This is the most secure PRTG ever built, including a fix for the POODLE problem. But this tightened security has side effects. Most notably all your Enterprise Consoles will need to be updated manually. Also some SSL based sensors and notifications may be affected. See the following knowledge base article for details:
http://kb.paessler.com/en/topic/61769Note: The PRTG configuration file created by this version is not downwards compatible with previous versions of PRTG. This means, you cannot switch easily between this version and a version number starting with 14.3.11. As soon as you run PRTG version 14.3.12 or later, you can only downgrade to an earlier version of PRTG if you recover the latest configuration file before the update. For more information about recovering a previous configuration file, please see
http://kb.paessler.com/en/topic/12313 Improved [Security]: Fix for POODLE: We have already implemented a fix for this SSLv3 security vulnerability and disabled the outdated SSL 3.0 encryption for PRTG.
We have massively upgraded the encryption security of PRTG’s webserver to make the usage of PRTG even more secure.
We have upgraded the OpenSSL libraries to version 1.0.1h (these are used for SSL connections of the web server, the core/probe and probe/probe connections as well as for most sensor types that offer SSL).
We have locked down the accepted ciphers for SSL connections to the most secure ones that will allow for “Perfect Forward Secrecy” and TLS 1.2, ensuring that a session key derived from a set of long-term keys cannot be compromised if one of the long-term keys is compromised in the future. Even if somebody wire taps your communication with your PRTG server and gets access to your private keys later, he will not be able to decrypt the old data.
Note: Older browsers and older versions of the Enterprise Console may not be able to connect to the PRTG webserver any more. There is an option in the PRTG webserver settings that allows to (temporarily) switch to a compatibility mode with weakened security, so these clients can connect again. Please update your browsers and the Enterprise Console to the latest version. See the following knowledge base article for details:
http://kb.paessler.com/en/topic/61769 The admin can set a time after which the WebUI automatically performs a logout to prevent unauthorized access (under System Administration | User Interface).
When sending a "support bundle" with a configuration file to Paessler support, passwords are not included anymore. We are now removing all encrypted passwords from the config.dat file before it is sent to Paessler support in support bundles when the user chooses this function.
Extended [Freeware]: We are making the Freeware of PRTG 3 times more valuable! The freeware edition can now monitor up to 30 sensors for free (instead of only 10 sensors)!
New [Sensors]: SSL Connectivity BETA Sensor checks a target for the allowed SSL protocols and shows a security rating
There are 4 new sensor types for SQL server monitoring: The sensors Microsoft SQL v2, MySQL v2, Oracle v2, and PostgreSQL monitor SQL databases directly using .NET 4.0 and are much more flexible than the previous SQL sensors.
The new SSH SAN Enclosure sensor monitors the health of an enclosure on an SAN that supports CLI over SSH.
You can now specify after how many failed sensor scans a sensor status will be set to a ‘down’ status if a device reports an error. Define this in the "Scanning Interval" setting.
Newly created Ping sensors now send multiple ping requests with 5 pings by default. All requests have to fail to set the sensor in a "down" status. Existing Ping sensors keep their current setting. This will minimize false alarms due to packet loss.
The new open source tool QoS Reflector enables you to use a QoS (Quality of Service) Round Trip sensor without installing a remote probe at the 'end' of the connection. The QoS Reflector is a Python script so that you can use any Linux machine as QoS roundtrip endpoint. See our Knowledge Base for details:
http://kb.paessler.com/en/topic/61176 New [WebGUI]: Google Universal Analytics integration: You can track the usage of the WebUI of PRTG in your Google Universal Analytics account. Simply create a Google Analytics Tracking ID in the analytics portal and enter it into PRTG’s system administration settings and PRTG will dynamically integrate it into the website. See our Knowledge Base for details:
http://kb.paessler.com/en/topic/61406 New [WebGUI]: There is a new visual representation for sensors using lookups with bitfields
Changed [System Administration]: The PRTG Server Administrator and PRTG Probe Administrator tools are now together in one universal admin tool: The new “PRTG Administrator” tool includes all available probe and core settings (besides the administration settings which you can change via the webGUI).
You can now change administrative probe settings (outgoing IP, restart options) on the "Settings" tab of local and remote probes in the webGUI. This was in the PRTG Probe Administrator tool before.
