• News archive
• Security Gateways
  • Halon SX-50
    • Specifications
    • Benchmarks
    • Screenshots
  • Halon SX-101
    • Specifications
    • Benchmarks
    • Screenshots
  • Halon SX-200
    • Specifications
    • Benchmarks
    • Screenshots
• Spam Gateways
  • Halon SPG-100
  • Halon SPG-200
  • Halon SPG-300
  • Halon SPG-400
  • Halon SPG-500
• H/OS Extreme
  • Software Upgrade
  • Free Evaluation
  • Screenshots
• Remote Manager
  • Download
  • Screenshots
• Software update
• Release Notes
• Documentation
• Video Guides
• Acquire License
• Online support
• FAQ & Guides
• RMA Request
• How to buy
  • Become a reseller
• Distributors
  • Distributor application
• Press releases
• Articles/Reviews
• Press resources
• Contact info
• Site info
  • Cookies
• Workshops

H/OS 2.0 Release 1.0.5

08/21/08, download

• Imp: Improved quarantine with reports
• Imp: Statistics in Web Administration
• Imp: Domain reports with additional statistics
• Imp: Logging is separated and improved
• Imp: Message tracking (Activity)
• Imp: Web Administration re-organization
• Bug: Storage recovery from power failures
• Imp: Certificate tunable "Optional but Verify"
• Imp: Error messages are displayed as dialogues
• Imp: Generate SSL certificates (Diagnostics section)
• Imp: Name (tag) configuration revisions
• Imp: SOAP configuration API (using WSDL file)
• Imp: NFS replaces SMB for network storage
• Imp: Graceful shutdown and restart
• Imp: Boot proceedure with progress and log
• Imp: Multidimensional arrays in HSL
• Imp: Headers are UTF-8 decoded in HSL
• Imp: GetDSN(), GetRoute(), DeliverAsSpam() in HSL

H/OS 2.0 Release 1.0.4.1

06/09/08, download

• Bug: Web Administration error on factory reset units
• Imp: Added German and Japanese language support
• Imp: HSL Scripting in Outgoing Queue
• Imp: Domain name variable in HSL
• Imp: WrapMessageAddHeader function added in HSL
• Imp: Revert to default config upon fatal errors
• Imp: Disable Incoming Listeners upon storage failure
• Imp: Regular Expression modifiers in HSL
• Imp: Initial Access Control Flow statistics
• Imp: Incoming Queue shows entire message
• Imp: http() and explode() functions added to HSL
• Imp: Pattern Analysis (spam assassin) module added
• Imp: LDAP testing on Diagnostics section
• Bug: Max Message Size can be increased
• Bug: Overall reliability and functionality

H/OS 2.0 Release 1.0.3

05/15/08, download

• Imp: Added Italian, Spanish and Korean language support
• Imp: Overall reliability improved

H/OS 2.0 Release 1.0.2

05/12 2008, download

• Bug: SPF calculated $spamscore incorrectly
• Imp: Reboot to Update Firmware from Web Admin.
• Bug: Removed extra newline in messages
• Bug: Database conversions could fail
• Imp: Ability to disable ACL flow for services
• Bug: NTP synchronization problem solved
• Imp: Model-specific performance optimizations
• Bug: Recovery from power failure
• Bug: Windows (SMB) share no longer fails
• Imp: Added date/time functionality to HSL
• Imp: Overall reliability improved

H/OS 2.0 Release 1.0.1

04/28 08, download

• Bug: Problems in the parser of the mail scanner are fixed
• Bug: Ajax problems in the mail processing flow are fixed
• Imp: New functions in HSL (Halon Scriping Language)
• Imp: UTF-8 support in HSL
• Bug: Internet Explorer and Opera support
• Imp: Overall reliability improved

H/OS Extreme Release 1.3.4

18/06 2008
Network Adapter Driver Update.

H/OS Extreme Release 1.3.3

13/06 2008
Added TLS passthrough for UTM/SMTP Proxy.

H/OS Extreme Release 1.3.2

11/06 2008
Maintenance release which add support for other vendor's IPSec, among other things.

H/OS Extreme Release 1.3.1

Maintenance release.

H/OS Extreme Release 1.3.0

We are pleased to announce a new version of H/OS, with a lot of changes and new features available such as a PPTP Proxy and "Application Policies" which will add policies in the background to ease for you.

