ASP 2.0 Update #3

ENHANCEMENTS/CHANGES

• Allow admin accounts (admin level > 100) to use same email address in different organizations. Currently, email is unique across all admins.

• Note: for organization super-admin (admin level = 100), email address is still unique.

• Show only relevant valid values in Admin User edit page’s authentication type dropdown, excluding authentication types not enabled for the logged-in user’s organization.

• Increase plan duration validation to allow up to 9999 days

• Automatically assign new site to its organization super-admins. Also assign all sites belonging to an organization to its organization super-admins when the organization super-admin accounts are created.

• Show cloud icon for ACG sites in left panel to differentiate gateway from ACG sites

• Update Web Filtering GUI to support 5 profiles

• Note: gateway must be patched up-to-date to enable this feature. Please check SG 5 Update Release Notes.

• Remove display of software serial numbers for on-premise and cloud gateways.

• Include Web Filtering, QoS Rules and Plan App Shaping in the Site Duplicate feature

NOTIFICATIONS

• Categorize notifications email as [ALARM], [ALERT], [OK], [INFO], [REPORT], [CODE], [PASSWORD]

• Allow admin user to configure to receive or not receive emails and their triggers

• For service provider, the Service Provider Settings page provides options to select gateway state change, site/organization license state change, and/or organization license usage monthly report is ready.

• For organization super-admin, the Site Show > Notification > Popup provides options to select gateway state change, and site license state change

• New notification option in Organization edit panel. If it is on, organization super-admin will receive email when organization license state changes. Default value is on. Organization super-admin can now choose to turn off email notifications.

SAML SSO LOGIN

• Fix SAML SSO login failing to retrieve signature from response

• Admin log to display link to SSO login XML response for both successful and failed login

FORGET PASSWORD

• Send multiple reset password links if same email address is registered in different organization.

• Entering invalid email address should redirect to a message informing user a reset password email has been sent

ASSETS > CLOUD GATEWAY

• New form to key in Public IP and Shared Secret of cloud gateway

• Display AP configuration instructions upon successful cloud gateway site creation

PLAN EDITING

• Fix plan page to default to None QoS class if existing QoS class is not found, instead of showing server error

BUILTIN PORTAL EDITING

• Fix thumbnail generation showing previously selected template, not the current one

• Prevent downstream user from clicking social login button multiple times. This fixes the issue where multiple authentication logs are logged for a single login attempt.

• For SkyTouch /CONNECT (Events webhook) to show plan selection box to downstream user on successful authentication

• Fix missing favicon.ico in gateway downstream login page

• Fix Corporate template show no border in PMS plan selection box

CUSTOM PORTAL EDITING

• Fix issue of 504 gateway timeout error showing when big portal is uploaded.

• Add validation for mandatory welcome, error and success page fields in full custom portal

• Fix issue where welcome, error and success page settings in full custom portal get lost after the file upload dialog box is opened and closed

ALL PORTALS

• New payment method: Bank of Maldives (corresponding gateway update is required; please check SG 5 Update Release Notes)

• New social login: Apple ID (corresponding gateway update is required; please check SG 5 Update Release Notes)

• Fix memory limit exceeded issue when big resource is synced down to gateway

GATEWAY COMMAND COMMUNICATIONS

• Fix portal resource download command not resuming after gateway is rebooted.

REPORT & ANALYTICS

• Fix Transaction and Authentication report paging not working on first load when all sites is selected.

ASSETS > LICENSES > GATEWAY

• Include cloud-gateway sites in the site listing. Previously, ACG sites are not shown.

• Fix wrong ‘Used’ value in Assets > License > Gateways Page

EQUIPMENT IMPORT

• Fix 500 server error during equipment import

• Use timestamp for created datetime and updated datetime to prevent date str format changed when it is opened in excel.

VLAN IMPORT

• Fix VLAN import not updating pre-existing VLANs

CONFIG BACKUP/RESTORE

• Fix S-series upgraded to v5 not being able to perform config backup

• Fix sometimes not being able to cancel backup/restore

• Show error message in GUI if backup/restore is failed in gateway

• Note: gateway must install SG 5 Update 4 for this to work.

