RSA-4122/4122W Rev1 Firmware release notes

---

Notes:

1. RSA-4122 and RSA-4122W hardware using a Rev2.0 4x22-A1 add-on boards must use firmware releases starting from 1344.
   RSA-4122 and RSA-4122W hardware using a Rev2.1 4x22-A1 add-on boards must use firmware releases starting from 1426.

2. Rolling back to firmware versions before version 4.06L.02-1202 may cause a fallback to the factory default settings.

---

Version 4.06L.02-1426
(release date: October 16, 2015)


New features

Added support for RSA-4x22-A1 Rev2.1 add-on board.

---

Version 4.06L.02-1424
(release date: July 21, 2015)


Bug fixes

Fixed setting of "UTC without DST" time zone.

Fixed SNMP MIB-II sysObjectID value to properly indicate RSA-series.

Disabled SSLv3 support because of vulnerability (poodle).

---

Version 4.06L.02-1420
(release date: November 21, 2014)


Bug fixes

Fixed bug that, in certain cases, caused traffic from the LAN to a remote port 8080 to be redirected to port 80 of the unit itself.

Fixed bug that caused certain combinations of local and remote networks for IPsec to fail.

---

Version 4.06L.02-1416
(release date: November 16, 2014)


Changes

Blocked LAN packets from appearing at WAN ports.

IPsec Security Policy entries are now flushed when IPsec tunnel is closed or restarted.

 

---

Version 4.06L.02-1410
(release date: September 12, 2014)

 
Changes

Text changes in Firewall and Routing setup pages.

Bug fixes

Fixed "Allow access via VPN" option of Firewall while in IPoE mode.

---

Version 4.06L.02-1408
(release date: August 26, 2014)
  
 
Changes

Removed SNMP trap address field from SNMP setup page. (traps are set up in the System Alerts page)

Send SNMP traps also when the host address cannot be pinged.

Changed static routing setup to allow the use of an interface as gateway without configuring a gateway
   IP address.

Bug fixes

Fixed mismatch between alerts in setup table and actually sent alerts.  

Fixed "IPsec Tunnel KeepAlive ping" when remote tunnel address is 0.0.0.0/0

---

Version 4.06L.02-1402
(release date: August 4, 2014)

New features

Added LAN side firewall option to Firewall Incoming IP filtering page.
   LAN side firewall is enabled when the "Allow access via LAN" check mark is removed.

Added SNMP agent with SNMPv3 support. 
   

 
Changes

Text changes and clarifications in Firewall setup page.

SNMP v1/v2c write (set) community name can be used for read (get) operation also.

Bug fixes

Fixed automatic start of IPsec tunnel when remote network is set to 0.0.0.0/0.
   Note: when the remote network is set to 0.0.0.0/0, the option "IPsec Tunnel KeepAlive ping"
            must be set to "address" and an IP address must be entered.

Fixed SNMP control of USB power and USB power indicators.

---

Version 4.06L.02-1382
(release date: June 25, 2014)

Changes

Removed some "illegal 0" integers from SNMP agent.

Updated MIB file. See: RSA-series MIB file

Bug fixes

Corrected wrong SNMP enterprise ID (1759) introduced in release 1344 into 1756.

Fix for dynamic NAT when multiple WAN networks are used.

---

Version 4.06L.02-1374
(release date: May 12, 2014)

New features

Added SNTP server to allow devices attached to the LAN ports to synchronize with the system clock.

---

Version 4.06L.02-1364
(release date: March 24, 2014)

New features

Added firewall option for completely blocking ICMP ping requests.

Changes

Removed check for address range 0.0.0.0/0 of remote side of IPsec tunnel.

Excluded local network from remote side of IPsec tunnel when remote address range 0.0.0.0/0 is used
   in order to maintain local connectivity for device management.

Changed DNS proxy algorithm to prevent continuous change-over of relayed DNS addresses when no valid DNS is found.

Changed watchdog time-out to prevent watchdog initiated restarts under extreme processor load.

