=== Version 11.1.1 on 21 March 2024 === * Fixed an issue with routing traffic to resources on local networks when using multiple main providers * Fixed incomplete deletion of file system snapshots when cleaning update files === Version 11.1.0 on 4 March 2024 === ! Kaspersky Web Filter service and corresponding categories have been removed + A number of services have been updated to the latest version + Added a "Search" field to the Suricata attack detector log + Optimized the configuration of the Suricata attack detector * Fixed problem with importing and synchronizing a large number of AD security groups * Fixed the problem of importing and synchronizing users specifying the LDAP group and filters from FreeIPA * Fixed import of a large number of custom rules for the Suricata attack detector * Fixed custom speed limit rule + Address ranges: added export of a list of addresses in txt format + Garnet Web Filter: added function to reset local URL cache + Garnet web filter: new category "Marketplaces" added * Garnet web filter: fixed issue with sending feedback + Proxy: the socks5 password hashing algorithm has been replaced with a more robust one + VPN: TLS crypt v2 encryption option has been added to the OpenVPN network settings + VPN: added the ability to select multiple providers to connect to the OpenVPN network + VPN: the WireGuard service has been transferred to a new driver running at the kernel level, which will reduce overhead when processing packets and ensure work with backup providers + VPN: added generation of QR codes for simplified access to WireGuard networks for users with smartphones * Firewall: fixed NAT rules configuration error for OpenVPN networks * Backups: fixed error in deleting backups with special characters in the name ! Cluster: SSH keys have been updated, after installing the update you will need to re-configure the service + Cluster: the process of switching the backup node to the main state has been accelerated * Cluster: fixed transfer of ssh keys when deploying a backup copy of settings + Telephony: a description of the fax number has been added to the header of a fax message * Telephony: fixed the operation of the condition "the caller's number matches/begins with" * Telephony: fixed call redirection when there is no answer * Mail: fixed authorization problem in synchronized mailbox * Web interface: typos and missing translations corrected * Web interface: a number of bugs have been fixed === Version 11.0.0 on 26 December 2023 === + The operating system code base has been updated to FreeBSD 13.2-RELEASE-p7 + A number of services have been updated to the latest version + Dynamic routing service with support for OSPF and BGP protocols has been added to ICS + The “Kaspersky Suricata Rules Feed” rule category has been added to the Suricata attack detector + Added the “Do not count statistics” flag to address ranges, which disables request accounting for a given traffic source + Added the "Description" field to all user rules * Fixed a bug with disabling the Zabbix service * Fixed an error in deleting the local interface configuration script after installing ICS * In the Monitoring service, the display of system temperature has been corrected * Fixed a bug that allowed you to assign an IP address to a user + Proxy: improved traffic processing by Kaspersky Anti-Virus + Firewall: reduced processing time and application of configuration changes + Firewall: optimized performance when connecting remote users + Mail: updated Roundcube web server configuration * Mail: fixed problem with access to the Roundcube web interface after rebooting the ICS + Backups: added the ability to select an email domain and mailboxes when creating a backup + Web interface: the service is optimized to speed up tab loading * Web interface: typos and missing translations corrected * Web interface: a number of bugs have been fixed === Version 10.3.1 on 20 November 2023 === * An issue with rules triggering incorrectly has been fixed in the Suricata attack detector * Fixed a bug with stopping the Zabbix agent service after installing the update * Fail2ban: fixed import of permanent ban IP addresses * VPN: fixed error connecting users to different OpenVPN networks * Web interface: a number of bugs have been fixed === Version 10.3.0 on 31 October 2023 === ! Due to changes in the time zone package, an additional reboot of the ICS will be required + The operating system codebase has been updated to FreeBSD 13.2-RELEASE-p4 + A number of services have been updated to the latest version + Changed the algorithm for determining password complexity + Added the ability to specify the password expiration date, and a customizable list of prohibited passwords + The function of importing/exporting permanent ban IP addresses has been added to the fail2ban service + VPN: implemented control of user access to the OpenVPN network, without interrupting the sessions of other users * Backups: fixed display of USB drives available for storing backups * Backups: fixed loading backups with "incorrect" names * File server: fixed automatic creation of DNS records for virtual hosts * Mail: fixed mail storage starting configuration * Mail: fixed synchronization of mailboxes when moving a user in the LDAP tree * Telegram bot: fixed problem with resetting the bot to default settings * Web interface: typos and missing translations corrected * Web interface: a number of bugs have been fixed === Version 10.2.2 on 19 September 2023 === * Fixed an error in creating NAT rules for GRE and IPIP tunnels * Fixed FreeIPA user state synchronization * Fixed display of events for users connected via PPTP * Proxy: fixed work with a large number of local networks * File server: problems with authorization on ICS network folders after a system reboot have been fixed * File server: in the file storage, work with folders with spaces and Cyrillic characters in the name has been fixed * Web interface: minor bugs fixed === Version 10.2.1 on 1 September 2023 === * Fixed an issue with redundant messages displaying in the system log when editing NAT rules (introduced in 10.2). * Fixed an issue where static routes to /32 addresses might not be properly configured. * Fixed an issue with user authentication by MAC address after system reboot (introduced in 10.2). + For NKCKI rules in the attack detector, the default action has been changed to "drop" * Fixed the functionality of root certificates with Chromium-based browsers when using SSL decryption proxy. * Web interface: Fixed a series of errors. === Version 10.2.0 on 17 August 2023 === + Added the possibility of link aggregation + Added cluster service running in active/standby mode * Fixed a problem with the attack detector when turning off the objects specified in the "External interfaces" field + Added Zabbix agent service for solving monitoring tasks + Added the ability to work with file system snapshots in the management console + Improved blocking by L7 filtering rules * Fixed a problem with resetting the password to the management console after the update * Fixed import and synchronization of FreeIPA users + Network: added interface status display when creating/editing local networks * Certificates: Fixed an issue with automatic renewal of LetsEncrypt certificates within 24 hours of expiration * Certificates: fixed certificate export in PKCS 12 format + Firewall: added ability to manage NAT rules + Firewall: added the ability to prohibit fragmented packets when the service is running in firewall mode "ipfw->pf" * Firewall: fixed geolocation blocking, updated list of countries and territories + Mail: added export of ICS address book in formats: ldif, csv, vcf * Mail: fixed issue with automatic signature generation in Roundcube * Mail: fixed a problem with deleting a mailbox, or a user with a mailbox added to the list in the mailing list * Mail: fixed operation of the encryption block with LetsEncrypt certificates * Telephony: fixed "Wait for response" option in Lua dialplan rules * Telephony: Fixed sending notifications about missed calls to users with a space in the name + Telegram bot: the service is optimized, the list of available commands has been replenished ! Notification service: sending messages to Telegram is implemented through a Telegram bot, the old settings will be lost * Web interface: fixed problem with accessing the web interface when there is no connection to the registration server * Web interface: removed