This article contains all software release notes for the Datto Networking Appliance. The latest updates are listed first.
- Datto Networking Appliance (DNA)
- September 12, 2018
- August 28, 2018
- August 16, 2018
- August 15, 2018
- July 31, 2018
- July 26, 2018
- June 25, 2018
- June 5, 2018
- May 17, 2018
- May 2, 2018
- April 18, 2018
- March 22, 2018
- March 15, 2018
- March 14, 2018
- March 8, 2018
- February 27, 2018
- February 13, 2018
- January 24, 2018
- January 10, 2018
- November 21, 2017
- November 9, 2017
- October 23, 2017
- October 20, 2017
- October 16, 2017
- October 9, 2017
- September 19, 2017
- September 7, 2017
- August 28, 2017
- August 23. 2017
- August 21, 2017
- August 15, 2017
- August 7, 2017
- August 3, 2017
- July 24, 2017
- July 12, 2017
- July 10, 2017
- June 27, 2017
- June 14, 2017
- June 13, 2017
- June 12, 2017
- May 19, 2017
- May 15, 2017
- May 11, 2017
- May 10, 2017
- May 4, 2017
- April 4, 2017
- March 9, 2017
- March 1, 2017
- February 28, 2017
- February 23, 2017
- February 14, 2017
- February 8, 2017
- February 6, 2017
September 12, 2018
Bug Fixes (firmware version 1.15.4 required)
- Resolved an issue where IPsec tunnel initiations would not establish on a responder DNA with client VPN enabled.
- Resolved an issue that prevented the login page from displaying after a device GUI session had expired.
- Resolved an issue that could cause LTE connectivity failures on some DNA-EA5-KZ1 units.
August 28, 2018
Improvements (firmware update not required)
- Added functionality that improves management for distinct site-to-site VPN topologies.
- Added functionality that allows operators to remove configuration backups.
August 16, 2018
Improvements (firmware update not required)
- Added functionality that allows operators to enable or disable the transmission of unclassified traffic through the DNA web filtering feature.
August 15, 2018
New Features (firmware version 1.15.3 required)
- Network Objects - DMZ Host: Operators can now specify a network object when creating or modifying a DMZ Host.
- Site-to-Site VPN IPsec policies: Operators now have full control of the IPSec policies used between the DNA and non-DNA peers.
- Added timezones for all regions with DNA availability.
- Added a graphical representation of network utilization per client.
- Added functionality that allows operators to adjust the MTU of the WAN interface.
- Resolved an issue where a WiFi network failed to add to a LAN lacking DHCP configuration.
- Resolved an issue that intercepted outbound traffic to recently modified subnets in static routes.
- Resolved an issue where IPsec connections timed out after 20 minutes for MacOS clients.
- Resolved an issue that logged false "tunnel up" events.
- Resolved an issue where OpenVPN user authentication failures were not sent to clients.
- Resolved an issue where VPN certificates failed to generate.
- Resolved an issue where system logs under recent events failed to load.
July 31, 2018
Improvements (firmware update not required)
- Added functionality that allows operators to select or remove all web filtering categories at once.
July 26, 2018
New Features (firmware version 1.15.1 required)
TitanHQ Web Filter: The DNA now uses TitanHQ for an improved web filtering experience. Read the DNA: Web Filters article for more information.
June 25, 2018
Bug Fixes (firmware version 1.14.4 required):
- Resolved an issue which could cause the Datto Networking Appliance's UI to stop accepting changes in certain situations.
June 5, 2018
New Features (firmware version 1.14.3 required):
- Diagnostics: A new page with networking diagnostic tools has been added to the DNA GUI. For a full list of tools, see our Datto Networking Appliance: Getting Started article.
- MAC Address Override: WAN interfaces assigned to the DNA can now be manually specified.
- Network Objects: Operators can now limit access to port forwarding rules by Network Objects (IP ranges, subnets, etc.).
- Added functionality that will allow the DNA to autonegotiate reconnection to a VPN peer device when failing over.
- Operators can now specify what LAN subnets are accessible in a site-to-site VPN setup.
- Resolved an issue where connecting to OpenVPN using the same credentials as another active session will cause that user to disconnect.
New Features (no firmware update required):
- Customizable Description Field: From the DNA Settings card, operators can label their DNA with a description separate from its hostname to assist with fleet management.
