Blogs

Submitted by anders on Fri, 07 Dec 2012 11:47

We have some exciting news about our spam prevention series. The upgrade to FreeBSD 9 and overall refactoring was not the only treatment the SP series got this autumn and winter. We have collected feedback and performed evaluations of how our customers uses the web interfaces, trying to figure out what the best possible reporting and logging experience would be like. Read on to see what this has resulted in.

Submitted by anders on Wed, 17 Oct 2012 08:50

Have you received spam with subjects like

• Tjana pengar pa ett socialt ansvarstagande arbete
• Skapa ett battre liv for dina medmanniskor och tjana pengar pa det
• Vi erbjuder dig ett arbete pa fritiden, lon fran 90 EUR i timman
• Fa 90 EUR kontant i handen for den forsta timmens arbete inom tre dagar

Submitted by anders on Mon, 15 Oct 2012 13:08

It seems that significantly increased performance is not the only enhancement in the next security router release, due in a few days.

We said to ourselves; "wouldn't graphs that update every second with live data be useful", and a few hours later the statd process was tweaked to output 1-second measurements of traffic, CPU, firewall states, etc. and the graph library was modified to dynamically populate data-points (in addition to the "historical" rrdtool file format support that it currently has).

Submitted by anders on Thu, 11 Oct 2012 14:11

While waiting for OpenBSD 5.2 to be officially released, we'll be releasing another security router (SR) update based on our current OpenBSD version, but with various improvements.

One of them is a rather interesting patch that has been floating around for some time, could nearly double the raw forwarding (routing) performance.

Submitted by anders on Mon, 01 Oct 2012 22:11

This major release started out as a FreeBSD 9 transition, but the substantial structural changes that, as usual, come with such a transition have made it into a lot more. Although the traditional goal is to minimise code changes (for stability testing and regression reasons), there are motivations for refactoring and renewal in general. Because the FreeBSD version transition basically forces us to re-test everything, not only unit-testing but mainly real-world operation, this is a great time to do such work.

Submitted by anders on Fri, 16 Mar 2012 10:54

As you might have noticed, this year we released a new series of firewalls (or security routers, as we prefer to call them). They have, since the introduction, included a rather competent load balancer, which was configured using the load-balancer { directive, which is briefly explained at the wiki.

Submitted by anders on Tue, 17 Jan 2012 11:17

Our e-mail gateways has supported IPv6 throughout for a long time, but did you know that they also support IPv6 reputation and layer-3 filtering? Our so-called ippolicyd (an asynchronous process, party implemented in the FreeBSD kernel, and designed to protect the gateway in cases of immerse amounts of traffic) in combination with the recently IPv6-enabled GlobalView (IP reputation) service makes us the (I suppose) first commercial appliance to perform IPv6 reputation!

Keep an eye on the software update section; the release 2.3.4 that will introduce IPv6 reputation is imminent.

Submitted by erik on Thu, 17 Mar 2011 09:42

Last month the migration towards IPv6 got some attention (again) when the last remaining blocks of IPv4 addresses were allocated, and we were "officially" out of IPv4 addresses. If you only read the headlines, this problem might seem more problematic than it really is, while it's true that the last addresses were allocated they have been given out to secondary organizations that handles the distribution to companies and service providers and with the upcoming after market those who want to pay hard cash will still be able to get IPv4 addresses.

Submitted by erik on Thu, 25 Nov 2010 15:46

This time I'm going to show how to deploy a VSP/SPG with multiple domains using the SOAP interface scripted in PHP (http://php.net). This comes in handy when you're facing the task of otherwise manually adding hundreds of domains with all or some different mail transports. If they all share the same transport, you could save yourself some trouble and use a "any"-domain (catch-all) instead, if the domain exists will then be determinated in the recipient flow by SMTP lookup (if this raises any questions contact our support :).

Assemble a list...

Submitted by anders on Thu, 18 Nov 2010 19:33

We're getting some rest on the train back from Malmö, and happy to announce that all attendees of this years certification seminars have passed the notoriously difficult examination test with flying colors! They are now highly qualified Halon professionals, and ready to serve potential new customers out there. Logotypes and links to new partners will appear on the reseller listing page shortly.

I like to express my great appreciation to all attendees for their patience, interest and hard work during these three days. You're the best!