• Fix restore icon being disabled if backup is duplicated from another site.

REPORTS & ANALYTICS > LICENSES > LICENSE SUMMARY

• Fix memory limit exceeded issue when License Usage is refreshed

• Optimize License Summary page not to call server multiple times

• Fix site selection box showing sites not assigned to the current login user

• Fix license usage download not being able to complete

GLOBAL ACCOUNT/ROAMING

• Fix Global Account license used value not counting roaming account

• Fix Global Account relogin not working.

USER PORTAL

• Fix email login not working

• Fix facebook login showing App not active

• Fix logins resulting in ever increasing size of a log file

OTHER FIXES

• Fix plan list page not to show plans if selected site is not assigned to current logged-in user

• Fix Release Notes for accurate ordering of the software updates

• Fix Profile Edit form to check old password if password is changed.

• Fix portal duplicate to show error if modules are not enabled in destination site

• Fix admin add page not to fail while saving new admin if organization image is not found

APIS

• Add new Session GET ALL API for v1

• Fix critical error in Transaction GET ALL V2 API when listing transactions for all site groups

• Fix critical error in Users GET ALL V2 API when listing transactions for all site groups

• Fix site token incorrect error in Session GET ALL API when sessions are listed by site group name

• Fix Organization Add/Edit API: Radius timeout validation not working

• Fix Organization Edit API: internal server error on updating organization with SAML authentication

ASP VERSION: 2.0.3
RELEASE DATE: 12 Jan 2023

SG 5 Update #4

This update includes the following enhancements:

• > Support for SkyTouch /CONNECT PMS (Events Webhook)
• > Multi-WAN load-balancing support for WAN DHCP configuration
• > View and download various logs via web-admin GUI
• > Performance tuning
  • – PHP web process manager configuration update
  • – Network QoS service upgrade
• > Security enhancements
  • – Remote Access service upgrade for more secure ciphers and algorithms
  • – Firewall enhancements for traffic directed at the gateway
  • – System monitoring service update
• > Kernel upgrade for better performance
• > System component upgrades
  • – Web server upgrade for proxy services
  • – Speed up frequency of syncing ASP-managed settings to gateway
  • – PAN service upgrade
• > Dashboard shortcuts
  • – Remove short cuts that are no longer used — Plans, Locations
  • – Add new shortcuts — ASP, Updates
• > API upgrade

This update includes the following fixes:

• > HA-related fixes
  • – Fix out-of-box SG5 v5 appliances not being able to set up HA. HA service now uses unicast for communication between nodes.
  • – Fix Micros PMS user settings not failing over to HA backup node
  • – Ensure HA nodes do not lose communication with each other after snapshot restore
    • > Physical appliances’ snapshot restore fix so HA link-present snapshot restore can complete without losing HA communications between the nodes
    • > CLI prepare_for_pairing and HA module updates
      • – For vSG Express/Pro, HA link-present VM snapshot restore is not supported. It is recommended to first break the HA link, snapshot restore the nodes, then use CLI prepare_for_pairing or GUI prepare for pairing to prepare the backup node to join the active node
• > Micros PMS (1700/2000/3700/4700/8700) fixes
  • – Fix not deleting outdated room status when Daily Guest Status Cleanup is enabled
  • – Fix “Computer Inquire” Inquiry Method not using the Computer Inquire method during second phase of the two-step posting
• > Fix application shaping service to emit proper messages during startup
• > Remove subnet control from LAN IP GUI
• > Fix some Remote Syslog settings not saved correctly
• > Admin framework fix so view-only user is not allowed to reboot system
• > ASP-related fixes
  • – Fix ASP sync component not syncing the plan’s application shaping rules’ categories correctly
  • – Fix ASP server configuration component not updating the accounting server configuration

The gateway will automatically reboot upon successful application of this update.

