Barracuda Load Balancer ADC Release Notes - Version 6.5.0.009 (Pre requisite : 6.3.0.005)
Read Before Updating
Before installing any firmware version, back up your configuration and read all release notes that apply to versions more recent than the one currently running on your system.
Before upgrading a virtual machine, it is highly recommended to take a snapshot of that virtual machine.
Do not manually reboot your system at any time during an update unless otherwise instructed by Barracuda Technical Support. Depending on your current firmware version and other system factors, updating can take up to 10 minutes. If the process takes longer, contact Barracuda Technical Support for further assistance.
Known Issues
- In the High Availability environment, deleting a Layer 4 service or editing the server associated with the Layer 4 service in the Passive unit is not handled properly in the backend. It is recommended to perform these operations on the Active unit. [BNADC-5795]
- The SSL hardware is now disabled by default in the Barracuda Load Balancer ADC 640 and 840. The administrator can enable the SSL hardware functionality if required.
Firmware Version 6.5
Enhancements
- Client Certificate can be sent in base64 encoded format to the backend server by configuring X509_HDR_FTR_WHOLE macro. [BNADC-10503]
- An option to configure domain name for servers for SNI, is provided through URL translation. [BNADC-14916]
- GSLB now supports "@" and "*" as hosts for A, CNAME, MX, TXT, NS record types. [BNADC-10356]
Fixes
Firmware Version 6.5.0.009
- Fix: The high CPU utilzation issue caused in 6.5.0.007 release has been addressed now. [BNADC-15246]
Firmware Version 6.5.0.007
- Fix: Barracuda Load Balancer ADC can now handle HTTP2 response of more than 1MB size. [BNADC-15201]
- Fix: With HTTP(S) and Simple HTTP(S) tests, you can skip the Test Match by providing "skip-match" as the value in the Test Match field. [BNADC-15195]
- Fix: In a rare case where the Data Path crashed with heavy load, has been addressed now. [BNADC-15049]
- Fix: It is now possible to upgrade the firmware on BarracudaLoadBalancerADC-vm4.4.3-fw6.3.0.008-20181114 based VMs. [BNADC-15005]
- Fix: Elliptic curves can be selected when TLSv1.3 is enabled. [BNADC-15003]
- Fix: Cookie-Persistence header value is read even if it is after 16th headers in the HTTP request. [BNADC-14997]
- Fix: High CPU utilization due to parsing of CSS file having URL's in quoted strings, has been addressed. [BNADC-14919]
- Fix: The 'SameSite' cookie attribute is now honored. [BNADC-10486]
- Fix: Extra checks are added to prevent from HTTP Request Smuggling attacks.[BNADC-15174]
- Fix: Issue with Client Impersonation when servers were configured with port ranges, has been addressed. [BNADC-15173]
- Fix: Issue with RSA Authentication on Chrome browsers, has been resolved. [BNADC-15077]
- Fix: Problem related to bind error messages populating in system logs, has been addressed.[BNADC-15044]
- Fix: The GSLB DNS proxy version is not exposed to any lookup command. [BNADC-15170]
- Note: Customers upgrading from 6.5.0.002/6.5.0.003 to this version will lose all the existing logs due to mongod memory usage fix
Firmware Version 6.5.0.004
- The higher memory usage seen with mongod binary with previous versions of 6.5 firmware has been addressed now.[BNADC-14975]
Firmware Version 6.5.0.003
- The 6.4 firmware caused a regression leading to a rare condition in presence of dual authentication, where user information on the authentication header passed to back-end server gets swapped. Now it is addressed.[BNADC-14945]
- The watchdog functionality got missed on firmware version 6.5.0.002 has been restored now.[BNADC-14955]
- An issue seen in FTPSSL module leading to data path crash is fixed now.[BNADC-10248]
Firmware Version 6.5.0.002
- Multiple reporting issues related to choose multiple filters, has been fixed.[BNADC-14882]
- An issue where sometimes other LDAP admins were not able to process the SMB backup taken earlier, has been fixed. [BNADC-14872]
- An issue with reporting to support multiple unique attack types as Reporting filters, has been fixed. [BNADC-14854]
- An Issue related to invalid Netmask entry for Policy Based Routing fields, have been fixed. [BNADC-14853]
- Certificates can downloaded using REST API. [BNADC-12705]
- The log rotation issue caused on the latest build hardwares ( platform 5 devices), has been fixed.[BNADC-10566]
- The ACL chains that were missing and causing service interruption, has been addressed now. [BNADC-10550]
- Service rename operation for Servers with configured hostname causing the Configuration Rollback, has been addressed.[BNADC-10520]
- An UI load issue due to improper database logs, has been addressed now. [BNADC-10497]
