SG 5 Update #6

    This update updates the default SSL certificate. New expiry date is 13 April 2024.

    Release Date: 22 Mar 2023
    Update File Name:06.SG5000_base-hotfix-certificate-202300320-01.pkg
    File Size: 22 KB
    MD5 Checksum: 5ff999f0c4c5b6e1211d5f44c5cdfca9

    SG 4 UPDATE #49

    This update updates the gateway’s default ( SSL certificate. The new SSL certificate’s expiry is 13 April 2024.

    Update Release No. 49
    Release Date: 22 Mar 2023
    Update File Name: 49.SG4000_base-hotfix-certificate-202300320-01.pkg
    (md5:  c5dae461e258675d2060701cb140ec6f)

    IG 4 Update #49

    This update updates the gateway’s default ( SSL certificate. The new SSL certificate’s expiry is 13 April 2024.

    Update Release No. 49
    Release Date: 22 Mar 2023
    Update File Name: 49.IG4000_base-hotfix-certificate-202300320-01.pkg
    (md5: 5e81ed6330be4ecc04e28e909423b722)


    CapPort Support on ANTlabs Gateways

    Improving Captive Portal Detection and Venue Published Information for better visibility

    Captive portals are commonly used by public Wi-Fi networks to restrict access to the internet until the user agrees to certain terms and conditions or authenticates successfully. While captive portals are necessary for many public Wi-Fi networks, they can be frustrating for users who are unable to connect to the internet until they have completed the login process.

    Frustrations can stem from captive portals not loading fast enough or freezing, and some login methods can be lengthy or complicated. Thankfully, ANTlabs gateways provide a plethora of seamless login methods, including social media login, SMS OTP, PMS integration, Hotspot 2.0, etc to suit many usage scenarios. CapPort support on ANTlabs gateways offers an elegant solution to the other aspect of the problem, while providing improved captive portal detection and venue published information.

    Improved Captive Portal Detection

    ANTlabs gateways support the use of DHCP option 114 to indicate the captive portal API URL during IP address assignment. This means that supported devices can immediately fetch the API content after connecting to the network, which prompts the user to log in if the network is identified as captive based on the API response. There is no need to redirect or intercept the initial web requests that would trigger security warnings in modern browsers or delay the delivery of captive portals.

    In other words, CapPort support on ANTlabs gateways enables faster and more accurate reliable detection of captive portals, and greatly improve the user experience and reduce frustration.  The diagram on the left shows an example of an Android phone’s locked screen showing the visual cues to allow the user to click the captive portal URL.


    Venue Published Information for Better Visibility

    In addition to improving captive portal detection, CapPort support on ANTlabs gateways also enables venue published information. Without this feature, after a user is successfully authenticated, they are free to move to other web content and the venue will lose the opportunity to engage with the customer further.

    When a CapPort message is displayed on a device using captive portal API, the user can interact with it to immediately open their internet browser and navigate to the Venue Info URL at any time. This feature is particularly useful in scenarios such as staying at a hotel, where guests may want to easily access information about services or amenities. By simply clicking on the system message, users can access venue information, including spa, restaurant hours or any promotions offer. With the addition of location-aware websites, the guest journey becomes even more intuitive and seamless.  The diagram on the right shows the user interface where a user can find the venue URL by clicking on the “Open Site” icon.

    It is worth noting that more mobile devices are beginning to support CapPort feature, specifically Apple (iOS 14 and macOS Big Sur) devices and Android 11 onward. 


    In conclusion, CapPort support on ANTlabs gateways is a powerful tool for improving captive portal detection and providing venue published information. By using DHCP option 114 to provide the captive portal API URL and including the Venue Info URL in the CapPort message, CapPort support streamlines the process of connecting to public Wi-Fi networks and provides users with easy access to important information about the venue. As a result, CapPort support can lead to increased customer satisfaction, repeat business, and revenue for businesses.

    SG 5 Update #5

    This update includes the following fixes:
        • Web server upgrade
            • Enhance stability in rare situation of receiving very long URLs
            • Support proxying to a target domain name with underscore character _

    This update also increases the maximum file upload size of the web server to support uploading of larger patch package files.

    SG 5 Update Release No. 5
    Release Date: 24 Feb 2023
    Update File Name: 05.SG5000_base-hotfix-nginx-20230221-01.pkg
    File Size: 1.4 MB
    MD5 Checksum: 2fde3f01976947d4fb5a39dc0167b52b

    ASP 2.0 Update #3


    • Allow admin accounts (admin level > 100) to use same email address in different organizations. Currently, email is unique across all admins.