SG 5 Update Release No. 4
Release Date: 13 Jan 2023
Update File Name:04.SG5000_base-sys-bulk03-20220808-01.pkg
File Size: 63 MB
b39139506c4bedfa4e5077d0827be840 (build 27)

ACS Update 16.12

This update adds the following enhancement:
     • Remove MIME type and file extension filter from file selector prompt of custom portal editor to allow upload of any file type

This update fixes the following issue:
     • Idle timed-out user logs in again and encounters 404 Not Found when accessing some pages, e.g. Roaming Session.

ACS Version 1.16.12 (Update 16.12)
Release Date: 31st October 2022

SG 4 S-Series Update #17

Important notes:

1. Service downtime is expected as there is a forced automatic reboot after applying this update. For HA setup, service downtime will be longer than usual as ID2 HA service is brought down while patching ID1, and ID2 will reboot to recover the HA service only after ID1 has booted up; so the service downtime for HA setup will be as long as the time it takes to reboot ID1, and ID2 will only be ready to serve as the backup node after ID2 has rebooted.

2. In the event snapshot restore is required due to error in applying this update, you may proceed to restore the snapshot to recover the system. However after booting up after the snapshot restore, you will not be able to pull this update from the online update centre. Please contact ANTlabs Support; we will assist in making the update available to you.

3. This update will abort and not apply any of the conversion steps if any/both of the following conditions are met:
      • At least one VLAN on the gateway points to a locally-managed Location
      • Bandwidth is not managed by ASP

To overcome the blocking conditions, you must ensure the following:
      • All desired Locations are ported to ASP
      • All desired VLANs are configured on ASP and synced down to the gateway
      • At the gateway GUI, remove all VLANs that are not required and that are pointing to locally-managed Locations
            ◦ Hint: all ASP-managed locations have ACS_ prefixed to their names, while locally-managed locations probably do not.
               You may open the Location listing page to ascertain: locally-managed ones can be selected for deletion,
               while ASP-managed ones cannot.
      • Bandwidth settings are managed from ASP. Visit gateway GUI > ANTlabs Service Platform > Sync Settings.

After removing the blocking conditions, you may resume to apply this update. 

Prerequisites:

• • Your ASP must be upgraded to at least version 2.0.1
• • All policy items including plans, portals, bandwidth and VLANs must be migrated to ASP before applying the update.
  • ◦ If the gateway is sharing bandwidth limit by device, ASP must be first upgraded to 2.0.2, and the sharing bandwidth limit on the cloud for this gateway set to by-device, before applying this update.

This update converts this gateway to v5 (the SG 5 software version) Update 2. Hereafter, the gateway will fetch the SG 5 (v5) updates.

The gateway will automatically reboot upon successful application of this update.

Known issue: after the gateway has been converted to v5, downstream login via facebook will not work. You would need to apply Update 3 to fix this.

Notes for HA setup:

For HA setup, the recommended steps are:

1. 1. Apply update to ID1 first. ID1 will reboot. Note: as the HA mechanism in ID2 is temporarily disabled, there will be service down-time as ID2 will not take over as the active node while ID1 is rebooting.
2. 2. Once ID1 is up, on ID1 web-admin GUI’s HA page, wait until you see Peer is connected.
3. 3. Fail over to ID2. Note: some GUI pages will load with incorrect values as ID2 software is not up-to-date yet.
4. 4. Apply update to ID2. ID2 will reboot and ID1, the preferred master, will become the active node again.

SG 4 S-Series Update Release No. 17
Release Date: 27 Sep 2022
Update File Name: 17.SG4000S_base-sys-bulk11-20220506-01.pkg
File Size: 49 MB
(md5: 150fc05d88bfcb074661de7f2df7d16a)

ASP 2.0 Update #2

This update adds the following enhancements:

   • Support for SAML IdP-initiated single sign-on to ASP admin panel for all admins including organization admins
   • New Organization Code to facilitate operational non-ambiguous reference to a specific organization
       ◦ Generate organization codes for existing organizations
       ◦ New Organization Code Prefix in Service Provider to prepend to newly created organization’s organization code
       ◦ Note: these organization codes are useful in uniquely identifying the organization when an organization is requesting its service provider for updates to its allotted licenses.
   • Bandwidth enhancement for on-premise gateways:
       ◦ Allow ASP admin to configure device bandwidth sharing method:
           ▪ By account (the default), allowing multiple devices of the same user to share a single bandwidth rate-limit
           ▪ By device, applying the plan’s rate limit on each device
           ▪ Important note: if your gateway is using the by-device option before this update, you will need to manually set it to such from the ASP admin panel after this update.
           ▪ Note: gateway requires software update to apply this setting that is pushed down from ASP. Please check gateway’s respective release notes.
   • Custom portal enhancement:
       ◦ Remove MIME type and file extension filter from file selector prompt to allow upload of any file type
   • Organization admin enhancement:
       ◦ Allow to change email address of existing organization admin
     • API enhancements:
       ◦ Get One Global Code/Account
           ▪ Show more info for last logged in site
       ◦ Organization Add API
           ▪ Support new authentication type: SAML SSO
           ▪ Generate organization code
       ◦ Organization Edit API
           ▪ Support new authentication type: SAML SSO
       ◦ Get One/All Organization(s)
           ▪ Show organization code and SAML settings in output

This update includes the following fixes:
   • Duplicate Site Settings
       ◦ Fix site duplicate status showing 100% and never transiting to Success and settings not syncing down to gateway
   • Dashboard
       ◦ Fix 403 Forbidden error in the shortcut panel when logged-in admin has no admin edit role
   • API
       ◦ Fix Get All Sessions issue where filtering by inactive sessions shows all records
       ◦ Fix Get One Global Account showing Code Not Found error for first API call

ASP VERSION: 2.0.2
RELEASE DATE: 26 Sep 2022

IG 4 S-Series, SG Express 5100 v4/5200 v4 Update #17

Important notes:

1. Service downtime is expected as there is a forced automatic reboot after applying this update. For HA setup, service downtime will be longer than usual as ID2 HA service is brought down while patching ID1, and ID2 will only reboot to recover heartbeat after ID1 has booted up; so the service downtime for HA setup will be as long as the time it takes to sequentially reboot the two machines, one after the other.

2. In the event snapshot restore is required due to error in applying this update, you may proceed to restore the snapshot to recover the system. However after booting up after the snapshot restore, you will not be able to pull this update from the online update centre. Please contact ANTlabs Support; we will assist in making the update available to you.

Prerequisites:

• • Your ASP must be upgraded to at least version 2.0.1
• • All policy items including plans, portals, bandwidth and VLANs must be migrated to ASP before applying the update.
  • ◦ If the gateway is sharing bandwidth limit by device, ASP must be first upgraded to 2.0.2, and the sharing bandwidth limit on the cloud for this gateway set to by-device, before applying this update.

This update converts this gateway to v5 (the SG 5 software version) Update 2. Hereafter, the gateway will fetch the SG 5 (v5) updates.

The gateway will automatically reboot upon successful application of this update.

Known issue: after the gateway has been converted to v5, downstream login via facebook will not work. You would need to apply Update 3 to fix this.

Notes for HA setup:

For HA setup, the recommended steps are:

1. 1. Apply update to ID1 first. ID1 will reboot. Note: as the HA mechanism in ID2 is temporarily disabled, there will be service down-time as ID2 will not take over as the active node while ID1 is rebooting.
2. 2. Once ID1 is up, on ID1 web-admin GUI’s HA page, wait until you see Peer is connected.
3. 3. Fail over to ID2. Note: some GUI pages will load with incorrect values as ID2 software is not up-to-date yet.
4. 4. Apply update to ID2. ID2 will reboot and ID1, the preferred master, will become the active node again.

IG 4 S-Series, SG Express 5100 v4/5200 v4 Update Release No. 17
Release Date: 13 Sep 2022
Update File Name: 17.IG4000S_base-sys-bulk11-20220506-01.pkg
File Size: 49 MB
(md5: 4f272d6c7ce18784785a251f2a3aee83)

How to deploy ANTlabs Advanced QoS/QoS+ and dramatically improve your Wi-Fi network

Are users complaining about slow WiFi speeds? Do you want to provide your guests, or staff with all the bandwidth they need?