- An issue with 6.3 firmware upgrade that was resetting few of the parameters to default values of HTTP test , has been addressed now.[BNADC-10489]
- The Response Body Rewrite to support Storefront configurations, has been corrected. [BNADC-10488]
- Stricter checks have been enforced on header names to prevent possible evasions that can be used in the execution of HTTP smuggling attacks. [BNADC- 10445] [BNADC- 10431]
- An issue related to Server Display Name length, has been fixed. [BNADC-10420]
- An issue related to HTTP2 Enabling for Instant SSL service, has been addressed.[BNADC-10361]
- An issue for receiving wrong Subscription Expiration emails and alerts, has been fixed.[BNADC-10360]
- An issue related to Summary Logs Rotation and storage, has been fixed.[BNADC-10354]
- The cef character = is escaped in cookie string. [BNADC-10345]
- Connection Logs format issue for successful ELK integration, has been fixed. [BNADC-10282]
- An issue generated when configuring more than 3000 SNI domains, has been addressed.[BNADC-10277]
- Config Wipeout issue for the faulty configuration changes, has been addressed .[BNADC-10246]
- Country-Code as extended match element in Allow/Deny Rules, can be defined.[BNADC-10183]
- An issue related to SMTP greeting message to use Hostname and Domain, has been addressed.[BNADC-10160]
- Servers with hostnames that were resulting into NULL during the hostname resolution, has been fixed.[BNADC-9938]
- Support for IPV6 netmask value for Persistence Netmask field under Source IP persistence type, has been provided.[BNADC-9737]
- An issue related to Enabling Service Group persistence, has been addressed.[BNADC-9604]
- High CPU usage by the ATD process, has been addressed.[BNADC-9242]
- An issue created when the system memory usage crosses the configured threshold memory on a standalone has been fixed by restart the Data Path Process to avoid system going to hang state.[BNADC-14886]
Firmware Version 6.4
Features
- Barracuda Load Balancer ADC now supports TLSv1.3 protocol. [BNADC-9179]
- Ability to configure service port ranges for TCP/UDP proxy services is supported. [BNADC-3239][BNADC-3175]
- Barracuda Load Balancer ADC now supports load balancing Citrix Storefront and Xen App/Desktop. [BNADC-9783]
Enhancements
- Ability to schedule reports at any hour of the day is added.[BNADC-9525]
- Ability to send value of Basic Authorization Header as part of HTTP query parameter after successful authentication of the user is added. [BNADC-10043]
Fixes
Firmware Version 6.4.0.008
- Resolved: TCP SACK vulnerabilities CVE-2019-11478, CVE-2019-11479.[BNSEC-8325][BNADC-10272]
- Resolved: HTTP/2 Dos attack vulnerability CVE-2019-9511 to CVE-2019-9518 discovered by Netflix. [BNSEC-8464][BNADC-10376]
- Resolved: Post-authentication sensitive information leak [BNSEC-8552][BNADC-10399]. Thank you to Steven Campbell from Rapid7 for reporting this to us.
- Addressed Scheduled Report Summarization issue in heavy traffic. [BNADC_10253]
- Issue in using ECDSA certificate chain for service is fixed now. [BNADC-10390]
Firmware Version 6.4.0.005
- Enhancement: Ability to select Group Membership Format as UserDN or User for LDAP authentication is provided. [BNADC-10060]
Firmware Version 6.4.0.004
- System timezone from the System Configuration Backup file is honored correctly. [BNADC-10083]
- Intermittent connection failure in RDP Server Monitor Testing Method, is addressed. [BNADC-9996]
- User Authentication failure due to special characters (%) in the password, is addressed. [BNADC-9897]
- The Authentication page which was not rendering on chrome 72 browsers is addressed now. [BNADC-10113]
- The user authentication fails when user is part of too many groups, is addressed. [BNADC-9850]
- Support for special characters in the user name for LDAP Authentications, is addressed. [BNADC-9846]
- The increase in the memory usage of the server health monitor over a time for DNS test, is addressed. [BNADC-9794]
- An uneven load balancing seen when WLR algorithm and client IP impersonation was configured, is addressed. [BNADC-9327]
- All the logs from the system are now shown with System Timezone correctly on 6.3.0.008 based VM instances.[ BNADC-10051]
- Issue with MS Sharepoint server monitor testing method where the domain was not forwarded to the sharepoint server, is addressed.[BNADC-10112]
Firmware Version 6.3
Features
- Support has been added for a new testing method to monitor MYSQL servers. [BNADC-3124]
- You can now configure an RSA Secure ID Authentication Service from the ACCESS CONTROL > Authentication Services > RADIUS page. [BNADC-6974]
Fixes
Firmware Version 6.3.0.008
- Addressed a memory leak with logging module when the services are accessed by clients with private ip or anonymous ip address. [BNADC-9742]
