Changes from DFL-210/800/1600/2500 v2.05.00 to v2.11.02
-------------------------------------------------------

ВАЖНО!

После обновления прошивки, преведущая конфигурация сохраняется, дополнительно
настраивать устройство не требуется.

Структура конфигурационного файла новой прошивки 2.11.02 отличается от структуры <=2.05 
При установке прошивки 2.11.02 поверх <=2.05 конфигурационная структура будет
автоматически переведена в 2.11.02, использовать конфиги от <=2.05 в 2.11.02 и 
наоборот не получится. Огромная просьба делать резервные копии конфигурационных
файлов и при проблемах автоматической переконфигурации возвращяйтесь на 2.05 и 
восстанавливайте сохранённый конфиг.

Important note:
Firmware 2.11.02 uses a new configuration format. The new format is not
compatible with the format used in 2.05 and earlier. These configuration files
will be automatically converted to the new format during the first start-up.
Older firmware (2.00 - 2.05) can not understand the new format.

Customers that had firmware 2.00 - 2.05 factory installed can use
reset-to-factory to restore their firmware from 2.11 to 2.0x.

Customers with firmware 2.11 and later factory installed can not downgrade
to 2.00 - 2.05.

All users are encouraged to make a backup of the configuration before upgrading
to firmware 2.11.02.


Bug fixes
---------

#2873 - The L2TP server could not handle incoming L2TP client requests sent
        over IPsec if the clients were located behind the same NAT gateway.

#4010 - L2TP implementation incompatible with some other L2TP implementations.
        For one, the L2TP server failed to establish a tunnel with the L2TP
        client in D-Link DI-604.

        Affects DFL-210 and DFL-800.

#3322 - PPTP server sometimes failed to send any traffic at all through a newly
        connected tunnel. Packets could only be sent from the client to the
        server, not from the server to the client. The PPTP client had to be
        reconnected one or more times before traffic could be sent in both
        directions through the tunnel.

        Affects dfl 2.00.00 and up

#3783 - During high load using SLB and Stickiness the firewall may have
        malfunctioned.

        Affects dfl 2.00.00 and up


Changes
-------

      - The IPsec engine has been upgraded.

#3483 - The CLI has been upgraded and do now have configuration possibilites.

      - The configuration format and engine has changed. The new format is not
        compatible with the old one. Configuration files from 2.05 and earlier
        will be automatically converted to the new format during first start-up.

#3387 - SSH server has been added. Remote management is now possible via SSH and
        the CLI.

      - A SSH keygenerator has been added. Can be found under Tools->SSH-Keygen

#3399 - IDS (Intrusion Detection System) has been renamed to IDP (Intrusion
        Detection and Prevention).

      - The IDP engine has been upgraded and enhanced.

      - An advanced IDP service is available from D-Link. The new service has
        fast and frequent updates (up to several updates per day). More
        information can be found on D-Links security portal
        (http://security.dlink.com.tw).

      - TCP pseudo reassembly has been added. IDP scanning is now stream based
        instead of packet based.

#3107 - The log system has been enhanced. All log messages have been assigned
        unique IDs. The ID number can be used to find more information about
        the log message from the Log Reference Guide (available for download
        from D-Link).

      - A new folder has been added under Objects, called "Authentication
        Objects". Pre-shared keys (previously found under
        "Objects->VPN Objects->Pre-Shared Keys"), Certificates (previously found
        under "Objects->X.509 Certificates") and SSH Client keys (new) can be
        configured here.

      - The "Traffic Shaping" folder has been moved to a new folder called
        "Traffic Management".

      - "Threshold rules" has been moved to the new "Traffic Management"
        folder.

      - A new drop down menu, called "Maintenance", has been added in the
        toolbar. Backup, reset and upgrade have been moved to this menu. New
        items are "Update Center", "License" and "Tech support". The last one
        can be used in contact with D-Link support to provide information about
        the firewall while troubleshooting.

#2925 - Blacklisting has been added.
     
#1054 - Ethernet interfaces are not reset during activation of new
        configuration settings.

#3097 - DHCP packets (UDP port 67/68) sent through the firewall will be dropped
        if there is no DHCP relayer configured. DHCP packets can not be
        forwarded using the IP ruleset.

#3989 - DES-3526 (R4.01-B19 or later) and DES-3550 (R4.01-B19 or later) are now
        also supported by ZoneDefense. 4.xx firmware is recommended for these
        two switches, since firewall-switch communication is faster than with
        3.xx switch firmware.

      - IDP log messages in Mem-Log and SMTP-Log now include a link to the
        advisory information on D-Link's security portal.


For more details of new features download the new user manual, CLI reference
guide and log reference guide from D-Link's website.