7.1.1 EA Release
Netsweeper 7.1.1 EA is now available. This release is based on CentOS6 but we are working hard to port the entire product to CentOS 8. Over the course of the 7.1 release cycle we will be making CentOS 8 porting advancements and will be making a 7.1.X build available for both CentOS 6 and CentOS 8. The features and bug fixes we add will be available in both builds once we make them public.
Features in 7.1.1 EA include:
CentOS 8
- The CentOS 8 ISO is available for download as of 7.1.1 for BETA testing.
Radius
- Workstation is now a configurable Radius field which populates in the WebAdmin
SysOp Permissions
- ‘View Managed SysOp Lists’ and ‘View Organization Sysop Lists’ so a SysOp permission can manage all lists owned by SysOps and owned by their Organization
- ‘Create Sysop/User Accounts’ and ‘Delete SysOp/User Accounts’ lets a SysOp create or delete a SysOp or User Account
Directory Sync
- A new ‘Clone from Group’ option in DirSync that allows you to use another Group as a Template when adding a Group
NSProxy
- The NSProxy tool ntlmldap used for NTLM over LDAP has been removed from the CentOS8 build
Capture Module
- The Capture Modules can now set a netfilter mark, nfmark on deny packets
APIs
- A ‘Workstation’ value has been added to the API output for: client_query and client_list
- group_clone API that clones an existing Group added
If you have any questions or concerns about planning an upgrade to this release, please contact Netsweeper Technical Support support@netsweeper.com.
Customers can access our community site for more information.
Change Log 7.1.1:
| Ticket | Description |
| 20525 | FEATURE: The connect:// protocol is now triggered for HTTP requests on an HTTP listener. |
| 22283 | FEATURE: There is now the ability to set a netfilter mark per listen socket. A new nfmarkclient and nfmarkserver setting has been added so each listen port can set a specific socket mark on either the client to proxy socket or the proxy to server socket thus allowing for epic solutions to be done. |
| 22316 | FEATURE: There are two new SysOp Permissions: ‘View Managed SysOp Lists’ gives a SysOp permission to manage all lists owned by SysOps they manage and ‘View Organization Sysop Lists’ gives a SysOp permission to manage all lists owned by SysOps in their Organization. |
| 22585 | FEATURE: Create Reports Options for Scheduled Reports has a new field ‘Max Start Date Range’ that allows you to specify how long ago the Start Date can be from now. In addition, two new WebAdmin Settings: ‘Maximum Report Start Date Depth’ and ‘Maximum Demand Report Date Range’ have been added to set upper limits for these settings. |
| 23014 | BUG: The Advanced Filter for Date would show the time but would select all records from the specified day and not the exact time of day if ‘Include Time in Filter’ is not checked. |
| 23070 | FEATURE: In Directory Sync, there is a new ‘Clone from Group’ option that allows you to use another Group as a Template when adding a Group. |
| 23124 | FEATURE: There are two new SysOp Permissions: ‘Create Sysop/User Accounts’ and ‘Delete SysOp/User Accounts’ that allow a SysOp to create or delete a SysOp or User Account. |
| 23145 | FEATURE: CentOS 8 porting work as started in 7.1.1. We have created an ISO installer and will be porting more and more services in individual tickets to the CentOS8 platform. |
| 23153 | FEATURE: We now include the Workstation as a configurable Radius field which populates in the WebAdmin. There is now the option to add validation on stop to ensure that Clients deleted match the username or workstation of the RADIUS accounting stop. |
| 23155 | BUG: The Chrome Client 7.40 and below could send the workstation name in a format that could cause the thinclient cookie to become corrupt. Policy service validation has been added for all fields sent from client. |
| 23158 | FEATURE: A ‘Workstation’ value has been added to the API output for: client_query and client_list. |
| 23162 | FEATURE: Emails from the Reporter can now include BCC and CC email addresses when sending a link to a Report instead of the full content. |
| 23169 | BUG: Directory sync Managers were not assigned to the Groups when the Group is created. This is an issue in 6.4.1 to 6.4.9. |
| 23173 | BUG: Upgrading from 6.2.5 to 6.4.9 GA could cause the Policy Service to segfault if the WebAdmin is not upgraded. |
| 23190 | FEATURE: There is a new NSProxy nat lookup mode named ‘samproxy’. This allows you to use the Linux kernels TPROXY feature to redirect IPv4 and IPv6 packets to NSProxy but will not maintain the Client IP address. This allows for normal transparent proxy without the connection tracking/nat process and does not require the complex load balancing and routing. The main advantage is transparent IPv6 filtering possible. |
| 23192 | FEATURE: 14 of 50 RPMs have been ported to CentOS8. The following packages are now avaialable, ns_backup, ns_env, ns_freshnsd, ns_listtools, ns_patterns, ns_phpnetsweeper, ns_policyserver, ns_proxy, ns_routes, ns_up2d, ns_utils, ns_webadmin, ns_webapitest. We plan to continue to port and test all RPMs over the 7.1 releases cycle. |
| 23194 | FEATURE: There is now the ability to copy the nfmark from the connection to the socket on accept() which allows us to mark the connection to NSProxy after we accept the packet, which allows us to route traffic from gre1 back to gre1 or specifically change routing based on the port NSProxy accepts the packet on. |
| 23199 | BUG: For CentOS 8, the dpdk has been updated from 16.07.2 to 20.08. |
| 23202 | SECURITY: The NSProxy tool ntlmldap used for NTLM over LDAP has been removed from the CentOS8 build. Customers migrating must be aware this is no longer supported at this time. |
| 23205 | FEATURE: There is a new group_clone API that clones an existing Group. |
| 23206 | FEATURE: The CentOS 8 ISO is available for download as of 7.1.1 for BETA testing. |
| 23209 | BUG: The NSRoutes cache file was not updating automatically. |
| 23210 | FEATURE: libevent2 does not need to be compiled for the CentOS 8 release. Stock libevent can be used. |
| 23221 | BUG: Directory conflict for /usr/local/netsweeper/var/lib/ between ns_env and ns_freshnsd resolved. |
| 23223 | BUG: The ns_env package did not build without the WebAdmin installed on the build system. |
| 23224 | BUG: The List Manager lookup code did not work with the new PHP in CentOS 8. We have updated how we call and use preg_match. |
| 23225 | BUG: The ns_backup rpm creation did not clear the repo checkout prior to building, causing potential failure during RPM build process. |
| 23230 | BUG: We have removed PHP references to function calls, and =& new references as these are not required and no longer allowed in PHP. |
| 23234 | BUG: The new PHP C API does not allow for ALLOC_INIT_ZVAL. We have refactored our PHP module libphpnetsweeper.so to support the new and old PHP API. |
| 23241 | BUG: NSRoutes with the new DNS library c-ares could sometimes stop running and abort. |
| 23250 | FEATURE: The Capture Modules can now set a netfilter mark, nfmark on deny packets. This allows for mark based routing to occur in Linux with ip rules/ip route tables. This will only work when a DMAC/SMAC/FLIPMAC/DEVICE is not set in nptransmit and the default OS layer routing is used. |