Sav25 Data Systems

New Features and Enhancements

Updated default value for advanced TCP setting
The default value for the advanced setting TCP ECN has been changed from "Strip and Log" to "Ignore". All configurations that have the default value will be changed to the new default value. The setting needs to be manually changed back to "Strip and Log" after upgrade if that is the wanted behavior. In most installations the new default will be preferred.

New Application Control Library
The application recognition library ixEngine has been updated to version 5.6 with the
updated protobundle 1.490.
Example of new protocols:
• Apple TV Plus (Video On Demand)
• Disney Plus (Video On Demand)
• Browsec VPN (VPN)
• Sky VPN (VPN)
• Evasive Protocol (VPN)
• DnsCat (VPN)
• Deciphered Facebook Games (Video Games)
• GTA5 (Video Games)
• Halo (Video Games)
• Activision (Video Games)
• Google Stadia (Google)
• Distributed File System Replication (Microsoft)
• Microsoft SQL Server Analysis Services (Microsoft)
• Direct Internet Message Encapsulation (Microsoft)
• Wangwang (China)

• Tieba / Baidu Social Network (China)
• Uber Eats (Other)
• Crashplan (Other)
• folding@home (Other)
• S7comm plus (Other)
In addition, this release has support for detecting the latest Zoom and Teams applications. The full list of protocols can be found in the Application Control Signatures document.

Updated GeoIP Database
The GeoIP database and the Ethernet vendor database have been updated to the June releases.

Addressed Issues

COP-20239: There was a potential incompatibility issue with some HTTP servers when using an IPPolicy along with an HTTP service / policy where the "Accept-Encoding" header would be incorrectly modified.

COP-21246: The setting for changing minimum accepted lease time in the DHCPv6 Client was not shown in the web user interface, and if the setting was changed from the CLI the change had no effect. The setting is now available under Network -> Ethernet -> Advanced Settings.

COP-22580: IPsec Dead Peer Detection was sometimes sent to the incorrect IPsec peer.

COP-22598: The PSK setting under Authentication Agents did not have any description of what type of key that should be used.

COP-22605: FQDN wildcard failed to match domains with exact match to the wildcard
domain, "*example.com" would match "www.example.com" but fail to match "example.com". The FQDN wildcards now correctly handle exact matches.

COP-22650: DNS query responses that contained Name records that were uncompressed were silently dropped. The DNS subsystem now correctly processes DNS records with uncompressed Name records.

COP-22652: The system sometimes restarted unexpectedly with certain IPsec configurations.

COP-22710: Logging out from the SSL VPN portal did not correctly remove the user
authentication object when authentication method was RADIUS.