the ability to select a certificate without a key in the settings * Web interface: Fixed typos and missing translation * Web interface: fixed a number of bugs === Version 10.1.1 on 7 April 2023 === * Fixed display of update server status + Implemented a more accurate display of the size of hard disk partitions * Fixed import of users from LDAP * Fixed searching for rules in the Suricata attack detector * Mail: fixed manual forwarding of letters from the selected mailbox * Mail: fixed manual deletion of messages for the selected period * Mail: fixed downloading of archives of letters to mailboxes * Mail: fixed authorization in synchronized mailboxes * Mail: fixed attachment size limit in Roundcube * Mail: Fixed Roundcube using third party LDAP address Book * Web interface: Fixed typos and missing translation * Web interface: fixed a number of bugs === Version 10.1.0 on 30 March 2023 === + A number of services have been updated to the current version + PHP updated to version 8.1 + Added Telegram-bot service for remote control of ICS + Added the ability to import the "Description" field to the synchronization service * Fixed the function of sorting imported users * Fixed display of hard drive temperature in the Monitoring service * Captive Portal: Changed how the authorization window works for mobile devices connected via Wi-Fi * Captive Portal: optimized service operation with operating system ARP cache * Proxy: fixed generation of proxy autoconfiguration script * Network: for L2TP and PPTP providers, the restriction on the length and strength of the password has been removed + VPN: added the possibility of two-factor authentication of users via Telegram * VPN: fixed "Disconnect" option for SSTP connections * VPN: fixed storage of Wireguard peer statistics + File server: added the ability to select multiple files and folders in the file storage + Mail: added the ability to select an external interface for sending mail + Mail: added the ability to specify the name of the ICS address book + Mail: added the ability to not block SMTP authorization for Roundcube + Mail: "Does not end with" and "Does not begin with" conditions have been added to filters + Mail: added "Normalize domains to eSLD" option in Rspamd settings to correctly generate DKIM signature for third-level domains * Mail: in mailing lists, the work of the "Allow only from mailing domain" flag has been fixed * Mail: fixed work of mail filters for mail sent on port 587 * Mail: fixed triggering of mail filters for messages with a subject in KOI8 encoding * Jabber: fixed mandatory SSL certificate requirement on server side * Web interface: Fixed typos and missing translation * Web interface: minor bugs fixed === Version 10.0.1 on 16 January 2023 === * Fixed search by traffic categories * Network: fixed error editing static providers * Proxies: in the proxy auto-configuration, the selection of custom address ranges in the "Proxy exclusions" field has been fixed * Mail: fixed sender detection of letters collected by the mail collector * Web interface: minor bugs fixed === Version 10.0.0 on 21 December 2022 === ! ! !!!!!!!!!!!!!!!! ! !!! Attention !!! ! !!!!!!!!!!!!!!!! ! ! This release contains IMPORTANT PERMANENT changes! ! ! The new version of FreeBSD removed obsolete encryption algorithms from the system: ! ARC4, Blowfish, CAST128, DES, MD5-HMAC and Skipjack ! ! IPsec deprecated support for deprecated algorithms ! ! Before upgrading, make sure that these algorithms are not used in configured tunnels ! ! License agreement changed + Operating system codebase updated to FreeBSD 13.1-RELEASE-p5 + A number of services have been updated to the current version + Added a new service "Audit", intended for registration of security events * Optimized the work of constants * Updated values ​​of some Nginx directives * In the attack detector Suricata, the duplicate list of http-ports in the list of rules has been fixed * In the https-traffic filter, the error of going beyond the index has been fixed * Fixed display of quota statistics in the individual user module in the "Rules and restrictions" tab + Proxy: added optional field "Description" to proxy rules * Proxy: fixed proxy cache display * Firewall: the logic of the operation of exceptions in the priority rules, as well as allowing and denying rules has been changed + Firewall: added automatic forced termination of user connections that correspond to addresses in a deny rule when adding (editing) deny rules associated with this user, as well as when turning off a user (or group with a user) + File server: options added to virtual host settings to protect against simple DOS attacks using Nginx + Backups: added automatic deletion of incorrect backups * Backups: Fixed deletion of automatic backups older than the specified time ! Mail: Removed spell checker from Roundcube. Verification will be carried out using a web browser + Mail: Added "This is spam" button to Roundcube, sending the email to the appropriate folder * Mail: fixed downloading large archives of letters to mailboxes * Mail: in the daily statistics, the count of spam detected by Kaspersky Antispam has been corrected * Telephony: fixed display of external channels in the call log * Telephony: fixed sending voice mail messages and notifications of missed calls to mail * Telephony: fixed loading of sound files in the rules "Waiting for dialing" and Queues * Notification Service: Fixed a connection error with Telegram that occurred when saving multiple accounts * Notification Service: fixed the need to send an initiating message to the Telegram bot after installing an update or deploying a backup * Web interface: fixed incorrect display of task progress indicators * Web interface: Fixed typos and missing translation * Web interface: minor bugs fixed === Version 9.3.1 on 20 September 2022 === * Fixed display of information on licenses of Kaspersky antivirus and antispam * Fixed access to the report designer for new user roles + VPN: increased speed of SSTP networks * VPN: fixed generation of address pools for VPN users * Telephony: fixed external calls crash in Lua dialplan * Telephony: fixed transmission of numbers from the ICS phone book to SIP devices * Web interface: Fixed typos and missing translation === Version 9.3.0 on 5 September 2022 === + Changed the logic of blocking by geolocation, the list of countries and territories has been updated and placed in a separate tab of the firewall ! Firewall rules containing address ranges corresponding to countries and territories will be removed ! Restrictions are introduced on simple passwords for the mailbox and phone number + The ability to select the provider used has been added to network utilities + Added import of custom rules to the Suricata attack detector + Added block lists of the National Coordination Center for Computer Incidents (NCCCI) to the Suricata attack detector + Validity period of generated self-signed certificates is set to 10 years by default * In the system settings, the operation of the flag "allow ICS to send anonymous statistics" has been fixed * Fixed Fail2ban launch without active telephony module * Fixed automatic renewal of LetsEncrypt certificates * Fixed ICS behavior when registering and activating a system with less than 10 users + Added the ability to enable / disable all routes corresponding to the selected destination + Proxy: added the ability to specify the domain name of the X as a proxy address in the settings of the autoconfiguration script + Proxy: added ability to disable IP matching check for intercepted CONNECT requests + Statistics: added the ability to control access to the report designer for the group administrator role + Statistics: in the report management added the ability to create prohibition rules for selected records * Statistics: fixed export of personal statistics for users with the "user" role * Statistics: fixed unloading of multipage reports * System log: fixed messages for some events * System log: fixed incorrect date/time display + File server: added option "Enable buffering" to the settings of the virtual host with redirection * File server: fixed bug with creating automatic DNS records * File server: fixed virtual host database dump check + VPN: implemented the creation of WireGuard networks for end users + VPN: added login/password verification feature for OpenVPN clients * VPN: fixed function to disable SSTP network * VPN: SSTP auto configuration script