Category: SG5 Release Notes

ANTlabs

    SG 5 Update #13

    This update adds the following:  

       – PMS System Compatibility: Resolved an issue that caused non-web-based PMS systems to stop functioning correctly.

       – HA Failover Performance: Fixed a problem on some SG 5200 deployments where failover took longer than expected.

       – LDAP Authentication Fix: Addressed an issue where admin GUI login via LDAP authentication failed when the LDAP server used LDAP_OPT_REFERRALS.

       – Account Expiry Issue: Fixed a bug where user accounts created through the account printer expired immediately after creation. 

    Note: This update shall also update the HA peer node without having to failover, provided the HA peer node is already patched up to Update 12.
    So, you would need to ensure that both HA nodes are patched up to Update 12 and then apply Update 13 to take advantage of this feature (automatic patching of HA peer without failing over). 

    Release Date: 22 Apr 2025
    PackageName:13.SG5000_base-sys-hotfix-20250417-01.pkg
    MD5 Checksum:65d6cecab6ed043ebedba6642a2c262b
    File size: 6.6 MB

    SG 5 Update #12

    This update adds the following:

         – Updated 10GE Network Driver: Enhanced compatibility and performance for SG 5200 and IG 4210S models. Note: manual reboot is required for the updated driver to take effect.

         – Fixed SSL Certificate Recognition Issue: Resolved a problem where the system failed to recognize the custom SSL certificate if its domain name contained uppercase letters.

         – Resolved Admin GUI Access Blockage: Fixed the issue where a rare race condition could prevent access to the admin GUI.

    Release Date: 3 Apr 2025
    PackageName: 12.SG5000_base-sys-hotfix-20250402-01.pkg
    MD5 Checksum: 15a7c9c4ff6a42c5d926cbb1986bab05
    File size: 318 KB

    SG 5 Update #11

    This update adds the following enhancements:

    • Downstream login
    • Credit Card Authentication – support for more payment gateways:
    • Cybersource Unified Checkout
    • Note: ASP 2.0.6 is required to support this.
    • Bank of Maldives Connect API
    • Note: ASP 2.0.3 is required.
    • PMS Authentication – new support for Mews PMS
    • Bigger fonts and clearer instructions to guide user to switch to Safari for social media login (Facebook, Google) on iOS devices
    • Note: this Safari-switching feature has been available at the Admin GUI > Authentication > Settings

    • Update ezxcess.antlabs.com SSL certificate – new expiry in February 2026

    • New dashboard.now for downstream users to view the logged-in success page or the landing page before login

    • PMS-related enhancements
    • New diagnostics page for Shiji Cloud PMS
    • Guest information check based on room code
    • Posting
    • With SkyTouch /CONNECT PMS (Events Webhook), the gateway’s web API shall accept any Content-Type header beginning with application/json

    • Add Sync Now feature to Date & Time settings page to allow the admin user to have system time synced up with the NTP server immediately

    • System Log enhancement
    • Remote syslog enhancement
    • New option to use TCP connection to the remote server
    • New option to use RFC 3339 date/time format, e.g. 2025-12-31T23:59:59+02:00
    • New option to customize the host name that shows in the log entries

    • Support incoming SFTP-mode SCP operations

    • CLI enhancements
    • Support for | pipe operator to direct stdout of one program to stdin of another
    • Hit Tab key for auto-complete of commands, folders and file names
    • Many more commands
    • New non-elevated mode commands to support troubleshooting
    • New supervisor mode commands, including
    • mgmt to display/change management port IP settings
    • wan to display/change WAN IP settings
    • Note: existing CLI sessions will not work properly after applying this update. Please logout of existing CLI sessions and login again to access the new CLI commands.

    • Security enhancements:
    • Allow Admin GUI’s Remote Access page to optionally configure Ciphers, Key Exchange Algorithms, Message Authentication Codes (MACs)
    • Note: OpenSSH configuration format is required for the input. Multiple ciphers must be comma-separated.
    • Resolve various SSH vulnerabilities – CVE-2023-48795, CVE-2023-51385, CVE-2024-6387
    • Prevent after-login downstream web proxy access to management network
    • Prevent management port IP from appearing in the output of a downstream traceroute to an upstream IP
    • Web proxy (used by HTTPS domain walled garden) upgrade to include CVE-2023-25076 vulnerability fix
    • Prevent revealing of web server version via a web-accessible file

    • Performance enhancements:
    • Upgrade web server and tune its per-client connection and request rate limits
    • Online Certificate Status Protocol (OCSP) stapling for custom SSL certificate so user checking the certificate’s validity gets a faster response

    • Admin GUI enhancements:
    • Display configured web-filter profile number when viewing plan via ASP page’s View Plans
    • Remove checks that are not needed from Go-live System Checks

    • Applying consistency across the various product models
    • 15 plan-based relogin zones
    • 30 event locations

