The siteinfo script now reports hardware status . 

ag_webproxy truncated cookies with values containing '=' . 

A Satellite problem was fixed .  Fixed problem with writing faulty/empty ip server addresses in the generated satellite configuration.

IP tunneling now always block ICMP redirects .  This is a minor security improvement.

ag_ssld_cgi could dump core .  This could happen when a session was "half registered"

Satellite problem fixed .  agsh: generated satellite configuration was bad if a DNS server was defined but there was no search base.

The ag_webproxy demon could dump core .  This could happen when transforming traffic to SSL (https).

Restore of backups .  Made ag_restore not choke on file names containing "

SSL module fixed .  ag_ssld/apache: fixed rewriting problems when SSL front-end was listening on != 443

A double free problem in the SSL module was fixed. . 

A problem with short read i the RDP proxy demon was fixed. . 

A problem with the SSL module was fiexed .  It will now set the client.iptunneling/firewall/identd/platform attributes

A problem in the SSL module was fixed .  hostnames are no longer case sensitive.

A problem with radius as account source was fixed . 

A security issue in sshd was fixed . 

Fixed a problem with very large roles . 

Fixed VLAN configuration .  It was not possible to configure VLAN on some platforms. This was partly a server and a console fix.

Fixed tab dance in client . 

A problem causing slow debug output wss fixed . 

Support PKCS11 library loading on Mac OS X (10.4 or later) . 

Make sure to trim all property values (trailing spaces caused problems) . 

A problem in the Client for Citrix and Terminal Servers wss fixed .  The agmud process not properly clean up when a client died.

A problem when it could be impossible to select certificate method was fixed . 

Linux xlock problem fixed .  linux xlock integration did not work if the server connection was lost and the user reconnected.

A client debug problem was fixed .  Report correct port number when reporting that we coudl not open a local listener (and skip the l18n of the number)

Local print function improvment. .  It is now possible to select multiple jobs to print in the client print tab.

Security issue in SSL mode fixed.  This version includes a security fix for the SSL module. The problem was that the SSL proxy could mix sessions so one user could sometimes get access to the session of another user.

Server could fail to enable auto start services.  This could happen if the user was using IP-tunneling and the DNS system was slow. The system could sometimes fail to enable auto-started services for users. Users could work around this by manually stopping and starting the service.

Added ability to limit LDAP group searches.  The AppGate server used to download all the groups defined in an AD server. This would become impractical if the AD contained lots of groups. This version therefore adds the ability to amend these searches to download only a subset of all groups.

Sending log events to syslog server could stop working.  A bug in the system caused it to stop sending log events to an external syslog server whenever the network configuration was changed.

Missing attribute handling changed.  Previous versions would end the user session if the user selected a role which contained a component which referred to an attribute which was not set. This version changes the behavior to rather just disabling the service which contains this broken component.

NTP server keys.  Configured NTP server keys were not passed on to the ntpdate command.

SSL file upload problem fixed.  This version fixes an issue in the file access component when used in SSL mode. The problem was that any upload, trough SSL, of a small file which ended with a blank line failed.

Fixed busy-loop in web proxy.  There was a bug in the web proxy which could cause it to go into a busy loop when talking to certain web applications using SSL.

Made RDP proxy more tolerant.  This version of the AppGate RDP proxy is more tolerant against the strange packets which the Microsoft Remote Desktop Connection v2.1.0 (Mac client) would generate when connecting.

Fixed problem with defunct processes.  There was a bug in the server code which could cause ag_logd to leave defunct processes. This could happen if there was a local command used to process logs.

Fixed bad behavior in remote log GUI.  The remote log configuration panel would not always save the external host name. The screen could also sometimes be completely blank.

Exception when creating new direct access rule.  This version fixes a regression error in the AppGate console which made it impossible to create new direct access rules for satellites.

Reachability checker and SMB.  The reachability checker in AppGate console did not properly understand the SMB server URI entered in file access components.

Changed web access panel URL field.  The URL field has been split into multiple fields and radio-buttons. This should make it easier to see what the expected syntax is.

Fixed bogus "This address is already in use" message.  This issue affected the IP-tunneling driver for windows. It would sometimes cause Windows to show a message saying something like "This address is already in use" when connecting. The message was harmless but should not appear any more.