Firmware Version 6.3.0.005
- Virus definition updates using an offline update are now working. [BNADC-9691]
- For the GSLB configuration, SRV records specified with a custom protocol are now allowed, in addition to the TCP and UDP protocols. [BNADC-9493]
- The UI did not allow you to edit two separate service types specified with the same IP address and port. This issue has been fixed. [BNADC-9531]
Firmware Version 6.3.0.004
- Deleting the interface on VM host was not deleting the interface on the Barracuda Load Balancer ADC. This issue has been addressed. [BNADC-5679]
- Email notifications were not being sent after Failover or Failback. This issue has been addressed. [BNADC-9305]
- In some cases, traffic to service handling WebSocket traffic was disrupted. This issue has been addressed. [BNADC-9334]
- Summary logs are not being generated in some scenarios. This issue has been resolved. [BNADC-9347]
- In the directory tree structure of web applications under the URL Profiles section, clicking on the required leaf node now displays the profiles added for that leaf node. [BNADC-9359]
- Service was being interrupted when handling HTTP2 traffic. This issue has been fixed. [BNADC-9376]
- There were some obsolete countries listed in the UI under GSLB Regions (for example, Western Sahara). This issue has been fixed. [BNADC-9453]
- If you clicked the Test button, the GLSB Monitor test would be displayed as a "Pass", even when the servers attached to the monitor group were down. This issue has been fixed. [BNADC-9484]
Firmware Version 6.2
Features
- You can now configure custom roles for administrators. [BNADC-7835]
- The REST API has been enhanced to allow you to obtain the certificate expiration time. [BNADC-8732]
- GSLB has been enhanced to enable the configuration of region-based failover policies. [BNADC-9152]
Enhancements
- Load balancing has been improved by enhancing the persistence functionality. [BNADC-8838]
- Support for persistence cookies has been enhanced to better support SharePoint servers. [BNADC-9036]
- You can now specify which SSL protocols should be supported from the Load Balancer ADC's web interface (on the Advanced > Secure Administration page), including the ability to disable SSLv3 and TLS1.0. [BNADC-8553]
- SSLv3 and TLS1.0 is now disabled by default for new services and servers. We recommend user to disable SSLv3 and TLS1.0 protocols manually after upgrade to this firmware for existing services and servers as these are less secured protocols. [BNADC-8918]
Fixes
Firmware Version 6.2.0.006
- In certain cases, high CPU usage was observed with the data path process when "Application Security" was "Enabled" for a service. This issue has been addressed. [BNADC-9267]
- "Network Connectivity Tests" on the ADVANCED > Troubleshooting page are now working properly to troubleshoot network issues. [BNADC-9291]
Firmware Version 6.2.0.005
All fixes incorporated in firmware updates 6.1.0.006 and 6.1.0.007 have also been incorporated in this firmware
- SMTP response codes for SMTP monitor test are now handled gracefully in server monitoring test. [BNADC-7500]
- The data path now processes the SSL traffic without any interruption when passing through the hardware SSL module.[BNADC-8824][BNADC-8799]
- Certain types of traffic caused the data-path processes to crash. This issue has been fixed. [BNADC-7551]
- A new version of the kernel has addressed an issue with kswapd0 consuming too much CPU. [BNADC-8455]
- The domain name can now be sent along with the username to the Radius server for user authentication. [BNADC-8677]
- There was an issue with handling HTTP2 protocol traffic. This issue has been fixed. [BNADC-8715]
- You can now configure GSLB service in Azure deployments. [BNADC-8727]
- Geo IP feature is now working properly on virtual machines. [BNADC-8739]
- A log storage issue was being caused by extra RRD files. This issue has been fixed. [BNADC-8768]
- When caching was enabled, the HTTP2 response was not working properly. This issue has been fixed. [BNADC-8791]
- Incorrect links to statistics files caused the GUI to be temporarily unavailable. This issue has been fixed. [BNADC-8797] [BNADC-8864]
- The A record answer section was missing from GSLB. This issue has been fixed. [BNADC-8832]
- Long hostnames and long device identifiers were affecting ActiveSync. This issue has been fixed. [BNADC-8835]
- After configuring a new value for Failure Retries, the server health monitor process required a restart. This issue has been fixed. [BNADC-8836]
- False positives triggered High Availability failovers. This issue has been fixed. [BNADC-8900]