    • Other system component updates:
    • Client manager update to stop performing legacy license check on startup
    • New scan_data API to open camera to scan boarding pass or passport and scan_add to post up to ASP the data that has been scanned
    • Note: ASP 2.0.6 is required to accept the data from scan_add and show in reports
    • Update auth_logout API and login session manager module to support sending up the session termination cause to ASP
    • auth_logout now supports a new optional termination_reason input that accepts any of the RFC 2866-defined Acct-Terminate-Cause code values
    • account_add API to return a more informative error message when account already exists
    • social_init API to return an error for Instagram. Instagram has deprecated its login API since December 2024 so the ANTlabs gateway can no longer support Instagram login as a downstream authentication method.
    • Update NTP client to update hardware clock whenever date/time is set via NTP

    *This update includes the following fixes:

    • Downstream-related issues
    • Multi-WAN load balancing-related issues
    • Client manager issues
    • ASP settings sync issues
    • Admin GUI issues
    • CLI fixes
    • API fixes
    • Fix report-related issues
    • Lawful intercept fix
    • Fix some gateways having wrong QoS setup
    • Other system component fixes

    *Note: You may check the full details of the updates in the Partner Portal under the Product Update & Patches tab, inside the SG 5 Patch Release/Technical Notes folder.

    This update does not automatically reboot the gateway. The enhancements and fixes take effect upon applying the update. Admin GUI updates require relogin to the GUI to see the new changes.

    Release Date: 17 March 2025
    PackageName: 11.SG5000_base-sys-bulk05-20240910-01.pkg
    MD5 Checksum: 7865661b1fea441adf3d7287a548bde8 (updated 19 Mar 2025)
    File size: 115 MB

    SG 5 Update #10

    This update adds the following enhancements:

      – Kernel upgrade
          • Better performance
          • Enhanced support for vSG
                • VMXNET3 paravirtual network driver support
                • Updated drivers for passthrough compatibility with more network card hardware

      – Client manager upgrade
          • IP conflict event to include target IP address (typically the client’s gateway address) for informed troubleshooting
          • IP conflict events caused by gratuitous ARP not to trigger arpdIpConflictTrap SNMP trap
          • Handle ARP packet with both IP and VLAN location change

      – Removed bootloader serial I/O for the hardware gateway appliances
          • Prevent PMS serial traffic from pausing the boot cycle

    This update fixes the issue where TM, the epoch timestamp field, in the lawful intercept log is always zero.

    On successful application of this update, the gateway will reboot automatically.

    Release Date: 17 March 2025
    Update File Name:10.SG5000_base-sys-kernel-20240829-01.pkg
    MD5 Checksum: cab736b61506fc2b0ae446e307c23660
    File size: 73 MB

    SG 5 Update #9

    This update includes the following fixes:

    • – Fix the issue where the hourly scheduled job that does file rotation for the local lawful intercept logs is not running
    • – Fix the VLAN not being updated in the session monitor page when there is a change of VLAN for a downstream device

    Release Date: 30 April 2024
    Update File Name: 09.SG5000_base-sys-hotfix-20240425-01.pkg
    MD5 Checksum: 6d1e7a45b81b7ac9303286374cf392de
    File size: 452 KB

    SG 5 Update #8

    Release Date: 18 March 2024
    Update File Name:08.SG5000_base-sys-bulk04-20230822-01.pkg
    MD5 Checksum: a017b1e7574c0fe1da181c719c2d5560
    File size: 173 MB

    Note: this update takes up to 3 minutes to complete. Please wait for the update to complete. After the software update has been completed, the Updates GUI page will be updated to show the update status. While the software update is in progress, please do not start another instance of Update 8 patching.

    SG 5 Update #7

    This update adds the following enhancements:

    • – Web server enhancements:
      • > Performance tuning of the web redirect component to handle more load especially for the larger capacity product models
      • > Enhanced stability under some load conditions
    • – Admin GUI enhancements:
      • > Sync feature of ANTlabs Service Provider page enhanced to show the status of the most recent sync of gateway settings from ASP and allow user to view the details of the synced settings (plans, portals, bandwidth, VLANs)
      • > Show system name in login page and at the top banner after login
        • *Note: system name is configured at Settings > SNMP and will take effect upon logging out and logging back in to the admin GUI. The reboot recommendation you get after the save is for the purpose of applying changes (if any) to other SNMP settings that require other services such as the client manager to restart, so the reboot recommendation can be safely ignored where no such changes are made.