changed * Backups: changed password storage scheme for remote FTP server * Backups: fixed the problem of copying to an FTP server if the folder path contained Cyrillic characters * Telephony: fixed sending faxes from the web interface * Telephony: changes have been made to the work of the Call Archive * Web interface: changed the way user login is stored between sessions * Web interface: fixed typos and missing translation * Web interface: minor bugs fixed === Version 9.2.0 on 5 May 2022 === + Operating system codebase updated to FreeBSD 12.3-RELEASE-p3 + A number of services have been updated to the current version + Added a list of country objects to address ranges that can be selected in firewall and user rules + Added the ability to select a partition for storing statistics and system logs + Added "Direction" column in Suricata attack detector rule settings * In the Statistics module, the display of user statistics from VLANs has been fixed + In the notification service settings, added the ability to send test messages to check the operation of the service + Added the ability to completely roll back the system to its original state. Before executing the command, a backup copy of the current settings will be created. + Added the ability to delete update files via the web interface + Network: added a notification window that warns about the intersection of the added network with an existing one + Network: added log for Wireguard networks * Proxy: fixed autoconfiguration script publishing error when web resource is active + VPN: added user search function * Traffic categories: changed the logic of turning off traffic categories * Traffic categories: fixed import of addresses + File server: added check for potentially malicious requests when deploying a database dump + File server: "use Web Application Firewall" option changed, now WAF is enabled globally for all resources with the ability to specify exception hosts * File server: fixed problem with slow connection to ftp resources * File server: fixed SMBv1 protocol + Backups: added the ability to select the data to be restored * Fail2ban: Fixed handling of failed authorizations in Xphone + Telephony: added restriction on the type of uploaded file to the "Wait for dialing" rules, .mp3 and .wav extensions are supported + Mail: added a field to specify the user to which mailboxes of deleted users will be reassigned + Mail: the ability to import words and phrases has been added to mail filters * Mail: fixed work of the mail collector when ClamAV antivirus is turned off + Web interface: added "Hardware" page containing data about the device + Web interface: updated graphic elements of the system * Web interface: Fixed typos and missing translation * Web interface: minor bugs fixed === Version 9.1.1 on 5 April 2022 === + Added ability to download databases of ClamAV antivirus and Suricata attack detector from resources available on the territory of the Russian Federation * Telephony: fixed telephony rules validator that prevents creating a rule that processes DTMF signals shorter than 3 characters === Version 9.1.0 on 7 February 2022 === + A new version of the Xauth authorization utility 4.9.1.0 is available for Windows 10 (download link https://download.a-real.ru/xauth.exe), the following changes have been made: updated application interface added display of the user's spent quota in the "Statistics" menu added the ability to change the number of reconnect attempts when the connection is broken improved monitoring of network activity of applications for L7 filtering IMPORTANT! Due to the update of the interface, the application uses the libraries of the graphics adapter, which may lead to problems with work on outdated software. Details and ways to solve possible problems are indicated in the documentation. * Adjusted the work of calculating the used space on the "Data deletion" tab in the System module * Fixed error in displaying WireGuard interfaces in the monitoring service + Network: added the ability to make exceptions in the proxy autoconfiguration script (similar to transparent proxy exceptions) * Network: Fixed a bug that prevented changing the VLAN ID * Networking: Fixed an issue that could only connect to a domain controller on the second try + Firewall: added "Destination" column sorting to the static routes module * Firewall: fixed static route search function * Firewall: fixed config error for WireGuard networks * VPN: fixed work of WireGuard networks with 10 or more peers * VPN: fixed a bug that prevented turning off the WireGuard network * OpenVPN: fixed naming of user certificates without login * Certificates: automatic renewal of LetsEncrypt certificates fixed + Telephony: the minimum length of internal telephone numbers is set to 3 characters * Telephony: fixed work of incoming calls in the presence of several providers, active dialplan on LUA and chan_sip driver * Telephony: fixed processing of "Busy" status during a call + Mail: added the ability to select the style of the Roundcube interface in the webmail settings + Mail: Updated some Roundcube plugins * Mail: fixed work of Kaspersky antispam whitelists when a bad reputation of an IP address is detected * Web interface: fixed display of some dialog boxes * Web interface: fixed validators for some fields * Web interface: Fixed typos and missing translation * Web interface: minor bugs fixed === Version 9.0.0 on 8 December 2021 === + A number of services have been updated to the current version + Changed the database update system for Kaspersky Web Filter ! Garnet module licensing policy changed: access to Garnet categories is commercially available + Added the ability to get and use NetBIOS device names as usernames and logins in the user import service + A new predefined set has been added to the rulesets - "A set of rules for creating whitelists" * Fixed the operation of the notification service when using Jabber * Fixed display of statuses of hard disk partitions * Disabled duplication of Suricata attack detector logs + Added authorization events to the authorization service with an incorrect username / password * Fixed a bug with a disappearing list of applications in the L7 filtering service * Synchronization: fixed the behavior of the import and synchronization function for users and mailboxes exceeding the license limit * Synchronization: updated algorithm for import, synchronization and cancellation + Connection monitor: for greater stability of work, the module is separated from the statistics service * Network: fixed display of routes for IPIP and GRE tunnels + Network: added check of connection of the removed external interface and tunnels + Network: the static routes module is separate from the firewall * Network: the ability to select ranges of addresses, as well as generalizing objects, is excluded from the settings of static routes ! Network: all routes with incorrect settings will be deleted * Network: fixed automatic disconnection of routes with configured monitoring * Network: fixed the problem with the inaccessibility of the web interface of remote ICS when connecting to them through the IPIP + IPSec tunnel * Network: fixed issue with distribution of outgoing traffic between primary and backup providers * Network: fixed operation of the "Use NAT" flag in VLANs * Network: corrected the logic for accounting ranges and counting the number of IP addresses in the DHCP server ! Traffic categories: removed obsolete ICS traffic categories. The corresponding Garnet categories will be added to rules using such categories. + VPN: Added WireGuard support for site-to-site connections + VPN: Added support for multiple SSTP networks * VPN: fixed display of status of OpenVPN tunnels + Certificates: the "Certificates" module added the ability to force the renewal of the used certificates LetsEncrypt * Certificates: Fixed issue with updating LetsEncrypt certificates when changing CA certificate chain * Web server: fixed deletion of virtual host certificates * Web server: fixed work of assigning access rights to a directory * Backups: Fixed deploying a backup to a system with a changed configuration of disk partitions + Telephony: a new mode of operation of telephony rules has been implemented. You can switch to the new operating mode in the constants settings. The following issues have been resolved in the new mode: fixed operation of the "Call via external channel" rule with several external channels