- If the client region contains unicode characters and logging is enabled for GSLB, GSLB requests are now handled gracefully. [BNADC-8926]
- The per-request memory allocation for the data path has been reduced to optimize memory usage in entry-level models of the Load Balancer ADC. [BNADC-8931]
- There was a slow memory leak when security was not enabled. This issue has been fixed. [BNADC-8951]
- You can now configure a Content Types string of up to 128 bytes under the Compression configuration. [BNADC-8975]
- After configuring rules for selected services, the Web Translations page now refreshes and displays the details of the selected services. [BNADC-8998]
- Added an option Enable ICMP Redirect on the Barracuda Load Balancer ADC. ICMP Redirect is disabled by default from firmware 6.1 for security reasons. [BNADC-9102] [BNADC-9038]
Firmware Version 6.1
Features
- Support for the HTTP/2 protocol over HTTPS has been added. [BNADC-7208]
- The Barracuda Load Balancer ADC is now available on Microsoft Azure. [BNADC-7721]
- The Barracuda Load Balancer ADC on AWS now supports clustering across two Availability Zones for increased resilience and high availability. [BNADC-8017]
- Support for configuring "Auto Scaling Groups" as backend servers in AWS. [BNADC-8353]
Enhancements
- The FTP access log can now be exported instantly. [BNADC-8408]
- Server health checks now support HTTP/1.0 and HTTP/1.1. [BNADC-5632]
- An internal upgrade of the platform utilities and kernel is done in this release. [BNADC-6461]
- Implemented support for handling LDAP nested groups across different domains. [BNADC-7595]
- Support for the AWS proxy protocol in WebSocket has been added and a known issue with backend SSL over WebSocket is addressed. [BNADC-7613]
- Barracuda Load Balancer ADC High Availability now supports automatic failover in case critical processes crash on an active device. [BNADC-1485]
Fixes
Firmware Version 6.1.0.007
- All DNS requests are now handled properly. [BNADC-8832][BNADC-8926]
- An issue that resulted in slow memory leak when "Application Security" was set to 'Disable' for a service, has been addressed. [BNADC-8951][BNADC-8695]
- In some cases, data path traffic was disrupted due to response body rewrite rules when "Application Security" was set to 'Disable' for a service. This issue has been addressed. [BNADC-7751]
- The memory foot print per HTTP/HTTPS request in data path has been reduced to optimize the memory in lower end models. [BNADC-8931]
- In the High Availability environment, an issue where the failover to the Backup system was not triggered when the Active system went into the 'Fault' state. This issue has been addressed. [BNADC-8900]
- There was an issue with incorrect links to the statistics files causing the GUI to become temporarily unavailable. This issue has been addressed.[BNADC-8797][BNADC-8864]
Firmware Version 6.1.0.006
- HTTP2 responses now work properly when caching is enabled. BNADC-8791
- The issue with large hostname and device id affecting the active sync functionality has been addressed. BNADC-8835
- Server health monitor process now honors the value configured in "Failure Retries". BNADC-8836
- "Slow Client Attack Prevention" policy is applicable only when "Application Security" is set to "Enable" for a service. BNADC-8695
Firmware Version 6.1.0.005
- Memory leak issue observed during continuous HTTP2 traffic, has been fixed. [BNADC-8715]
- Geo IP feature is now working properly on the virtual machines. [BNADC-8739]
- The log storage issue that resulted due to junk RRD files, has been fixed. [BNADC-8768]
Firmware Version 6.1.0.004
- False Energize Update Expired alert emails are not generated when the unit is offline. This issue has been addressed. [BNADC-8599]
- Adding a new line in the Comments text box for Attack Types resulted in a configuration rollback. This issue has been addressed. [BNADC-8614]
- The data path crash when the Response Body Rewrite rule was configured for a service, has been fixed. [BNADC-8656]
- The data path crash in HTTP2 traffic has been fixed. [BNADC-8657]
- A GET query for service groups can now be executed without a forward slash in the REST API URL. [BNADC-8702]
Firmware Version 6.1.0.003
- The "Enable Keepalive Probes" option for TcpProxy service works correctly now. [BNADC-8376]
- A certificate name can now include numbers at the start. [BNADC-8137]
- The Global Server Load Balancing (GSLB) now process the traffic uninterruptedly. [BNADC-7021]
- The serial number of the clustered Barracuda Load Balancer ADCs are now displayed in the ADVANCED > High Availability page, Clustered System section. [BNADC-7101]
- An issue where both the units in a cluster resulted in the "Active" state, has been fixed now. [BNADC-7134]
