# ESG620 ## V1.2.95 #### \[New Features] * Supports High Availability (Master/Backup) to ensure uninterrupted network service during device failures. * Supports NAT Exceptions to allow specific traffic to bypass NAT for better application compatibility. * Supports SNMP v1/v2c/v3 to enable secure and flexible network monitoring and management. * Supports IPSec IKEv2 Client VPN (Passthrough) to ensure seamless remote access behind the gateway. * Supports VPN event logging to simplify troubleshooting of Site-to-Site (non-EnGenius) connection failures. * Supports WAN connectivity checks using WAN IP to improve connection status accuracy. * Supports WAN DNS-based public IP detection to replace Google DNS, improving reliability in restricted network environments. #### \[Issues Fixed] * Fixes an issue where IKEv2 clients were not displayed in the client list. * Fixes an issue where firewall functions failed under Multiple Bridge mode. * Fixes incorrect firewall rule application when Dest. IP/FQDN is set to “Any” and a specific Dest. Port is defined. ## V1.2.91 #### \[Issues Fixed] * Improve the Security Services stability. ## V1.2.90 #### \[New Features] * Supports L7 bandwidth limiting to enable application-level traffic control and improve network efficiency. * Supports configurable WAN monitor IPs to provide more accurate WAN status detection and reliable failover. #### \[Issues Fixed] * Fixed an issue where the IKEv2 Client VPN did not support custom RADIUS parameters. ## V1.2.85 #### \[New Features] * Added support for IKEv2 Client VPN to provide more secure and reliable VPN connections. * Added support for custom NTP server configuration to improve time synchronization flexibility. * Added an Ethernet Port Status diagnostic tool to help quickly identify physical connection issues. * Added event logs for failed VPN user connection attempts to improve troubleshooting and security visibility. * Added support for MTU configuration on WAN connections to optimize network performance. #### \[Issues Fixed] * Disabled DNS bind check to improve DNS compatibility and avoid unnecessary connection restrictions. * Resolved CloudBrink routing issues affecting Dual WAN, Policy Routing, and IPsec Client VPN to ensure stable traffic handling. * Corrected v6plus-related wording on the LSP interface to improve terminology accuracy. * Fixed an issue where load balancing did not function when both WAN connections shared the same upstream gateway, enabling proper traffic distribution. * Resolved an issue that prevented multiple local clients from establishing simultaneous L2TP/IPsec VPN connections to the VPN server. #### \[Known Issue] * IKEv2 Client VPN does not currently support custom RADIUS parameters or passthrough mode. Workaround: * This limitation will be resolved in the next firmware version (v1.2.90). ## V1.2.82 #### \[Issues Fixed] * Fixed the issue where port 53 was opened on the WAN side when the Captive Portal or L7 rule was enabled ## V1.2.81 #### \[New Features] * Added support for Gateway v6plus/Xpass (Japan’s VNE) with IPv6 IPIP tunneling for optimized connectivity. * Improved the rollback function event log title to make it more descriptive. #### \[Issues Fixed] * Fixed an issue where packet capture from WWAN failed or produced duplicate packets. * Fixed an issue where incorrect WAN information was displayed on the Detail page when VLAN is enabled in the WAN settings. ## V1.2.80 #### \[New Features] * Support CloudBrink service to offer ZTNA (Zero Trust Network Access) solution * Adds MAP-E and DS-Lite support to enable IPv6 access in ISP networks using IPv4-based tunneling  * Adds IPv6 Ping/ Traceroute support on WAN1 interface for troubleshooting purposes * Optimize the performance of the Diag Tool: CPU Usage * Allows Ping operations in Diag Tool to follow the active primary WAN interface instead of a fixed WAN1 interface. * Enhanced WAN logs to clearly record status: active, inactive, and unstable #### \[Issues Fixed] * Fixed the issue where Client VPN did not follow the default routing rule when Default Route to Remote Hub was enabled in auto S2S VPN configuration * Fixed the issue to reduce duplicated log entries when the WAN connection is unstable. * Fixed incorrect rule policy order between 1:1 NAT and Port Forwarding * Fixed the issue where only one SIP client can connect to SIP server if SIP client ‘s source port was not TCP/UDP 5060 * Fixed Symmetric NAT type detection failed. * Fixed incorrect WAN2 IP address displayed after updating policy route rules * Fixed fail to establish 3rd party S2S VPN connection with IKEv1 when Primary WAN public IP changed. * Fixed an issue where full tunnel was restricted to Auto VPN mode. It now supports operation without Auto NAT Traversal enabled. ## V1.2.70 #### \[New Features] * Support Static Route over VPN: Enables traffic control by manually defining routes over a VPN tunnel, optimizing network efficiency. * Support Default Route to Remote Hub: allows routing all traffic through the remote hub for enhanced security and centralized traffic management * Support to save device’s log to syslog server for centralized log management * Support real-time log download to easy troubleshooting * Changes ESG510/ESG610/ESG620 Ethernet LED definition to “Green is high speed; amber is lower speed” * Add warning message for WAN/LAN IP conflicts to alert users of potential network issues * Enhanced L7 firewall detection to improve accuracy in identifying Layer 7 packets #### \[Issues Fixed] * Fixed issue where only one L2TP connection from a LAN site could be established to an L2TP VPN server at the WAN site * Fixed issue where clients failed to obtain an IP address when switching WAN2 and LAN via the Local Status Page (LSP) while the internet was unreachable. ## V1.2.67 #### \[Issues Fixed] * Fix the WAN disconnect issue when connecting to Verizon network. ## V1.2.66 #### \[Issues Fixed] * Fixed the issue where Captive Portal's click-through authentication failed when many users were logging in * Fixing the NTP Mode 6 Scanner enhances system security and reduces potential attack risks. * Fixed the issue where ICMP Timestamp Request Disclosure exposed system time ## v1.2.65 #### \[New Features] * Support Layer 7 Policy Based Route, allows administrator to designate which WAN port to be used for different applications. * Support Layer 7 firewall rule to block specific application that may hurt you network. * Support rollback configuration to prevent configuration errror that impact cloud connections. * Increase Layer 3 and Layer 7 firewall event logs, improving traffic visibility and easier for administrator troubleshoot their network. * Direct SecuPoint VPN user traffic using the gateway's PBR settings to ensure that all user traffic follows the same rules * Enhanced WAN disconnected log making WAN troubleshoot easier. * Support to disable LLDP for specific environment that do not allow auto discovery protocols. (Cloud does not support yet) * Support mDNS function making ESG easier to be found in local network. (Cloud does not support yet) #### \[Issues Fixed] * Fixed the issue where LAN subnets matching PBR rules could not route to other local subnets. * Fixed the issue that SecuPoint remote client can't access ESG’s local LAN if Passthrough mode and Split tunnel are enabled. ## v1.2.60 #### \[New Features] * Enhanced firewall logs to output as a text file in real-time. (Cloud does not support yet) * Auto VPN Hub-and-Spoke supports full tunnel mode. (Cloud does not support yet) * Added support for static routing over VPN. (Cloud does not support yet) * When a rogue DHCP server is detected, an event log notification will be generated. * Added support to export NAT logs to an external syslog server. (Cloud does not support yet) * New dashboard displays WWAN information when WWAN is the primary WAN. * Added a new event log for reaching the maximum number of SecuPoint client seats. * Added a new event log for when the public IP and WAN IP are configured the same in NAT. * Support enable/disable HTTPs-only for local web page access. Allowing users force web UI access encrypted for better security. * Support enable/disable Local Web Page. Allowing users forbid local managements to prevent the confliction with the central cloud management. #### \[Issues Fixed] * Resolved an issue where the DDNS hostname was not displayed in the SecuPoint VPN client when passthrough mode was enabled. * Fixed an issue where the SecuPoint VPN client was non-functional when the primary WAN2 connection type was set to DHCP or a static IP address. * Addressed an issue where an Android phone (SecuPoint VPN client) could not access the internal server when SecuPoint VPN and port forwarding were enabled. * Corrected an issue where the latency monitor was inaccurate when the PBR function was enabled. * Fixed a problem with the Diag tool to prevent response failures. * Resolved an issue where the S2S VPN connection failed when the ESG uplink gateway changed its WAN IP address. * Fixed an issue where the VPN connection failed when the primary WAN was WAN2. ## v1.2.48 * Fixed the issue for Auto Site-to-Site VPN connection sometimes getting disconnected upon WAN function reloaded with the following conditions: * Case 1: WAN IP is being changed (e.g., PPPoE IP changed) * Case 2: Fail-over under dual WAN * Case 3: IP getting changed in front end of Gateway * Fixed the issue for Diag Tool sometimes showing "This device is unavailable". ## v1.2.47 * Fixed the issue for Site to Site VPN and IPsec Client VPN function that do not work properly with BASIC license. ## v1.2.46 * Support Policy Route. * Support Gateway Access Control: VIP List and Block List. * Support Firewall Traffic Log - syslog server. * Support Packet Capture for WAN interfaces. * Adjust the definition and behavior of "System Name" and "Device Name" * Remove System Name setting from LSP. * Revise DHCP client hostname to {ModelName}-{MAC\_last\_4\_digits}. * System Name support multi-language. * Automatically add a GRE port forwarding rule while adding PPTP TCP port: 1723 * Revise Subnet Mask format of Static IP in LSP. * Optimize reset button behavior. * Fixed Gateway status issue when it shows online, it doesn't show WAN1/WAN2 IP information in Cloud UI. * Fixed the issue for Auto VPN where it failed if the number of ESG devices is more than 11. * Fixed the issue where the system becomes stuck upon continuously adding two bridge interfaces without assigning any Ethernet ports. ## v1.2.40 * Use System Name as Host name for WAN via DHCP. * Enhance WAN security to close port 53 if Outbound FQDN rules are set. * Fixed the issue for Site-to-Site VPN connection not established after system reloading in some cases. * Fixed the issue for SecuPoint server to let it work in Passthrough Mode or under NAT. * Fixed the issue for ESG620 not able to connect to EnGenius Cloud via WAN2 connection when an unsupported SFP+ module is plugged into WAN1 port. * Support URL filtering and Block page. (Cloud page to be updated) * Support EnGenius and 3rd-party DDNS function in Passthrough Mode. (Cloud page to be updated) * Support Client traffic statistics. (Cloud page to be updated) ## v1.2.37 * This f/w version is for the first release.