fixed inaccuracies of displaying calls in the call log fixed limitation of the maximum number of channels fixed work of redirects and queues with disabled numbers fixed checking of incoming calls by phonebook contacts in ICS + Telephony: added color highlighting of disabled phone numbers to the settings of rules and redirects * Telephony: fixed connection of Xphone to a number that does not have a corresponding setting * Telephony: fixed Xphone operation on non-standard web interface port * Mail: fixed work of mail collectors in automatic recipient detection mode * Mail: fixed username import to Roundcube profile * Web interface: in a number of services, SSTP network interfaces are excluded from the list of interfaces available for interaction + Web interface: information about valid licenses for Kaspersky, SkyDNS, Garnet products has been added to the "About" section * Web interface: fixed validators * Web interface: fixed typos and missing translation * Web interface: minor bugs fixed === Version 8.4.1 on 15 September 2021 === * Web interface: minor bugs fixed === Version 8.4 on xx August 2021 === ! Licensing policy changed: only enabled users are counted in the system ! For the ICS Lite a limit of 9 included mailboxes and phone numbers is introduced ! When updating ICS Lite, mailboxes and phone numbers that exceed the limit will be turned off, and the functionality associated with disabled objects will stop working ! Removed service Cluster + A number of services and services have been updated to the current version + Added the ability to specify AD security groups that have access to ICS administrator rights + Added import and synchronization of FreeIPA users + Updated templates of the Search Engines Ribbon * Fixed adding a new hard drive to the Mirror section + Monitor providers: added the ability to fine-tune when the Internet connection is unstable + Connection Monitor: added the ability to interrupt selected connections * Proxy: fixed posting of automatic proxy configuration link on a non-standard port * Firewall: fixed the work of the automatic allowing rule for accessing the web server * Firewall: fixed error in configuration of l2tp and pptp providers with allowed access via web / ssh + OpenVPN: increased data transfer speed over OpenVPN networks + OpenVPN: added the ability to select the version of the OpenVPN client when downloading the OpenVPN configuration files * OpenVPN: fixed a bug where reserved IP addresses were given to other users + VPN: added an option to automatically determine the domain name when connecting via PPTP, L2TP, PPPoE, SSTP * VPN: routes transmitted over SSTP networks are converted to the form accepted by Windows * Backups: added disabling resources with non-existent sources after deploying a backup + Web server: added libraries to support CMS Joomla 3.9 and WordPress 5.7 + Web Server: Added optional support for WebSocket protocol in virtual hosts with redirection * Fail2ban: fixed detection of failed authorizations in the webmail module + Mail: added the ability to forcibly restrict authorization via SMTP * Mail: fixed downloading letters from the mail queue + Power Management: Added UPS Service Log * Web interface: fixed work of validators of some fields * Web interface: fixed typos and missing translation * Web interface: minor bugs fixed === Version 8.3.1 on 1 July 2021 === * Fixed problems of routes to client networks via OpenVPN === Version 8.3.0 on 22 June 2021 === + Operating system codebase updated to FreeBSD version 12.2-RELEASE-p6 * Fixed bug with downloading Suricata Attack Detector rules from snort.org * Fixed synchronization from AD / LDAP with the same name * Fixed a rare crash in the Network Setup Wizard * Fixed crash of the restore preset rulesets window + In the user module, an indication of the service that issued this address has been added to dynamic ip-addresses * Network: fixed duplicate Netbios device names in the list of issued DHCP addresses * Network: logical interfaces "epair" that are part of the SSTP network are excluded from the list of interfaces. * Proxy: fixed error starting service with disabled proxy cache ! Firewall: Only one value can be specified in the Destination field for static routes. The existing routes will be converted to a new look. + Firewall: added prioritization of static routes by metric + Firewall: added route monitoring * VPN: fixed connection to SSTP network for user imported from domain * Backups: fixed processing errors of old L7 filtering rules * Backups: fixed problem with incorrect display of hard drives after deploying a backup + Certificates: added support for ECDSA encryption and SHA-384 algorithm + Certificates: added the ability to hide revoked certificates + Certificates: added the ability to import a chain of certificates * Certificates: fixed algorithm for generating end certificates * Certificates: fixed error saving certificate in LDAPS authorization settings + Telephony: added the ability to select the TLS encryption version + Telephony: fixed sorting of call log entries * Telephony: fixed the determination of the IP address of the device connected via the IAX protocol * Telephony: fixed a rare bug where external calls are not worked after switching to pjsip driver * Mail: corrected work of the function of skipping groups in the ICS address book * Mail: fixed the work of the mail collector with letters with missing Return-path header * Mail: added the logic of the mail server to use an external SMTP relay in conjunction with a mail collector. ! Mail: in the settings of the ICS address book, the ability to specify the port for LDAP is removed * Web interface: fixed work of validators of some fields * Web interface: typos and missing translation corrected * Web interface: minor bugs fixed === Version 8.2.0 on 31 March 2021 === + In the Xauth authorization utility, the SSL certificate has been updated and the encryption key has been strengthened + Added the function of clearing charts to the monitoring service + Network: Added display of Netbios device names to the list of issued DHCP addresses * Traffic Categories: Optimized memory usage when using preset automatic traffic categories * Proxy: fixed behavior of the function of publishing the proxy autoconfiguration script when the Captive portal is enabled * Proxy: fixed work of rules with SkyDNS categories when explicit proxy and access to https-resources * Proxy: fixed the work of routes through an additional provider for users with domain authorization with an explicit proxy * VPN: fixed connection to the SSTP network of users containing the "\" character in the login * VPN: fixed a situation when, during the simultaneous operation of SSTP and regular VPN networks, the user could be assigned 2 IP addresses + Firewall: added function to copy firewall rules * Backups: fixed the function of writing a backup to removable storage + Certificates: added support for imported certificates with ecdsa-with-SHA384 encryption algorithm + Captive portal: added the ability to select local and internal networks with which the Captive portal will work + Web Server: Added support for web sockets to the redirected web server configuration + Mail: added function to import address book from LDAP / AD to Roundcube * Mail: fixed the function of unloading letters from the mailbox * Mail: fixed problem with Russian logins / passwords in mail synchronized with AD + File server: added support for WebDAV protocol for accessing file resources + Web interface: added the ability to go to your personal account and external ICS services by clicking on the username in the top menu bar * Web interface: fixed work of validators of some fields * Web interface: typos and missing translation corrected * Web interface: minor bugs fixed === Version 8.1.0 on 4 February 2021 === + Xauth authorization utility updated to version 3.8.1.0 * Improved algorithm for processing quotas * Fixed rare bug with importing users from AD / LDAP + For the new rules of the Suricata attack detector, the algorithm for creating SSL / TLS fingerprints ja3 is connected * Network: fixed a bug in the configuration of encryption of Wi-Fi networks * Network: fixed problem with disabling DHCP on an interface when changing the network configuration * Network: fixed the logic of switching network connections when automatically switching between the primary and backup providers + Traffic categories: updated list of MIME types * Traffic