Multiple network interfaces are now allowed in the same subnet
DGW-14927
Certificate files can now be exported in configuration script
DGW-14973
SIP: Support additional DHE ciphers
IN-15117
DGW-15007
User passwords are now securely hashed
DGW-15050
SBC: A specific ruleset expression may cause an unexpected unit restart
DGW-15053
Change of behavior for SNMPv3 authentication
DGW-15164
Virtual Machine cannot be created after a restoring a backup under certain conditions
IN-14657
DGW-15220
SBC: New interop parameter to disable TLS 1.3
DGW-15274
SBC: New parameter to control the TCP/TLS client port number
IN-15378
DGW-15325
Add USB support on the AMD Ryzen CPU
DGW-15338
OWASP: Disable access to internal UART
DGW-15367
Support of redundant Ethernet port switchover
DGW-15429
Clear Scripts/Selection links not working in Web pages
DGW-15442
CVE-2022-0778: Possible Denial of Service (DoS) from purposedly crafted TLS certificate
DGW-15469
The SBC registration cache may have issue handling more than 1000 users
IN-14194
DGW-15499
Accept /31 and /32 netmasks in Bni, Iprouting, Lfw, Nat, Nfw and Vm services
DGW-15675
Sentinel CS (Software SBC) officially released
New Features
DGW-15675 - Sentinel CS (Software SBC) officially released
The Sentinel CS (Software SBC) is now officially released for General Availability (GA).
DGW-15499 - Accept /31 and /32 netmasks in Bni, Iprouting, Lfw, Nat, Nfw and Vm services
Incident Number: IN-14194
IP addresses with a /31 and /32 netmasks are now allowed in the following parameters:
Bni.NetworkInterfaces.StaticipAddr
IpRouting.AdvancedIpRoutes.SourceAddress
IpRouting.StaticIpRoutes.Destination
Lfw.LocalRules.SourceAddress
Lfw.LocalRules.DestinationAddress
Nat.SNatRules.SourceAddress
Nat.SNatRules.DestinationAddress
Nat.DNatRules.SourceAddress
Nat.DNatRules.DestinationAddress
Nfw.NetworkRules.SourceAddress
Nfw.NetworkRules.DestinationAddress
Vm.InternalVirtualSwitchipAddr
DGW-15367 - Support of redundant Ethernet port switchover
The redundant Ethernet port feature can be activated via the Eth.RedundantPorts parameter.
When activated, the traffic of the ETH4 port will automatically switchover to the ETH5 port in case of a link failure on the ETH4 port.
DGW-15338 - OWASP: Disable access to internal UART
Follow OWASP IoT Verification Requirement C.1:Verify that application layer debugging interfaces such USB, UART, and other serial variants are disabled or protected by a complex password.
DGW-15325 - Add USB support on the AMD Ryzen CPU
Incident Number: IN-15378
Virtual Machines (VM) can now access USB devices on the AMD Ryzen CPU.
DGW-15274 - SBC: New parameter to control the TCP/TLS client port number
New parameter "Sbc.SignalingInterface.ForceLocalClientPort" has been added for the SBC to force client SIP connections to use the same port as the listening port.
The parameter is configurablefor each signaling interface and is effective for TLS and TCP transports.
DGW-15220 - SBC: New interop parameter to disable TLS 1.3
Incident Number: IN-14657
A new interoperability parameter Sbc.TransportInteropMaxTlsVersion has been added in the Sbc service to limit the TLS version for SIP over TLS connections.
DGW-15053 - Change of behavior for SNMPv3 authentication
Previously, the Snmp service could use any user account to authenticate a SNMPv3 request.
The Snmp service now requires its own username and password to be defined in the Snmp.SnmpUser and Snmp.SnmpV3Password parameters for SNMPv3 authentication.
This modification was required for DGW-15007.
Note: SNMPv1 and SNMPv2 are not impacted by this change of behavior.
DGW-15007 - User passwords are now securely hashed
Incident Number: IN-15117
User passwords are no longer saved in clear text, but instead saved in a cryptographically secure way, using the PBKDF2-HMAC-SHA256 hash algorithm.
Previously, when exporting a backup or configuration script, the passwords could be read in clear-text. Now, only the hashed passwords are visible.
A user cannot retrieve a forgotten password anymore, since it is impossible to reverse a hashed password into a clear-text password. In case all passwords are forgotten, a partial reset or factory reset can be done to restore to the factory initial passwords.
DGW-14927 - Certificate files can now be exported in configuration script
A new option has been added to Configuration Script exportation: All Config & Files. This enables the exportation of certificate files along with the rest of the configuration.
The certificate file content is encoded in Base64.
DGW-14607 - Multiple network interfaces are now allowed in the same subnet
The Bni service no longer deactivates a network interface whose subnet is overlapping with another network interface, as long as they have different IP addresses.
Issues Fixed
DGW-15469 - The SBC registration cache may have issue handling more than 1000 users
The capacity of the SBC registration cache was increased to match the capability of each SBC platform.
DGW-15442 - CVE-2022-0778: Possible Denial of Service (DoS) from purposedly crafted TLS certificate
An important security flaw was found in the OpenSSL library affecting DGW version 48.4 and below. If exploited successfully, this vulnerability could cause the unit to reboot unexpectedly.
The CVE-2022-0778 has been addressed by upgrading the OpenSSL library to version 1.1.1n.
DGW-15429 - Clear Scripts/Selection links not working in Web pages
The Clear Scripts and Clear Selection links in the Configuration Scripts and Backup/Restore web pages now behave properly.
DGW-15164 - Virtual Machine cannot be created after a restoring a backup under certain conditions
Fixed an issue where new Virtual Machine could not be created after restoring a backup that already contained some Virtual Machine entries.
DGW-15050 - SBC: A specific ruleset expression may cause an unexpected unit restart
Fixed an issue that was causing an unexpected restart of the unit when the $_r(0) replacement expression was used in a ruleset.
DGW-14973 - SIP: Support additional DHE ciphers
The SipEp service now supports the following DHE ciphers when using SIP over TLS:
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
Known Issues
There are no known issues.
Copyright Notice
Copyright 2022 Media5 Corporation.
This document contains information that is proprietary to Media5 Corporation.
Media5 Corporation reserves all rights to this document as well as to the Intellectual Property of the document and the technology and know-how that it includes and represents.
This publication cannot be reproduced, neither in whole nor in part, in any form whatsoever, without written prior approval by Media5 Corporation.
Media5 Corporation reserves the right to revise this publication and make changes at any time and without the obligation to notify any person and/or entity of such revisions and/or changes.