- Ability to control the maximum number of failed authentication attempts, is now supported. [BNADC-7392]
- Creating an Instant SSL service with an existing HTTP service no more generates duplicate database variables. [BNADC-7471]
- A report is now being sent when an SMTP sever is configured with a user name and password. [BNADC-7866]
- Dual Authentication is now supported with LDAP as the primary authentication service and Radius as the secondary authentication service. [BNADC-8022]
- After upgrading the firmware, the system failed to reboot due to a network issue. This has been addressed, [BNADC-8449]
- When "Enable High Availability" is set to "Yes", the "Failback Mode" is now set to Manual by default. [BNADC-8155]
- The domain name can now be sent along with the username to the radius server for user authentication. [BNADC-8598]
- Changing the service type from INSTANT SSL to HTTP/HTTPS and then back to INSTANT SSL now correctly creates the Redirect service. [BNADC-8422]
- The role of LDAP mapped users will not be changed if the LDAP's default role is changed by the administrator in the ADVANCED > Admin Access Control page.[BNADC-8453]
- An issue with XML content POSTed in a SharePoint application, which resulted in stripping of one extra character in the requests from the client being relayed to the backend SharePoint server, is addressed. [BNADC-7933]
Firmware Version 6.0.1
Features
- Support for Websockets : The Barracuda Load Balancer ADC now supports WebSocket traffic. With WebSocket support, the Barracuda Load Balancer ADC behaves as a pass through proxy and does not intercept or analyze the traffic. [BNADC-3411]
- It is now possible to add client source port using the "SRC_PORT" macro under "HTTP Request Rewrite" on the TRAFFIC > Web Translations page. [BNADC-7378]
Enhancement
- The Extended Match "Element Type" list now includes "SSL-Version". [BNADC-6205]
- The Barracuda Load Balancer now sets "Max-Age" and "Expires" attributes in the HTTP requests to ensure all web browsers honor the cookie expiry time. [BNADC-7405]
- You can now configure whether or not to forward the persistent client connections to the backup/maintenance server when the real server is up. [BNADC-6216]
- Client and Server details are now included in the server certificate validation error logs. [BNADC-7733]
- You can now enable/disable SSL Error Logs for service and server. [BNADC-7804]
Fixes
Firmware Version 6.0.1.008
- Vulnerability Fix: OpenSSL vulnerability mentioned in CVE-2016-6304 is addressed. [SWEET32 vulnerability] [BNADC-8073]
- An issue that added an extra byte in the response when the file is of zero byte when compression was enabled, has been addressed. [BNADC-8056]
- A race condition that resulted in clearing the configuration, has been fixed. [BNADC-8037]
Firmware Version 6.0.1.006
- The wildcard character asterisk (*) is now allowed while configuring SNI domains. Example: *.abc.com [BNADC-7923]
- HTTP Strict Transport Security (HSTS) is now available on all Barracuda Load Balancer ADC models. [BNADC-7907]
- If FTP access log is configured, all temporary access log files on the system are cleared after transmitting the log files to the FTP server. [BNADC-7943]
- Processing HTTP headers in the requests now does not throw errors. [BNADC-7906]
- Web pages are now served properly even after hitting refresh in all the web browsers. [BNADC-7927]
Firmware Version 6.0.1.005
- DHE/ECDHE cipher support is now enabled for backend SSL on SSL accelerator hardware. [BNADC-6687]
- The HTTPS traffic interruption seen on 6.0 firmware on the systems with hardware SSL accelerator has been addressed now. [BNADC-7596]
- The URL in the Recommended Fix for URL Profile now displays the complete URL path. [BNADC-7526]
- Complete certificate chain for ECDSA certificate is now displayed during SSL handshake. [BNADC-7539]
- Increase in data path memory usage caused instability in the lower-end Barracuda Load Balancer ADC models. This issue has been addressed. [BNADC-7631]
- The status of clustered systems on virtual machines is now correctly displayed on the BASIC > Dashboard page. [BNADC-7058]
- A possible race condition that interrupted the data path traffic when servers were marked down while serving the traffic, has been addressed. [BNADC-7693]
- An issue that resulted in clearing the configuration due to the repetitive database read failures, has been fixed. [BNADC-7738]
- An issue that was observed in Version 6.0, where the load balancer used the deleted server to serve the traffic, has been addressed. [BNADC-7360]
Firmware Version 6.0
Features
- Latest versions of the Barracuda Load Balancer ADC 640, 641 and 642 leverage specialized hardware to accelerate SSL transactions. In addition, these models also have dual power supplies.
