Compare Products

Hide

Clear All

VS

Software

RG-WALL 1600-Z-S Series Cloud-Managed Firewall Firmware(RG-WALL 1600-Z3200-S)
Type
Software
Version No.
NGFW_NTOS1.0R13
Release Time
2026-04-28
File Size
214.5MB
Version List
NGFW_NTOS1.0R13 (2026-04-28) Latest NGFW_NTOS1.0R12 (2026-01-08) NGFW_NTOS1.0R11 (2025-09-29) NGFW_NTOS1.0R10P2 (2025-05-22) NGFW_NTOS1.0R8P7 (2025-03-28) NGFW_NTOS1.0R10 (2025-02-07) NGFW_NTOS1.0R8P5 (2024-12-04) NGFW_NTOS1.0R9 (2024-11-29)
Related Documents

Release Note

Ruijie RG-WALL 1600-Z-S Series Cloud-Managed Firewalls NGFW_NTOS 1.0R13 Release Notes (V2.0)

1 Version Information

Version Number

NGFW_NTOS1.0R13

Version Type

Official version

Applicable Product

RG-WALL 1600-Z3200-S

RG-WALL 1600-Z5100-S

Applicable Customer

Common

Release Type

Official release

Release Date

April 28, 2026

Baseline Version Number

NGFW_NTOS1.0R12

Description

Official release

1 Feature Description

1.1   NGFW_NTOS1.0R13

Feature

Source of Demand

Description

Compliance requirements

Market

Data compliance optimization:

1. Optimization and update of the privacy agreement content

2. Optimization of the logic for login agreement check operation to improve user experience and compliance

Cloud deployment module

Internal

Adding event tracking collection capability:

1. Adding the event tracking collection function for page behaviors

2. Adding the description of event tracking to the user experience improvement program

DHCP server

Market

Viewing IP allocation logs on web UIs

Quick Onboarding and System Upgrade pages

Internal

Improving user experiences for version upgrade:

1. Adding the description of the number of upgradable versions on the version discovery page

2. Adding the version upgrade guide on the Quick Onboarding page, supporting fast discovery and download of new versions

3. Configuring one-time scheduled upgrade and restart

IPsec VPN

Internal

Optimizing the IPsec VPN throughput

IPsec VPN reliability:

1. Multi-link active/standby failover and auto fallback for branches

2. Connecting branches to multiple headquarters, realizing headquarters backup and switchover

SSL VPN

Internal

Flexible MTU configuration on the SSL VPN device side

IPS

Market

l   Redirection from the device-side IPS log page to the IPS knowledge base is supported for viewing details.

l   Improved IPS detection capability:

○      The detection depth of the application layer is enhanced, and the single-packet detection depth is increased to 6k.

○      Signature capacity expanded to 30,000

l   Improving comprehensive threat protection performance:

○      Device throughput performance optimized for IPS + application identification scenarios

Multi-egress load balancing

Internal

The source address load balancing algorithm is optimized to improve load balancing performance in scenarios with small number of endpoints and sessions.

User authentication

Market

SSO supports local domain name configuration.

Web authentication

Market

Local Portal supports the built-in Indonesian language pack.

In HA scenarios, SSO authenticated users can be synchronized to the standby device.

Behavior analysis

Market

The behavior analysis function is optimized for the international version and is available only for authorized customers.

SSH service

Internal

Managing devices through SSH connections based on IPv6 addresses

Local protection

Internal

Optimized local protection, supporting interface access control configuration for IPv6-based device management

Interface

Internal

The independent management interface and bridge interface support IPv6 address configuration, realizing IPv6-based device management.

WAN interfaces support secondary IP address configuration, meeting the requirements of multi-egress line scenarios.

Packet obtaining tools

Internal

Packet obtaining tool optimization:

1. Packet Obtaining Option supports distinguishing between IPv4 and IPv6 protocols.

2. A single packet obtaining file supports a maximum of 50 MB.

3. Simultaneous packet obtaining on the physical interface and its sub-interfaces.

4. Simultaneous packet obtaining on internal and external network interfaces.

SSL proxy

Market

Usability optimization for SSL proxy: SSL proxy templates are removed to simplify the configuration process.

Flow platform

Market

New session capacity and establishment rate are optimized, and basic forwarding performance under high-load scenarios are improved.

VRRP

Internal

VRRP function optimization:

1. The number of monitored interfaces per VRRP group is expanded from 1 to 8.

2. VRRP-Track linkage is supported, with each VRRP group associated with up to 8 link detection policies.

Report

Market

1. Security report generation is supported, covering content including overview, threat intelligence, attack source/destination analysis, high-bandwidth application traffic, DDoS protection analysis, and encrypted traffic detection.

2. Traffic report generation is supported, covering content including traffic statistics of applications, lines, users, and source IPs, as well as statistics of online users and user session counts.

3. Email-based report delivery.

URL filtering

Market

The HTTP secure search function is added, which supports secure search of Google, Bing, Yandex, Yahoo, and YouTube.