    • Note: for organization super-admin (admin level = 100), email address is still unique.

    • Show only relevant valid values in Admin User edit page’s authentication type dropdown, excluding authentication types not enabled for the logged-in user’s organization.

    • Increase plan duration validation to allow up to 9999 days

    • Automatically assign new site to its organization super-admins. Also assign all sites belonging to an organization to its organization super-admins when the organization super-admin accounts are created.

    • Show cloud icon for ACG sites in left panel to differentiate gateway from ACG sites

    • Update Web Filtering GUI to support 5 profiles

    • Note: gateway must be patched up-to-date to enable this feature. Please check SG 5 Update Release Notes.

    • Remove display of software serial numbers for on-premise and cloud gateways.

    • Include Web Filtering, QoS Rules and Plan App Shaping in the Site Duplicate feature


    • Categorize notifications email as [ALARM], [ALERT], [OK], [INFO], [REPORT], [CODE], [PASSWORD]

    • Allow admin user to configure to receive or not receive emails and their triggers

    • For service provider, the Service Provider Settings page provides options to select gateway state change, site/organization license state change, and/or organization license usage monthly report is ready.

    • For organization super-admin, the Site Show > Notification > Popup provides options to select gateway state change, and site license state change

    • New notification option in Organization edit panel. If it is on, organization super-admin will receive email when organization license state changes. Default value is on. Organization super-admin can now choose to turn off email notifications.


    • Fix SAML SSO login failing to retrieve signature from response

    • Admin log to display link to SSO login XML response for both successful and failed login


    • Send multiple reset password links if same email address is registered in different organization.

    • Entering invalid email address should redirect to a message informing user a reset password email has been sent


    • New form to key in Public IP and Shared Secret of cloud gateway

    • Display AP configuration instructions upon successful cloud gateway site creation


    • Fix plan page to default to None QoS class if existing QoS class is not found, instead of showing server error


    • Fix thumbnail generation showing previously selected template, not the current one

    • Prevent downstream user from clicking social login button multiple times. This fixes the issue where multiple authentication logs are logged for a single login attempt.

    • For SkyTouch /CONNECT (Events webhook) to show plan selection box to downstream user on successful authentication

    • Fix missing favicon.ico in gateway downstream login page

    • Fix Corporate template show no border in PMS plan selection box


    • Fix issue of 504 gateway timeout error showing when big portal is uploaded.

    • Add validation for mandatory welcome, error and success page fields in full custom portal

    • Fix issue where welcome, error and success page settings in full custom portal get lost after the file upload dialog box is opened and closed


    • New payment method: Bank of Maldives (corresponding gateway update is required; please check SG 5 Update Release Notes)

    • New social login: Apple ID (corresponding gateway update is required; please check SG 5 Update Release Notes)

    • Fix memory limit exceeded issue when big resource is synced down to gateway


    • Fix portal resource download command not resuming after gateway is rebooted.


    • Fix Transaction and Authentication report paging not working on first load when all sites is selected.


    • Include cloud-gateway sites in the site listing. Previously, ACG sites are not shown.

    • Fix wrong ‘Used’ value in Assets > License > Gateways Page


    • Fix 500 server error during equipment import

    • Use timestamp for created datetime and updated datetime to prevent date str format changed when it is opened in excel.


    • Fix VLAN import not updating pre-existing VLANs


    • Fix S-series upgraded to v5 not being able to perform config backup

    • Fix sometimes not being able to cancel backup/restore

    • Show error message in GUI if backup/restore is failed in gateway

    • Note: gateway must install SG 5 Update 4 for this to work.

    • Fix restore icon being disabled if backup is duplicated from another site.


    • Fix memory limit exceeded issue when License Usage is refreshed

    • Optimize License Summary page not to call server multiple times

    • Fix site selection box showing sites not assigned to the current login user

    • Fix license usage download not being able to complete


    • Fix Global Account license used value not counting roaming account

    • Fix Global Account relogin not working.


    • Fix email login not working

    • Fix facebook login showing App not active

    • Fix logins resulting in ever increasing size of a log file


    • Fix plan list page not to show plans if selected site is not assigned to current logged-in user

    • Fix Release Notes for accurate ordering of the software updates

    • Fix Profile Edit form to check old password if password is changed.