   

---

Version 4.06L.02-1356
(release date: March 7, 2014)
  
 
Changes

Decreased maximum amount of packets in Tx buffer in order to reduce latency and TCP congestion.

Bug fixes

Fixed false reporting of IPsec tunnel status when more than 16 IPsec tunnels are active.

Fixed bug that caused the DNS proxy to continuously change-over relayed DNS addresses after 11 days uptime.
   This bug induced the firewall tables to be updated every 15 seconds, which caused interruption of OpenVPN and
   other services.
 

---

Version 4.06L.02-1352
(release date: January 20, 2014)

 Changes

Text changes and clarifications in some html pages.

Changed generated private keys and certificates to 1024 bits size. Bigger keys take too long to generate.

Configuration files for Rev1.0 and Rev2.0 add-on board are now fully interchangeable.
   (Before this change, the entry of the WWAN modem had to be deleted and added again).

Bug fixes

Fixed (too) early start-up of internal WWAN modem that sometimes caused WWAN modem
   of Rev2.0 add-on board not to start immediately.

---

Version 4.06L.02-1344
(release date: December 3, 2013)

   
Changes

Added support for Rev2.0 add-on board.

Added entries for DNS servers to static IP setup of Ethernet WAN port

Allow both spaces and commas for separating multiple hosts in OpenVPN config pages.

Suppressed "CMD 'status'" messages in OpenVPN log screen.

Disabled auto completion in PPPoE/PPPoA and OpenVPN setup pages to prevent browsers
   from trying to save the passwords. 

  
Bug fixes

Fixed mismatch in WAN priority number between initial set-up and WAN info page.

---

Version 4.06L.02-1324
(release date: November 5, 2013)

  
  
Bug fixes

Enabled loading of 2048 bits certificates and keys for IPsec and OpenVPN.

---

Version 4.06L.02-1322
(release date: October 31, 2013)

  
New features

Added OpenVPN Client mode options such as Cipher modes, TLS-auth and Keepalive.

  
Bug fixes

Fixed OpenVPN restart when changing WAN ports (failover operation).

Fixed VPN LED operation for OpenVPN.

---

Version 4.06L.02-1306
(release date: August 2 , 2013)

  
Bug fixes

Send ADSL dying-gasp signal on reboot and after firmware/settings updates.

Prevented IPsec Security Policy entries from being accidentally removed
   when another tunnel with the same SPD entry goes down.
    

---

Version 4.06L.02-1302
(release date: July 22 , 2013)

  
Changes

Increased admin password size to max. 20 characters.

Changed behaviour when SIM card is not found or SIM-present response is late.
   WWAN modem status will not go to "hold" any more and retries will continue.
    

---

Version 4.06L.02-1298
(release date: July 5 , 2013)

  
New features

Added SNMP OIDs for WWAN link type and RSSI.

Added SNMP OIDs for Active WAN port details in Failover operation.

Added warning to WWAN data counter page when clock is not set.

Bug Fixes

Fixed RIP routing for IPoE and MER interfaces.

Fixed NAT/DMZ host setup

Fixed Certificate signing request page.

Fixed "Load signed certificate" button in Certificate details view.

Fixed Serial port Client mode.

---

Version 4.06L.02-1264
(release date: May 6 , 2013)

New features

Added SNMP-initiated settings update

Added SNMP traps for reporting SNMP initiated settings update.

Added SNMP OIDs for WWAN operation.

Added option in firewall to control access to system services via VPN tunnels.

Local LAN ports can now be divided in two isolated segments. This aids the
   configuration of two fully isolated VPN tunnels.

Device Info page shows what IP addresses apply to which Ethernet port(s).

  
Changes

SIM card error will now cause a "hold" state rather than a watchdog time-out and reboot.

Updated SSL/TLS encryption wrapper for HTTPS.

Disabled SSL 2.0 and weak ciphers for HTTPS.

Disabled insecure Client-initiated Renegotiation for HTTPS.

