thanks Mark, I will bug this
I made mention of this issue twice in the beta 5 thread as well but did not recieve any acknowledgement (that it was an issue) .
where can i find this firmware?
I didn´t noticed it in the download area...
This release was given to a few select customers experiencing a IPSec loading issue with high number of IPSec tunnels configured on the unit.
As Ross said, 4.0.6u2 isn't public, nor is 4.0.6u3 - which we are hoping to try out at a few sites experiencing problems over the next few days.
If that all pans out and we've succeeded in actually addressing the issues we were hoping to then we'll re-label it 4.0.7 and make it public in the usual place.
So taking into consideration that we're only handing out 4.0.6u3 later today, give the respective sites a few days to install it and check it out, we think we should have sufficient feedback late this week or early next week. Then we'll do final sanity check on a re-labled version of that (4.0.7) and push it out as per usual.
Meaning if everything works out ok and we don't find any 'gotcha' type issues in testing, then mid to late next week we should be able to get a 4.0.7 up on the download site.
in 4.0.6u3 we think we fixed
- ipsec IPCOMP issue running units out of memory (and then crashing).
- the default-route check in ifmond could interact with reconfiguration in such a way that it ended causing a reconfiguration (fail-over) - endless loop....
- this showed up in some sites with many ipsec tunnels continually having tunnels go down.
- ipsec ertoues 'acquire-pfkey' had issues showing up during failover and other places
- a crash caused by retransmitted packets while a tunne is down
- DPD could take down a live ipsec connection
- reflected XSS problem
- support NAT-T windows/mac/iphone user through l2tp
(this is the L2TP 'fix' there has been so much discussion over...)
- a few minor bits and pieces.
As you can see it fixes some fairly significant issues, most relating to what would be experienced as 'stability' issues. ie. works for a while and then dies.
As opposed to bugs where something just doesn't work outright (like the l2tp over nat thing).
which is why we think 4.0.7 will be a good step on the 'increased stability' road...
If anyone would like to try the pre release of 4.0.7, PM me and I can make it available.
We are experiencing the Ipsec issues mentioned. I have sent PM.
I'm using 4.0.7 and it still has the uptime issue.
I have 2 internet links running into it also and since upgrading to 4.0.7 the primary connection keeps dieing and the only way to get it going is to restart the SG580.
We've always had that problem with two Internet connections, the solution has been to put one on each NIC controller in the cyberguard 560 or 580.
Also with the IPsec VPNs between V4 firmware and V3 firmware many tunnells will report status DOWN on the V4 router while reporting status UP on the V3 router, a ping over the tunnel works and then the V4 router reports the tunnel as UP since the ping time.