UserGate Next-Generation Firewall (NGFW)

The main articles are:

• Firewall
• NGFW (Next Generation Firewall)

2025

Elimination of vulnerability that allows to steal personal data of employees

PT SWARM expert Vladimir Vlasov discovered a security defect in the next generation firewall (NGFW) UserGate. By exploiting the vulnerability and hacking other company resources, an attacker could disrupt UserGate NGFW, steal personal data of employees, or develop an attack on a local network. The vendor was notified of the threat as part of the responsible disclosure policy and issued a software update . RT announced this on August 26, 2025.

Vulnerability, PT-2025-28938 [1] (BDU:2025-08181) was contained in two UserGate NGFW lines at once - in versions up to 6.1.9.12193R and 7.3.1.153682R inclusive. The security defect, which received 6.5 points out of 10 on the CVSS 3.1 scale, arose due to insufficient filtering of data on the lock service page, to which users are redirected after refusing access to a particular URL. Combined with other vulnerabilities, the breach potentially opened the attacker up access to employees' personal data and information containing the company's trade secrets.

Next-generation firewalls are used by organizations as a gateway for secure access of employees to the Internet. In 2024, the UserGate solution, according to the Center for Strategic Research (CSR), occupied almost a quarter of the Russian NGFW market. In the course of monitoring current threats (threat intelligence), Positive Technologies experts found that the vulnerability in UserGate NGFW potentially affected more than 1.8 thousand companies. Their largest number is in Russia (97%), organizations from Belarus (1%), Israel (0.5%), Uzbekistan (0.3%) and the United States (0.2%) could also be at risk.

To fix the error, you must download the corrected version of UserGate NGFW (starting with 6.1.9.12198R or 7.3.2.183745R). If it is not possible to update the software, the Positive Technologies expert recommends disabling the lock page or displaying it to a separate domain that is not associated with the main one.

Exploiting the error, the offender would presumably use mail or messenger to send a letter to the employee of the attacked company with a link to the allegedly safe resource. The attacker would act under the guise of a colleague of the victim so that she did not notice the catch. By clicking on the link in the message, a user with UserGate NGFW administrator rights, authorized on the vulnerable device, would automatically execute malicious code, which would allow the attacker to change the firewall settings:

Remove traffic filtering rules and open access to blocked resources in order to penetrate the company's network and upload valuable data.

Replace corporate page addresses with links to phishing resources to steal employee accounts.

Create an additional administrator account to gain a foothold on UserGate NGFW and attack any company services.

By exploiting the BDU:2025-08181 and making a successful attack, the attacker hypothetically got the opportunity to send requests on behalf of the victim to the company's internal services, such as corporate mail and the knowledge base. This could result in a leak of information containing commercial secrets, - said Vladimir Vlasov, senior specialist in the security research department of banking systems, Positive Technologies. - If the violator managed to gain a foothold in the internal network of the organization, its business processes could be at risk.

This is not the first security defect related to NGFW's operation that has helped address Positive Technologies. In 2021, experts Nikita Abramov and Mikhail Klyuchnikov, together with the developer, closed a vulnerability in the Cisco Firepower Device Manager (FDM) On-Box, designed to locally configure Firepower firewalls Cisco. The error could allow an attacker to execute arbitrary code on the affected device's system. In 2020, the same researchers helped correct a flaw in operating system PAN-OS the NGFW used. Palo Alto Networks A flaw could allow an attacker to execute arbitrary commands in and OS firewall then gain maximum privileges.

MultiDirectory Compatibility

and MULTIFACTOR UserGate confirmed the compatibility of the directory service MultiDirectory firewall with the next generation UserGate Next-Generation Firewall (). NGFW Based on the test results, a certificate of compatibility was issued. Multifactor announced this on July 22, 2025.

𝓲

Фото: Multifactor

Thanks to integration with MULTIDIRECTORY, UserGate Next-Generation Firewall administrators can use the Russian directory service for secure centralized authentication and account management.

We have been developing partnerships with UserGate for a long time and are glad that our technological partnership is only strengthening and our products are getting better. The integration of MULTIDIRECTORY and UserGate Next-Generation Firewall opens up prospects for our customers. This is an important step in the development of the Russian IT market, which will reduce dependence on foreign solutions and provide companies of all sizes with centralized and secure management of corporate accounts, "said Dmitry Makarov, Head of MULTIDIRECTORY Product.