Are you struggling to meet bandwidth requirements for guest WiFi, and cringing at the prospect of asking Management for yet another budget request to buy more internet connections?  Wished you read this article before the last budget request?

Have you been asked to implement QoS on your network but don’t know where to start? This blog post will explain how Advanced QoS can help you with all the above. Let’s get started!

Basic QoS 101

Quality of Service (QoS) can help you by providing better control and management of your traffic. QoS can improve your user experience by giving certain types of traffic priority over others. This can be especially useful if you have time-sensitive applications or need to manage large amounts of traffic.

Without QoS, your network would be a free-for-all where every application competes for bandwidth equally. That might work fine for small networks, but as soon as you start adding more users and applications, things can get bogged down quickly.  With QoS, you can give priority to the traffic that matters most to your business. For example, you can prioritize voice traffic over email or video streaming. Alternatively, you may decide that social media usage like YouTube, Facebook, or Twitter is banned in your network.

However, not all QoS features are built equal. You need to understand that simple QoS solutions don’t help much, if at all. For example, simple rate-limit, or device-level QoS control targets individual devices. It has no idea what applications are being used, who the user is, or how many devices within the same room are hogging all the bandwidth. A small group of users can monopolize the network. Implementing QoS can be complex, but the benefits are worth it.

What is Advanced QoS / QoS+ and how does it work?

Save money and time, while improving the end-user experience: Advanced QOS (AQoS) and Advanced QoS Plus (AQoS+) module from ANTlabs control who gets priority, where, and when. No need to buy expensive network equipment, and spend days installing and troubleshooting, as both are software modules add-on to our ANTlabs gateways.  It is easy to deploy and optimizes throughput over a network with a multi-stage QoS engine and customizable application shaping. It enables you to grant VIP users more bandwidth, speeds up those applications that need them (e.g., VoIP or IPTV), and it provides comprehensive control over the quality of your network.  The IT administrator just needs to define the locations, and QoS plans that is to be applied to different user groups, and simply configure on a graphical web-based interface on our managed Cloud Wi-Fi platform (ASP/Cloud ASP).

ANTlabs Advanced QoS / QoS+ is a powerhouse

With more than 20 years of R&D and industry experience for visitor-based networking in hospitality and large venues, ANTlabs has purpose-built the QoS engine to optimize hospitality Wi-Fi, and offer world-class airports and sports venues superior guest Wi-Fi solutions.

One of the unique features of the ANTlabs Advanced QoS 3-stage engine is its capability to allow multiple devices to share a single bandwidth rate limit per user. For example, you wish to allocate 10MB per guest or staff. Each user will only use up this amount of bandwidth among all his/her active devices, and it will be shared equally amongst them.

With the Advanced QoS 3-stage engine, bandwidth utilization can be maximized by creating differentiated classes of services for different groups of users.

All user traffic goes through the Advanced QoS 3-stage engine:

Stage 1.  As we mentioned earlier, the first stage engine is unique to ANTlabs, and applies bandwidth rate limit to the individual user instead of device-level. Together with authentication, this innovation allows different users to be treated according to their VIP status or needs, instead of blindly applying one simple limit to a device.

Stage 2.  This second stage engine defines different QoS Tiers (Guaranteed Tier, Premium Tier and Basic Tier) where different user groups can be assigned to the desired tier. Between the tiers, higher or lower priorities are given as to who gets the bandwidth, and the IT Manager can specify the total maximum bandwidth allocated to a tier for better control.  In this way, no single group of users can monopolize the whole network and the IT Dept has better visibility and control.  Furthermore, the surplus bandwidth from any bandwidth tier, can be temporarily re-allocated to another congested bandwidth tier automatically, optimizing network resources.

Stage 3.  In the third stage, global application traffic shaping can be applied to network ports used by applications. This allows the bandwidth used by specific types of applications (of all users) to be controlled further.  In this way, more control can be applied so that no application will be starved for network resources.  Certain applications’ bandwidth consumption can be suppressed or given more priority to use up the network bandwidth.