- Resolved an issue where removing a spoke site in a multi-VPN setup would cause the hub DNA to lose all its configuration.
May 2, 2018
Improvements (firmware version 1.13.2 required):
- For DNA-NA5-US units only, changed the default APN for the LTE connection to improve performance.
- Resolved an issue which caused undesirable modification of SIP packets under certain circumstances.
New Features (firmware version 1.13.0 required):
- WAN Load Balancing: Allows an operator to configure the DNA to use multiple WAN connections for increased throughput, per-WAN load percentages to allow optimal performance in deployments with asymmetric link capacity, and local subnets to prefer either the ISP 1 or ISP 2 interface.
- Ethernet Settings: Adds a configuration card which allows an operator to adjust link speed and duplex settings for the appliance's physical ports.
- Failover Policy Control: This feature allows an operator to interrupt existing sessions for LAN clients during transitions to and from 4G LTE failover, and to specify the manner in which the DNA interrupts the sessions.
- Renamed the "Static Host Mapping" card to "DNS Static Host Records" for clarity.
- Resolved an issue which could cause the Datto appliance's LTE modem to take a long time to initiate after a hard device reboot.
- Resolved an issue that could cause upgrades to time out and fail as a result of a slow WAN connection.
- Resolved an issue that could cause intermittent connectivity problems with device LTE modems.
- Resolved an issue which could cause certain recent events activity to not display on the Recent Events card.
- Resolved an issue which could cause the DNA to become flooded with jobs, preventing operators from managing the device.
Improvements (no firmware update required):
- Custom DNS for LTE Failover: Added functionality to allow device operators to apply existing custom DNS settings to the LTE interface.
- Reorganized Device UI: The Datto Networking Appliance's user interface has been reorganized to enhance navigation and promote ease of configuration. You can learn more about the new user experience by watching our UI tour video. For a full list of features, see our Datto Networking Appliance: Getting Started article.
- Fixed an issue which could prevent the appliance's secondary WAN IP address from being displayed in the Network Overview panel.
- Resolved an issue that prevented appliances from saving WAN configurations where the SSID contained an emoji.
Improvements (firmware version 220.127.116.11147 required):
- Operators are now able to configure WiFi frequencies on devices authorized for service in Australia and New Zealand.
- Resolved an issue where LTE did not work out-of-box for certain models, which required operators to register the DNA through a wired LAN connection as a workaround.
- Resolved an issue that could cause DHCP relay and static DHCP leases to interfere with the display of IP address for connected clients.
New Features (firmware version 18.104.22.168162 required):
- Port Aggregation Status: Allows an operator to see the status of aggregated ports to verify that they are working as expected and to troubleshoot issues.
- Global WiFi Settings Toggle: Changed wording on the Global WiFi Settings card's on/off toggle to clarify its meaning.
- Fixed an issue that could prevent the description field on a configured WiFi card from being edited if an operator entered a blank value.
- Fixed an issue that prevented DHCP leases from being removed on deletion of a VLAN.
- Fixed an issue that could cause an operator to be repeatedly prompted for credentials when connecting to an IKEv2 client VPN.
Improvements (firmware version 1.11 required):
- The DNA now supports a subnet mask for /30. This is typically configured for LANs connecting to a point-to-point subnet.
- IPsec Profiles: Allows an operator to apply policy and encryption optimizations to a Site-to-Site VPN connection which are appropriate to the profile of the IPsec endpoint in the connecting environment.
- VPN Re-Key Improvements: The DNA will now create a new VPN tunnel before tearing down the existing one during the Automatic Tunnel Restart process, delivering a more seamless experience and ensuring connection continuity for devices connected through Site-to-Site VPN.
New Features (firmware version 22.214.171.124368 required except where noted):
- Inter-Network Accessibility: Allows an operator to specify firewall rules between VLANs configured on the DNA, providing greater control over which VLANs can communicate with other VLANs.
- Static Host Mapping: Allows an operator to specify an IP address to resolve for a given hostname when queried by an internal client on the LAN.
- Port Forwarding: Allows an operator to specify a source IP when directing incoming network traffic to specific destinations within the LAN (firmware update not required).