To accommodate this additional hardware, the network interface ports have been rearranged on the Barracuda Load Balancer ADC 641 and 642. Now, 1 GB ports are in the first eight slots and 10 GB ports are in the next two slots (from left to right ). [BNADC-6627] - You can now use connection logs to display information about the connections made to the configured services and to the associated servers. This feature is available in Barracuda Load Balancer ADC 540 and higher. [BNADC-3070]
- Barracuda Load Balancer ADC introduces a new reporting module with more than 25 reports and built in drill down functions. [BNADC-6489]
- Source IP Persistence support has been added at the Service Group level. [BNADC-6316]
- Administrators can configure a static Source IP to connect to the real servers. [BNADC-3836]
- Role Based Administration (RBA) support implemented. [BNADC-3259]
- Augmented SSL Capabilities
- Subject Alternative Names (SAN) certificate creation support. [BNADC-3441]
- SSL Session Resumption Support. [BNADC-5902]
- Strict Transport Security (HSTS) Support. [BNADC-6520]
- SSL Session ID Persistence Support. [BNADC-867]
Enhancement
- Global Server Load Balancing (GSLB)
- CNAME, SRV, and TXT record types have been added to GSLB services. [BNADC-3373]
- GSLB statistics can now be queried using an SNMP request. [BNADC-4358]
- The Barracuda Load Balancer ADC now supports the following Diffie-Hellman Ephemeral (DHE) cipher suites: [BNADC-6663]
- DHE-RSA-AES256-SHA256
- DHE-RSA-AES256-SHA
- DHE-RSA-CAMELLIA256-SHA
- DHE-RSA-AES128-GCM-SHA256
- DHE-RSA-AES128-SHA256
- DHE-RSA-AES128-SHA
- DHE-RSA-CAMELLIA128-SHA
- The REST API now supports retrieving and deleting certificates. [BNADC-3780]
- Implemented "Classic" and "Composite" view to display logs in the BASIC > Access Logs and BASIC > Web Firewall Logs page. [BNADC-7198]
- Secure TCP Proxy service now supports back-end SNI. [BNADC-7255]
Fixes
Firmware Version 6.0.0.008
- Adding Allowed Users/Groups in the authorization policy resulted in configuration rollback. This issue has been fixed. [BNADC-7379]
- Server Health page is optimized to handle huge configuration. [BNADC-7338]
- Querying SNMP Object Identifiers (OIDs) now provide accurate statistics. [BNADC-7414][BNADC-7546][BNADC-7495]
- Issue with CRL Auto Update is fixed. [BNADC-7385]
- Invalid SSL ticket/SSL handshake can now be successfully completed with a new SSL session ticket. [BNADC-7434]
- Issue with GSLB NS records for external domain has been addressed. [BNADC-7393]
- Changing Service Type from HTTPS to Instant SSL now creates redirect service. [BNADC-7299]
- IPv6 servers having upper case letters in the IP address can now be edited/deleted. [BNADC-7506]
- An issue that automatically populated "Source IP To Connect" value after upgrading to version 6.0.0.005, has been addressed. Now, the user can explicitly configure "Source IP To Connect" after upgrade. [BNADC-7431]
- Memory leak issue caused due to SNMP requests, has been addressed. [BNADC-5032]
- Vulnerability Fix: OpenSSL vulnerability mentioned in CVE-2016-2106 and CVE-2016-2107 are addressed. [BNADC-7509]
- Enhancement: The Barracuda Load Balancer ADC now supports ActiveSync "Login Method" in the authorization policy. [BNADC-7340]
- In version 6.0.0.005, processing HTTP traffic spiked the data path memory and caused system to hang. This issue has been addressed. [BNADC-7504]
- TLS server name extension is sent properly when backend SNI is enabled for HTTPS services. [BNADC-7314]
Firmware Version 6.0.0.005
- An issue that marked the servers "Null" when the Barracuda Load Balancer backup was restored to the Barracuda Load Balancer ADC, has been fixed. [BNADC-7128]
- Issue with email notifications when a server/service was disabled, has been fixed. [BNADC-7158 BNADC-7165]
- Disk space issue in storing virus definitions has been resolved. [BNADC-6981]
- Server health pages are optimized to handle more rule group servers. [BNADC-7283]
- Issue with "Client impersonation" has been resolved. [BNADC-7173 BNADC-7201]
- An issue where the memory usage increased exponentially when the Servers were configured with Hostnames, has been fixed. [BNADC-5621]
- An issue that displayed "Temporarily Unavailable" page on clicking Show ARPs button in the ADVANCED > Troubleshooting page, has been resolved. [BNADC-7269]
- System memory utilization has been optimized in the Barracuda Load Balancer ADC 340 and 440. [BNADC-7263]
- Action policy configuration is now applied if Invalid Charset attack/violation is detected in the content routing rule. [BNADC-7218]
- In a race condition, the configuration change was not getting updated in the user interface due to the configuration update module getting locked unexpectedly. This issue has been fixed. [BNADC-7026]
- The port speed negotiation settings were wrongly shown as "Unknown" even though the speed was negotiated successfully. This issue has been fixed. [BNADC-7286]
Firmware Version 6.0.0.004
- The RDP_IN_DATA and RDG_OUT_DATA HTTP methods are now available to support Remote Desktop Gateway configuration. [BNADC-3206]
- For GSLB services, you can now configure a private monitoring IP address when the published site IP address is a public IP address. [BNADC-3207]
- You can now configure high availability between 2 Barracuda Load Balancer ADCs only when they are on same network. [BNADC-4635]