• WebUI
• The WebUI have got an updated look and we also changed the terminology a bit, eg. "Split firewall" has been renamed to the better self-explained "Visual Filters" and "Firewall routes" has been renamed to the more widely spread "Policy Routing".
• Fallback
• Fallback is a new feature we introduce that will help you not to loose your Halon on remote due to a misconfiguration. It can be enabled under "Applications -> Control Panel -> Fallback". It requires that you "confirm" a configuration within 30 seconds or it will fallback to the latest "confirmed" configuration. If you mange your Halon through the WebUI it will be confirmed automatically, when using the CLI you must issue a "confirm" after each configuration modification within 30 seconds (repeated warnings will appear).
• UTM
• We now have moved our Halon-UTM appended headers to X-headers (X-Halon-UTM) so they will be treated correctly as extensions to the SMTP protocol.
• Policies
• Introducing Application Policies will Help you configure a service without adding obvious policies in the background, they are up for review under the "Internal Policies" in the policy listing. Application Policies are enabled by default but can be disabled under "Application Policies -> Options". Below follows a list with services which has "Application Policies".
1. UTM/SMTP Service.
2. UTM/POP3 Service.
3. PPTP Service, the default behaviour is that all remote clients will have full access to your network when connected, this can be overridden by a DROP IN ON PPTP. And if the PPTP Proxy is enabled, you will not need to have any PPTP rules at all.
4. IPSec Tunnels, policies to establish a tunnel will be created, but you will have to add policies on the tunnel interface itself before any traffic will pass.
5. DNS Cache, you may want to block DNS requests incoming on ether1.
6. TCP Balancer, the TCP balancer now get policies added in the background, no user added configurations is needed.
7. Internal clients will be allowed to connect outging.
• This update will affect your configuration in some way as it is configured today, probably only in a way where you have duplicates of rules. And once again, if you have a PPTP Server please note that if you do not have a rule that disallows traffic in on the PPTP interface; Dial-in users will gain full access to your network, this may in some cases not be what you want.
• PPTP & PPTP Proxy
• We now include a PPTP Proxy which will help you handle multiple PPTP connections from and to the same IP. Its highly recommended that you enable this service and also enable Passthrough on ether2.
  As you read above if the PPTP Proxy is enabled, you will no longer need any policies allowing PPTP, and please note that the default behaviour is that all remote clients will have full access to your network when connected, this can be overridden by a DROP IN ON PPTP.
• DNS Cache
• The internal DNS Cache may now hold user defined A-records, see "Applications -> DNS Cache".

If you are unsure how this update will affect your configuration and do not have a too advanced configuration you might as well just reset the configuration and rerun the first run wizard which now also includes UTM/SMTP and activation of the PPTP Proxy.

H/OS Extreme Release 1.2.6

06/08 2007
We are pleased to announce a new version of H/OS, with many new features such as Basic Mode and more powerful configuration options.

• FTP
1. The "FTP Data" firewall service definition got changed from destination port 20 to source port 20. This is something you need to take into consideration if you're using the FTP Control (Data) service.
2. The FTP Proxy service's data connections operates on port span 53000 to 53500, and two policies are added in the background. The first allows traffic from source port 20 to ports 53000 - 53500 on the firewall any port. The second allows the clients on the activated interface to connect to the firewall's proxy on port 53000-53500. This will provide a more reliable behavior, and the policies are "Keep Looking", and may therefore be overridden by your own policies.
• Policies
1. The behavior for policy flows that operate over NAT (for example ether2 to ether1 where ether1 is "WAN" and uses NAT) has changed. The old behavior was to check the address/port conditions when packets were traversing the second (outgoing) interface. Since NAT changes the source address while traversing the NAT:ed (WAN) interface in the outgoing direction, the condition check usually failed, and the flow was broken. The new behavior is to ignore the conditions on the second (outgoing) interface, making it work over NAT without any disadvantages in security.
2. A new visual improvement in the policy listing shows stateful, bi-directional policies between two interfaces (for example etherX <-> [halon] <-> etherY) in a new way, in two lines. The reason for this, is that the conditions are swapped depending on the direction in which the packets are traveling.
3. Support for ToS (type of service) filtering is added. It is specified in the "flags" field (Firewall > Policies > New Policy > Advanced > Flags if using Advanced Mode) as "TOS:1" up to "TOS:255".
• Firewall Routes
1. There is a new failsafe mode for firewall routes called Fallback. It will choose the first gateway in the list if possible, and "fail over" to the next gateway if the previous does not respond to ping.
• Unified Threat Management
1. Possibility to acquire unlimited UTM domains and wild card "catch all". (requires add-on license)
• Intrusion Detection
1. The intrusion detection engine now supports all Snort syntax rule-files. Therefore, it does not operate inline.
• Web Administration Interface
1. A new Basic Mode has been added, referring to the old, classical, mode as Advanced. It installs default policies and NAT entries, and provides visualized, easy-to-deploy, policy and NAT items. The "NAT Wizard" is removed and replaced with a Basic Mode Wizard, which is presented as a first run dialog, if the configuration is reset.
2. New "Web Tools" are included, such as an IP Calculator for netmask to bitmask conversions, and a HEX converter.
• Bridges
1. Improved bridge mode for WLAN and LAN.
• VPN
1. New IPSec Tunnel Mode; "Transport", for compatibility with some VPN gateways.
2. MRU and MTU settings for PPTP.

H/OS Extreme Release 1.2.5

04/13 2007

• New VPN Wizard
• New packet logging features, possibility to log packet data and show derived policy
• Improved bridging
• Improved UTM logging and statistics
• New UTM reporting module

H/OS Extreme Release 1.2.4

02/20 2007

• DynDNS Client
• Multiple Administrator accounts
• New Policy listing
• FTP Proxy improvements
• Improved DHCP Handling
• Halon Remote Manager speed improvements

H/OS 1.0 Release 3.1.5

New features:

• Possibility to name unit for easier management.
• Scheduled system reports by mail containing graphs, logs, configuration and system information.
• Dynamic DNS client.
• SX-101C VPN limit raised to 50.

Improvements:

• Option to change the default ports for the internal web administration.
• Minor web administration layout and structure changes.
• Improved IDS customization, checkbox for disabling specific IDS rules.
• Better firewall logging, now back trace in log on blocked rules.
• Changed the password limit for PPTP password to 20 characters.
• CLI improvements, Virtual Addresses are now also shown in "interface view"-mode.

Bugs fixed:

• PPTP user image shown as empty the first 10 minutes after a reboot.
• Minor graphical bug when disabling/enabling firewall rules.
• Minor DHCP server bug when using DHCP on WAN.
• Proper netmask for failovers.