RSA host key for SSH now remains the same after firmware update.

Changed HTTP authentication realm string.

Removed HTTP server signature.

Moved System log configuration page.

Added logging to USB Flash (USB port 1).

Added option for writing System Alerts to common syslog.

Various textual changes in Web interface.


Bug Fixes

Fixed SSH access over WAN ports.

Fixed MSS clamping for PPPoE over ADSL.

Fixed IP masquerading (Dynamic NAT) when multiple PPPoE links exist.

Fixed occasional lock-up of PPPoE over ADSL.

Fixed default gateway update when changing from manual to automatic.

Fixed update of WAN interface name in Device Info page.

Fixed reboot after writing settings-update file.

---

Version 4.06L.02-1202
(release date: March 25 , 2013)

Changes

PPP Led will blink when data passes in routing modes and in ADSL (RFC2684) bridge mode.

When in ADSL bridge mode, the info page will show "RFC2684 bridge mode" instead of "No active interface".

SSL encryption wrapper for https updated.

Certificate for https updated.

Unsupported XML tags in configuration file will no longer provoke a fallback to factory default settings.

Bug Fixes

Fixed PPPoE disconnects caused by missing "LCP Echo replies" via ADSL/ATM from certain Cisco BRAS units.
   Note: this fix applies to the internal PPPoE function of the unit. External PPPoE routers connected via
   ADSL/ATM in RFC2684 bridge mode may still be affected).

Fixed Watchdog reboots when running with fully configured WWAN without SIM card inserted.

Fixed "Restart script after termination" option of Apploader.

---

Version 4.06L.02-1172
(release date: February 25 , 2013)

New features

Added writing of syslog messages to USB flash drive in USB port 1.

Added SNMPd-check to Watchdog page.

Changes

USB flash devices are now always mounted as /mnt/usb-1 when in USB port 1 or /mnt/usb-2 when in USB port 2.

Changed web interface page for Syslog setup.

Changed caching behaviour of web interface pages to reduce traffic generated by remote access and to support
   newer web browsers.

Bug Fixes

IPsec tunnels will be automatically restarted when the key manager stops operation.

Fixed bug that generated error message when Firewall rules were added using the Google Chrome web browser.

Corrected (swapped) ADSL Attainable rates and Actual rates in snmp daemon.

Fixed reboot operation when the unit is in console mode.

---

Version 4.06L.02-1144
(release date: February 4 , 2013)

New features

Added new set up page for Rate Limiting (DoS protection) in Firewall.

Changes

Some text and layout changes to web interface.

Set default settings of Rate Limiting to "off".

Bug Fixes

Fixed accidental rate limiting on OpenVPN and IPsec layer2 tunnel when UDP rate limiting was enabled.

---

Version 4.06L.02-1136
(release date: January 28 , 2013)

New features

Added simple SSL-VPN (OpenVPN) setup to web menu. (will be enhanced in future releases).

Added SSL-VPN (OpenVPN) status page.

Added firmware update by entering url to remote server.

Added option to enable/disable SNMP invoked firmware download.

Added conntrack (connection tracking system) utility.

Added udp, tcp and icmp rate limiters for additional DoS protection.

Added full screen WWAN signal level graph to aid antenna positioning.

Added Ethernet port enable/disable to web menu.

Blink Ethernet port LEDs when port is disabled.

Show disabled Ethernet ports in Ethernet status page.

Changes

Flush conntrack database before reconfiguring firewall.

Flush conntrack database for dynamic NAT when changing from one WAN port to another.

Ethernet port enable/disable via SNMP-set now is non-volatile.

Some text and layout changes.

Bug Fixes

Fixed omitting "prefix length" of IP addresses in "incoming IP filter rule of firewall.

Fixed stack overflow when flashing large firmware images.

---

Version 4.06L.02-1080
(release date: December 9 , 2012)

New features

Added SNMP invoked firmware download.

Added CLI command 'firewall' for enabling/disabling the firewall over a telnet or ssh link.