Applet would not work on non-Windows clients.  The applet version of the client would not start on MacOSX or Linux machines.

Use correct role name in close dialog.  The client could present the wrong role name in the connection close confirmation dialog. This would happen if the connection used multiple combined roles. The client would present the first role name rather than the name "Combined".

Fixed Linux multi user client on 64-bit systems.  The Linux multi-user client did not work on 64-bit systems.

Web access to multiple servers.  Previous versions of the Linux client did not handle web access to more than one AppGate server at the same time.

Can run in Java 1.4 again.  The previous version inadvertently used a couple of API calls not available in Java 1.4. This has now been fixed. But please note that Java 1.4 has been end-of-life'ed from Sun for quite some time now.

Applet checks for supported browser/java combinations.  The AppGate applet will now check the browser and java combination and give an error message when bad combinations are found.

Changed RDP settings.  This release changes the default RDP options passed to the Microsoft client. The changes is that compression is now enabled and the default bit depth is 24 (was 16). This resolves the problems some users have experienced where the connection stopped working when playing videos.

Satellites and load balanced clusters.  Satellites could have problems when connecting to load balanced clusters. The symptoms was that the satellite immediately disconnected.

Keep invalid NAT mappings.  Do not remove NAT mappings from satellite if the satellite address pool is changed so the mappings are no longer valid. Instead the administrator may reassign the mappings or change the pool again.

Show where satellite will connect to.  Show exactly which names/addresses and ports the satellite will connect to in the AppGate console. This should make it easier to spot configuration problems.

Satellite routing issue.  Fixed satellite routing issue which could occur if the satellite pool was very small and the satellite used all available addresses.

Fixed random crash at startup.  This version fixed a synchronization issue in the console which sometimes caused it to crash when connecting to a server.

Allow host routes.  Version 9.2 of the console refused to add host routes. This is now fixed.

"End time should always be now" button in log GUI did not work.  It was impossible to turn this function back on again if it had been disabled.

Bogus IP-tunneling error message.  The client would sometimes show an error message about not being able to remove IP tunneling routes when closing.

Improved performance on Linux and Mac.  The interactive performance of both IP-tunneling and port forwards has been improved in the Linux and Mac clients.

Fixed startup problem on MacOSX Snow Leopard.  This release includes a new Java stub which should work on the latest versions of MacOSX and Java.

IP-tunneling installation on windows.  Changed the default installation to install 2 instances (so it can be used against two servers simultaneously). Also fixed a problem where an upgrade might fail silently.

Unreadable error dialog fixed.  Error dialogs shown by the client could be unreadable if the screen was too small.

Could not start web access services against two AppGate server simultaneously.  There was an addressing conflict in the AppGate client which prevented it from setting up web access services to more than one AppGate server at the same time.

IP-tunneling to multiple servers on MacOSX.  It is now possible to use IP-tunneling to multiple AppGate servers at the same time also when using the MacOSX client.

Better browser detection on Linux.  The client is now better at figuring out which web browser to start when running in a Linux environment.

Port mover installation.  The port mover is a small helper which is needed on MacOSX and Linux. There were numerous problems with the installation and detection of this helper program. These have now been fixed.

Local print crash on Linux.  The client could crash when performing local print on a Linux system.

Latest model of Ax1 would not restart automatically after power loss.  This release fixes a problems where the Dell R210 (Ax1) server would not boot up again automatically after a power loss. This version also fixes a problem where the machine sometimes would refuse to recognize a locally connected USB keyboard.

Using certificates as part of an authentication chain.  It was not possible to use certificate authentication in a chained authentication method. It is possible in this version, but the certificate method must be the first method.

Ag_stated could crash.  This release fixes two bugs in ag_stated which could cause it to crash when performing certain attribute-related operations.

FTP proxy did not log file sizes.  A limitation in the built in FTP proxy made it never log the sizes of any transferred files.

Clean clientmqueue periodically.  Older versions of the server would send emails every now and then, even if not configured. These would accumulate in a directory on the server and could eventually fill up the disk. This version will periodically clean up that directory to avoid this problem.