DNS security

Market

The DNS secure search function is added, which supports secure search for Google, Bing, YouTube, and other services.

Link detection

Market

IPv6 link detection is supported, enhancing the monitoring capability for IPv6 network environments.

Threat intelligence

Market

Adding international threat intelligence capabilities:

1. Google threat intelligence sources

2. Enabling multi-source intelligence detection

1 Resolved Issues

1.1   NGFW_NTOS1.0R13

Bug ID

Description

1543241

After URL filtering is configured or behavior analysis is enabled, there is a probability that memory overwriting occurs under high QUIC traffic, resulting in system coredump.

1539466

In the IPsec VPN headquarters-branch scenario, if the peer device cannot process SA lifetime advertisement messages, the SA lifetime is inconsistent between the two ends, and the lifetime is longer at the branch end, frequent IPsec service interruptions occur.

1537787

In the IPsec VPN HQ-branch scenario, when message 3 of the second phase of IKE negotiation is lost, the tunnel status on the branch is displayed as established while the tunnel status on the HQ is displayed as not established.

1536500

In the IPsec VPN HQ-branch scenario, the peer end uses a domain name to establish a tunnel with the local end. The tunnel occasionally fails to be established if the domain name of the peer end changes.

1533868

In HA scenarios, imported and approved hardware signatures on the primary device are marked as unapproved on the secondary device after synchronization.

1531608

In the IPsec VPN HQ-branch scenario, if IKEv1 aggressive mode is configured on the branch device, message 3 is not standard, causing phase 2 negotiation failure and tunnel establishment failure.

1526470

After a security policy is renamed and moved, traffic cannot be normally matched by the policy.

1520017

After static IP addresses of all interfaces on the device are deleted, the static IP addresses configured for the switch interface, aggregate interface, and sub-interface cannot be saved.

1516416

In PPPoE multi-WAN scenarios, clients fail to log in to SSL VPN using a domain name, while login via IP address works properly.

1562766

After the quick onboarding configuration is completed, the area to which the WAN-type interface and LAN-type interface belong is incorrect.

1589768

In LAN scenarios, bandwidth configuration has no practical effect, while the web interface still provides bandwidth configuration options for LAN ports.

1587905

In the factory default state, port 0 (preconfigured with a DHCP server) cannot be switched to transparent mode during quick onboarding configuration.

1585607

An IP address must be configured for a bridge interface to which an interface in transparent mode is automatically added in the quick onboarding wizard. The logic for verifying IP address conflicts is incorrect.

1589031

When the allowlist or blocklist entries contain spaces in their descriptions, the exported CSV file cannot be imported into the device.

1588145

In an SSL VPN scenario, when the client submits an empty hardware signature, the device incorrectly creates an empty entry that cannot be deleted.

1586026

When a physical interface is not in routing mode, the system incorrectly reports an alarm message indicating that the interface outside the trust zone can access the device through the web.

1582267

Due to inconsistent time between the PC and the device, no session data is displayed when a user clicks to view sessions in a security policy.

1576703

In a multi-peer IPsec VPN scenario, after peer switching, the previous negotiation state is not cleared in time, resulting in the coexistence of two negotiation states.

1590666

Hourly attack trend statistics updates are abnormal when the statistics collection period is set to one day.

1593065

Due to optimization of the flow platform process in other modules without considering the impact on GRE tunnels, packet flow direction verification errors occurred in GRE over IPsec scenarios. After Keepalive was enabled on the GRE interface, the interface status changed to Down.

Ruijie Networks websites use cookies to deliver and improve the website experience.

See our cookie policy for further details on how we use cookies and how to change your cookie settings.

Accept All

Manage Cookies

Cookie Manager

When you visit any website, the website will store or retrieve the information on your browser. This process is mostly in the form of cookies. Such information may involve your personal information, preferences or equipment, and is mainly used to enable the website to provide services in accordance with your expectations. Such information usually does not directly identify your personal information, but it can provide you with a more personalized network experience. We fully respect your privacy, so you can choose not to allow certain types of cookies. You only need to click on the names of different cookie categories to learn more and change the default settings. However, blocking certain types of cookies may affect your website experience and the services we can provide you.

  • Performance cookies

    Through this type of cookie, we can count website visits and traffic sources in order to evaluate and improve the performance of our website. This type of cookie can also help us understand the popularity of the page and the activity of visitors on the site. All information collected by such cookies will be aggregated to ensure the anonymity of the information. If you do not allow such cookies, we will have no way of knowing when you visited our website, and we will not be able to monitor website performance.

  • Essential cookies

    This type of cookie is necessary for the normal operation of the website and cannot be turned off in our system. Usually, they are only set for the actions you do, which are equivalent to service requests, such as setting your privacy preferences, logging in, or filling out forms. You can set your browser to block or remind you of such cookies, but certain functions of the website will not be available. Such cookies do not store any personally identifiable information.

Accept All

View Cookie Policy Details

Contact Us

Contact Us

How can we help you?

Contact Us

Get an Order help

Contact Us

Get a tech support