Ubiquiti heeft nieuwe firmware uitgebracht voor zijn wireless producten die in de USG-serie vallen. USG staat voor UniFi Security Gateway en deze producten zijn bedoeld om als router te worden ingezet. Ze bevatten onder andere een krachtige firewall, vlan-opties en vpn-mogelijkheden, en kunnen ingeregeld worden met de UniFi Controller, die ook bijvoorbeeld accesspoints en switches kan aansturen. Het versienummer van deze firmware is vastgezet op 4.4.36 en voorzien van de volgende lijst aanpassingen:
[USG] Firmware v4.4.36 now available
Only one change since v4.4.34, however an important one for some use cases.In all firmware versions prior to this, that provisioning would remove the WAN IP then go through the DHCP lease process. This would leave a single WAN system with no Internet connectivity for a few seconds at least, and in multi-WAN cases, would cause a failover and fail back. In most cases, that was the only noticable symptom and it self-recovered without any problems, but in some it could cause issues that require another reboot post-upgrade. In multi-WAN cases, it could cause WAN to stay in a down state on the first bootup post-upgrade. In normal operation of the system, there are no forced DHCP renewals (this isn't relevant to the normal process of DHCP renewal).
- Do not clear IPs from DHCP WAN interface in PREINIT of a forced renewal. The primary problem symptom is when the system is provisioned by the controller when booting up (most always only the first boot post-upgrade).
DownloadsUSG
[USG] Firmware v4.4.34 now available
Changes since 4.4.29 release:USG-XG-8 specific:
- Significant fixes in load-balance functionality (multi-WAN).
- Fix circumstances where route metrics were not being properly updated, primarily experienced upon fail back.
- Fix problem that could cause one or both WANs to be marked down and get stuck in that state.
- Fix crash in ubnt-util when a WAN is down for an extended period. Wasn't causing any noticeable problems since it recovers on its own.
- IDS/IPS fixes/improvements
- utmdaemon high CPU usage fixed (cause of "heartbeat missed" a few reported). Note that cannot prevent "heartbeat missed" in all possible circumstances. Where under extreme load for extended periods, it's inevitable for userland to be starved of resources enough to miss informs.
- Added a couple missing signatures to those bundled in firmware so all are immediately available post-upgrade. Some noted spamhaus.rules was only available after signature update.
- Suricata version string corrected to reflect specific version.
- Patch for CVE-2018-18956 denial of service vulnerability in Suricata.
- Reduce frequency of lookups to ips1.unifi-ai.com for cloud connectivity.
- Adjust configuration for USG3 and USG Pro to decrease CPU and memory usage.
- If no interface with "description WAN" is found (config.gateway.json overwriting the controller-generated config), assume the default interface assignment for that hardware platform, so config_network_wan is included in the inform. That prevents INFORM_ERROR status on controller versions prior to 5.9.28. In 5.9.28 and newer controllers, there is also a change controller-side to not end up in this condition regardless of whether this firmware-side change is available.
- Speed test updates to not get stuck on a non-responsive server.
- With UF-RJ45-1G SFPs, pass through the copper link state to the SFP+ port. Previously they always showed link up in the OS when plugged in regardless of copper link status (was SFP module to SFP slot link), which is problematic if using one for a dynamic IP WAN in some cases, as linkup actions are important.
:fill(white):strip_exif()/i/2002253379.jpeg?f=thumbmedium)
:fill(white):strip_exif()/i/2000901255.jpeg?f=thumbmedium)
.
/u/176086/crop5f0823fa5e8d6_cropped.png?f=community){kind=small}
:strip_exif()/u/591794/crop61a251d10f7b3.gif?f=community){kind=small}