%
- Large segment offload (LSO)
Kerio Antivirus
KerioControl 9.2.2 introduces Kerio Antivirus. Kerio Antivirus is powered by the Bitdefender antivirus engine and replaces the current Sophos Anti-Virus.
When upgrading to KerioControl 9.2.2 from earlier versions, Kerio Antivirus automatically replaces the Sophos Anti-Virus.
Read more in our Knowledge Base: Configuring antivirus protection.
KerioControl hardware devices support Wi-Fi
Kerio Technologies launches KerioControl NG100W and KerioControl NG300W hardware devices with embedded WiFi access point which provide connectivity for wireless devices such as cell phones, tablets, and laptops.
The KerioControl WiFi module supports:
- Dual-band antenna, which provides 2.4 or 5 GHz
- Wireless standards 802.11a, b, g, n, and ac
- Authentication: none, WPA, WPA2 (PSK or Enterprise)
- Up to eight wireless networks (SSIDs)
Read more in our Knowledge Base:
Optimizing performance with LSO
KerioControl includes large segment offload, also referred to as generic segmentation offload. LSO allows the network interface controller to process the segmentation of a data transfer and significantly improves performance. However, these improvements are noticeable only during large data transfers, such as file downloads, or video streams.
The throughput gain depends on the particular deployment. For example, you can expect up to 400 Mbps on the KerioControl NG100 hardware appliance.
Read more in our Knowledge Base: Optimizing performance with large segment offload.
Blocking incoming connections from specified countries
KerioControl allows you to filter incoming traffic by country (GeoIP). KerioControl then blocks all IP addresses that belong to the countries specified in the filter.
Read more in our Knowledge Base: Blocking all incoming connections from specified countries.
IPsec VPN tunnel configuration update
KerioControl 9.2 adds a detailed configuration for IKE and ESP ciphers used in IPsec VPN tunnels. With this detailed configuration you can easily create IPsec VPN tunnels with third-party firewalls.
Read more in our Knowledge Base: Configuring IPsec VPN tunnel.
Changes in system requirements
Added support
- KerioControl supports 64-bit hardware.
- Hyper-V on Windows Server 2016.
Discontinued support
For more details, see KerioControl technical specifications.
Upgrading
- KerioControl 9.2 and newer supports 64-bit hardware.
- Upgrade from KerioControl 8.0 and newer.
KerioControl does not permit upgrades from versions older than 8.0.