Submitted by anders on Fri, 15 Oct 2010 10:21 Thanks everyone for making VMworld Europe a great conference! If you didn't follow our twitter, here some images that we posted.

booth 2.0! since we got a quite hidden booth, we made a manual upgrade ;)

said hello to zimbra in their vmworld booth

halon beer, good to put out fire with? ;)

Submitted by anders on Fri, 08 Oct 2010 19:08

The upcoming version, 2.2.3, will be even better on iPhone!

We have streamlined the interface, bundled it as a web app, and changed the title to the IP address or hostname on mobile devices such as iPhone, Android or Blackberry.

There are loads of additional new features, which will announced during the VMworld conference next week. Below is a teaser, showing only how to add a VSP as an icon.

Submitted by anders on Thu, 23 Sep 2010 16:17

It's confirmed; we'll be at VMworld Europe in booth 88! Come join us, register at http://www.vmworld.com/registration.jspa

This is what our booth panel looks like:

Submitted by erik on Tue, 14 Sep 2010 12:08

It has been almost two weeks since our last blog post, which was about version 2.2.2.2 and its features. The next version, 2.2.3, isn't ready for a public release yet, but is working just fine (if you want to try the latest beta, leave a comment!). In this post, we're going to reveal some nice features that will be available.

Submitted by anders on Thu, 02 Sep 2010 16:11

Today, on the 2nd of September we release H/OS 2.2.2.2. Neat, right?

Among the new features you'll find the DNSSEC trusting the newly signed root anchor, administration user interface improvements and the usual stability and performance enhancements.

Now why would you care? Well, this could be your first step into the next generation of e-mail security. Why not start DKIM tagging when you're at it?

Submitted by anders on Thu, 29 Jul 2010 15:15

In addition to supporting SMTP and LDAP to synchronize accounts with a Novell GroupWise server, our mail security appliances SPG and VSP now integrates even better. They are now able to associate alias addresses in the quarantine, in order for users with multiple e-mail addresses to have just one quarantine box.

It also fixes minor bugs, and as always we encourage all users to update as soon as possible. Don't panic if you are having vacation, though :)

Submitted by erik on Tue, 27 Jul 2010 11:41 Today we migrated all users from the old site (old.halon.se) to our new site, all appliances are still there and all applied vouchers are shown. It is still in development but it will be prettier in the next coming days.

Your username and password stays the same, but keep in mind if you want to comment on the site with a friendly username you could send me a message telling me what username you want on the site and I'll change it for you.

Submitted by anders on Wed, 07 Jul 2010 16:29

Today we bring you another feature release for the SPG/VSP/HSP mail security products! Feature releases typically jumps the third digit in the version number, from 2.2.1.1 to 2.2.2 in this case. Now isn't 2.2.2 a remarkably neat version number?

As you might have figured out, the first digit is just saying that you are using H/OS 2, the current operating system. The second digit is the major version, the third digit is the feature version, and the fourth digit is the patch level.

— “Adding some spice to the scripting language you say, it sounds interesting”

Submitted by anders on Thu, 24 Jun 2010 12:04

A long time ago, we incorporated cryptographic functions into our scripting language, HSL, in order for users to build features such as BATV. While very flexible, it sure was not user friendly :) Therefore, we present to you; batv_sign(), batv_verify() and batv_strip() which you can read about in our wiki documentation and of course in the HSL function reference.

Submitted by erik on Thu, 17 Jun 2010 01:16

Today we participated in a panel discussion about IPv6 deployment arranged by the Swedish Post and Telecom Agency (PTS). See the full video below (sorry, Swedish only).

Submitted by anders on Fri, 11 Jun 2010 10:57

If not, it's time to get started with tunneled IPv6. At least until you get native IPv6 from your internet provider. There are a lot of free IPv6 tunnel broker providers, but HE is one of the most mature and widely used. Before you start; some fun facts! The tunnel below work both ways, and is totally unfiltered. Further, the tunnel is very fast, usually saturating ADSL internet connections. In other words; deploy your website over IPv6 today! If you are also using our stunning SPG/VSP mail appliance, start receiving e-mail over IPv6 as well. Anyway, let's get started.

Submitted by anders on Tue, 01 Jun 2010 16:27

The sun is shining is Sweden, and we introduce a brand new site.

In addition to being prettier and easier to navigate, it will offer more functionality. For example, you may comment on this fine piece of blog post :) Further, you'll be able to (as soon as we've migrated the users from the old site) manage, buy, update, etc your appliances in one place. Please share any thoughts with us!