- Port Aggregation: Allows an operator to combine two or more NICs to act as a single logical link (LACP interface), enabling improved connection performance and redundancy for inter-network traffic passing through the DNA.
- Fixed an issue that could cause the DNA to show an update banner when an update was not available.
- Fixed an issue that could cause the Test Failover button to time out prematurely.
- Fixed an issue that could cause large subnets assigned to a LAN to report duplicate device connections.
- Fixed an issue that could cause IDP (Snort) to fill logs with ping reports for 126.96.36.199 and 188.8.131.52.
New Features (firmware version 184.108.40.206278 required):
- Outbound NAT Support: Allows an operator to configure firewall rules which route traffic through alternate source IP addresses in the private subnets. This feature requires more than one static IP and permits you to specify which external IP address to use for a given host (one IP) or subnet.
- PPPoE Support: Allows an operator to configure either WAN connection to pass a username and password to an ISP connection, so that the connected router can authenticate to the modem.
- Seamless Site-to-Site VPN Failback: Preserves existing Site-to-Site VPN connections during a network transition.
- Fixed an issue that could cause the DNA to bring down an incorrect VPN tunnel when more than one connection is defined.
New Features (firmware version 1.6.0 required):
- DHCP Relay: Allows an operator to configure a DHCP server external to the DNA for more centralized management of client IP addresses.
- Automatic VPN Tunnel Restart: Provides operators with the ability to specify a timeframe for re-keying site-to-site VPN tunnels after they are created.
- Automatic VPN Failback: When using a failover connection, site-to-site VPN will now automatically fail back to the primary WAN when the primary WAN's health is restored.
- Fixed an issue that could cause the DNA to incorrectly prompt for a subnet mask when configuring LANs.
Improvements (firmware version 220.127.116.11 required):
- Client VPN: Added enforcement of server certificate verification. The OpenVPN server must now present a compatible certificate before the connection is trusted by the client. After installing this firmware update, you will need to download new VPN Gateway Certificates and OpenVPN Config Files from the Client VPN card. Old certificates will no longer work.
- Fixed an issue that could cause the LTE connection to appear as unavailable, when in actuality the modem for LTE was becoming unresponsive. This fix will allow the DNA to recognize the modem state and re-establish communication.
- Fixed an issue that could prevent the DNA from going into LTE failover mode when an upstream device, such as an ISP modem, was disconnected.
Improvements (firmware version 18.104.22.168 required):
- Updates to the Datto Networking Appliance providing enhanced time zone support.
- Fixed an issue that could cause IPSec traffic to stop when certain interfaces were detached and reattached to the system by an operator.
Terms of Service Updates
- All device operators will be prompted to acknowledge the updated Terms of Service at the next device login. Once acknowledged, the Terms of Service prompt will not reappear.
Improvements (firmware version 1.4.0 required):
- Updates to the Datto Networking Appliance providing additional modem and SIM support.
New Features (firmware version 1.3.4 required):
- Added functionality to allow the appliance to notify an operator of WAN / LAN conflicts from the Status page.
- Added a conditional DNS forwarding feature which allows the DNA to use a custom target IP address to resolve requests for specific URLs.
- Added functionality to allow an operator to configure /16 subnets (subnets with a theoretical maximum of 65,536 addresses).
- Added functionality to allow VPN clients access hosts behind a site-to-site connected remote DNA.
- Fixed an issue that blocked some IP address from passing through the firewall of the DNA and prevented OpenVPN from working.
- Fixed an issue that could cause site-to-site VPN tunnels to drop unexpectedly and fail to self-heal.
New Features (firmware version 22.214.171.124 required):
- Added functionality to allow an operator to view the status of a Site-to-Site VPN connection.
- Added functionality to allow an operator to view the local subnets required to configure non-DNA clients.
- Added the ability for the DNA to fall back to static DNS information in the event that local DNS information is unavailable.
- Fixed bandwidth data reporting of IP addresses for statically-addressed WiFi clients.
- Fixed an issue that could prevent the LTE modem from coming back up on device reboot.
- Fixed an issue that could cause prevent device checkin under specific conditions.
- Fixed an issue that could prevent ping requests from passing over lte0.
- Fixed an issue that could prevent IKEv2 users from being shown in the device UI.
- Fixed an issue that could cause unsupported device features to be shown in the device UI on older DNA platforms.