Customer security is one of the main values ​ ​ of UserGate. The company is constantly improving its information security products to protect the customer's network perimeter, including the flagship solution - NGFW. Our strategy is aimed at building an open ecosystem where UserGate products can effectively interact with any solutions in the customer's infrastructure. Therefore, it is important to conduct such integration tests for the final comfort and protection of customers using our solutions, - commented Ivan Chernov, Director of Product Strategy at UserGate.

UserGate NGFW 7.3

On March 27, 2025, UserGate, a Russian developer of the information security ecosystem, announced the next version of its flagship product, UserGate NGFW 7.3. The main changes in the release were the implementation of IPS hardware acceleration in the UserGate FG platform, the redistribution of BGP and RIP protocols into OSPF, support for 100 Gb/s network cards, as well as the implementation of numerous changes to optimize UI/UX and improve stability.

𝓲

Фото: UserGate

According to the company, the most significant change to UserGate NGFW 7.3 is the hardware acceleration of intrusion detection and prevention (IPS) functions in the UserGate FG platform using an FPGA-based coprocessor. As of March 2025, this is the first precedent for IPS hardware acceleration in Russian NGFWs. Speed Session Status Firewall (FW L3/L4) and IPS are up to 25 Gbps on EMIX traffic. The platform is made in the 1U form factor and has sixteen SFP + 10 Gb/s interfaces and two 100 Gb/s QSFP28 interfaces, as well as two power supplies and six hot-swappable fans.

The first deliveries of UserGate FG began in November 2024.

The release of UserGate NGFW 7.3 has four main goals: improving product stability, developing UX/UI, implementing our customers' requests, and developing hardware acceleration. Now large customers can use the UserGate FG hardware platform to protect traffic in data centers not only in statefull firewall mode, but also use IPS, and at speeds up to 25 Gbps on EMIX traffic. In future versions, we plan to raise this bar first to 30 Gbps, and then to 40 Gbps. In addition, by the end of 2025 we plan to double the FW speed L3/L4, to 150-180 Gbps on EMIX traffic and to 300 Gbps on UDP traffic 1518 bytes. And exclusively due to the optimization and development of the FPGA microcode. commented Kirill Pryamov, NGFW UserGate Development Manager

Another change in UserGate NGFW 7.3 was the redistribution of BGP and RIP dynamic routing protocols to OSPF and on the contrary. This is a key feature for really large networks, as they often use BGP and RIP for external dynamic routing, and OSPF for internal routing.

Another important change in UserGate was the implementation of NAT and SNAT rules with a condition on users and groups users. For example, with this feature, you can now distribute traffic from different organizational units to different public addresses based on directory group memberships, such as Microsoft Active Directory.

In this version of the UserGate of NGFW the support of the QSPF28 100 cards of Gbps for hardware platforms UserGate D200, D500, E1000, E3000 and F8000 and also platforms of the next generation UserGate E1010 was also realized,

E3010 and F8010, official sales of which will begin in the coming weeks.

UserGate NGFW 7.3 now has the ability to configure the Maximum Segment Size (MSS). This feature is of great importance for optimizing the transmission of traffic through a chain of devices from different manufacturers, since under certain conditions there were cases of traffic degradation due to the limitation of the size of the MSS.

Other changes include a tenfold reduction in the application time of rules from UserGate Management Center to NGFW UserGate nodes, integration of the morphological dictionary Ministry of Justice of Belarus (ATP subscription is required), as well as an increase in the reliability of transmission from authentication information UserID to NGFW due to the fault tolerance cluster for UserID when deploying Active-Passive mode to UserGate LogAn.

Among the changes aimed at optimizing the use of NGFW are the ability to create tags for firewall rules and content filtering, setting actions for signature filters in IPS profiles, and optimizing the web interface. Also, UserGate NGFW 7.3 has implemented more than sixty other changes and fixes, including for the fault tolerance cluster, IPS, VPN, Proxy, VLAN, BGP, PBR, DHCP and centralized management systems. UserGate NGFW 7.3 distributions and documentation are already available on the official UserGate resources and are available to customers and partners of the company.