    The following bug fixes are included in this update:

    • – Network-related fixes:
      • > Fix WAN SNAT
        • – Fix gateway not responding to configured SNAT IP ranges on the WAN interface
        • – Fix issue where HA passive node responds to SNAT IP on the WAN interface
      • > Fix passive node in HA setup to not respond to ARP requests for LAN IP
      • > Fix static source routes not taking effect
    • – Prepare for pairing command (invoked via admin GUI or CLI) enhanced to reset the HA node identifier to fix loss of HA communications after a cloned vSG node joins the active node from which it was cloned
    • – Network bandwidth-related fixes:
      • > SG 5400 only – Fix QoS server so VLAN-tagged client traffic goes under the assigned QoS tier
      • > Fix speed optimization (turning off redirection of some downstream traffic to a QoS concentrator) not taking effect under some conditions
    • – Fix PMS room change not triggering dynamic PAN VLAN update for the guest’s user account, so user device could not go under the new room’s mapped VLAN even after re-associating with the downstream WiFi network
    • – Fix bugs in syncing of plans/locations from ASP:
      • > Fix sync errors of existing plans with mismatched plan types
      • > Fix autologin location not honouring the assigned plan bandwidth settings
      • > Fix fallback web-based mechanism of autologin locations not granting internet access
    • – Fix notification of software update level difference between two HA nodes not showing upon logging in to admin GUI
    • – Authentication log-related fixes
      • > Fill in appropriate error messages for:
        • – User account creation error for the RADIUS authentication scenario
        • – Some rare errors encountered during SMS-verified form authentication
      • > Fix additional ‘Fail’ authentication log being created, resulting in two logs for the same login attempt — one ‘Incomplete’, the other ‘Fail’ — when social media platform invokes callback to the gateway with an error condition. Should just update the first log from ‘Incomplete’ to ‘Fail’.

    Release Date: 20 JULY 2023
    Update File Name: 07.SG5000_base-sys-snat-202300508-01.pkg
    MD5 Checksum: 39bd9ff806d634ebda21323441475170

    SG 5 Update #6

    This update updates the default ezxcess.antlabs.com SSL certificate. New expiry date is 13 April 2024.

    Release Date: 22 Mar 2023
    Update File Name:06.SG5000_base-hotfix-certificate-202300320-01.pkg
    File Size: 22 KB
    MD5 Checksum: 5ff999f0c4c5b6e1211d5f44c5cdfca9

    SG 5 Update #5

    This update includes the following fixes:
        • Web server upgrade
            • Enhance stability in rare situation of receiving very long URLs
            • Support proxying to a target domain name with underscore character _

    This update also increases the maximum file upload size of the web server to support uploading of larger patch package files.

    SG 5 Update Release No. 5
    Release Date: 24 Feb 2023
    Update File Name: 05.SG5000_base-hotfix-nginx-20230221-01.pkg
    File Size: 1.4 MB
    MD5 Checksum: 2fde3f01976947d4fb5a39dc0167b52b

    SG 5 Update #4

    This update includes the following enhancements:

    • > Support for SkyTouch /CONNECT PMS (Events Webhook)
    • > Multi-WAN load-balancing support for WAN DHCP configuration
    • > View and download various logs via web-admin GUI
    • > Performance tuning
      • – PHP web process manager configuration update
      • – Network QoS service upgrade
    • > Security enhancements
      • – Remote Access service upgrade for more secure ciphers and algorithms
      • – Firewall enhancements for traffic directed at the gateway
      • – System monitoring service update
    • > Kernel upgrade for better performance
    • > System component upgrades
      • – Web server upgrade for proxy services
      • – Speed up frequency of syncing ASP-managed settings to gateway
      • – PAN service upgrade
    • > Dashboard shortcuts
      • – Remove short cuts that are no longer used — Plans, Locations
      • – Add new shortcuts — ASP, Updates
    • > API upgrade

    This update includes the following fixes:

    • > HA-related fixes
      • – Fix out-of-box SG5 v5 appliances not being able to set up HA. HA service now uses unicast for communication between nodes.
      • – Fix Micros PMS user settings not failing over to HA backup node
      • – Ensure HA nodes do not lose communication with each other after snapshot restore
        • > Physical appliances’ snapshot restore fix so HA link-present snapshot restore can complete without losing HA communications between the nodes
        • > CLI prepare_for_pairing and HA module updates
          • – For vSG Express/Pro, HA link-present VM snapshot restore is not supported. It is recommended to first break the HA link, snapshot restore the nodes, then use CLI prepare_for_pairing or GUI prepare for pairing to prepare the backup node to join the active node
    • > Micros PMS (1700/2000/3700/4700/8700) fixes
      • – Fix not deleting outdated room status when Daily Guest Status Cleanup is enabled
      • – Fix “Computer Inquire” Inquiry Method not using the Computer Inquire method during second phase of the two-step posting
    • > Fix application shaping service to emit proper messages during startup
    • > Remove subnet control from LAN IP GUI
    • > Fix some Remote Syslog settings not saved correctly
    • > Admin framework fix so view-only user is not allowed to reboot system
    • > ASP-related fixes
      • – Fix ASP sync component not syncing the plan’s application shaping rules’ categories correctly
      • – Fix ASP server configuration component not updating the accounting server configuration

    The gateway will automatically reboot upon successful application of this update.

    SG 5 Update Release No. 4
    Release Date: 13 Jan 2023
    Update File Name:04.SG5000_base-sys-bulk03-20220808-01.pkg
    File Size: 63 MB
    b39139506c4bedfa4e5077d0827be840 (build 27)