NG Firewall 16.3 beta now available for preview

[bcarmichael]

NG Firewall 16.3 beta is now available for preview. Download links for the Software appliance and Virtual appliance below:

https://downloads.untangle.com/publi...ETA-16.3.0.iso

https://downloads.untangle.com/publi...ETA-16.3.0.ova
https://downloads.untangle.com/publi...16.3.0.ova.txt

We've added / updated the following:
- TOTP based 2FA for OpenVPN users in the local directory. Now you will see an extra option in local directory users to enable MFA for OpenVPN. This reveals a QR code that you can pair to a mobile app such as Google Authenticator. When authenticating with the OpenVPN client, you will receive an additional challenge to enter a TOTP generated code.

- Storage watchdog to make sure the reporting and logs do not exhaust the available space. At 5 GB of remaining free space the Reports app will stop writing to the database. There is a new option in the Data tab of the Reports app to delete all reports data so you can restore reporting functionality.

- Setup Wizard is now performed through Command Center. The local setup wizard for new installations verifies Internet connectivity and directs you to your Command Center account to add the appliance. The add appliance wizard in Command Center now includes the steps to configure your hostname, local admin password, time zone, and so on. If for some reason you cannot connect to the Internet, you can use the previous local setup wizard.

- Apps installed by default. NG Firewall now automatically installs the "Recommended" apps to streamline the initial setup.

- MSS Clamping. NG Firewall now configures clamping on PPPoE and WireGuard interfaces to improve detection of MTU and ultimately Internet performance in specific circumstances.

We look forward to your feedback!
For feedback on features not in this list, please share your ideas on our feedback system at https://feedback.untangle.com

[tjk]

Nice! Is 2FA gonna make it for Wireguard with the release?

[sky-knight]

A button to dump reports data instead of forcing retention to the configured value?

We have the means to say hey... dump everything beyond X days... I get that driving the nail with the wrecking ball is sometimes necessary, but this seems overly destructive.

Also 2FA on OpenVPN is nice to have, but what about 2FA on the admin interface?

[sammy_cda]

What? Still no DHCPv6? How long do we have to wait for a feature that has been mainstream for at least 5 years?

[donhwyo]

I don't know why this happens but after the iso install goes to reboot it boots from the cd again and continues without asking any questions. Then starts the install and formats disk etc.

[donhwyo]

Ok got around that by not setting bios to boot from cd. Then one time boot from cd. Still needs to be fixed or somebody might wipe a disk if set to boot from cd. Like maybe the machine used to write the cd.

Then it tries to go to command center and gets stuck in a login loop there. To get out of that you need to disconnect the internet and reboot. Then figure out how to get to the old menu. It is not obvious. Then hook it up after you get the old interface.

Setting the time zone is more confusing than I remember. Then requires a reboot. Set it early in the first part of install.

[atomicboy]

Walked straight into the issues you raised on my spare appliance ... formatted the disk and I got stuck in the boot loop.

[atomicboy]

I swapped my disk drive to a smaller spare I had until I can reformat my mSATA SSD (bigger) drive. I have been doing progressive firmware updates on the smaller drive but the current upgrade is running on and states to not turn off or reboot as it is screwing with the database. I will let it run overnight and if it is still in that mode (my guess it will be), I will cycle power and see what the new day brings.

In the mean time I will wait for Amazon to deliver the mSATA SSD enclosure so I can reformat my larger disk.

I agree that setting the time zone was different in 16.3 and part of the complication I was having was because I run in bridge mode and I was having difficulty accessing the wizard. It kept going to Command Centre. I tried a number of times to configure bridge mode manually but it failed to provide LAN access. Everything went south on me before I got this figured out. It might have been that DHCP was not working but I never validated this.

[sky-knight]

I need to find the time to check this out, I really hope Untangle isn't making NGFW dependent on the Command Center. This is the beginning of the age of the supply chain assault, we need the ability to segment and isolate. That means configurable administrative bubbles, on or offline depending on the needs of the day. And I don't say that as some sort of allegory, I mean the needs literally change DAILY. Untangle's Debian roots give it an advantage here, if and only if Untangle patches quickly.

So rather than stuffing more into a cloud console that may or may not be compromised today, how about getting the update engine tuned so we don't have to wait months to plug glaring holes in DNSMasq?

[donhwyo]

After battling threw the above it does seem to work fine. I think if you do the setup offline it will avoid "Command Center".

Good news, dnsmasq and openssl and a bunch of other stuff finally get updated. It is almost worth running the beta just for that. As sky said above "how about getting the update engine tuned so we don't have to wait months to plug glaring holes in DNSMasq?" and so many others!