Netopia Firewall Compliance 3.2.2

Netopia has confirmed the correctness of the updated functionality on UserGate 6.x, 7.x firewalls. The company was informed about this on March 24, 2025. Read more here.

Use in VK Cloud

The UserGate NGFW firewall can be used by clients to provide additional protection for the virtual infrastructure of projects hosted in VK Cloud, as well as on the Private Cloud platform for building a private cloud in the customer's data center. VK Tech announced this on March 18, 2025.

UserGate NGFW provides network threat protection, providing advanced traffic inspection capabilities through IPS/IDS integration, behavior analysis, and real-time threat databases. This allows you to identify complex attacks and neutralize modern cyber threats more effectively.

UserGate NGFW compatibility for VK Cloud has been confirmed by technology tests conducted by experts and architects of the cloud platform on the requirements of the software certification program. The tests confirmed the correctness of the UserGate NGFW and the high performance of the solution when working in the cloud. Platform users can connect UserGate NGFW in the "App Store" in VK Cloud and use the product to further protect projects on the cloud infrastructure.

According to RED Security, over the past year, the number of cyber attacks on Russian companies has grown 2.5 times. We are expanding the number of tools to improve the stability, resiliency and security of infrastructure. Our customers will be able to quickly start working with UserGate NGFW on the VK Cloud platform both in the public and private cloud, "said Dmitry Lazarenko, Product Director of VK Cloud.

We see a steady trend towards the increasing use of cloud services by companies. In addition to flexibility, convenience and cost-effectiveness, cloud platforms are able to provide their customers with a high level of information security, - said Mikhail Penkovsky, vice president of sales and marketing at UserGate. - We protect the digital infrastructure of our customers, regardless of the scope and scale of their activities, and we are constantly expanding cooperation with leading cloud providers. The proven compatibility of our solution with VK Cloud virtualization tools will ensure the security of the cloud platform client infrastructure.

2024

UserGate NGFW 7.2

UserGate on December 17, 2024 announced the release of the next version of its flagship product - UserGate NGFW 7.2. The main goals of the release were: support for the UserGate FG platform with an FPGA-based hardware accelerator, development of UserID capabilities, as well as feature optimization and increased stability.

𝓲

Фото: UserGate

According to the company, the main feature of the UserGate NGFW 7.2 version is support for the UserGate FG platform with an FPGA (Field-Programmable Gate Array) hardware accelerator. It allowed to achieve optimal performance of the firewall with session status control (FW L3/L4) - 150 Gbps on UDP traffic with packets of 1518 bytes, and 90 Gbps on EMIX traffic. At the same time, the device is able to support 22,000,000 simultaneous TCP sessions and create 80,000 sessions per second. As part of version 7.2, UserGate FG can work with 10,000 firewall rules. The platform is made in the 1 RU form factor and has 16 SFP + 10 Gb/s interfaces and 2 100 Gb/s QSFP28 interfaces. Commercial deliveries of the device have already begun.

Another significant change in UserGate NGFW 7.2 was the expansion of the UserID function, which allows you to correlate users and associated network traffic.

Now you can get user information for UserID using Radius accounting, the part of the RADIUS protocol that allows you to collect, process and store information about user actions from certain LDAP directory groups. Also, user information for UserID can now be obtained from WEC (Windows Event Collector) servers, usually used by large organizations. To this end, a WEC agent was implemented for the UserID.

Other changes and fixes implemented in UserGate NGFW 7.2 include:

• Cluster
  • Fixed issue with possible cluster out of sync after upgrade.
  • Fixed an error when synchronizing a large number of IP addresses.
  • Fixed an error saving and synchronizing ME rules between cluster nodes when using nested lists.
  • Fixed synchronization error between cluster nodes after disconnection.
  • Fixed the long switch of the "master" role in the cluster in manual mode.
  • Optimized synchronization of lists and their content from UserGate Management Center to managed UserGate NGFW devices in the cluster.

• VPN
  • Optimized the stability of VPN connections.
  • Fixed VPN authentication (IKEv2) over RADIUS.
  • Fixed the import of tunnel VPN interfaces.
  • Fixed traffic labeling by user for VPN Site-to-Site.

• Rules
  • Optimized performance for more rules (> 10,000).
  • Optimized firewall rule validation in API.

