D-Link DFL-1600 Firmware 2.05

Firmware update:
Problems Resolved:
1. When the first IPSec tunnel was configured and saved, no traffic could be sent though the tunnel until the firewall was restarted. When the firewall stated up without any configured tunnels, the crypto accelerator was not initialized correctly.
2. The firewall was not rebooted (restarted from power on state) after a firmware upgrade. If the upgrade package included a new loader the new version was not used until next reboot.
3. IPSec Keepalive did not work. The IPSec tunnel would be taken down as no response is received on the keepalive packets.
4. Promiscuous mode was enabled by default on all interfaces. The firewall would pick up packets that do not have the DFL as destination, leaving the DFL to process packets that will be dropped anyway.
5. TCP connections to the DFL itself (WebUI, ALGs, PPTP) did not obey received TCP MSS.
6. Appliances that were rebooted due to software issued reboot or a core crash may have failed to reboot correctly, leaving the unit unreachable. The only way to reboot it correctly from this unreachable state is to do a hard reboot by cutting the power and then put the power back on.
7. It was not possible to change date or time if the new month was December.
8. The firewall could crash if an IP address was used as ID in an ID-list.
9. Blacklist items on position x and later did not get blocked. The number of working blacklist items depended on the URLs configured, but usually somewhere between 25 and 30.
10. The firewall could crash if IDS rules were deleted and the configuration was saved and activated.
11. The IDS engine could hang the firewall, given an improper signature database.
12. After a reset-to-factory from the WebUI, the browser in some cases tried to reconnect to the wrong IP address.
13. The IDS engine could give false positives for some types of signatures.
14. High Availability (HA) didnt always work as expected.
15. ZoneDefense: The firewall failed to reset the lowest used MAC and IP profile after a "save and activate".
16. The DHCP Server will not assign IP information to client when it did not have gateway parameter in DHCP Server configuration.
17. Editing ARP table entries without changing the MAC address gave an error when the configuration was saved.
18. When downloading a configuration backup from the firewall, some extra garbage was appended to the end of the file. Restoring the configuration using the backup file worked as it should, but the size of the file was larger that required.
19. ZoneDefense: The minimum required firmware version for DGS-3324SR/SRi, DXS-3326GSR and DXS-3350SR is changed from 4.10B15 to 4.20B14.
20. A reset or firmware upgrade did not log the username or IP address of the user that requested the action.
21. When setting Daylight Saving Time (DST) the firewall required that the start month was before the end month. That is however only valid for the northern hemisphere. In the southern hemisphere the start month is after the end month. In Australia (southern) the DST period starts in October and ends in March while the opposite is true for Europe (northern).
22. The wizard did not trigger a refresh of the main window after it finished. Information in the main page like configuration version and last restart was not updated.
23. The �Update Now� button on the IDS Updates page did not work in all browsers.
24. The close button in the setup wizard did not work in all browsers.
25. L2TP server/client could use Session ID = 0, which is not allowed according to RFC 2661.
26. In some upgraded firewalls, the link to D-Links security portal became wrong. The window opened when the "register" button on the IDS update page was clicked, would show a "404:Page not found error".
Enhancements:
1. A warning has been added when multiple L2TP/PPTP servers listening on the same IP has been configured.
2. It was only possible to enable IDS Auto update if at least one IDS rule was added. IDS Auto update can now always be enabled.
3. The front panel texts for link speed and uptime have been changed.
4. A popup alert has been added to inform the user that he needs to register his firewall on D-Links security portal.
5. It is now possible to set the MAC address and MTU manually for Ethernet interfaces. Note that the MAC address should not be changed unless it is required by the ISP.
6. Support for fast re-authentication in EAP negotiation has been added.
7. ZoneDefense: Support for DGS-3400 has been added.
8. ZoneDefense: Support for DXS-3300 series added. Minimum firmware requirement for DES-3350SR changed to R3.02B12, DES-3526 changed to R3.06B20, DES-3550 changed to R3.05B36, DES-3800 Series changed to R1.00B31.
9. The validation check made by the HTTP ALG that all characters are correctly UTF-8 encoded is now optional.
10. From firmware version 2.05 it will no longer be possible to upload IDS database files manually in the WebUI. The updates will be downloaded automatically by the firewall, when automatic updates have been enabled.
11. The default value for ALG max sessions is changed to 200.