Advanced QoS Plus (QoS+) is the latest innovation leap by ANTlabs.  It has all the features of the original Advanced QoS module and more! As some applications like BitTorrent evolve to evade port-based application blocking, Advanced QoS+ classifies the applications more accurately based on website categorization without relying on which network ports are being used.  This signature-based website categorization is regularly updated to improve accuracy.  Another improvement is more fine-grained control for the global application shaping.  By allowing you to define QoS policies for different user groups, you can optimize the network further with better accuracy.

For example, you can create a special user group to give priority to streaming services.   When you apply this to paying customers or VVIP customers, they will be able to enjoy better quality streaming in their rooms or anywhere in the network.   You can also make your network more family-friendly and safer by blocking adult-related, gambling sites or known blacklisted sites.

How does Advanced QoS /QoS+ help improve the user experience?

As far as the users are concerned, they will find that applications will now run better on their devices with Advanced QoS enabled. They may not even notice any slowdown or pausing in their applications, and simply assume more internet connections were added. If you are a VIP user, you will be pleased that even in public areas, you enjoy a faster and better quality of bandwidth compared to guest users. For the management, you can be assured that the existing network resources are well-optimized, and buying more Internet bandwidth can be delayed or dispensed with.  In some cases, you may even scale down the number of internet connections, and save costs since network usage has become more efficient.

Conclusion

In conclusion, by deploying ANTlabs’ Advanced QoS / QoS+, you can greatly improve your network performance and ensure that critical applications always have the bandwidth they need. You don’t need a lot of network expertise or expensive hardware to implement.  By carefully planning your QoS strategy and implementing it correctly, you can take your network to the next level and please everyone (including the bosses!), leaving you more time to handle other pressing matters.

Make sure to include ANTlabs’ Advanced QoS or Advanced QoS Plus module in your next budget request so that you don’t need to go back to ask for more in future!

 

ACG Update 5

This update includes the following enhancements:

• – Support for Huawei AP
• – Operability with ASP 2
       ◦ Licensing control module to use server API 1.5
       ◦ Cloud sync component enhancement
       ◦ Gateway status collector enhancement
       ◦ Authentication client component upgrade
       ◦ API upgrade – auth_login, plan APIs

This update includes the following fixes:

• – Fix issue where downstream client is presented with welcome page despite
  previously logging in with a seamless relogin plan
• – Fix failing to login with complimentary authentication, showing “A171: zone not
  found” error message

ACG Update 5
Release Date: 9 August 2022

SG 4 S-Series Update #16

This update includes the following fixes:

• – Fix gateway not being able to connect to with an ASP remote access session as gateway has failed host key verification.

• – Fix gateway losing connectivity to the cloud when a server domain resolves to a different IP address. Fix cloud communication module to use per-connection handle DNS caching.

• – Fix posting wrong bill amount to Micros 1700/2000/3700/4700/8700 PMS with respect to whole number currency settings.

SG 4 S-Series Update Release No. 16
Release Date: 22 July 2022
Update File Name: 16.SG4000S_base-sys-hotfix-20220719-01.pkg
File Size: 1.3 MB
(md5: 03fd8be9f87e1bacc4a99752c54fdbbe)

 

IG 4 S-Series Update #16

This update includes the following fixes:

• – Fix gateway not being able to connect to with an ASP remote access session as gateway has failed host key verification.

• – Fix gateway losing connectivity to the cloud when a server domain resolves to a different IP address. Fix cloud communication module to use per-connection handle DNS caching.

• – Fix posting wrong bill amount to Micros 1700/2000/3700/4700/8700 PMS with respect to whole number currency settings.

IG 4 S-Series Update Release No. 16
Release Date: 22 July 2022
Update File Name: 16.IG4000S_base-sys-hotfix-20220719-01.pkg
File Size: 1.3 MB
(md5: afdc7298614ef53b63b0db0b14f5e5d4)