Added SNMP OIDs for "rsaStatus" (serial ports, I/O ports, system temperature and WWAN modem temperature).

Changes

No failover ping test is used when a single WAN port is configured or when the WAN port has the lowest priority.

Bug Fixes

Fixed accidental resets to default settings caused by surge voltages and ESD.

Fixed bug that caused dynamic NAT (IP masquerading) to fail when LAN address was set to 192.168.1.1

---

Version 4.06L.02-1058
(release date: November 24 , 2012)

New features

Added LZO compression for OpenVPN. (Note: OpenVPN is not yet supported in the user interface.
   It can be run as shell script by means op the AppLoader.)

Changes

Moved IPsec PFS option to "Advanced Settings".

Added telnet window size renogiation to telnet server.

Enabled winsize handling in vi.

Added support for newer versions of SSH client to SSH server. (more to come)

Bug Fixes

Fixed memory leak in SNMP server.

Fixed IPsec tunnel-down detection to avoid spurious down/up messages.

---

Version 4.06L.02-1048
(release date: November 16 , 2012)

New features

Added SNMP traps for ALM LED status change.

Make VPN LED available for customer made applications and scripts (e.g. for OpenVPN).

Changes

Changed many IPsec syslog messages into more comprehensive texts.

Textual improvements and clarifications.

Changed and cleaned-up IPsec tunnel 'details' information

Bug fixes

Fixed snmp trap OIDs (they were "1756.1.10" and should have been "1756.1.12")

Fixed USB power control to reset external WWAN dongles (port/power was crossed)

---

Version 4.06L.02-1032
(release date: November 6 , 2012)

New features

Added WWAN 2G/3G band selection for internal modem (RSA-4122W).

Show 2G Serving/Neighbour Cell information when in 2G (GPRS/EDGE) mode.

Added Blowfish encryption protocol for OpenVPN operation.

Enabled password-save option in OpenVPN configuration.

Bug fixes

Fixed 'standby' state of WWAN modem.

Fixed dropping WWAN connection when unrelated configuration items are changed.

---

Version 4.06L.02-1018
(release date: October 29 , 2012)

New features

• Added "Connect on Demand" feature of WWAN modem for fail-over operation.
  When 'connect on demand' is enabled, the WWAN modem is registered to the mobile network
  but will not connect with the operator's access point until a data connection is needed.
  
• Added RSA series specific parts "rsaSystem" and "rsaPorts.adslPort" to the MuLogic SNMP
  enterprise MIB (enterprises.1756). (SNMP support is still a "work in progress").
  
• Added WWAN "serving cell" and "neighbour cells" information to WWAN status page.
• Added OpenVPN crypto support. Note: OpenVPN is not yet supported in the regular user
  interfaces and configuration storage. It can be run under control of shell scripts.
  
• Added system hardware integrity check for reset controller.
  

Changes

• Event scheduler now has separate entries for "device reboot" and "ADSL ppp reconnect".
• Layout changes of WWAN status page.
  

Bug fixes

• Fixed generation of ADSL line graphs for Internet Explorer. (still quite slow on IE)
• Fixed Automatic reset/restart of WWAN modem after physical disconnect or shut-down.

---

Version 4.06L.02-974
(release date: October 5, 2012)

New features

• Added parts of SNMP Bridge-MIB and Q-Bridge-MIB to aid intrusion detection systems
  (dot1dTpFdbTable and dot1qTpFdbTable).
• Added Ethernet port control (up/down) via SNMP-set to aid intrusion detection systems.
• Added ADSL graphs for Bit allocation, SNR, QLN and Channel response. (Does not work with IE).
• Added 'gzip' and 'gunzip' to shell commands.
• Added 'mutop' shell command to show processes of mumanager.
  

