Software
1 Resolved Issues
1.1 NBR_RGOS 11.9(6)B17P3
Based on NBR_RGOS 11.9(6)B17P2, this version resolves the following issues.
|
Bug ID |
Description |
|
After a user is authenticated and goes online, the traffic is reported to Ruijie Cloud. When the authenticated user is still online, used traffic data displayed on Ruijie Cloud is occasionally cleared. |
|
|
When the configuration of an L2TP IPsec hub site is modified, the configuration displayed on the eWeb UI is incorrect. |
|
|
When a VPN spoke site is added, the password prompt is inconsistent with the actual password requirement. |
|
|
The device cannot execute the show content-audit syslog status command. As a result, the syslog server configuration displayed on the eWeb UI is incorrect. |
|
|
In a DHCP DDI relay scenario, IPAM static address binding does not take effect. The DHCP server does not deliver the IP address to the terminal based on the static binding but allocates another address to the terminal. |
|
|
The verification code image and password change button are not displayed on the RG-SSLVPN login page. |
|
|
After an IP address is configured for port 8F on an RG-NBR6200 series product, the port configuration on the Interface Conversion page still indicates that no address is configured. |
|
|
During SMS two-factor authentication on RG-SSLVPN, SMS messages cannot be received due to an incompatible password format. |
|
|
Backend VPN configurations cannot be obtained in a batch on the eWeb UI, and the VPN configuration of the hub site cannot be displayed. |
|
|
When the SIP server is deployed on an extranet, the client cannot make a call. |
|
|
In an L2TP VPN hub-spoke scenario, the command syntaxes for configuring L2TP tunnel authentication passwords in the new and old versions are incompatible, resulting in an L2TP tunnel negotiation failure. (Old version: RGOS 11.9(6)B17P1 or earlier; new version: later than RGOS 11.9(6)B17P1.) |
|
|
After the authentication password on the spoke side of an L2TP IPsec/L2TP VPN tunnel is changed to the correct value, tunnel negotiation still fails. |
|
|
After the L2TP tunnel authentication password is configured on the eWeb UI, an exception occurs in underlying system configuration. |
|
|
The router does not support voucher authentication and rate limiting on Ruijie Cloud. |
|
|
The switch components of some batches of devices are abnormal, which may incur unexpected device restart. |
|
|
1125717 |
If voucher and account user information is imported from Ruijie Cloud to the device, an exception occurs on Ruijie Cloud, and the voucher and account user information is inconsistent. As a result, voucher user information is lost after the import. |
|
1110132 |
The historical traffic report does not display data of external users and user groups. |
|
1117710 |
After DHCP static binding is configured and the secondary DNS is modified, the secondary DNS configuration is not displayed on the eWeb page. |
|
1114082 |
The logic for delivering the interfaces configuration is optimized. |
|
1112587 |
The user management module of the device has high requirements on password strength by default. As a result, voucher users with weak passwords on Ruijie Cloud cannot be imported to the device. |
|
1111996 |
When IPv6 traffic is used to access the local device, the device buffer leaks after the IPv6 fragmented packet reassembly times out. |
|
1111230 |
The device does not have an automatic aging mechanism for flows with inconsistent forward and return paths. |
|
1109831 |
The gateway is deployed at the intranet border, and PCs on the intranet use the active mode to connect to an external FTP server. In this case, files cannot be downloaded. |
|
1108038 |
The Prevent Share function does not take effect. |
|
1104362 |
The display of the DHCP IPAM page on the eWeb UI is incorrect. |
|
1094055 |
The IPv4 or IPv6 protocol type needs to be set for the eWeb ping function to take effect. |
|
1109268 |
If the data directory of the RG-NBR2100G-E is fully occupied by the database logDhcp.db of the DHCP module, an exception occurs on the device. |
|
1079601 |
The device does not support multiple LAN interfaces on the same network segment. |
|
1093951 |
The device needs to support WiFiDog authentication. |
|
1114874 |
The IPv6 ping function is abnormal. |
|
1111171, 1129600 |
After the voucher rate limit function is configured, if the length of the user group information delivered by Ruijie Cloud is longer than 32 bytes, a core dump occurs on the flow control component. |