categories: fixed bugs in importing a list of urls from a file + Firewall: routes are divided into 2 categories: static and conditional, after updating existing routes will be automatically separated + Firewall: added the ability to enable NAT for routes through an interface or provider in the route settings + Firewall: added the ability to select the OpenVPN interface in the rules settings * Web server: fixed the function of automatically updating Let's Encrypt certificates on a virtual host + Mail: added the choice of the address book to be used in the web mail settings: built into the IKS or imported from LDAP / AD * Mail: fixed the logic for deleting a shared mailbox in the mail domain * Power management: fixed the scheduled shutdown function * Power Management: fixed UPS Management Service configuration * Web interface: fixed the problem of displaying the ping graph in the monitoring service * Web interface: minor improvements made and minor bugs fixed === Version 8.0.1 on 23 December 2020 === * Content filter: fixed bug with editing keywords in preset categories * File server: fixed error saving certificate in virtual host settings * File server: fixed incorrect operation of https redirection in the settings of the virtual host with redirection * File server: fixed error in the configuration of web resources, in which the page content did not load * Web interface: fixed regression - when the proxy autoconfiguration is configured, the web interface is not available === Version 8.0.0 on 2 December 2020 === + Operating system codebase updated to FreeBSD 12.1-RELEASE-p10 + A number of services and services have been updated to the current version * ICS installer updated to work correctly with virtual machines and HyperV Generation 2 + Added the ability to set usernames with Cyrillic characters * Fixed synchronization of domain users + Added the ability to send log notifications to Telegram groups in the notification service + Added site categorization service using machine learning technologies - Garnet + Network: in the IPSec encryption settings added the choice of the IKE version: IKEv1 or IKEv2 + Network: added fields to the settings of local networks to specify DNS servers that will be issued to hosts connected to this network via DHCP + Network: added display of the number of used and free addresses for each network in the DHCP settings + Proxy: added functionality for limiting connection speed for subdomains of the specified domain ! Content filter: custom templates and keywords added to automatic content filter bases will be removed ! Content filter: lists of words for schools, as well as lists from the websites of the Ministry of Justice and Gosnarkokontrol will be deleted when updated, then they will be restored automatically within 1 hour or upon forced update in the module settings * Content filter: removed the ability to add and remove words in preset content filter lists + Content filter: added the ability to turn off and on the check of specific words and phrases in the preset lists of the content filter + Content filter: to reduce the load on the system and reduce the processing time of requests, the function of caching the results of checks for duplicate URLs has been added + Content filter: added option to manually update databases + Content filter: added a schedule for checking for updates to automatically update databases * Firewall: fixed algorithm for creating automatic rules for ICS services + Backups: added the ability to start uploading a backup to an FTP server at the same time as starting another backup * Backups: fixed regression - when restoring a backup, call log and the data of the content filter's categories and databases disappears + File server: added the ability to ldap authorization on the FTP server * File server: fixed configuration of encrypted FTPS connections * Web server: fixed the "Create a record on DNS server" flag for virtual hosts * OpenVPN: changed the way of user identification in certificates ! OpenVPN: after updating, previously created certificates will stop working, new certificates will be recreated automatically * OpenVPN: fixed work of routes and filtering rules for users connected via OpenVPN * VPN: fixed bug allowing to keep SSTP network without routes + VPN: added SSTP network event logging scheme * VPN: improved scheme for disconnecting and deleting SSTP network * VPN: fixed the ability to enable Kerberos authentication in the absence of a configured Kerberos connection + Fail2ban: changed the scheme for automatically increasing the ban time + Telephony: added a ban on creating SIP/IAX tunnels with the same logins, as well as logins for SIP or IAX tunnels that match the internal phone number + Telephony: added IAX connection option to phone number settings + Telephony: implemented CallerID transmission via SIP / IAX tunnels * Telephony: fixed IAX provider * Telephony: fixed display of calls via SIP/IAX tunnels in the monitor and call log * Telephony: fixed number search functionality in the list of numbers + Mail: added the ability to create black and white lists of words, ip-addresses, postal addresses in the Rspamd spam filter settings + Mail: added the ability to export mail statistics * Web interface: fixed drag and drop behavior when dragging an object outside the table * Web interface: fixed operation of logging events of Kaspersky Web Filter * Web interface: fixed typos and missing translation * Web interface: minor bugs fixed === Version 7.2.1 on 21 October 2020 === * Fixed definition of categories by extensions, keywords and MIME types in the statistics service * The synchronization service has fixed the synchronized mailbox handler * Network: fixed bug in creating configuration files for IPSec tunnels + VPN: to simplify administration and deployment of remote workstations, added a script for autoconfiguration of VPN and SSTP connections === Version 7.2.0 on 1 October 2020 === ! During the ICS reboot, after installing the update, it is recommended to set the time in the BIOS according to your local time ! When upgrading, the Cluster service will be disabled, service removal is scheduled for version 8.0 + Added group of traffic categories AdBlock + A number of services have been updated to the current version + Added options to the Xauth authorization utility settings to change the default program behavior * Fixed incorrect migration of domain users when upgrading from earlier versions of ICS * Fixed checking conflicts when importing users + The monitoring service has added the ability to specify the provider from which the ping will be checked * Fixed operation of the ICS restart and shutdown service on schedule + Added the ability to select a mode in the attack detector settings: IDS / IPS (netmap), IDS (pcap) * Traffic categories: categories with the same names have been renamed in Kaspersky traffic categories + Network: added the ability to specify the DHC zone for auto-registration of addresses in the DHCP settings + Network: added the ability to specify a global Search domain in the DHCP settings, also added the ability to specify your Search domain for each local network + Network: added the option Identifier and Identifier of the remote side in the IPSec encryption settings * Network: fixed the logic of monitoring of IСS tunnels * Network: removed the possibility of creating two identical providers * Content Filter: Improved detection of blocked media content on pages without text * Captive portal: fixed reception of numbers less than 11 digits for authorization by call + Proxy: implemented the ability to balance traffic across multiple providers + Proxy: Added Web Socket (WSS) protocol to the list of protocols for proxy configuration * Firewall: fixed operation of sets containing more than five rules of the same type + Backups: added data compression in backups to reduce their size + Backups: added message output when trying to load a damaged backup file + Backups: The backups include license files for Kaspersky products * OpenVPN: fixed configuration file creation for correct reading by OpenVPN app for iOS * OpenVPN: fixed hang of "Current Sessions" page, with frequent unsuccessful attempts to connect user + VPN: added the ability to create an SSTP network * VPN: fixed a bug in the issuance of dynamic IP addresses in the VPN network if a user with domain authorization is connected to the ICS + VPN: added to the service log the ability to