Skip to content

Releases: CactuseSecurity/firewall-orchestrator

v8.3.1 Fix missing group members in Check Point importer

14 Aug 14:41
@tpurschke tpurschke
v8.3.1
a0f6350
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v8.3.1 Fix missing group members in Check Point importer Latest
Latest 
Merge pull request #2512 from tpurschke/fix/cp-import-groups-missing

hotfix/missing group members in cp importer
Assets 2
Loading

v8.3 Consolidated maintenance release

25 Jun 09:10
@tpurschke tpurschke
v8.3
70bdcd3
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v8.3 Consolidated maintenance release
  • smaller bugfixes and improvements
  • new report type rules per owner/app
Assets 2
Loading

v8.2 Modelling - New Request Interface Workflow

30 Apr 18:54
@tpurschke tpurschke
v8.2
302542d
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v8.2 Modelling - New Request Interface Workflow

What's Changed

  • iconify modelling
  • first version of NSX import module
  • add maintenance page during upgrade
  • sample customizing py script with sample data, closes Installer customizable config (settings) #2275
  • remove log locking from importer due to stalling importer stops
  • credentials encryption, closes encrypt passwords and keys #1508
  • breaking change for developer debugging: add the following local file when using -e testkeys=true: /etc/fworch/secrets/main_key with content "not4production..not4production.."
  • add custom (user-defined) fields to import (cp only so far, other fw types missing, user-defined fields are not part of reports yet)
  • interface request workflow
  • encrypt emailPassword in config
  • fix demo managements (change import from deactivated to activated - does not affect test managements)
  • upgrade to dotnet 8.0
  • adding all imported modelling users to uiuser

Full Changelog: v8.0...v8.2

Assets 2
Loading

v8.0 New Network Modelling Module

20 Feb 18:23
@tpurschke tpurschke
v8.0
6680851
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v8.0 New Network Modelling Module
  • Introducing new Network Modelling module
    • allows your organisation to define the target state of all network connection on a per-application basis (or other distributed ownerships)
  • Backend
    • Introducing Scheduled import change notification including inline or attached change report (replacing simple import notification from import module)
  • UI
    • New look and feel: Moving to vanilla bootstrap css v5.3.2 (allowing for future up to date css usage)
  • Installer (breaking change!)
  • bugfixes for
    • import log locking
    • integration tests with credentials when installing without demo data
    • pdf creation on debian testing plattform (trixie)
Assets 2
Loading

v7.3 Tenant-filtering for shared firewall gateways

22 Oct 13:48
@tpurschke tpurschke
v7.3
4ace328
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v7.3 Tenant-filtering for shared firewall gateways
  • new features
    • recertification: new rule ownership
    • customizable UI texts
    • starting target state module with introducing new role "modeller"
    • adding tenant ip filtering
    • adding tenant simulation (exluding statistical report and recertification) including scheduling
  • maintenance / bug-fixing
    • complete re-work: all ip addresses are now internally represented as ranges, including all networks
    • UI:
      • do not show super managers in RSB all tab
      • Use production / development based on the build type instead of always using development.
      • do not show detailed errors in production mode + use the custom error page in the production environment
      • bug fix jwt expiry, jwt expiry timer now works as intended
      • unifying IP addresses display method across all parts
      • fix filtering for rules with negated source / destination or single negated ip ranges
    • Database:
      • removing unused materialized view for tenant ip filtering
    • Installer
      • fix upgrade become issue in middleware ldif files
      • fix client/server db sort order mismatch (collate)
      • fix postgresql_query module reference
      • adding simulated changes to fwodemodata (fortigate)
      • add check for successful publishing dotnet (mw, ui)
    • Importer
      • fortiOS: fix importer action field
      • fortimanager: ignore missing negate fields
      • Check Point: adding Inform action
      • Check Point: adding new network object type 'external-gateway' (for interoperable-dervice)
      • Check Point: adding network object type support for 'CpmiVsClusterNetobj' (for VSX virtual switches)
    • API:
      • upgrade hasura to 2.34.0
  • restrictions
    • since tenant filtering is not done in the API but in the UI, the API should not be exposed to the tenants
Assets 2
Loading

v7.0 Compliance Matrix et al.

26 Jul 17:32
@tpurschke tpurschke
v7.0
50c01b2
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v7.0 Compliance Matrix et al.
  • UI adding compliance matrix module
  • UI Reporting - unused rules report including delete ticket integration
  • importer new email notification on security relevant import changes
  • importer CPR8x: basic support for importing inline layers
Assets 2
Loading

v6.4.3 hotfix global config subscription timeout

05 Jun 20:07
@tpurschke tpurschke
v6.4.3
502e0ca
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v6.4.3 hotfix global config subscription timeout

default settings not refreshed after 12h timeout

Assets 2
Loading

v6.4.2 Hotfix Log File Locking

05 Jun 10:49
@tpurschke tpurschke
v6.4.2
15fac96
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v6.4.2 Hotfix Log File Locking

Addressing the issue of log rotate stalling when UI log is not written to (mainly prod environments)

Assets 2
Loading

v6.4.1 FortiGate REST importer - adding Internet Service Support

02 Jun 15:29
@tpurschke tpurschke
v6.4.1
e26a25a
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v6.4.1 FortiGate REST importer - adding Internet Service Support
  • also upgrading to hasura 2.26.0
  • fixes around network object group handling and ipv6 support
Assets 2
Loading

v6.4 New Import Module for FortiOS REST API

25 May 08:41
@tpurschke tpurschke
v6.4
c755c15
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v6.4 New Import Module for FortiOS REST API
  • new import module FortiOS REST importer
  • hasura upgrade to 2.24.1
  • json export for resolved changes
  • hotfix cpr8x importer: handle empty section titles
Assets 2
Loading