    • Fix portal duplicate to show error if modules are not enabled in destination site

    • Fix admin add page not to fail while saving new admin if organization image is not found


    • Add new Session GET ALL API for v1

    • Fix critical error in Transaction GET ALL V2 API when listing transactions for all site groups

    • Fix critical error in Users GET ALL V2 API when listing transactions for all site groups

    • Fix site token incorrect error in Session GET ALL API when sessions are listed by site group name

    • Fix Organization Add/Edit API: Radius timeout validation not working

    • Fix Organization Edit API: internal server error on updating organization with SAML authentication

    ASP VERSION: 2.0.3
    RELEASE DATE: 12 Jan 2023

    SG 5 Update #4

    This update includes the following enhancements:

    • > Support for SkyTouch /CONNECT PMS (Events Webhook)
    • > Multi-WAN load-balancing support for WAN DHCP configuration
    • > View and download various logs via web-admin GUI
    • > Performance tuning
      • – PHP web process manager configuration update
      • – Network QoS service upgrade
    • > Security enhancements
      • – Remote Access service upgrade for more secure ciphers and algorithms
      • – Firewall enhancements for traffic directed at the gateway
      • – System monitoring service update
    • > Kernel upgrade for better performance
    • > System component upgrades
      • – Web server upgrade for proxy services
      • – Speed up frequency of syncing ASP-managed settings to gateway
      • – PAN service upgrade
    • > Dashboard shortcuts
      • – Remove short cuts that are no longer used — Plans, Locations
      • – Add new shortcuts — ASP, Updates
    • > API upgrade

    This update includes the following fixes:

    • > HA-related fixes
      • – Fix out-of-box SG5 v5 appliances not being able to set up HA. HA service now uses unicast for communication between nodes.
      • – Fix Micros PMS user settings not failing over to HA backup node
      • – Ensure HA nodes do not lose communication with each other after snapshot restore
        • > Physical appliances’ snapshot restore fix so HA link-present snapshot restore can complete without losing HA communications between the nodes
        • > CLI prepare_for_pairing and HA module updates
          • – For vSG Express/Pro, HA link-present VM snapshot restore is not supported. It is recommended to first break the HA link, snapshot restore the nodes, then use CLI prepare_for_pairing or GUI prepare for pairing to prepare the backup node to join the active node
    • > Micros PMS (1700/2000/3700/4700/8700) fixes
      • – Fix not deleting outdated room status when Daily Guest Status Cleanup is enabled
      • – Fix “Computer Inquire” Inquiry Method not using the Computer Inquire method during second phase of the two-step posting
    • > Fix application shaping service to emit proper messages during startup
    • > Remove subnet control from LAN IP GUI
    • > Fix some Remote Syslog settings not saved correctly
    • > Admin framework fix so view-only user is not allowed to reboot system
    • > ASP-related fixes
      • – Fix ASP sync component not syncing the plan’s application shaping rules’ categories correctly
      • – Fix ASP server configuration component not updating the accounting server configuration

    The gateway will automatically reboot upon successful application of this update.

    SG 5 Update Release No. 4
    Release Date: 13 Jan 2023
    Update File Name:04.SG5000_base-sys-bulk03-20220808-01.pkg
    File Size: 63 MB
    b39139506c4bedfa4e5077d0827be840 (build 27)

    ACS Update 16.12

    This update adds the following enhancement:
         • Remove MIME type and file extension filter from file selector prompt of custom portal editor to allow upload of any file type

    This update fixes the following issue:
         • Idle timed-out user logs in again and encounters 404 Not Found when accessing some pages, e.g. Roaming Session.

    ACS Version 1.16.12 (Update 16.12)
    Release Date: 31st October 2022

    SG 4 S-Series Update #17

    Important notes:

    1. Service downtime is expected as there is a forced automatic reboot after applying this update. For HA setup, service downtime will be longer than usual as ID2 HA service is brought down while patching ID1, and ID2 will reboot to recover the HA service only after ID1 has booted up; so the service downtime for HA setup will be as long as the time it takes to reboot ID1, and ID2 will only be ready to serve as the backup node after ID2 has rebooted.

    2. In the event snapshot restore is required due to error in applying this update, you may proceed to restore the snapshot to recover the system. However after booting up after the snapshot restore, you will not be able to pull this update from the online update centre. Please contact ANTlabs Support; we will assist in making the update available to you.