- The TCP dump function located on the on ADVANCED > Troubleshooting page now allows user to select a VLAN interface. [BNADC-5173]
- The Redirect URL now supports the %d option to copy the domain name from the HTTP request. [BNADC-5223]
- Access logs can be exported to external FTP servers multiple times a day. [BNADC-5430]
- The Web User Interface for the Cookie Encryption Key has been improved to allow you to generate and save encryption keys on the Barracuda Load Balancer ADC. [BNADC-5637]
- Under certain scenarios Barracuda Load Balancer ADC went into Passive-Passive state when you changed the failback mode to Automatic. This has been addressed. [BNADC-6141]
- There was an issue where editing the service IP address resulted in the deletion of the configured default gateway. This issue has been fixed. [BNADC-6374]
- The issue of Backup server starting to work like a normal server if the "Backup Server Status" of a Layer 4 service was toggled, has been fixed. [BNADC-6381]
- The high availability failover and failback time has been improved on Barracuda Load Balancer ADC Vx appliances with large configurations. [BNADC-6449]
- There was an issue causing data path outage when the POST parameter name exceeded 2M. [BNADC-6457]
- The health of GSLB request handler process is now monitored. [BNADC-6606]
- "Mismatched IP Cookie Replay Attack" logs are not generated on the BASIC > Web Firewall Logs page when "Cookie Replay Protection Type" is set to "None". [BNADC-6618]
- There was an issue causing a data path outage when the configuration of SSL enabled server was edited. [BNADC-6666]
- The OpenSSL fix for CVE-2015-3194 has been applied. [BNADC-6700]
- There was an issue with not getting the correct client IP address if the Header for Client IP Address was chosen and the header occurred after sixteen other HTTP headers. This issue has been fixed. [BNADC-6738]
- The Barracuda Load Balancer ADC is now capable of processing huge traffic to UDP Proxy service. [BNADC-6817] [BNADC-6816]
- Server status in the web interface now displays the correct data when a real server goes up or down. [BNADC-6789]
- An issue that caused VDI connections to hang and timeout, has been fixed. [BNADC-6814]
- A memory leak issue when processing POST requests with the content type multipart/form-data, has been fixed. [BNADC-6940]
- There was a memory leak during heavy web-firewall logging. This has been addressed. [BNADC-6949]
Deprecated Operations and Known issues
- The HTTP Slow and HTTPS Slow testing methods configured on the BASIC > Services page and on the TRAFFIC > Monitor Groups page have been deprecated. Instead, use the HTTP and HTTPS server monitor tests respectively. [BNADC-5037]
- Due to the changes to logging and monitoring framework the existing logs will not be visible in the UI
- Under some situations enabling of Connection Logs for Layer 4 services does not take effect. In this cases, please disable and enable it once again. [BNADC-7015]
Firmware Version 5.4
Features
- Barracuda Load Balancer ADC 340 440 and 540 have been doubled the number of Ethernet interfaces to improve the system throughput. [BNADC-5860]
- Added support for Barracuda Web Filter service that enables you to load balance traffic across multiple Barracuda Web Filters. [BNADC-4888]
- Added support for Vmware-VDI over HTTPS and PCoIP. [BNADC-5072/BNADC-3626]
Enhancement
- Default cores for Vx models 4xx, 5xx and 6xx are now updated to 4, 5 and 6 cores respectively. [BNADC-6489]
Fixes
Firmware Version 5.4.0.004
- Data path outage issue that occurred due to POST parameter name exceeding 2 megabytes, has been fixed. [BNADC-6457]
- Cluster Shared Secret can now include # (hash) character. [BNADC-6409]
- Values of Active servers/services retrieved through SNMP GET now matches with the values displayed on the Barracuda Load Balancer ADC web interface. [BNADC-6354]
- When a server associated with a HTTP service is disabled, an alert message is now logged only once in barracuda.log. [BNADC-6349]
- Setting the "Testing Method" to "HTTP" and adding the XML data in "HTTP Method Body" for HTTP Method "POST" resulted in server configuration being blank. This issue has been fixed. [BNADC-6511]
- Selecting "SMTP/Barracuda Spam Firewall (BSF)" as "Testing Method" no more displays target value error. [BNADC-6351]
- In rare cases, "Actions" under servers on the BASIC > Services page displayed "undefined" instead of actual actions. This issue has been fixed now. [BNADC-4781]
- "Test Configuration" under BASIC > Administration > Email Notifications now displays proper output. [BNADC-3873]
- Scheduled backup feature related configuration items are not synchronized to the peer system in a HA cluster, and administrators can configure these settings independently. [BNADC-5801]
- Logs storage issue has been fixed. [BNADC-6327]
- An issue where a backend server that was responding to health probes successfully was getting displayed as being down in the web interface after a cluster failback/failover event, has been fixed. [BNADC-5779]
- An issue where one of the monitoring daemon was running multiple times, has been fixed. [BNADC-6515]
- An issue where the routing table was getting altered wrongly while creating services with the same IP address has been fixed. [BNADC-6374]
Firmware Version 5.4.0.003