• Proxy
  • Fixed reverse proxy operation.
  • Added ability to use SNMP Proxy in VRF.
  • Fixed operation of explicit proxy with reverse traffic at GET request.

• Other
  • More detailed creation error messages added. backup
  • The ability to display and reset authorized users is implemented.
  • It is possible to run UserID on each of the nodes of the UserGate NGFW cluster.
  • Fixed multicast and broadcast traffic through the L3 Bridge interface.
  • Added fan speed adjustment for UserGate C150.
  • Unified rules naming requirements in UserGate Management Center and UserGate NGFW.
  • More than 70 other changes and fixes.

The release of UserGate NGFW 7.2 is an important step for the implementation of our long-term product development strategy. As part of the work on the release of UserGate NGFW, about 70% of the resources of the UserGate development department were allocated to closing technical debt, correcting errors found and optimizing. To increase the quality of testing, the QA team set up and ran more than 4,000 automatic tests during the year. told Kirill Pryamov, UserGate NGFW Development Manager

UserGate NGFW 7.2 distributions and documentation are already available on the official UserGate resources and are available to customers and partners of the company.

Integrating UserGate NGFW v7 with Netopia Firewall Compliance Platform

The Russian company-developer of solutions for monitoring and control of network equipment Netopia and the Russian developer of the ecosystem of information security solutions UserGate carried out technological integration of their products. This was announced on August 15, 2024 by representatives of UserGate.

The Netopia Firewall Compliance network security control and attack vector calculation platform was integrated with the domestic UserGate (NGFW) firewall.

Technology integration has optimized the sharing of company products and reduced the number of misconfiguration incidents.

During the tests, UserGate specialists provided API for export data the configuration of the domestic firewall UserGate (NGFW) version 7. Netopia engineers were responsible for deploying attacks the Netopia Firewall Compliance network security control and vector calculation platform.

The coordinated work of the two companies made it possible to solve the issues of managing security policies and determining critical assets. This will simplify the NGFW import substitution process for Russian customers.

Compatibility of UserGate Next-Generation Firewall 6.1.9 with ALD Pro 2.2.1 and Brest virtualization 3.2

Astra Group and UserGate on May 15, 2024 announced the certification of the next generation firewall UserGate Next-Generation Firewall 6.1.9 (NGFW) as part of the Ready for Astra technology partnership program. The experts conducted a series of tests and made sure that the product works correctly in a single circuit with the latest updates to the Brest 3.2 secure virtualization platform and the software complex for managing ALD Pro 2.2.1 domain objects - Astra Group solutions in demand on the market.

UserGate Next-Generation Firewall combines intrusion detection with a firewall to provide a high level of security for networks of all sizes and sizes with maximum visibility of security events. Various delivery options, such as a hardware and software complex, a virtual image and SECaaS (Security as a Service), open up a wide range of possibilities for embedding INFORMATION SECURITY the -function NGFW in the IT customer's architecture. The product is included registers of the Ministry of Digital Development in both certified tools and information protection FSTEC of Russia meets the requirements of the fourth level of trust.

Confirming the compatibility of UserGate Next-Generation Firewall with ALD Pro virtualization "Brest" and gives customers confidence that the selected security tools will be able to work correctly in their information systems. This is very important in terms of reliability and continuity. business processes The vectors for the development of information security solutions are directly related to the trends of everything - and ITindustries we always strive to meet the needs of the market. We adapt to customers' business needs and protect their infrastructures and data in the environment and with the tools they use. Our company is open to cooperation, we will test as many demanded products as possible and, if necessary, refine and optimize our ON devices and devices for customer tasks, "said UserGate Ivan Chernov Development Manager.

The number and variety of threats to IT systems is constantly growing, so it is necessary to establish the correct operation of the security tools that organizations use in conjunction with domestic infrastructure solutions. This will allow you to most effectively use the functionality of technological stacks and ensure their stable functioning. We thank our colleagues at UserGate for their active cooperation, appreciate the company's attention to this issue, and plan to continue to interact. Our cooperation in terms of testing product compatibility is a guarantee that the most modern, reliable and convenient information security solutions will always be available to end users, "said Alexey Trubochev, Director of the Astra Group Support Department.