Skip to content

Releases: CactuseSecurity/firewall-orchestrator

v8.6 Modelling Request Features and Fixes

11 Dec 12:02
ce3698c
Compare
Choose a tag to compare

v8.6 - 11.12.2024 MAIN
Features

  • Modelling

    • Create Application Zones
    • Add monitoring for external requests for admins
    • Add re-initialization for external requests
    • consolidation modelling external requests
    • adding optional access requst on behalf of UI user
    • adding live update of external task/ticket status
    • app server name handling rework (NONAME --> _)
    • owner groups can now also be external LDAP groups
  • Reporting

    • refining connection report (adding Common service, app role, network area details)
      Fixes
  • Importer

    • adding missing colors in Check Point importer
    • new VOIP service object and Internet object
  • UI

    • SECURITY: updating System.Text.Encodings.Web v4.5.0 --> v8.0.0

v8.5.1 bufix PDF generation etc.

18 Nov 18:08
f3542e6
Compare
Choose a tag to compare
  • reporting - fixing PDF generation on various platforms - closes #2385
    • ubuntu 24.04
    • ubuntu 20.04 (focal)
    • debian 11
    • debian 13 (trixie)
  • modelling - fixing AR editing: strict prevention of all area mixing

v8.5 request modelling via external ticketing tool change

13 Nov 13:56
9c1189f
Compare
Choose a tag to compare

Network Modelling feature update

  • modelling can be requested as firewall change via external ticketing tool
  • includes all approle handling
  • simple form of rule change request (always request all connections as rules)
  • api hasura upgrade to 2.44.0
    Fixes
  • various small UI fixes
  • importer (CP: handle None objects)

v8.4.1 Network Modelling feature update

30 Oct 11:29
0b645b1
Compare
Choose a tag to compare
  • Network Modelling Features
    • import of app server IP addresses via CSV upload
    • import of multiple sources for area IP data
    • new option email notification: fall-back to main owner if group is empty
      Fixes
  • corrections in displaying UI messages
  • converting owner network ip data to standard format "range"
  • importer
    • check point - fix import of all VSX instances
    • fortinet - add hit counts and install on information

v8.4 stability release

30 Sep 15:55
5d9f36a
Compare
Choose a tag to compare
  • various small bug fixes
    • installer (redundant code deleting test user)
    • importer (switching from full details to standard, re-adding VSX gateway support, voip domain handling in cp parser)
    • reporting (app-rule report containing multiple objects)
    • middleware (config subscriptions)
    • reporting (temporarily highlight linked to object in rsb)
    • modelling (sync connections - not always part of overview table after creation)
    • RBA (role picking when user has multiple roles)
    • UI various: adding missing pager control
    • UI various: spinner clean-up
  • features/upgrades
    • Added login page welcome message and settings
    • Added last hit information in app-rule report
    • API - upgrading to 2.43.0
    • various security upgrades dotnet (restsharp, jwt, ...)

v8.3.1 Fix missing group members in Check Point importer

14 Aug 14:41
a0f6350
Compare
Choose a tag to compare
Merge pull request #2512 from tpurschke/fix/cp-import-groups-missing

hotfix/missing group members in cp importer

v8.3 Consolidated maintenance release

25 Jun 09:10
70bdcd3
Compare
Choose a tag to compare
  • smaller bugfixes and improvements
  • new report type rules per owner/app

v8.2 Modelling - New Request Interface Workflow

30 Apr 18:54
302542d
Compare
Choose a tag to compare

What's Changed

  • iconify modelling
  • first version of NSX import module
  • add maintenance page during upgrade
  • sample customizing py script with sample data, closes Installer customizable config (settings) #2275
  • remove log locking from importer due to stalling importer stops
  • credentials encryption, closes encrypt passwords and keys #1508
  • breaking change for developer debugging: add the following local file when using -e testkeys=true: /etc/fworch/secrets/main_key with content "not4production..not4production.."
  • add custom (user-defined) fields to import (cp only so far, other fw types missing, user-defined fields are not part of reports yet)
  • interface request workflow
  • encrypt emailPassword in config
  • fix demo managements (change import from deactivated to activated - does not affect test managements)
  • upgrade to dotnet 8.0
  • adding all imported modelling users to uiuser

Full Changelog: v8.0...v8.2

v8.0 New Network Modelling Module

20 Feb 18:23
6680851
Compare
Choose a tag to compare
  • Introducing new Network Modelling module
    • allows your organisation to define the target state of all network connection on a per-application basis (or other distributed ownerships)
  • Backend
    • Introducing Scheduled import change notification including inline or attached change report (replacing simple import notification from import module)
  • UI
    • New look and feel: Moving to vanilla bootstrap css v5.3.2 (allowing for future up to date css usage)
  • Installer (breaking change!)
  • bugfixes for
    • import log locking
    • integration tests with credentials when installing without demo data
    • pdf creation on debian testing plattform (trixie)

v7.3 Tenant-filtering for shared firewall gateways

22 Oct 13:48
4ace328
Compare
Choose a tag to compare
  • new features
    • recertification: new rule ownership
    • customizable UI texts
    • starting target state module with introducing new role "modeller"
    • adding tenant ip filtering
    • adding tenant simulation (exluding statistical report and recertification) including scheduling
  • maintenance / bug-fixing
    • complete re-work: all ip addresses are now internally represented as ranges, including all networks
    • UI:
      • do not show super managers in RSB all tab
      • Use production / development based on the build type instead of always using development.
      • do not show detailed errors in production mode + use the custom error page in the production environment
      • bug fix jwt expiry, jwt expiry timer now works as intended
      • unifying IP addresses display method across all parts
      • fix filtering for rules with negated source / destination or single negated ip ranges
    • Database:
      • removing unused materialized view for tenant ip filtering
    • Installer
      • fix upgrade become issue in middleware ldif files
      • fix client/server db sort order mismatch (collate)
      • fix postgresql_query module reference
      • adding simulated changes to fwodemodata (fortigate)
      • add check for successful publishing dotnet (mw, ui)
    • Importer
      • fortiOS: fix importer action field
      • fortimanager: ignore missing negate fields
      • Check Point: adding Inform action
      • Check Point: adding new network object type 'external-gateway' (for interoperable-dervice)
      • Check Point: adding network object type support for 'CpmiVsClusterNetobj' (for VSX virtual switches)
    • API:
      • upgrade hasura to 2.34.0
  • restrictions
    • since tenant filtering is not done in the API but in the UI, the API should not be exposed to the tenants