New AppGate Satellite support.  An AppGate Satellite is a small hardware box which can give an AppGate Server local presence on a remote network. The satellite is designed to automatically connect to the AppGate Server, through any firewall or NAT, and to be managed from the AppGate Server. The AppGate Satellite is also available as a virtual image for testing purposes.

With the AppGate Satellite it is possible to allow computers to talk to other computers, through the encrypted link between the AppGate Server and the satellites, without having to log on to the AppGate Server first. It is also possible to use the normal AppGate role mechanisms to control access.

More information about the Satellite can be found in the AppGate manual which is available from www.appgate.com

This satellite support replaces the earlier remote node feature.

Attributes in database.  Most fields in the database now accept an attribute variable on the form ${src.value}. The attributes are expanded when the user has selected a role. This replaces the old %{foo.bar} notation in client commands.

This makes the server even more flexible by now making it possible to customize the actual content of components for individual users.

This change also affects the syntax used by net groups from having been $GROUPNAME to ${net.GROUPNAME}.

Improved web agents.  It is now possible to pass the SSO password on to web agents. The web agent example has been rewritten and now shows how to automatically log on to a Citrix system.

Web agents is a way to achieve single sign on to web applications which do forms-based logins.

Added web access filters for Sharepoint 2007/2010.  This version includes web access filters which are specially tailored to Sharepoint 2007 and 2010.

Direct RDP access.  It is now possible to configure an RDP access component to bypass the RDP proxy in the AppGate Server. The AppGate can not help with SSO in this configuration.

Changed factory default menu.  The factory default menu has undergone significant changes. The possible actions should now be more obvious and there is more feedback.

The factory default menu allows administrators to reset passwords and to reset the system back to the factory default state.

Improved hardware monitoring.  The AppGate Server will now catch more hardware warnings/errors and put the server in a yellow state. This will serve to alert the administrator as soon as possible when any hardware component has failed or is about to fail.

Automatic log file archiving.  Log files older than 180 days are now automatically archived. The archived logs are still present on the server but are not accessible through the AppGate Console. The archived logs can be reinstated manually if needed. How long to keep the log files can be configured in the new log settings configuration panel.

Having a lot of log files available for the console consumes a lot of memory on the server (for managing the indexes). This has proven to significantly affect performance on low end systems with limited amounts of memory.

Masking LDAP/AD bind password.  This version will mask any LDAP/AD bind passwords stored in appgate.conf. Earlier versions stored these passwords in the clear.

Enhanced ag_stated_query.  The ag_stated_query program has been enhanced and now accepts arguments -a to list states on all nodes in a cluster and -n node-name to list sessions on a specific cluster node.

New Notifications panel under Monitor and Status.  The new Notifications panel can be used to configure where and how alarms should be sent. On this panel it is possible to configure SMTP server to send reports via and which email addresses to send them to.

This panel is also used to configure where SNMP traps should be sent.

Configure logging via syslog in AppGate Console.  It is now possible to use the AppGate Console to configure external syslog servers to which copies of log events should be sent. This configuration is done in the new Logging panel under System Settings.

New notes area.  There is a new notes area available in the top node of the AppGate Console tree. This area accepts any text and is meant for administrators. The notes are stored in a global file on the server so all administrators will see and edit the same text.

Confirmation dialogs changed to have the safe choice as the default option.  Most confirmation dialogs in the console have been changed so that the default choice is the safe alternative. This alternative will usually abort the requested operation.

Check reachability of servers.  The console will now test that the AppGate Server can establish a connection to servers entered into components. The test works so that the AppGate Server will try to establish a TCP connection to the server:port. The status of the test will be indicated by a small icon to the right of the server name field.

The test happens in the background and the console will pop up a warning dialog when saving a service where the test has not been successful.

Show traffic statistics for SSH sessions.  The console will now show how much data has been transferred in each active session. The values displayed include both how much data has been passed and how much was actually transferred over the wire as well as how much the data was compressed.

Session information panel has been redesigned.  The Session Information panel, where detailed information about sessions can be seen, has been redesigned. The attributes are now presented in a sorted scrollable list. Also the values shown in this panel can now be copied into the clipboard.

Tighter checks on network ranges.  This version of the AppGate Console will automatically check any network ranges entered (like 10.1.1.0/24) and show a warning if the address given is not the first address in the range. It will also offer to correct the first address if needed.

