RSA-M4 Series  
Version 1.0 software Release Notes

---

Notes and warnings:

1. These release notes apply to all models in the RSA-M4 series.

2. One firmware file supports all models in the RSA-M4 series: rsa-m4-1.0.4 and on.

3. These release notes start with version 1.0.3 as basis. 
    The features of version 1.0.3 are comparable with those of version 2.2.16 of the RSA-M2 series.

---

Version 1.0.6
(release date: October 4, 2025)

Changes

• Improved the power usage calculation to better reflect the power drawn at the power supply input and to
  compensate for the non-linear efficiency of the DC-DC converter.
• Changed the SIM2 check of the selftest. Now the ICCID of the SIM is read instead of the IMSI.
  This drastically reduces the time needed for testing SIM2 presence and SIM1/SIM2 change-over.
  

Bug fixes

• Fixed software link detect of the SFP port.

Version 1.0.5
(release date: August 30, 2025)


New features

• Added automatic detection of PON serial number (PON-ID) for FS XGS-ONU-25-20NI SFP.
  The PON serial number is written in "Device info>SFP module".
• Added Dying gasp (on restart and firmware update) for SFP+ modules
  
• Added SNMP OIDs for SFP port.
  
• Added 'flush_conntrack' shell command. This command immediately flushes the conntrack tables.
  
• Added VDSL2 Profile 30a to DSL setup.
  
• Added automatic generation of self signed HTTPS certificate when no cert for the web server is present.
  
• Added generation of self signed certificates for IPsec and OpenVPN use. This creates a cert/key pair and
  a CA certificate that is used by the remote peer for authentication.
  
• Added configuration of SANs (Subject Alternative Names) to "Generate Certificate" page.
  
• Added EC prime256v1, secp384r1 and secp521r1 key algorithms to "Generate Certificate" page.
  
• The RTS and DTR inputs of the RS232 port can now be used as inputs (Logic 1 level ranging from 2,7 to 25 V)
  
• The CTS, DCD, DSR, and RI output can now be used as outputs (logic 0/1 level is -10/+10 V).
  When these RS232 signals are configured as general purpose I/O, the data pins (RxD and TxD) can still be
  used for serial communication.
  
• Added supoort for RSA-1420D model.

Changes

• Reversed order of authorization and authentication for TACACS+
• When CIG XG-99S or FS XGS-ONU-25-20NI SFP modules are used, the SFP link/act LED now turns off
   when the physical fiber link is disconnected.
  
• Changed RSA-series MIB file to support OIDs for SFP port.
  
• SFP port/module and media converter now are switched off completely when SFP port is disabled
    in Setup>Physical ports>Ethernet/SFP. This saves power when the SFP port is not in use.
  
• The firewall and NAT conntrack tables are now flushed immediately when Firewall rules are changed.
    This causes direct blocking of addresses that are added to the firewall, even when there already
    is an established connection from such address.
  
• Deleted VLAN "Auto detect feature" for xDSL interfaces. This feature no longer seems to serve a purpose.
  
• Moved initiation of SIM7600 and ML620 WWAN modules to an earlier moment in the boot process.
  
• Various changes in ML620EU (WWAN) RIL to improve switch-over time from one SIM to the other.
  
• The naming of Local Certificates, keys, and CA certificates (including file names) now is uniform
  and based on what is filled out in the "Name" field of the "Generate Certificate" page.
  
• Various "Upload" and "Download" buttons have been renamed to "Import" and "Export".
  
• For models with a single Ethernet port like the RSA-1420D and RSA-1420M is now possible to configure
  the EthWAN settings while the Ethernet port is still in LAN mode.
  
• Increased the amount of lines that can be read back in the Syslog web page.
  

Bug fixes

• Fixed unifwc tool for updating ML620EU firmware.
• Fixed issues related to hidden fields on the OpenVPN setup page.
• Fixed watchdog timeout issue that occurred when the TACACS+ server denies access due to an incorrect key
• The TACACS+ server is declared 'not reachable' when the client and server keys do not match.
• Fixed roaming indication in Device info>WWAN for ML620 WWAN modules.
• Fixed late SIM select control at reboot, ensuring that SIM1 is selected before the WWAN module starts
• reading the SIM card.
• Fixed occasional long WWAN band scan when manual operator selection was used on devices with an ML620
• WWAN module.
• Fixed xDSL "dying gasp" on shurtdown or reboot.
• Fixed Ping and Traceroute network tools when multiple WAN ports share the same gateway address.
• Fixed issues related to hidden fields on the OpenVPN setup page.
• Fixed conntrack table flush when changing from one WAN interface to another.
• Fixed time notation of the syslog lines.

Security fixes and changes

• Patched or fixed several critical CVEs. The list is avalable on request.
  
• The firewall now blocks IKE (for IPsec) traffic to port 4500. Prior to this change, unsolicited IKE
  packets to port 4500 could pass through the firewall and trigger 'No IKE config found for…' warnings
  when IPsec was enabled.
• Users with the role of "Web-administrator" can no longer enable the serial console port.
  
  

Version 1.0.4
(release date: April 30, 2025)


New features

• Added automatic detection of PON serial number (PON-ID) for FS XGS-ONU-25-20NI SFP.
  The PON serial number is written in "Device info>SFP module".
• Added Dying gasp (on restart and firmware update) for SFP+ modules with Dying gasp support.
  
• Added TACACS+ authentication service field.
• Added system alerts for SIM changeover.
• Improved TR-069 operation with GenieACS.
• Added seting for allowing TR-069 connection requests via LAN (instead of WAN only).
• TR-069 URL error checking and ConnectionRequestURL on LAN when WAN is not available
• TR-069 index depth of level is now configurable.
• Added Digest authentication support for TR-069 ACS access.

Changes

• Reversed order of authorization and authentication for TACACS+
• Changed maximum username and password length to 128 characters.
• Changed default TACACS+ service to "PPP".
• Changed representation of Hardware version via TR-069 CWMP.
• Changed TR-069 "next-level depth" from 3 to 4.
• TR-069 product classes now are: "RSA-M1-series", "RSA-M2-series" and "RSA-M4-series".
• Added parameter "InternetGatewayDevice.WANDevice.1.WANConnectionDevice.1.WANIPConnection.1.ExternalIPAddress"
  to the TR-098 portion of the data model for TR-069 CWMP.
• Moved WWAN MTU and MTU negotiation from global WWAN setting to SIM settings.
  
  

Bug fixes

• Fixed PH8 WWAN network reporting.
• Fixed serial number and OUI reporting via TR-069 CWMP.
• Fixed MTU negotiation for units with with ML620EU (LTE450) WWAN module.
• Fixed some issues with ML620EU (LTE450) WWAN module when network search and registration takes a long time.

---