- Modifying an action policy is possible only when you provide proper attack ID and group ID in REST API. [BNADC-2639]
- Chunk encoded requests/responses that contain chunk extensions in the chunk header are now forwarded to the server/client. [BNADC-3389]
- The VM license token is retained intact even after the system is clustered. [BNADC-4527]
- UDP Proxy service now gracefully handles zero length UDP packets. [BNADC-5416]
- The limit for Replace String is now increased to 1024 characters in the Response Body Rewrite rule. [BNADC-5689]
- The log storage mechanism is modified to improve the disk space usage. [BNADC-5796]
- The "Policy Fix" and "Exception Profiling Fix" now provides correct fix for "Maximum Instance of Parameter Exceeded" attacks. [BNADC-5819]
- Policy Fix in Web Firewall Logs now shows the correct fix when parameter name includes a quote character. [BNADC-5820]
- The "Policy Fix" wizard now displays the correct parameter profile if the request has colon (:) in the parameter name. [BNADC-5821]
- An issue that caused services to go down when load balancing FTP traffic, has been fixed. [BNADC-5840]
- Ldap authentication framework is enhanced for supporting usernames with backlash and other special characters. [BNADC-5897]
- Unicode characters are now handled in "Server Monitoring" for HTTP/HTTPS test methods. [BNADC-5921]
- Configuration changes are now applied properly to the servers that have names overlapping with other server name. [BNADC-5964]
- It is now possible to create multiple content rules with the overlapping names. [BNADC-5982]
- In a rare scenario, the server monitoring file was corrupted and caused servers associated with L4 services to be displayed down in the web interface. This issue has been fixed now. [BNADC-6066]
- HTTP chunk encoded data that caused services to go down, has been addressed. [BNADC-5931]
Firmware Version 5.3
Features
- Newer versions of Barracuda Load Balancer ADC model 840 leverage hardware to accelerate SSL transactions.
Fixes
Firmware Version 5.3.0.003
- Changing a HTTPS/INSTANT SSL service to Secure TCP Proxy with SNI configured on the associated server now works properly. [BNADC-5837]
- The HTTP compression issue in Version 5.2 and 5.3 has been resolved. [BNADC-5847]
Firmware Version 5.3.0.002
- Certificates with the expiry date greater than 2037 had issues when uploading on the Barracuda Load Balancer ADC. This issue has been fixed. [BNADC-3026]
- Logs count on the BASIC > Status page consumed high CPU time, which resulted in system being hanged or crashed. This issue is now fixed. [BNADC-3061]
- Failover/Failback time in the HA environment is now enhanced to handle large configuration. [BNADC-3534]
- It is now possible to change HTTP/HTTPS service to INSTANT SSL service with content rules configured in it. [BNADC-3795]
- The server monitoring process now retains the previous state of servers (UP or Down) if it is unable to perform the test. [BNADC-4269]
- The services are now created only with enabled status. [BNADC-4480]
- The Cookie Path and Client IP Header fields displayed the example values / and X-Forwarded-For respectively, which created confusion of being default values. These fields are now kept blank to resolve the issue. [BNADC-5270]
- An issue that automatically enabled cookie security when URL redirect was configured on the Barracuda Load Balancer 340 and 440 has been fixed now. [BNADC-5284]
- Enabling/Disabling the TCP time stamp through the web interface, is now reflected in the back-end. [BNADC-5370]
- The Enable SSL Compatibility Mode feature was added to the server configuration to enable or disable cipher suits for the server. [BNADC-5379]
- Disabling the server on the Barracuda Load Balancer ADC web interface was not applied in the back-end. Recovery mechanism is now added for server monitoring process to fix this issue. [BNADC-5390]
- Monitor Group is now supported for Global Server Load Balancing (GSLB) services. [BNADC-5402]
- Memory leak issue due to configuration change has been fixed. [BNADC-5404]
- An issue where the hostname resolved to a new server IP address, and set the server Status to Down in the web interface, has been fixed now. [BNADC-5424]
- The Barracuda Load Balancer ADC now honors larger size certificates associated with the SNI domain. [BNADC-5607]
- In the High Availability environment, failover/failback ALERTS and TRAPS were not sent if the system assumed the same state (Active) after recovering. This issue has been fixed now. [BNADC-5655]
- An issue with Simple HTTP/HTTPS server monitor test has been fixed. [BNADC-5675]
- A rare issue that did not allow deletion of the service after being renamed, has been fixed now. [BNADC-5683] [BNADC-5693]
- An issue with cookie update interval has been fixed. [BNADC-5691]
- The Active-Active issue for High Availability has been fixed. [BNADC-5702]
- Due to some internal process the system resulted in 99% CPU utilization. This issue has been fixed now. [BNADC-5723]
- During the migration process from the Barracuda Load Balancer Version 4.2.3.004 to Barracuda Load Balancer ADC Version 5.x, the persistence cookie parameters were not transferred properly. This issue has been fixed now. [BNADC-5742]
- The user was not redirected to the page specified in Auth Password Expired URL on the ACCESS CONTROL > Authentication page when the password expired. This issue has been fixed now. [BNADC-5764]