- Fixed an issue that could cause LAN information to not report connected devices.
- Fixed an issue that prevented the More Info button for connected devices from displaying device information.
- Fixed an issue that could prevent DHCP leases from being retained by the DNA when the Cancel button was clicked during a LAN card edit.
- Added functionality to allow the assignment of multiple networks to a single LAN port through VLAN tagging.
- Fixed an issue that could prevent the DNA's LTE connection from resuming after a device reboot.
- Fixed an issue that prevented the device from displaying IKEv2 users in the GUI.
- Fixed an issue that could cause user IDs to fail to update after Partner Portal logout.
- Fixed an issue which required users to double-click the Cancel button to cancel an edit on the VLAN card.
- IKEv2 Support for Mac: Adds IKEv2 support for Mac devices connecting via VPN.
- Fixed an issue that could cause internal clients to be unable to reach port forwarded services using NAT reflection.
- Fixed an issue that caused intermittent timeouts when accessing the Top Applications pie chart.
- Fixed an issue that could prevent IKEv2 traffic from reaching the DNA.
- Fixed an issue which could cause latency in the DNA portal and intermittent red banners to appear in the GUI.
- Configuration Restore: Allows an operator to restore the appliance to a previous saved configuration. The appliance will now back up its current settings when a configuration change is made by a user.
- Site-to-Site VPN:
- Restored the 'Reset Connection' connection button to the Site-to-Site VPN configuration card.
- Added functionality to lock the UI if the DNA is configured as a spoke.
- Improved UI badging to more clearly indicate the role of each connection in a static configuration.
- Fixed an issue that could cause subdomain name length validation to be skipped on checkin.
- Fixed an issue that could cause multi-site-to-site migration to fail for very old siteVPN configurations.
- Fixed an issue that could prevent an operator from editing only the router address when configuring a subnet.
Note: Requires firmware update 126.96.36.199.
- Improves algorithm to determine LTE signal strength based on actual connectivity and ping.
Note: Requires firmware update 188.8.131.52.
- Top Applications Reporting (Layer 7 DPI): Partners can view data usage on a per-application basis from the Network Usage card. Requires firmware version 1.0.4 or greater.
- Added update to OS that enables application data reporting through the UI.
- Improved signal strength reporting through the UI.
- 1:Many NAT. Partners can now configure a 1:Many NAT environment through the GUI of the DNA appliance.
Note: Requires firmware update 0.9.1.65.
- Fixed issue with LTE failover which could cause the DNA to stop checking in.
- Fixed issue which caused the Network Overview pane to not display OpenVPN connection details.
- Fixed issue which could cause the DNA to display an incorrect network gateway in the WAN Details pane.
- 1:1 NAT. Partners can now configure a 1:1 NAT environment through the GUI of the DNA appliance.
- Fixed an issue that could cause the DNA to stop checking in after saving DHCP static reservations.
- Fixed an issue that could cause client and site-to-site configurations to be superseded by port forwards.
- OpenVPN Integration: Partners can now use OpenVPN to establish an SSL client VPN connection to the Datto Networking Appliance.
Note: Requires firmware update 0.9.0.64.
- DNA auto-update. DNA auto-update allows an operator to configure a schedule for the DNA to automatically update if and when there is a device update available, and if configured parameters are met. The DNA does not send device updates without being manually initiated. The auto update feature is off and not configured by default.
- OpenVPN. This feature allows a user to configure an SSL Client VPN connection using the same client VPN feature currently in place. When enabled, the subnet is divided in two, allowing half of the subnet to use IPSec IKEv1 or IKEv2 client VPN connectivity, while allowing the other half of addresses to be configured for SSL (OpenVPN) client connectivity.
- Increased the DNA connection tracking table to accommodate larger end-users with more connected clients.
- Improved the modem manager to enhance logging and improve overall LTE modem performance.
- Site-to-Site VPN - Phase 3: When a DNA is configured for site-to-site VPN, the initiator DNA will send a message to the responder DNA to configure itself as the other VPN endpoint, performing all necessary handshakes automatically. This eliminates additional configuration steps currently required for setting up site-to-site VPN.
- DNA Auto-Update: DNA auto-update allows an operator to configure update windows during which the DNA will automatically check for and apply software updates. The auto-update feature is off by default, and must be manually enabled by the operator.
