24 February 2015
Release Notes for Wanguard 6.0
February 24, 2015 - http://www.andrisoft.com - Andrisoft, developer of advanced traffic monitoring and anti-DDoS solutions, today announces a new release of the Wanguard software platform.
Wanguard 6.0 brings the following new features and changes:
System- The software can be installed on new Linux distributions: Red Hat 7, CentOS 7, Debian 7, Debian 8, Ubuntu Server 14.
- Automated software updates using DEB/RPM repositories.
- The Console supports PHP 5.5 and PHP 5.6.
- The Console no longer supports Wireshark versions lower than 1.8.3.
- Graphs for iowait in Reports » Servers » Server Graphs.
- Configuration » General Settings » Software Updates displays the latest software version and upgrading instructions.
- Emails can be sent directly by the Console without requiring a local MTA. New Configuration » General Settings » Outgoing Email Settings, with configurable Sender Email.
- Fixed sending emails to CC addresses.
- Corrupted Console database can be repaired with "/opt/andrisoft/bin/WANmainenance repair".
- 32-bit architectures are no longer supported.
- A new graphical slider for quick selection of custom time frames in Reports.
- Reports and Configuration side regions can be set apart by user preference, e.g. one on the right and one on the left. New Ctrl→R keyboard shortcut toggles side regions.
- Configuration » General Settings » Data Retention shows disk usage for newly created rrd files containing IP graph data.
- Graphing IP sweeps can be enabled or disabled for IPv6 and/or IPv4 in Configuration » General Settings » Storage & Graphs.
- Changed Conditional and Dynamic Parameters: {prefix}, {operation}, {sensor_type}, {domain}, {class}, {filter_*}, {filter_tcpdump_size}. The User Guide contains the new values.
- New Dynamic Parameters: {from_year}, {from_month}, {from_day}, {from_dow}, {from_hour}, {from_minute}, {until_year}, {until_month}, {until_day}, {until_dow}, {until_hour}, {until_minute}, {direction_to_from}, {software_version}, {comparison}, {direction_receives_sends}, {duration_clock},{*_decoder_prefix} for {*_prefix}, {filter_type}, {filter}, {filter_id}, {response_actions}, {filtering_rule_log_size}, {filtering_rule_max_unit}, {filtering_rule_unit}.
- Redesigned Response Configuration window. New email templates.
- Redesigned IP Zone Configuration window.
- New widgets: Flows List and Flows Tops.
- Dashboards can be configured to have a unique time frame for all containing widgets.
- Unprivileged users can open reports for IPs included in the allowed subnets.
- Loading of IP Zones with thousands of IPs and subnets is 8 times faster.
- Moved Configuration » General Settings » User Management » Authentication & Login to Configuration » General Settings » User Authentication.
- Add Configuration » General Settings » User Authentication » Login Window Notification and Successful Login Notification.
- Radius authentication fixed.
- New statistics in by Reports » Components » Overall » Console.
- Reports » Anomalies » Active Anomalies » Reverse DNS unchecked by default.
- Reports » Anomalies » Active Anomalies shows a Flow Trace button for anomalies detected by Flow Sensors.
- Visibility of items in Reports » Components and Reports » Servers can be toggled. Right-click opens their configuration.
- Configuration » Components and Configuration » Schedulers items can be activated/inactivated with a single right click.
- Various aesthetic improvements.
- Add a new SNMP Sensor, able to monitor networking devices supporting SNMP v1, v2c or v3.
- The Sniffing Sensor renamed Packet Sensor.
- The Virtual Sensor renamed Sensor Cluster.
- New decoders: IP fragmented, TCP-NULL, TCP+RST, TCP+ACK, TCP+SYNACK, SSDP.
- The BAD decoder matches IP NULL, SYN decoder doesn't match packets/flows with ACK flag set.
- The Packet Sensor is compatible with PF_RING version 6 (Zero Copy, LibZero or DNA license not needed). PF_RING version 5 is not compatible anymore.
- The Packet Sensor supports new capturing engines: System PCAP, Myricom Sniffer10G, SolarCapture (beta).
- The Sensor Cluster can aggregate IP graphs data.
- Packet Sensors listening to the same interface (e.g. for multi-queue load balancing) do not require additional licenses.
- The Packet Sensor has a new CPU affinity option.
- A new "Manage Interfaces" button in the Flow Sensor Configuration window that provides a quick way to add multiple interfaces.
- The Flow Sensor Configuration window has advanced SNMP options.
- On Flow Sensor's Traffic Direction option. "Mixed" renamed "Auto", "Inbound" renamed "Upstream", "Outbound" renamed "Downstream".
- Reports » Anomalies & Tools » BGP Prefixes renamed BGP Operations.
- Added Reports » Anomalies & Tools » BGP Operations » Black Hole, Divert Traffic and Remove All.
- BGP Connections can be configured to announce subnets with configurable masks for BGP peers that do not accept /32 prefixes for null-routing or cloud-based DDoS mitigation services.
- All connections to remote quagga/bgpd services are initialized solely from the Console server.
- Deleting BGP announcements manually works for delayed announcements.
- BGP Announcements Archive displays BGP Connection Role.
- The Filter renamed Packet Filter.
- A new Flow Filter, able to detect attackers from flow data analyzed by a Flow Sensor.
- A new Filter Cluster, able to cluster multiple Packet Filters and Flow Filters.
- The Filters can use the hardware-based packet filter from Chelsio T4 and T5 10/40 gigabit adapters.
- New Whitelists Templates, for sharing Whitelists between Filters. Add them in Configurations » Network & Policy » <+>.
- Support for adding IPv4 and IPv6 subnets in Whitelists and Whitelist Templates.
- The Packet Filter supports new capturing engines: System PCAP, Myricom Sniffer10G, SolarCapture (beta).
- The Packet Filter has a new CPU affinity option.
- The Packet Filter can block private IPs when using the Software Filtering Policy.
- The Filter works for outgoing attacks.
- The Packet Filter supports PF_RING 6.
For more information on Andrisoft Wanguard 6.0 and its features, please visit http://www.andrisoft.com/software/wanguard.
Upgrading instructions from 5.x are listed here.
About Andrisoft
Andrisoft was founded in 2006, and since then has maintained a strong business focus on software development, implementation and support of applications needed by Network Operation Centers. Andrisoft provides complete traffic monitoring and accounting, network protection and policy enforcement solutions for IP networks using the scalable, innovative, and high performing Wanguard software platform.