Software Release Date: 09/30/2003
Updated Date: 08/30/2013
This release note documents version 4.0 of the FirePass remote access server. You can apply the software upgrade to versions 3.1 and later.
To upgrade an installed FirePass 3.0, 3.1, or 3.5 to Release 4.0, go to the Maintenance tab on the Administrative Console and click the Online Update link. See Chapters 5 and 7 of the FirePass Server Administrator Guide to learn more about new configuration capabilities included in Release 4.0.
For more information about installing, licensing, and configuring FirePass Release 4.0 or to install a new server, please refer to Chapter 2 of the FirePass Server Administrator Guide.
Important: As of version 4.0, the FirePass 1000 Platform no longer supports clustering. The FirePass 4000 Platform is the only platform supporting clustering. Please contact your sales representative if you have questions.
This release includes the following new features and fixes.
You can provide customizable subsets of Administrator privileges to users and user-aliases, restrictable by action and by user group affected.
Significant improvements to MyDesktop screen sharing performance
We have significantly improved screen sharing response times over previous benchmarks.
Support for client-side certificates
You can enforce dynamic policies requiring client-side certificates. You can configure certificate policies by group, resource, and device type.
Complete cache file and temp file cleanup using new ActiveX control
Release 4.0 adds configurable caching and cleanup options.
Support for single signon
Optional single signon for FirePass, Terminal Servers, and MyFiles improves user convenience.
Audit trail of Administrator actions
FirePass logs all configuration changes made by any Administrator in a separate file, for audit.
Support for multiple virtual IP addresses
We have improved failover flexibility to support virtual IP addresses for any number of NICs, allowing more session types to fail over seamlessly without needing a session restart.
Web page cleanup pre-processor
FirePass can repair some defects originating in internal websites dynamically, making them viewable on untested browser types outside the Intranet.
Powerful and flexible new Network Configuration framework
Completely generalized Network Configuration support allows very flexible specification of interfaces, IP addresses, hosts, DNS servers, and routing tables and rules through the Administrative Console. Failover pairs and clusters also can be configured and maintained using this facility.
IPSec secure extensions
You can configure secure IPSec connections between the FirePass server and backend hosts, providing secure routes within the WAN.
Native Windows (NTLM) authentication
You can configure Windows NTLM authentication without using a RADIUS server.
Support for multiple certificates
New Network Configuration framework allows multiple digital certificates, giving more flexibility in configuration.
You can now access UNIX and Linux file systems. This access is configurable by group.
X Windows support
FirePass 4.0 acts as a virtual X-Windows server, allowing web access to any X-Windows application.
New remote-endpoint policy management features
You can configure client certificates, cache-cleanup facilities, and Webifyer access policies by group and remote device type, allowing precisely-tailored security policies to be enforced dynamically.
Redesigned, integrated AppTunnels/SSL VPN interface
Standardized interface improves ease-of-use, lowers support requirements.
Redesigned, secured SSH access procedure
F5 can establish SSH access to a customer's FirePass server only when supplied with encrypted, temporary keys that an Administrator with superuser standing generates.
This release includes the following fixes.
The following items are known issues in the current release.
CR28664 MyIntranet. Cannot Sign in to mail.yahoo.com (intermittent).
CR28678 MyINtranet. Cannot access some yahoo pages (intermittent).
CR28739 Form-based authentication always uses https, regardless of schema selected in configuration.
CR28801 Reverse proxy does not translate some pages with non-standard HTML or URLs.
CR28826 OWA does not work with reverse proxy if OWA is on a different port.
CR28976 Multimonitor configuration may have screen sharing problems.
CR28998 MyIntranet. Header occasionally leaks into the page body (intermittent).
CR29007 LDAP port and SSL parameters were not respected on non-standard port.
CR29028 NTLM group mapping does not pick up new group.
CR29071 Licensed but not configured cluster is not configurable via WEB UI.
CR29139 Load monitor graphic is distorted under heavy stress.
CR29263 Depending on monitor driver, screen sharing using screen obfuscation may require restart of host to restore screen visibility.
CR29298 Application logs. HTML being added to the log content.
CR29301 MyEmail. Subscribed folders (besides Inbox) are not shown as selected.
CR29341 Reinstalled certificate status in Network configuration still displayed as Fake/Expired.
CR29364 SSL VPN SplitTunneling LAN space is limited to 24 definable subnets CR29372 Agent does not save all log information when you choose "View Logs" -> "Save as..."
CR29385 DirectX obfuscation in old screen sharing module does not work with some video drivers.
CR29403 Maintenance SSH key blob is sometimes missing 2 lines.
CR29416 X-term has cosmetic problems over slow links.
CR29431 FirePass mishandles IMAP accounts whose names contain quotes or backslashes.
CR29432 My e-mail does not always allow pre-setting corporate IMAP folders (intermittent).
CR29433 Beta feedback: FirePass does not detect all possible Network configuration errors.