- Hostname character limit: The UI now enforces 63 maximum characters per DNS name segment when configuring hostnames. This is consistent with the RFC1123 standard.
Note: Requires firmware update 0.8.4.58.
- DNA now uses Verizon recommended MTU and MSS values on LTE interface. This will improve performance when in failover.
- Use the DNA’s own resolver and search domain while connected via client VPN. This will enhance the usability for clients connecting and accessing local resources that require a local resolver.
- Fixed issue with client VPN where clients behind the DNA are sometimes inaccessible.
- Fixed issue with client vpn (ike1) where it connects but does not send traffic over the tunnel.
- Fixed issue where webfilters “Ad Networks” was on by default.
- Fixed issue where client VPN outbound client traffic was affected by port forwarding.
- Fixed issue where DMZ stopped client VPN from being able to connect.
- Fixed issue where creating a new LAN stops site-to-site VPN from working on previous LANs.
- Configurable Channel Width: Allows operators to switch between the 20Mhz and 40Mhz WiFi channels to select the setting that best meets their needs.
- Local DNS Resolution: This improvement ensures that clients remotely connecting over VPN will be able to resolve hostnames from a DNS server running on the DNA.
- Fixed a bug that could cause a rendering issue with the Domain Whitelist / Blacklist's Delete button.
- Fixed an issue where creating a new LAN could cause site-to-site VPN to not work on previously configured LANs.
- Fixed a VPN issue that could cause statically-assigned WAN IP addresses to appear in the local & remote subnet data used to populate firewall rules and site VPN IPsec configurations.
Note: Requires firmware update 0.8.0.54.
- Client VPN status now displays in DNA management UI - Under Browse Networks there is now a tab for VPN. This will provide detailed information on what is currently connected and the duration of that connection in real time.
- Client VPN (Windows) no longer requires a third party application - This is also known as IKEv2. Essentially the DNA facilitates a method to build a cert to deploy on clients running a Windows OS that once applied eliminates the need for a third party application.
- Fixed an issue where some websites had been blocked, even after turning off web filtering. Note that you may still need to clear the cache on the client's OS and Web Browser. The DNA does not currently have access to this.
- Fixed an issue where the device stopped collecting bandwidth data after a long period since reboot.
- Fixed the absence of "DNA booted" message when DNA boots in System Events.
- Fixed an issue where enabling Site to Site VPN broke the UI.
- Client VPN Status: Adds a GUI element to provide a realtime view of all devices and clients connected to a DNA.
- Site-to-Site VPN - Phase 2: Adds one-click configuration when setting up a site-to-site VPN connection, eliminating manual steps. Also adds auto-discovery of WAN IP and LAN IP ranges, and auto-generates and assigns a new Pre-Shared Key (PSK) to the DNA.
- IKEv2 for Client VPN: Adds support for native VPN connections to remove the dependency on third-party VPN applications in order to connect to a DNA's LAN.
- Added enforcement of RFC standards for device hostname entries to harden the appliance against certain networking configuration issues.
- Fixed an issue that could cause configuration cards to not sync with configuration changes.
- Fixed an issue that caused the UI to allow slashes in the device hostname, which would break DNS as a result.
- Fixed an issue that could cause the UI to display a blank Network Overview page when enabling Site-to Site-VPN.
Note: Requires firmware update 0.6.1.51.
- Fixed bug where internal LAN was not getting an IP Address - In some scenarios, when creating a new VLAN with DHCP Pool, connected clients are unable to obtain an IP Address. The previous work-around required a reboot.
- Fixed bug where a factory reset breaks web filtering - Details in previous versions of DNA performing a factory reset broke web filtering.
- Fixed bug where LAN shows WAN/LAN conflict when newly created - Previously when you created a new LAN in the UI it showed the message that a WAN/LAN subnet conflict was resolved, even though that wasn't the case since the LAN didn't exist yet.
- Improved "Site Blocked" page served up when web filter rule is triggered - Language referencing the DNA has been removed and general syntax has been updated.
- Implementation of Dynamic DNS (DDNS) - The DNA now provides a persistent addressing method for the DNA so that WAN IP address changes will not impact services that require a consistent inbound address.
