7 Replies Latest reply on Mar 24, 2010 6:44 AM by jfreitas

    Will 4.5 be released before EoS?


      Will 4.5 ever be released?

      Features - general
      - SMTP proxy can now be run fully transparently (11882)
      - major speedupds in processing changes to large firewall rule sets (12096)
      - New multiport match mechanism speeds up rules using Service Groups (13447)
      - Special SIP connection tracking can now be enabled on the connection-tracking page (14584)
      - When deleting network connections in use by HA/ipsec/etc give a nice error or auto-disable the objects in question where possible (14597)
      - dostools updated to deal with file systems over 4GB (14606)
      - Web-Admin UI enhancements (14699)
      - Give all objects a name and notes facility so settings can be documented by users. (14727)
      - The firmware upload page now has a checkbox to override the version check (14731)
      - The serial console can now be enabled from the Web UI (14732)
      - web-cache (squid) UI has two new fields that can be used to tune performance for busy sites. (14739)
      - swconfig cli command can now disable mac-learning on some switches which is needed for bridging of port-based vlan ports. (14752)
      - ebtables rules can now be used to create custom FW rules for non-IP bridge traffic. (14756)
      - Improved HA/failover UI with broader device and tunnel support (14780)
      - net-snmp has been updated to 5.5.0 (14834)
      - Checking for duplicate use of ports by different device services is now a lot more sophisticated (14848)

      Features - SSL-VPN
      - Support for openvpn based net-net (device-device) SSL-VPN has been added (11521)

      Features - WIFI
      - SG565 with RT61 wifi card now support up to four SSID (14608)

      Features - AUTH
      - ActiveDirectory authentication is now supported (14662)

      Features - stats
      - Packet counts have been added next to byte-counts (14723)
      - Stats graph size, default-type, and other aspects can now be set via a nice UI page (14744)

      Major bugs fixed
      - update to openssh mitigates CPNI-957037 (14250)
      - Improved interplay between ipsec bringing up tunnels and mgmt of routes and network setup (14790)

      Minor bugs fixed
      - update to openssl 0.9.8j (14244)
      - some speed improvements for  web-admin/statsd (14409)
      - user-group editing no longer creates a lot of needless syslog output (14660)
      - Fixup of device (udev) migration (14661)



        • 1. Re: Will 4.5 be released before EoS?

          I am interested in knowing this a well as some of the feature w are waiting for.

          • 2. Re: Will 4.5 be released before EoS?

            No. There is no plan to do a 4.5 release. No new features.


            The plan was to do a public beta of 5.0 end-Feb which we were on track for.

            Then do an RC end March and GA a month or so after that with new hardware to come out in May.

            ie. 560/580/720 replacements and some new bigger boxes (x86 with HD). ie. 200-400Mbps crypto

            Full MFE-AV etc.


            None of which will now happen - sorry.




            • 3. Re: Will 4.5 be released before EoS?



              Thanks for your reply with a concrete answer. Just to confirm that the to be release 4.0.7 will be the last release unless any big items are found?

              • 4. Re: Will 4.5 be released before EoS?

                Based on the messages I have received it appears McAfee management is committed to providing maintenance releases commensurate with their Warranty and Support obligations. ie. whatever many years that equates to - all else being equal.


                So there will be future 4.0 releases to fix further stability issues, keep openssl / ipsec / openssh etc. updated to fix any vulnerabilities that are found in the general community. etc. etc. ie. if some stability nasties continue to bite the team remaining here they will likely do a 4.0.8 relatively quickly. And if not, then they might wait a while to accumulate less serious annoyances and do something every half-year or there abouts - it all depends.


                4.0.7 currently has the bits in it that were already discussed, but over the last few days as people have been looking at 4.0.6u3 we have also refreshed openssl/openssh to pick up the latest bug-fixes there. And we might have found a problem with one part of the L2TP thing - still investigating. Other than that, if anybody has any feedback on 4.0.6u3 'claimed fixes' please make sure it gets to us. mail Ross or this forum.

                • 5. Re: Will 4.5 be released before EoS?

                  Hello Tom,


                  I have a customer who is buying seven UTM (one 720 and six 580) just because I had promissed him that there was a new version upcoming which would provide integration with Active Directory to authenticate users in the proxy. What do you suggest I do now?



                  • 6. Re: Will 4.5 be released before EoS?

                    Yes, I see. That is indeed unfortunate - but not unexpected of course. There were some pretty nice new features about to be delivered.


                    As the SW engineering manager (until 31-mar anyway) I am only paroting the guidelines set down for what software work is allowed.

                    I have to re-iterate that its unlikely that there will be any relief of the 'ok then we will release 4.5 anyway' kind, regardless of the circumstances.


                    That really only leaves the Sales hierarchy as a possible avenue of answers I think. So your Distributor and/or McAfee Sales person. Engineering doesn't really get invovled in Sales strategies & contingency planning - but I do know there have been lively discussions between Sales on our customers of late. Presumably they will have a story for you. Hopefully its a good one.


                    Sorry I couldn't be of more help - we're kind of past the time of technical solutions in this space, so that limits what I can say/do

                    • 7. Re: Will 4.5 be released before EoS?

                      Thanks Tom, for your explanations.