Announcement

Collapse
No announcement yet.

16.6.0 fixes available!

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • 16.6.0 fixes available!

    Great news, everyone! We've made patches available that should resolve the issues we've discovered and/or had reported. If you're running 16.6.0 and are not affected by any of the issues below, we recommend not running any of these patches; they will be included in a forthcoming 16.6.1 patch/fix release.
    Græme Ravenscroft • Technical Marketing Engineer
    ('gram', like the unit of measurement)
    he/him
    Please don't reboot your NGFW.
    How can we make Arista ETM products better?

  • #2
    Thanks for your hard work on this!

    Comment


    • #3
      How do we run the patches? ssh to the appliance? Thanks!

      Comment


      • #4
        SSH to the appliance and run the command.

        Comment


        • #5
          Originally posted by flynhawaiian View Post
          SSH to the appliance and run the command.
          Thanks! Was able to apply the patches.

          Comment


          • #6
            Ok. so how do I get SSH to work?

            I use SSH every day to talk to VPS and RaspberryPi.

            I turned on SSH in Access Rules.

            Are the creds for SSH the same as those for the Dashboard?

            In terminal after setting the Access Rules to allow SSH it responds wanting the password. When I use the same creds, the password is denied.

            Thanks for the help. I use WAN Balancing and need to apply the patch.


            Dennis

            Comment


            • #7
              Originally posted by DWomack View Post
              Ok. so how do I get SSH to work?

              I use SSH every day to talk to VPS and RaspberryPi.

              I turned on SSH in Access Rules.

              Are the creds for SSH the same as those for the Dashboard?

              In terminal after setting the Access Rules to allow SSH it responds wanting the password. When I use the same creds, the password is denied.

              Thanks for the help. I use WAN Balancing and need to apply the patch.


              Dennis
              Use of the default SSH rule is a great way to get hacked.

              But, this is not the thread for a discussion of security, the special thing about NGFW you have to know is the first admin account you created during install is special. This account's password will overwrite the root account's password on the platform as it's set.

              Some upgrades like the update from 16.5 to 16.6 are OS swaps, and those are notorious for mucking with the passwd file. Fortunately, it's an easy fix you just go change the webui admin's password and it'll again overwrite whatever is on root. Which then lets you login as root to SSH. Which is again why THIS IS NOT SUPPORTED, and mucking with SSH's default rule that opens SSH to the wide world is a horrible idea.
              Rob Sandling, BS:SWE, MCP, Microsoft Certified: Azure Administrator Associate
              NexgenAppliances.com
              Phone: 866-794-8879 x201
              Email: [email protected]

              Comment


              • #8
                Device ran fine for ~3 days and now it's dropping connection (tunnel seemed to work while it happened)... and rebooting again.

                There are still some errors in route-table after patches, maybe nothing relevant.

                I know you don't care about third party hardware but I've got two paid licenses and if it wont be fixed I'll have to jump ship, which I don't want to. Will upgrade my other device and see if it works better when I have time.

                Same or similar problem on other device. Except for network interfaces its the same config. Disabled tunnelvpn on the first device and it has not crashed for a while now. Also didn't restart when running without any connections.

                12h without errors now - tunnelvpn & tunnels inactivated.
                Last edited by ccdmnk; 12-09-2022, 01:18 AM.

                Comment


                • #9
                  Originally posted by sky-knight View Post

                  Use of the default SSH rule is a great way to get hacked.
                  Anytime I use it, I use it for the command, then remove access when I'm done immediately.

                  Comment


                  • #10
                    Unfortunately that Patch doesn't resolve my issues..
                    Secondary 4G WAN which is set to 0% in WAN Balancer continues to use all Traffic etc after application of the Patch.​

                    Comment


                    • #11
                      Originally posted by flynhawaiian View Post

                      Anytime I use it, I use it for the command, then remove access when I'm done immediately.
                      I do not recommend this practice, just like I don't recommend the default RDP rules in Azure. Make your own rule that limits access to your current WAN IP address.

                      The bots only need seconds to locate an open service, and only a few more to exploit it. If your password is weak, and not changed every time you expose SSH, you invite disaster!

                      Alternately you can configure SSH to refuse passwords entirely, and enable certificate signon... then you can just leave SSH open for all to see and laugh at the logs filling up with failures. But that's even LESS supported by NGFW Support.
                      Rob Sandling, BS:SWE, MCP, Microsoft Certified: Azure Administrator Associate
                      NexgenAppliances.com
                      Phone: 866-794-8879 x201
                      Email: [email protected]

                      Comment


                      • #12
                        Originally posted by sky-knight View Post
                        Make your own rule that limits access to your current WAN IP address.
                        Seconding this practice heartily.
                        Græme Ravenscroft • Technical Marketing Engineer
                        ('gram', like the unit of measurement)
                        he/him
                        Please don't reboot your NGFW.
                        How can we make Arista ETM products better?

                        Comment


                        • #13
                          Might want to make a suggested rule so people could learn.

                          Comment


                          • #14
                            Originally posted by bokolobs View Post
                            How do we run the patches? ssh to the appliance? Thanks!
                            I would wait as we are going to release an update in the next couple of days with all the patches rolled in.
                            Attention: Support and help on the Untangle Forums is provided by
                            volunteers and community members like yourself.
                            If you need Untangle support please call or email [email protected]

                            Comment


                            • #15
                              Originally posted by jcoffin View Post

                              I would wait as we are going to release an update in the next couple of days with all the patches rolled in.
                              I really hope you consider updating the drivers for the intel Linux ixgbe driver in the latest patch, but I have a feeling that you won't take that suggestion.

                              Comment

                              Working...
                              X