select the display of messages for a specific service: PPP connections, OpenVPN and SSTP * Web server: changed the method of authorizing domain users in the web server from NTLM to LDAP / LDAPS * Web server: fixed nginx configuration creation for virtual hosts with redirection * Web server: fixed and supplemented Letsencrypt logic for web resources * Fail2ban: changed the handling of failed connection attempts in the web interface + Telephony: insufficiently reliable encryption key exchange algorithms for the TLS protocol are disabled * Telephony: fixed a bug with the impossibility of making a call between two ICs connected by an IAX tunnel * Telephony: fixed a bug with no sound when making a call between two ICS's connected by a SIP tunnel * Telephony: the language of notification in the telephony queue for IAX2 connection is adjusted to the system language * Telephony: the ability to delete automatically created telephony rules has been removed; for clarity, such rules now have the signature "automatic" * Telephony: fixed automatic addition of new local networks to Asterisk configuration + Mail: added option to clear Roundcube base * Mail: fixed restart of mail server when connecting VPN client * Mail: fixed the analysis of the sender's name in mail statistics and queue * Mail: fixed changing the default domain for authorization in Roundcube when renaming this domain * Mail: fixed a configuration bug where the mail collector was collecting already collected mail + Web interface: added sorting of the list of content filter events + Web interface: added sorting of user statistics list + Web interface: added report on firewall blocking * Web interface: fixed errors in the definition of URL categories by the statistics service * Web interface: fixed errors when building reports * Web interface: added the function of manually deleting data in the system log * Web interface: minor bugs fixed === Version 7.1.1 on 15 July 2020 === * In total, 35 tasks were worked out in preparation for version 7.1.1 * Network: tunnel monitor fixed * Mail: editing of synchronized mail boxes fixed * Mail: migration of web-mail during updating of ICS fixed * OpenVPN: closing sessions of domain users fixed * Telephony: email notifying about missed calls fixed * Jabber: making access rights for domain administrator during creating of chat rooms fixed * Web interface: displaying of dynamic ip addresses of tunnel and OpenVPN fixed * Web interface: minor bugs fixed === Version 7.1.0 on 18 June 2020 === + The code base of the operating system has been updated to version FreeBSD 12.1 ! DLP service removed from ICS ! Due to changes in the configuration of IPSec tunnels in favor of the ability to work with third-party equipment, connections of ICS version 7.1 to ICS of older versions will stop working + OpenSSL module updated to the latest version ! After updating the OpenSSL module, certificates with md5 encryption will be discontinued as using insecure hashing methods. After installing the update, services with similar certificates will be disabled. The certificate for accessing the web interface will be replaced automatically. - The multicast proxy service is turned off. The next update will remove the service. If you use this functionality, contact your personal manager - In the recovery console, the display of service interfaces has been removed + A number of services added authorization option through Kerberos * Fixed automatic switching of recovery console language for Hyper-V * The bootloader is optimized to speed up boot on Hyper-V ! Active Directory: Synchronized rule sets assigned to users will be disabled. Assigning Synchronized Rule Sets to Users - Forbidden + Active Directory: added ability to delete unused synchronized rule sets + Active Directory: added ability to manage synchronization for imported users * Content filter: resolved the problem with filtering the pages of the Youtube service + Content filter: optimized resource consumption and content filter performance + Captive portal: call authorization option implemented + Network: added the ability to create IPSec tunnels * Network: fixed a bug where the network activity of the user did not stop after removing his IP or MAC address * Network: resolved the problem with disabling DHCP when the provider is turned off ! Proxy: due to changes in the proxy auto-configuration settings, if the auto-configuration script was not published on a virtual host, these settings will be reset and after updating they must be configured again + Proxies: added the ability to change the standard lock page * Proxies: fixed user authorization problem with a space in the login + Firewall: ipfw is optimized to speed up sending packets and reduce time delays in processing them + Firewall: optimized the construction of port forwarding rules + Firewall: optimized the construction of speed limit rules + VPN: option "Use DPD (dead peer detection)" added to L2TP IPSec settings + OpenVPN: added the ability to disable the tls-auth option on the OpenVPN network + OpenVPN: implemented unloading of all data for connecting a user through a single file * OpenVPN: the logic for checking the status of the OpenVPN tunnel has been changed for more accurate and quick informing * OpenVPN: removed the ability to assign the final certificate as a CA certificate in the settings of the OpenVPN network * OpenVPN: fixed problem with collecting statistics on the OpenVPN interface * OpenVPN: certificate revocation functionality is implemented in a more explicit form * OpenVPN: a bug was fixed where, during a restart of an OpenVPN server with several networks, one of them might not start automatically * Backups: the logic for adding files and folders to the backup has been changed + File server: an option has been added to the settings of the network environment that allows the use of obsolete SMB protocols * File server: fixed encrypted connection with FTP server * File server: fixed a bug that occurs in the nginx configuration when there is a web resource on the ICS with its own database * Jabber: eliminated the ability to create the same jabber accounts + Mail: added option for connecting SMTP clients through port 587 + Mail: ban on the removal of synchronized mailboxes + Mail: added the ability to download letters from the mail queue list * Mail: the filtering logic of Roundcube address book entries has been changed - users without mailboxes and empty user groups will not be displayed + Mail: added function to exclude a user group from the Roundcube address book * Mail: fixed the problem with the location of pgp keys in Roundcube * Mail: the conflict between the rules of the mailing list and the general mailbox has been resolved, in which the letter sent to the mailing list was sent only to the general mailbox + Telephony: the ability to invite a new participant during the conference has been added to administrators and conference leaders + Telephony: the restriction on the maximum number of incoming connections for numbers and telephony providers is clearly indicated * Telephony: changed the logic of the call monitor * Telephony: fixed error with the inability to interrupt the manual transfer of a call * Telephony: fixed a bug that created an incorrect telephony rule when restoring backups from earlier versions of ICS * Telephony: fixed problem with adding numbers starting with 0 * Telephony: fixed work of notifications by mail when not answered * Telephony: the situation where the external number in the call forwarding rule in telephony could be specified only by adding it to the phone book is fixed * Certificates: fixed bug in generating a telephony certificate * Certificates: the logic for importing certificates has been supplemented + Web interface: the option "display full URL" has been added to the report management settings + Web interface: the ability to group actions on a selected set of rules has been added to the settings of the Suricata attack detector * Web interface: the logic of the search in the system log is reduced to the more expected + Web interface: the ability to assign a deny rule for a user application to a group of users has been added to the Application Firewall settings * Web interface: fixed bug with updating Application Firewall configuration when changing LAN settings * Web interface: automatic transfer of the selected group has been added to the Add Users Wizard * Web interface: removed hiding dialog boxes