*************************************************************************************** Release Notes for Vigor2900 Series Firmware Version : v2.5.6 Release Date : 11 Nov 2005 Applied Models : Vigor2900, Vigor2900i, Vigor2900G, and Vigor2900Gi *************************************************************************************** Please ensure you download and use the latest router tools when upgrading the firmware. [New Features]: - Add Firewall/MAC Address Control with time schedule - Add Firewall/IM Blocking function - Support IKE/IPSEC DPD function - Provide Internet Access through L2TP protocol - Support Wireless WPA2 security mode (It's supported in wireless hardware version 2 or above.) [Improvements] - Expand number of NAT sessions from 2500 to 7500 - Add "WAN IP Alias" in PPPoE Internet access mode - Add subnet selection of Relay Agent in DHCP Server Configuration - Support IP range in IP filter rules - Add time schedule function in IP filter - Use better mechanism to defense DOS attacks - Add time schedule function in P2P blocking - Add an option to disallow eDonkey upload traffic in P2P blocking - Use new time schedule function in URL content filter - Add a selection of allow/block websites matching keywords in URL content filter - Add a telnet command("ip dns") to set the DNS server used by router - Add a telnet command("mngt log") to log the router management information to syslog - Use more secure option in MPPE negotiation - Add IKE phase 2 proposal in LAN-to-LAN advanced setup - Display more detail information in NAT session table - Support NAT loopback for 2nd subnet - Prevent assigning conflicting IP to DHCP clients after router reboot [Corrected Problems] - Buffer leakage caused by L2TP StopCCN messages - IP filter failed to handle port 65535 - Call schedule not working for VPN profiles 17-32 - Can not set More route for Lan-to-Lan VPN profiles 17-32 - Unable to set VLAN and Port Rate Control by FireFox - FTP traffic unable to pass NAT - Qos rules deleted by Advanced setting will appear in Basic setting after reboot - Inactive Qos rules will be actived after reboot [Notes] - How to find the Wireless Hardware Version: In the "Wireless LAN Setup" > "Wireless Information" > "Firmware Version", the last digit is the Wireless Hardware Version. For example, v1.2.8.16.04.2 means the wireless hardware version is 2. - Time schedule of IP filter, MAC Address Control, P2P/IM blocking and URL filter: Each of these firewall functions has 4 time schedule profiles. Each profile represents one of the 15 profiles in Advanced Setup/Call Schedule Setup. Note that only time settings in the profile are used by firewall functions. Other settings like Action and Idle Timeout will be ignored by firewall functions. - MAC Address Control: Can be used to assign the time that a MAC is allowed to pass the router. It can also be used to filter MACs that are not explicit specified in the list. Note that this function only checks source MAC of packets from LAN side. - DOS Defense: The way to defense flooding attacks before this release depends on the total number of attacks detected on the WAN interface. In this release, each port will detect the number of attacks and defense themselves when threshold is reached. DOS defense function also works on LAN interface. A maximum number limitation of syslog is given in this release(about 10 per second) to prevent the syslog server from DOS attacks by syslog messages. - Block IM: 3 Instant Messenger applications(MSN Messenger, Yahoo Messenger, ICQ/AOL) can be blocked. 4 time schedule profiles can be used to specify the time to block IM. - URL Content filter allow/block option: When 'Block' option is selected, URLs matching the Keywords will be blocked. When 'Allow' option is selected, URLs matching the keywords are allowed to pass, others will be blocked. - IKE/IPSEC DPD(Dead Peer Detection) function: It is used to disconnect the IPSec tunnel when the peer is detected as dead. Note that both peer must support DPD for this function to work. - DNS server for router: A new telnet command "ip dns" has been added to set the DNS servers used by router. The router tries to select a primary and a secondary DNS server in the following order: 1. The DNS server set by "ip dns" command(in Static or Dynamic IP page) 2. The DNS server given by the Internet Access server(PPPoE or PPTP/L2TP server) 3. The DNS server for DHCP clients(in LAN TCP/IP and DHCP Setup page) 4. Default DNS server(194.109.6.66 and 194.98.0.1) The telnet command "srv dhcp dnsmanl" is not supported in this release. The "ip dns" command also displays the active DNS server. [END oF FILE]