Uncategorized

USG Firmware v4.4.34

Changes since 4.4.29 release:

  • Significant fixes in load-balance functionality (multi-WAN).
    • Fix circumstances where route metrics were not being properly updated, primarily experienced upon fail back. 
    • Fix problem that could cause one or both WANs to be marked down and get stuck in that state. 
    • Fix crash in ubnt-util when a WAN is down for an extended period. Wasn’t causing any noticeable problems since it recovers on its own. 
  • IDS/IPS fixes/improvements
    • utmdaemon high CPU usage fixed (cause of “heartbeat missed” a few reported). Note that cannot prevent “heartbeat missed” in all possible circumstances. Where under extreme load for extended periods, it’s inevitable for userland to be starved of resources enough to miss informs. 
    • Added a couple missing signatures to those bundled in firmware so all are immediately available post-upgrade. Some noted spamhaus.rules was only available after signature update.
    • Suricata version string corrected to reflect specific version.
    • Patch for CVE-2018-18956 denial of service vulnerability in Suricata.
    • Reduce frequency of lookups to ips1.unifi-ai.com for cloud connectivity.
    • Adjust configuration for USG3 and USG Pro to decrease CPU and memory usage. 
  • If no interface with “description WAN” is found (config.gateway.json overwriting the controller-generated config), assume the default interface assignment for that hardware platform, so config_network_wan is included in the inform. That prevents INFORM_ERROR status on controller versions prior to 5.9.28. In 5.9.28 and newer controllers, there is also a change controller-side to not end up in this condition regardless of whether this firmware-side change is available.
  • Speed test updates to not get stuck on a non-responsive server.