Changes

• Changes in USB drivers for WWAN modems to prevent forced reboots after USB time-outs.
• Changed reaction of web server to Firefox 15.0 "openening sockets before using them"
  which caused a "400 bad request" response.
• Info-Route page now shows info from "ip route" instead of old "route".
• Renamed WWAN pppd process info in syslog from "pppd-org" to "pppdw".
• Enable pppdw syslog debugging info only when pppd debugging is enabled in WAN Services setup.
• Removed obsolete "in cgiGetSerserver" syslog message.
• Removed "No LAN address found" syslog message when setting routes for anonymous IPsec tunnel.
  
• Removed "welcome text" on telnet login.
• Changed SSH server identification.
• Changed httpd identification.
• Changed Enterprise ID in SNMP MIB-II "system" OIDs to 1756 (MuLogic).
• Changed some html page refresh times.
• Various changes in text and layout of html pages.

Bug fixes

• Fixed bug in memory and CPU time limitation of AppLoader.
• Fixed behaviour of SNMP snmpgetnext. 
• Changed default firewall settings for SNMP from TCP to UDP

---

Version 4.06L.02-926
(release date: August 20, 2012)

New features

• Added ADSL test options: subcarrier selection and SNR margin control
• Added ADSL "down" option. 

Changes

• Selection of G.DMT, ADSL2 and ADSL2+ Annex B/J modes now automatically enables G.992 operation
  (instead of T1.413 mode).  

Bug fixes

• Fixed bug that caused PPPoE/PPPoA connections to go down when Eth0 WAN Port went down.

---

Version 4.06L.02-922
(release date: August 14, 2012)

Changes

• Changed default IP address (when no valid configuration file is present) from 192.168.1.111 to 192.168.1.1.

Bug fixes

• Fixed bug that caused old PPPoE/PPPoA settings to remain active after a configuration change without reboot.
  (This bug made it appear like a new PPPoE/PPPoA configuration -user name, password- was not valid).

---

Version 4.06L.02-916
(release date: August 9, 2012)

New features

• Added "Domain" field to DHCP server settings in LAN setup page. 
• Added sysinfo.cmd page. Some fields are still ToDo.

Changes

• HTML text and layout changes.
• Changed CLI error messages.
• Syslog now distinguishes between pppd for PPPoA/PPPoE and pppd for PPPoW (WWAN).
• Changed ADSL System Vendor ID to 0x7b: MLGC.
• Changed default VPI/VCI for new DSL/ATM wan connections to 1/32.
• Changed PPP reconnect method (layer 2) for Event Scheduler.

Bug fixes

• Show correct restart reason in alerts after settings restoral.
• Fixed RS232 console mode. (keep DTR and Serial RS232 port enabled).
• Fixed Edit button behaviour in WAN Services setup page. (still not 100%).
• Fixed reporting of specific Option iCon 505 (USB WWAN modem) status info.

---

Version 4.06L.02-890
(release date: Juli 18, 2012)

New features

• Added Ethernet "HUB mode" in Setup -- Ethernet page.
  Now the Ethernet switch can be set to "HUB mode" in order to allow Ethernet data monitoring
  by means of an external device.
• Added Ethernet HUB/Switch mode to Ethernet status page.
• Added control of Serial port LEDs (RxD, TxD, DCD) to Serial port setup pages.

Changes

• Various HTML text and layout changes.
• Changes to Apploader page.
• Increased IPsec FQDN/User FQDN identifier length from 16 to 40 characters.
• Increased IPsec PSK string length from 16 to 40 characters.
• ADSL rates are now shown on info page when ADSL port is in "bridge mode".
• Gateways for Serial port 1 (RS232) and Serial port 2 (RS485) now operate fully independently.
• Removed hardware flow control selection from Serial RS485 port setup page.
• Serial RS485 port gateway always operates regardless of mode (console/gateway) of serial RS232 port.

Bug fixes

• Fixed bug in WWAN data limit counter.
• Fixed Serial port statistics.
• Fixed bugs in AppLoader.

---

Version 4.06L.02-856
(release date: June 25, 2012)

• First formal release of RSA-4122/RSA-4122W firmware.

---