Changed [Reports]: Scheduled reports will not be executed on failover nodes by default anymore.
Improved [Sensors]: HTTP SSL Certificate Expiry Sensor now checks for revokes certificates
NetApp sensors can now treat N/A measurements als valid (no error will be triggered if the according option is activated)
Amazon CloudWatch Elastic Load Balancer (ELB) sensor has two new channels for the HTTP status codes 3XX and 5XX (analog to the already existing 2XX and 4XX channels)
The File Content sensor allows now to specify the “Read Behavior”: You can choose to process only lines which are appended to the file to improve performance instead of reading the whole file with each sensor scan.
HTTP Push Data sensors have now the option to define an age threshold. If no data is received for this time or longer, the sensor shows an error
The DNS sensor now supports IPv6 requests to monitor DNS servers which are only reachable via an IPv6 address.
The SNMP Traffic sensor has a new option to ignore the ‘disconnected’ status if the port is set correspondingly in the hardware (‘admin down’).
Improved [Templates]: You can now exclude specific sensors from a device when you create a device template.
Improved [Libraries]: Libraries include now "Add Library Node" and “Add Group” buttons similar to the “Add Device” and “Add Group” buttons in the device tree for easier creation of a library.
Improved [Notifications]: New placeholders for syslog receiver and trap receiver notifications show the last 20 entries without any filter before the notification was triggered: %syslogmessages, %trapmessages
Bugfixes [Security]: Improved security for the PRTG web interface
Read only users could view a list of Administrator users on the same installation
Bugfixes [Core]: On some systems, the PRTG installer could not perform a necessary restart in autoupdate mode
On some systems, the Windows shortcut icon that starts the web interface did not work
In rare cases, the PRTG server Windows service could not start any more after the installation. We have fixed this.
Extended stability improvements for outgoing emails and HTTP notifications
Bugfixes [Sensors]: In some configurations, reports generated by the "Historic Data" tab did not include sensor graphs
Syslog Receiver sensor showed structured data multiple times
In some configurations, limits of sensor channels were not correctly interpreted
SNMP Linux Meminfo sensor showed wrong values in some cases
Fixed a bug that caused failing SNMP sensors when using SNMPv3 with encryption
Improvements to the recently added SQL (v2) sensors
Graphs of sensor channels using the "maximum" value mode could show fringed graphs in some cases
Better stability for HTTP and HTTP Advanced sensors
Extended fields for Syslog sensor
Fixes for HTTP Push Count, HTTP Push Data, and HTTP Push Data Advanced sensors
Fixes for PostgreSQL Sensor
Hyper-V sensors can now handle server names which include parentheses “()”
HTTP Push Data sensors didn’t filter correctly for the specified HTTP request method; if there are POST requests, only the postdata part will be processed (has to be "application/x-www-form-urlencoded") and not the GET parameters.
WMI Security Center Sensor now triggers a change notification when the status code of the antivirus software changes.
Cisco CBQoS sensor works more robustly
Amazon CloudWatch sensor (ELB) now retrieves the correct value for maximum with (Un)HealthyHost (was the sum value before)
Syslog Receiver displayed UTF-8 encoded messages incorrectly.
Bugfixes [WebGUI]: Fixed hidden feature /speedtest.htm
The QR code shown in the upper right corner can now be used again with our mobile apps
Fixed “selection tree” and “breadcrumbs” behavior for read-only users (the “Find Duplicates” and “Compare Sensors” functions did not work properly; clicks on specific breadcrumbs caused an error)
“Down Acknowledged” sensor list could not be opened via the status icon in maps
“Desktop Notifications” work again with Google Chrome browser and now Firefox is also supported.
Several minor improvements
Bugfixes [Cluster]: In a PRTG cluster, not all settings for the cluster connections were correctly deployed
Sensor names on cluster probes were shown incorrectly when collapsed
Bugfix [Notifications]: Improved handling of error messages in HTTP notifications
Bugfix [Reports]: In some configurations, reports generated by PRTG did not include sensor graphs
New [EC]: The Enterprise Console now includes a history for Libraries, Maps, and Reports
Hundreds of other improvements and fixes to the Enterprise Console, the web interface, and all other parts of PRTG, as well as an updated user manual.