Close connection to cluster when rebooting.  This version of the console will close the connection to the cluster immediately when the administrator has requested a reboot.

Earlier versions would wait for the user to acknowledge that the reboot command had been issued before disconnecting. This could lead to the cluster losing the connection and showing error messages if the administrator did not acknowledge within a few seconds.

Sort list of roles in drop down menu.  This version will sort the list of roles in the drop down menus used when configuring AD group to role mappings.

Improved license dialog.  This version is more tolerant against newlines in the license key when extracting license from the clipboard.

Slight changes to web access panel.  This version add a new check box to the web access component panel which should make it easier to understand when the start URL is used and when it is not.

Multiple IP-tunneling connections.  The AppGate Client is now able to use IP-tunneling against more than one AppGate Server at a time. Previous versions were limited to one IP-tunneling session at a time.

AppGate Client for multi user Linux system.  The multi user client for Linux works like the Citrix client. It allows multiple users to each run their own instance of the AppGate Client and a central daemon (ag_mud) will serve to keep the different sessions apart.

This makes it possible for multiple users to run AppGate Clients on the same Linux server at the same time without interfering with each other.

Screen locker for Linux based terminals.  The AppGate Client can now interact with a special screen locker on Linux. This locker can lock the screen when the user has been idle for a while, and to unlock the screen the user must authenticate to the AppGate Server again.

This functionality is intended for dumb Linux terminals where the user does not have a local account.

Applet version of AppGate Client.  There is now an applet based version of the AppGate Client. The client launched is the same as when using Java Web Start but the mechanism through which it is started differs.

The main differences between this new applet and the applet client from earlier versions are:

Check.exe can check status in Windows Security Center.  The check.exe binary included in the version is able to check the status of Anti Virus, Firewall etc in the Windows Security Center.

Note that this check.exe has been available for download from www.appgate.com for a while.

Various improvements to the login dialog.  The login dialog of the AppGate Client has undergone a number of changes.

Support 64-bit Java on Windows and Linux.  This version adds support for 64-bit Java on Windows and Linux. Earlier versions would refuse to load the native libraries when using a 64-bit Java.

Ip Tunneling now supported on Linux 64-bit.  This version adds support for IP Tunneling on 64-bit Linux.

Slightly faster login.  A change to the internal protocols made in this version has decreased the number of round trip packets which needs to be sent during the login process.

Crypto algorithm selection removed from client.  It is no longer possible to select which encryption algorithm to use in the client GUI. Instead the client will use the first strong one which the server offers.

Changed the way double clicking on a file works in the File Access Module.  Previous versions would create a temporary local copy of the file and upload it whenever it was changed. The new code will instead create a temporary directory and then upload every file which appears in this directory. This should eliminate any nasty surprises from programs saving the file under another name.

Added missing local print features.  Added missing local print features which allows administrators to set description son printers and a timeout.

agstart has a new "netuse" directive.  It is now possible to issue a client command like:

agstart netuse z: server share

to make it easier to map shares when using IP tunneling.

Support for Windows versions earlier than XP SP3.  The clients included in this version may not work on versions of Windows older than Windows XP SP3. It is however still possible to use the older clients on old systems and connect to this new system with them.

Entrust authentication.  The native Entrust authentication has been removed since the needed Entrust libraries are not available for the x86 platform. It is however still possible to use normal certificates issued by an Entrust CA for authentication.

Manual suspend/resume in AppGate Console.  It is not longer possible to manually do a suspend and resume of the network connection in the AppGate Console.

Sync4j configuration panel.  The Sync4j addition for synchronizing calendar information on certain phone models is obsolete and the configuration panel has therefore been removed.

'Cut' menu entry in file access.  The 'Cut' menu entry did not really work, and it is not possible to get it to work either. So it has been removed.

Do not use the reboot button on the upgrade status screen. Instead just close it once the upgrade is complete.

Go to the file system manager panel. There should be a new clone where the upgrade has been applied. Press the button in the boot column to make this clone the next booted clone. Do not press the reboot now button in the dialog which pops up (this is also broken).

Go to the top node in the admin tree where there is a shutdown button. Use this to reboot the entire cluster.