- DNA Now supports system logs in Network Overview - The DNA now collects and reports system logs for the following events:
- Update initiated + Version upgrading to + user / process (if automated) that initiated
- Update successful + New Version
- Update failed + Version failed to upgrade to
- WAN/LTE Interface up + human readable Interface (not VLANX)
- WAN/LTE Interface down + human readable Interface (not VLANX)
- Factory reset + user that initiated
- System Start Time
- Added whitelist and blacklist for web filters - The DNA Web Filtering feature now supports adding whitelists and blacklists for specific sites to work in combination with existing web filter categories.
- Site to Site VPN support - The DNA now supports IPSec Site to Site VPN between another DNA.
- IP Address Reservations (DHCP Reservations): Allows the reservation of a static IP, within a subnet range of a VLAN, to be statically assigned to a specific device by MAC Address, on a per-VLAN basis.
- Remote Power-Cycle DNA: Adds a UI element to allow ‘soft’ reboot functionality of the DNA through the DNA management interface.
- Dynamic DNS: Provides a persistent addressing method for a DNA so that WAN IP address changes will not impact services that require a consistent inbound address, e.g. for local exchange server, client VPN server. The DDNS name is factory configured and is not user-configurable.
- Web Filtering Whitelisting / Blacklisting: In addition to webfilter categories, the DNA now offers the option of adding sites to either whitelists or blacklists.
- System Logging: Adds a UI element to report DNA system events. This is a view-only system log which displays historical changes on the DNA. These events include:
- Update initiated + Version upgrading to + user / process (if automated) that initiated it
- Update successful + new version
- Update failed + version failed to upgrade to
- WAN/LTE Interface up + human readable interface (not VLANX)
- WAN/LTE Interface down + human readable interface (not VLANX)
- Factory reset + user that initiated
- System start time
- Fixes an issue that could cause a false WAN/LAN conflict message on initial LAN creation.
- Adds firewall rules to allow traffic between VPN endpoints across the tunnel. This ensures that a client system behind a DNA can communicate with a client system behind another DNA, even with the firewall running. It also ensures that client systems can communicate across a tunnel, even when a tunnel drops and is restarted.
- Fixes an issue that could cause a factory reset to not correctly refresh the UI.
- Fixes an issue that could cause some DNAs to be unable to communicate across the Client VPN tunnel.
- Fixed an issue that could cause a static WAN IP to not display on the WAN Card after being configured.
- Fixes an issue that could cause network interruption when changing a WAN description.
This release includes client-side updates that require new software downloads. You should upgrade your device to ensure best results.
Note: Requires firmware update 0.5.4.45.
- Updates to heartbeat: Heartbeat controls the DNA's check-ins with its webserver to orchestrate communications. This update simply makes the service more robust.
- Hardening the LTE modem manager: this hardening ensures that your DNA will get a single IP address from Verizon without rebooting the modem or DNA.
- Fixed a validation issue which allowed operators to save blank custom DNS fields, causing connectivity issues.
- Fixed a UI setting that caused the LAN Segregation card to always show LANs as segregated even with the LAN Segregation feature disabled.
- Fixed an issue that could cause a user's Partner Portal session to remain logged in after the user logged out of the DNA.
- Fixed an issue that caused changes made to the description of a configured WiFi network to remove existing MAC Filters.
- Fixed an issue that could cause WiFi configuration attributes to be cleared when changing an associated VLAN setting.
This release includes client-side updates that require new software downloads. You should upgrade your device to ensure best results.
Note: Requires firmware update 0.5.3.44.
- Changes to VLAN card disabled when using Client VPN: You are now unable to save changes to the VLAN card while the Client VPN is enabled.
- Fixed issue with intermittent dropped connections by Verizon: For some customers, connectivity could become intermittently disrupted when operating in failover on Verizon LTE. This update ensures connected clients on both VLAN and WiFi remain connected when in LTE failover without disruption to connectivity.
- Fixed an issue that could cause the device to stop checking in when multiple users are logged into its interface.
- Added functionality giving an operator the ability to view multiple DNA's in different browser windows.
- Added UI notification when a WiFi network is associated to a LAN that does not have a DHCP pool.
- Added failover status to the Portal API.
- Fixed an issue that could cause the current WiFi channel to appear blank in the UI when set to "auto."
- Fixed an issue that could cause WiFi card information to appear blank after saving.