by clicking past a window * Web interface: optimized code that creates the configuration files of services, as a result, the time for updating the configuration was reduced when changing the system settings * Web interface: fixed the whitelist window in the Fail2ban service * Web interface: fixed bug with displaying a disabled provider in monitoring * Web interface: fixed sorting of DNS records table * Web interface: typos and missing translation corrected * Web interface: minor bugs fixed ! In total, 271 tasks were worked out in preparation for version 7.1.0 === Version 7.0.1 on 11 December 2019 === - Stopped sms.ru service support in the Captive Portal module + Automatic import of file encoding is added to import users from a file + To solve the problem of google services not getting into the content filter, the rule "Deny UDP on port 443" has been added to the school rule sets * Fixed problem with failing redirect to safe search in school rules * Corrections have been made to the work of rule sets for users * Fixed the possibility of IP address conflicts when using MAC authentication * Fixed problem with connecting ICS to a domain with disabled NetBIOS * Fixed algorithm for calculating statistics and drawing graphs for monitoring the system + Xauth authorization utility updated to version 3.7.0.5 * Network: Fixed problem with manually reconnecting L2TP provider over IP / DHCP * Network: Fixed tunnels working with NAT * Proxy: Fixed minor flaws in the operation of filtering https traffic - Traffic categories: Removed the categories "School Prohibited Sites" and "Content Delivery Network" + Traffic categories: Botnets, Sites that spread viruses, Phishing were moved from the SkyDNS Black Sites category to the Security group. + Traffic categories: In all rules using the Black Sites category group, a Security group of categories has been added. + Traffic categories: The Cryptomining category has been added to the SkyDNS Black Sites category group. + Traffic categories: The category "Internet libraries" has been added to the SkyDNS group of categories "Other sites". + Traffic categories: The category "Blocking by order" has been added to the SkyDNS category group "Prohibited by law". * Content filter: The problem with a possible filter failure when searching for words and expressions in the search engine results has been resolved * Telephony: Regression fixed - call log export does not export all log pages * Mail: In the Anti-Spam Rspamd module, a bug with generating a configuration file has been fixed when selecting networks for which spam checking will not be performed * Web UI: minor bug fixes + Web UI: added links to documentation (in the authorization window and on the top panel of the interface) === Version 7.0.0 on 14 November 2019 === + The operating system code base updated to version FreeBSD 11.3 - Dr.Web anti-virus removed from ICS + Updated Xauth authorization server + The xauth authorization utility has been updated to version 3.7.0. Together with the updated authorization server, the utility allows monitoring client connections (user page, "Applications" tab) ! If you use the xauth authorization utility, update it to the latest version, the old version is not supported by ICS version 7 + To block the operation of unwanted user web applications, added a new Layer-7 filtering module - Application firewall, with functionality for deep packet inspection (DPI) + Updated ICS installer + The notification service has been completely updated, removed support of the ICQ protocol and added telegram-bot + Updated http traffic filter + In the traffic category, a new automatic category has been added: "Register of safe educational sites" + Updated Network neighborhood module + Updated Proxy module * Solved the problem of reducing Internet speed when using an explicit proxy * Fixed decrease in Internet speed when turning users on / off + The SkyDNS service has been updated and differentiated into a separate module of the SkyDNS Web Filter + Updated nginx configuration + Tunnel encryption system moved to a separate IPsec module + Updated encryption key exchange algorithms + An anonymous statistics collection system has been added to increase the performance, stability and security level of ICS. The function may be disabled in the commercial version of the product. + OpenVPN: Users have the ability to download their openVPN certificate through the ICS web interface (user page, "OpenVPN" tab) * OpenVPN: Fixed problem with the impossibility of using openVPN by the user whose login contains a point + OpenVPN: In the openVPN network, added ability to transfer client DNS server addresses of the network + OpenVPN: Added the ability to specify a specific network when unloading certificates for connecting the openVPN client + Completely updated Content Filter module * Content Filter: The filter works with pages with non-standard encodings + Content Filter: Increased page content processing speed + Content Filter: Added the ability to add regular expressions to the content filter database * Content Filter: Fixed filtering for YouTube and Yandex search pages + Telephony: Asterisk updated to version 16 + Telephony: Added a new SIP fecal driver - chan_pjsip + Telephony: A new module for organizing conferences with new features has been introduced: Video support Audio recording Setting a PIN code for login Announcement of the number of participants Limit the number of participants Appointment of facilitators and administrators Setting the method of distribution of video streams Waiting for the host of the conference DTMF conference menu + Telephony: Implemented Xphone - built-in ICS web-softphone with support for video calls and audio / video conferencing + Telephony: Added the ability to encrypt SIP via TLS and SDES-sRTP for SIP providers + Telephony: Added the ability to specify a port for SIP over TLS transport + Telephony: Added codec prioritization * Telephony: Fixed error of specifying local networks when telephony is working behind NAT * Telephony: Fixed problems of creating automatic firewall rules for various IP-telephony transports + Telephony: The phone book moved to the Phone numbers module * Telephony: The logic for checking dependent rules when deleting a phone number has been supplemented * Mail: The situation where the name change of the organization was not applied in webmail was fixed * Mail: Fixed a bug where changing the system language did not change the language of webmail * Mail: The problem of synchronizing users and user groups with the Roundcube contact list has been resolved + Mail: The ability to select networks for which spam checking will not be carried out has been added to the Rspamd Antispam module * Mail: Fixed a mismatch of rights to directories when importing mailboxes * Mail: Fixed the problem of moving mailboxes between domains * Mail: Fixed the issue of long sending emails with attachments in Roundcube + Fail2ban: Added option to protect the VPN server + Fail2ban: Added option to automatically increase the ban time when a specified number of regular bans is reached. Upon reaching the specified number of additional bans, the blocking time will be increased. + Fail2ban: In the list of banned ip added separation of services * Fail2ban: Changed the logic of working with white lists. When updating, the current lists will be lost; during subsequent updates, the lists will be saved + Fail2ban: Added list for permanent ban + Fail2ban: Added the ability to whitelist or permanent ban enter IP-addresses with subnets + Web UI: Updated web interface of a number of modules + Web UI: Added the ability to manually start updating SpamAssassin databases + Web UI: Added checking the available disk space before creating a backup and installing the update * Web UI: The problem with detecting more than three network cards on Hyper-V has been resolved. * Web UI: The logic of the operation of ICS with uninterruptible power supplies is fixed * Web UI: The logic of working with users in the Network Neighborhood module has been fixed + Web UI: In the network utility "Channel Speed ​​Test" the ability to add and edit your own addresses is implemented + Web UI: New types of graphs have been added to the report designer: bars and bubbles * Web UI: In the firewall, the discrepancy between the units of connection speed in the interface and configuration is fixed * Web UI: The error of obtaining a Letsencrypt certificate when