|
1095370 |
The eWeb operation logs cannot be retained for six months. |
|
1163802 |
Some YouTube traffic cannot be properly identified. |
|
1171495 |
The configuration item name displayed on the web-based authentication configuration page is incorrect. |
|
1204797 |
After the DHCP service is manually disabled, the DHCP service is automatically enabled again upon interface configuration modification. |
|
1208231, 1207728 |
A command injection vulnerability exists in CLI commands. |
|
1208467 |
The function of identifying QUIC traffic is disabled by default. A CLI command needs to be added to enable the function of identifying QUIC traffic. |
|
1207687 |
The device restarts or crashes due to a QUIC packet processing exception. |
|
1160308 |
After a blocklisted website is configured in a behavior management policy, Google Chrome of the latest version is used to access the blocklisted website. In this case, URL/domain name blocking does not take effect. |
|
1226563, 1226562, 1215846, 1212615 |
Security vulnerabilities exist. |
|
1222084 |
The DHCP server should support Option 43 delivery in ASCII format. |
|
1219552 |
The Blocked Record page needs to be added for displaying detailed blocking records of specific behavior management policies based on the specified IP address. |
|
1213345 |
On a device that functions as both the VPN hub site and VPN spoke site, when the peer address of the IPsec tunnel is set to a domain name for the VPN spoke site, the IPsec tunnel fails to be established. |
|
1210449 |
When a domain name is configured for link detection, a domain name with a hyphen (-) cannot be configured, and the prompt message is unclear. |
|
1210336 |
For RG-NBR6200 series devices, when a core dump occurs on the QUIC identification module of application identification, the crash stack information cannot be recorded. |
|
When the packet loss rate is 3% and line escape is enabled on a line (with default configuration), the delay time configured for line escape detection does not take effect. As a result, the interface frequently goes Up or Down. |
|
|
In a voucher-based rate limiting scenario, a kernel leak occurs on the traffic control module. |
|
|
When packet obtaining is conducted on the eWeb UI, a message indicating that the space is insufficient for packet obtaining is displayed. |
|
|
A security vulnerability exists. |
|
|
After a device of an English version is upgraded to a Chinese version using a .bin file, the eWeb UI cannot be accessed. After a device of a Chinese version is upgraded to an English version using a .bin file, the eWeb UI cannot be accessed. |
|
|
1304855 |
When DNS detection is configured for links, the default domain name used for detection only applies to the Chinese mainland. |
|
1304854 |
During quick onboarding of devices, the default SNTP server address applies only to the Chinese mainland and cannot be modified on the web UI. |
|
1274238 |
The CPU usage of the NGINX process is occasionally too high, resulting in a web UI login failure. |
|
1265792 |
URL filtering needs to support filtering of QUIC traffic. |
|
There is a probability that the FSUI process causes high CPU usage. |
|
|
If a PC is behind a NAT device and the peer gateway is also behind a NAT device, the PC fails to establish an L2TP over IPsec tunnel with the gateway, and IPsec transmission mode negotiation is abnormal. |
|
|
When multiple PPPoE interfaces are configured with line traffic escape simultaneously, the line traffic escape function may fail to take effect. |
|
|
The temporary permit duration for probe packets sent by iOS devices after connecting to Wi-Fi needs to be optimized from fixed 30s to a manually configurable setting. |
|
|
When the device is configured with WiFiDog authentication, mobile phones using iOS 18.4 may not display the Wi-Fi icon after connecting to Wi-Fi and passing authentication. |
|
|
On eWeb, the IPsec transform set 2 is set to Not Configured, the configuration is saved, and then the page is refreshed. However, the page still shows that transform set 2 is configured. |
|
|
The uplink and downlink traffic data in the historical traffic reports does not match the data shown in the report overview. |
|
|
The configuration and display of the ISP address library for IPv6 interfaces are abnormal. |
|
|
When users perform configuration on the WiFiDog authentication page, Chinese characters exist on the page. |