    3. This update will abort and not apply any of the conversion steps if any/both of the following conditions are met:
          • At least one VLAN on the gateway points to a locally-managed Location
          • Bandwidth is not managed by ASP

    To overcome the blocking conditions, you must ensure the following:
          • All desired Locations are ported to ASP
          • All desired VLANs are configured on ASP and synced down to the gateway
          • At the gateway GUI, remove all VLANs that are not required and that are pointing to locally-managed Locations
                ◦ Hint: all ASP-managed locations have ACS_ prefixed to their names, while locally-managed locations probably do not.
                   You may open the Location listing page to ascertain: locally-managed ones can be selected for deletion,
                   while ASP-managed ones cannot.
          • Bandwidth settings are managed from ASP. Visit gateway GUI > ANTlabs Service Platform > Sync Settings.

    After removing the blocking conditions, you may resume to apply this update. 


    • • Your ASP must be upgraded to at least version 2.0.1
    • • All policy items including plans, portals, bandwidth and VLANs must be migrated to ASP before applying the update.
      • ◦ If the gateway is sharing bandwidth limit by device, ASP must be first upgraded to 2.0.2, and the sharing bandwidth limit on the cloud for this gateway set to by-device, before applying this update.

    This update converts this gateway to v5 (the SG 5 software version) Update 2. Hereafter, the gateway will fetch the SG 5 (v5) updates.

    The gateway will automatically reboot upon successful application of this update.

    Known issue: after the gateway has been converted to v5, downstream login via facebook will not work. You would need to apply Update 3 to fix this.

    Notes for HA setup:

    For HA setup, the recommended steps are:

    1. 1. Apply update to ID1 first. ID1 will reboot. Note: as the HA mechanism in ID2 is temporarily disabled, there will be service down-time as ID2 will not take over as the active node while ID1 is rebooting.
    2. 2. Once ID1 is up, on ID1 web-admin GUI’s HA page, wait until you see Peer is connected.
    3. 3. Fail over to ID2. Note: some GUI pages will load with incorrect values as ID2 software is not up-to-date yet.
    4. 4. Apply update to ID2. ID2 will reboot and ID1, the preferred master, will become the active node again.

    SG 4 S-Series Update Release No. 17
    Release Date: 27 Sep 2022
    Update File Name: 17.SG4000S_base-sys-bulk11-20220506-01.pkg
    File Size: 49 MB
    (md5: 150fc05d88bfcb074661de7f2df7d16a)

    ASP 2.0 Update #2

    This update adds the following enhancements:

       • Support for SAML IdP-initiated single sign-on to ASP admin panel for all admins including organization admins
       • New Organization Code to facilitate operational non-ambiguous reference to a specific organization
           ◦ Generate organization codes for existing organizations
           ◦ New Organization Code Prefix in Service Provider to prepend to newly created organization’s organization code
           ◦ Note: these organization codes are useful in uniquely identifying the organization when an organization is requesting its service provider for updates to its allotted licenses.
       • Bandwidth enhancement for on-premise gateways:
           ◦ Allow ASP admin to configure device bandwidth sharing method:
               ▪ By account (the default), allowing multiple devices of the same user to share a single bandwidth rate-limit
               ▪ By device, applying the plan’s rate limit on each device
               ▪ Important note: if your gateway is using the by-device option before this update, you will need to manually set it to such from the ASP admin panel after this update.
               ▪ Note: gateway requires software update to apply this setting that is pushed down from ASP. Please check gateway’s respective release notes.
       • Custom portal enhancement:
           ◦ Remove MIME type and file extension filter from file selector prompt to allow upload of any file type
       • Organization admin enhancement:
           ◦ Allow to change email address of existing organization admin
         • API enhancements:
           ◦ Get One Global Code/Account
               ▪ Show more info for last logged in site
           ◦ Organization Add API
               ▪ Support new authentication type: SAML SSO
               ▪ Generate organization code
           ◦ Organization Edit API
               ▪ Support new authentication type: SAML SSO
           ◦ Get One/All Organization(s)
               ▪ Show organization code and SAML settings in output

    This update includes the following fixes:
       • Duplicate Site Settings
           ◦ Fix site duplicate status showing 100% and never transiting to Success and settings not syncing down to gateway
       • Dashboard
           ◦ Fix 403 Forbidden error in the shortcut panel when logged-in admin has no admin edit role
       • API
           ◦ Fix Get All Sessions issue where filtering by inactive sessions shows all records
           ◦ Fix Get One Global Account showing Code Not Found error for first API call

    ASP VERSION: 2.0.2
    RELEASE DATE: 26 Sep 2022