creating virtual hosts has been fixed * Web UI: The problem with missed calls in the call log * Web UI: The problem of missing some letters in the mail statistics has been resolved * Web UI: The logic for importing users has been supplemented * Web UI: The problem with the hang of manual update of rules for the Suricata attack detector was fixed * Web UI: A network scanner bug was fixed when port scanning determined all possible ports instead of the specified one + Web UI: An explicit indication of the update time has been made for auto-renewable traffic categories, Clamav anti-virus databases, Kaspersky anti-virus databases === Version 6.1.1 on 28 May 2019 === + Updated ClamAV to version 0.101.2 + Network: Content Filter: added processing of pages archived with Brotli * Network: Fixed access problem to the Internet during massive MAC authorizations * Network: Fixed execution of proxy rules with SkyDNS categoty groups * Network: Fixed Remote Management * Network: Fixed generating of LetsEncrypt certificates + Web UI: Setting of widgets is more flexible now + Web UI: Added interface "pflog0" in the module "Network tools -> Dump" * Web UI: Fixed displaying problem of the report "By traffic" * Web UI: Fixed searching of users in module "Users" * Web UI: Fixed displaying problem in the module "Calls monitor" * Web UI: Fixed sorting in the module "Reports" * Web UI: Fixed searching of proxy rules for users that have address ranges * Web UI: Fixed playing audio records === Version 6.1.0 on 09 April 2019 === + Updated ICS system notification service + Added zfs cache to speed up the file system. For details see documentation. + Removed obsolete and unused modules + Updated Web Application Firewall module for web resources + Optimized work with the database - some internal operations of the ICS are accelerated * Fixed a bug with the triggering of the content filter on the entry deleted from the database * Fixed defects in the DNS-server * Fixed incorrect decoding and display of specific URLs * Removed the ability to create 2 DHCP on one interface + Expanded user roles work logic + Expanded proxy rules work logic * Backups: Fixed bug with starting some services after restoring a backup * Backups: Fixed a bug in creating backup files when the location of the specified folder saved the entire contents of the file storage + Backups: The logic of the function "Interrupt Backup" has been updated + Mail: In the settings implemented the ability to export / import black and white lists * Mail: Fixed mailbox synchronization + Mail: The "Antispam" tab in the mail settings is disbanded into 3 modules - SpamAssassin antispam, Rspamd antispam and Kaspersky antispam. + Mail: In the settings, instead of the Anti-spam tab, the Spam Protection tab has been created, to which the corresponding section has been moved from the general mail settings + Telephony: Added option to generate a password for internal telephony numbers * Telephony: Fixed a bug in the "TCP for SIP" option * Telephony: Fixed telephony log export * Telephony: Fixed deletion of telephony rules associated with the provider being deleted + Web UI: In the system log added the ability to view the log of a specific service. + Web UI: The fail2ban service settings have been updated, lists of banned and white ipes have been added to the settings + Web UI: Added a mime type tree to the traffic category settings * Web UI: On the user rules page, the functionality for searching rules valid for the specified URL has been fixed. + Web UI: Traffic categories groups are divided into the corresponding tabs: ICS categories, SkyDNS categories, Kaspersky categories + Web UI: The "Restore Default Menu" button is moved to the menu settings button + Web UI: Added option to automatically create an allow rule for accessing a time server * Web UI: Removed ability to add content filtering database to proxy rule + Web UI: Updated license manager for all antiviruses * Web UI: Fixed bugs displaying some pages of the web interface === Version 6.0.1 on 28 November 2018 === + Mail: added support of SMTPUTF8 * Network: fixed regression - profiles and traffic categories don't work properly * Network: fixed regression - wrong link to wpad.dat * Web UI: fixed regression - changing of login/password for ldap importing doesn't work * Web UI: fixed regression - authorization by domain's login/password doesn't work * Web UI: small fixes * Telephony: fixed regression - service doesn't start if there are specific rules === Version 6.0.0 on 07 September 2018 === ! ! !!!!!!!!!!!!!!! ! !!! Warning !!! ! !!!!!!!!!!!!!!! ! ! This release contains IMPORTANT IRREVERSIBLE changes! ! ! 1. The settings of the following modules will be lost: ! - OpenVPN ! - Web and SMS authorization ! - Remote management (works only with ICS 6 and later) ! - WEB Applications have been removed ! ! Look at the documentation to setup modules described above. ! ! 2. Web UI works only by https ! 3. Backups from ICS 4 aren't supported anymore ! ! Supporting of windows regular expressions in proxy rules has been deleted. ! + Network: IPSec module racoon has been replaced with module strongswan + Network: supporting of protocol SMPP has been added in module Captive Portal + Network: attacks detector Suricata now works as IPS + Network: authorization in module "Remote management" now uses certificates instead of login/password + Mail: Roundcube has been updated to version 1.3.7 + Mail: added PGP in Roundcube + Mail: refactored mail filters + Mail: added possibility to establish only secure connections + Mail: greyfix has been replaced with postgrey + Web UI: refactored, optimized communication with DB + Web UI: list of exported users now includes MAC addresses + Web UI: added asynchronous uploading of files in modules: Backups, Telephony + Web UI: Web and SMS authorization modules have been replaced with one common module - Captive Portal + Web: php has been updated to version 7.2 + Telephony: added supporting of video calls + Telephony: added supporting of SIP over TLS and SRTP * Web UI: fixed uploading of big files * Web UI: fixes working in Chrome browser * Telephony: fixed exiting from queue * Telephony: fixed Calls Monitor * Telephony: fixed work of redirections when there is no response to a group of numbers * Mail: fixed working of common mailbox * Mail: fixed work of gray lists * Jabber: fixed server work with Russian domains === Version 5.2.6 on 26 June 2018 === ICS 5 Update + Added capability of duplication of syslog messages to another server === Version 5.2.4 on 11 April 2018 === ICS 5 Hotfix * Fixed the MAC authorization * Fixed english locale in reports === Version 5.2.4 on 6 April 2018 === ICS 5 Hotfix + Added capability of notification to external email about missed calls * Fixed the displaying of connections if the proxy port is 8080 * Fixed the the logs cleaning * Fixed the editing of address ranges * Fixed the MAC authorization * Fixed the scheduling of power management === Version 5.2.3 on 20 March 2018 === ICS 5 Update ! Removed web applications + Added capability of setting of MTU for IPIP and GRE tunnels + Saving traffic category in statistics can be disabled + Roundcube: added plugin of color labels of emails + Roundcube: changing of sender address can be managed + Added the redirection to https in "Virtual host with redirection" * Roundcube: added the cleaning of temporary attachment files * Roundcube: fixed the displaying of custom pictures * Roundcube: fixed the displaying of contacts after ICS update * Roundcube: fixed the opening of email by double clicking * Fixed the problem of playing await melody * Fixed the working of fail2ban after ICS update * Fixed the displaying of UPS state * Fixed the displaying of the output of network utilities * Fixed conference calls * Fixed the problem of playing call records in call log * Fixed the problem of calls limit * Fixed wifi working * Fixed the access for shares problem * Fixed the problem of establishment of vpn connection with ICS for domain users * Fixed the auto logs cleaning * Little changes in web interface === Version 5.2.2.171204 on 4 December 2017 === ICS 5 Hotfix * Removed icqlog service * Fixed mail picker * Fixed the exiting from queue to the another ruleset in phone module * Fixed access rights via samba and ftp for resources === Version 5.2.1.171122 оn 22 November 2017 === ICS 5 Hotfix * Fixed upgrade from 4.9.20 to current version * Fixed mail picker * Improved mysql working