|
|
1364966 |
If the VPN software applies HTTP long-lived connection and the VPN server is set to www.portal-as.ruijienetworks.com for the host on the software, the traffic from the host is permitted by default. That is, the host user can access the Internet without authentication. |
|
1511095 |
The bar chart in the App section of the Real-Time Traffic page displays inaccurate traffic usage statistics. |
|
1510132 |
The web login, Telnet, and SSH passwords of a device cannot contain ruijie, regardless of case. |
|
1507884 |
In a flow limit policy, if the units for Max Download Per IP and Guaranteed Total Downlink are set to Mbps and Kbps, respectively and the Guaranteed Total Downlink value is smaller than the Max Download Per IP value, the system still displays the error message The max download speed per IP cannot be greater than the max download speed. when the configuration is saved, causing a delivery failure. |
|
1495133 |
When a user redirects to eWeb of a device from WIS Cloud, the login page is displayed again or the browser crashes. |
|
1446062 |
Failed to query the interface traffic in the last 1 hour on the History Traffic page. |
|
1461337 |
Some of the descriptions, punctuation, and layout in the traffic analysis reports are not displayed properly. |
|
1461308 |
The average and maximum session statistics in the traffic analysis are inaccurate. |
|
1411342 |
When the memory usage exceeds 80%, upgrading the application identification signature library will cause memory insufficiency, triggering the device to restart. |
|
1404164 |
The source and destination IP fields in the NAT log files exported via the CLI are incorrect. |
|
1415102 |
On the Historical Traffic Report page, a monthly report cannot be exported when it contains more than 80,000 data entries. |
|
1385533 |
The RUIJIEID field in the cookie generated after the login to the web system lacks the secure attribute, resulting in the device being detected with a medium-risk vulnerability (Cookie Security: Cookie not Sent Over SSL). |
|
1522709 |
If a predefined application group contains no applications and is referenced by a traffic control policy, the Free section in the application traffic pie chart on the Real-Time Traffic page show 100%, which does not reflect the actual traffic usage. |
|
1473748 |
An error occurs while behavior analysis logs are exported. Only today’s logs can be exported, and other dates cannot be selected. |
|
1531027 |
During integration with the WiFiDog authentication on Ruijie Cloud, after the traffic quota is exhausted, the cloud page shows that the user account has expired, while the traffic usage statistics indicate that the quota has not been exceeded. |
|
1425911 |
After bandwidth control is configured on the device with a limit of 1 kbps and it runs for a period of time, the buffer usage reaches 100%. |
|
1522709 |
When an application group without any applications exists, the application traffic pie chart on the Real-Time Traffic page is displayed incorrectly. |
|
1511095 |
The pie charts in the App section of the Real-Time Traffic page display inaccurate traffic usage statistics. |
|
1586890 |
The quic-audit enable configuration does not appear in the output of the show running config command. |
|
1625013 |
On the Advanced > System Log > System Log page, the Syslog Config Switch setting does not take effect. |
|
1628784 |
An issue occurs with the generated log files when the number of system log files is set to a value greater than 16. |
|
1613884 |
The bandwidth usage percentage is displayed incorrectly on the Traffic Monitoring > Real-Time page. |
2 Version Changes
2.1 NBR_RGOS 11.9(6)B17P3
Based on NBR_RGOS 11.9(6)B17P2, this version has the following changes.
Hardware
N/A
Feature
|
Features |
Description |
|
Function optimization demands are added. |
(1) The app identification module can identify QUIC traffic. (2) A DDNS policy can be bound to a specified interface. (3) The maximum length of the domain name configured for IPsec is increased to 255 characters. (4) Web API security is improved. (5) ACLs for access control can be implemented based on user groups. (6) On the flow control page, the rate limit unit can be selected (kbps or Mbps). (7) NAT66 function is added. (8) RG-NBR series support voucher authentication and rate limiting on Ruijie Cloud. |
|
Fix bugs and feedback issues |
For details, see Resolved Issues. |
