Introducing the latest software updates for Digi Accelerated Linux: DAL OS 23.9. Our regular software updates support optimal performance and continually enhance security while adding new functionality to improve the user experience. These firmware updates for our networking solutions enable us to deploy security patches and bug fixes on a regular basis and continually enhance the value and capabilities of your Digi cellular routers, servers, and infrastructure management systems.
The Digi Accelerated Linux operating system (DAL OS) provides powerful intelligence to our solutions, enabling automation, security, out-of-band management and other sophisticated capabilities that support the needs of users and network managers across enterprise, industrial, transportation, government and medical use cases.
DAL OS is fully integrated with Digi Remote Manager®, our cloud-based remote configuration and management tool, and together these key software offerings enable those who use and manage Digi solutions to gain visibility and seamless access to the full value of their devices — wherever they are deployed.
Digi is excited to announce that we have added several great new features to Digi Remote Manager and DAL OS version 23.9.20.63. We invite you to take a minute and walk through the most important highlights of our software’s latest additions and changes below.
Which Digi Devices Support DAL OS?
Digi has a large and growing list of devices based on the DAL operating system — including routers, console servers, USB management devices and other infrastructure management products:
Digi Pillars of Focus
The following software features revolve around the four pillars of Digi: security, ease of use, resiliency, and cost savings.
Security
Mission and business-critical devices often live in the field for many years. With each major release of the Digi Accelerated Linux operating system, we address common vulnerabilities and exposures (CVEs) including ongoing monitoring, alerts, and notifications related to CVEs.
Digi is highly focused on cybersecurity, and we provide a range of tools, resources and value-added services to our customers. Our ongoing monitoring and regular updates of DAL OS are a part of our complete offering. You can learn more about Digi cybersecurity in our Security Center, our Digi TrustFence® page, and our Value Added Services page.
Updates for critical CVE patches:
New FIPS 140-2 Support
FIPS 140-2 is the recognized benchmark for cryptographic hardware. It’s a must-have for solutions in a variety of industries and use cases, including:
- Transportation networks in major cities
- Public safety applications used by first responders
- Government reporting for the NOAA and other agencies
- Banking/ATMs
- Utilities
- Lottery and Gaming
- Healthcare — for added protection beyond HIPAA compliance
Starting with the 23.9.20.63 firmware, all Digi routers running DAL OS will are FIPS 140-2-validated! FIPS 140-2 compliance can be enabled with a single configuration setting, which takes care of all the underlying cryptographic changes. See our FIPS 140-2 documentation for setup instructions, and our FIPS 140-2 technology page for additional information.
New Primary Responder Mode
You can use the Primary Responder mode configuration setting to enable the device to be in an AT&T FirstNet-compliant mode (Primary Responder mode). When a device is in Primary Responder mode, certain firmware features and security options are disabled.
With this new Primary Responder (PR) mode, Digi will be deprecating the separate PR firmware for FirstNet certified products, including:
If you have a Digi router running PR firmware, it can be updated to the 23.9.20.63 firmware release, after which point you will be able to load standard non-PR firmware onto the device. The Primary Responder configuration setting can be enabled to maintain FirstNet® compliance. On FirstNet Trusted devices, this Primary Responder mode is automatically enabled if the Digi router is actively using an AT&T FirstNet SIM.
Ease-of-Use
Update Multiple Configuration Templates with Multiple Site-specific Settings
Digi Remote Manager has provided the ability to upload a list of site-specific settings for a configuration template for some time now. For a reference of how to utilize this functionality in Digi Remote Manager, see these video and documentation links.
The recent enhancement is that now users can utilize a single import file to upload site-specific settings for multiple configuration templates at once. For teams that manage a myriad of Digi device types, in multiple regions, or for different sub-accounts, this can be an incredible savings in time and improved workflow within Digi Remote Manager.
Getting Started with Digi RM’s API Explorer Just Got Even Easier
The Digi Remote Manager API Explorer provides users with a vital tool for experimenting with and testing out API calls available through the Digi Remote Manager portal. With this recent update, users can now save those API commands they’ve setup for future use, including the ability to export those API commands into one of many common API languages, such as Python, Powershell, and cURL for easy integration into an external script.
Streamlined Dashboard in the Local Web UI
The Dashboard on the local web UI of the Digi device has a new streamlined layout, with many of the information consolidated into an easier at-a-glance view.
Old Dashboard UI
New Dashboard UI
Easily Register Your Device in Digi Remote Manager Through the Digi Device Itself
For users that need to add their Digi device into Digi Remote Manager after it is already installed at a site, it can be difficult to look at the sticker on the device to obtain its unique default password, which is needed to register the device in Digi Remote Manager. Now, user can register the device in Digi Remote Manager simply by providing their Digi Remote Manager credentials in the device’s local web UI or Admin CLI. The Digi device will then register itself in Digi Remote Manager and add itself into the user’s account.
Resiliency
MACsec 802.1ae Support
MACsec (Media Access Control Security) is an 802.1ae Layer 2 VPN protocol that can be used to create a secure L2 tunnel over a wired Ethernet LAN. The is especially important for LAN traffic that needs encrypted communication with low-overhead. The MACsec tunnel uses keys to provide multiple authentications between hosts in a network, using either automatically generated keys through 802.1x authentication, or by manually specifying CAK and CKN values. See the documentation details on configuring MACsec on a Digi device.
Control the Content on Your Local Network with DNS Allow Lists
Digi devices have supported web content filtering using external DNS services like OpenDNS and Cisco Umbrella for some time. In the new 23.9 firmware release, Digi devices can also have a list of allowable domains or FQDNs configured so the device itself can act as a DNS filter instead of requiring all of the DNS filtering decisions to be made externally. See the documentation for details on configuring a DNS allow list.
Improved SNMP Monitoring with Dynamic Properties
Users monitoring Digi devices via SNMP (v2 or v3) can now expand the OID values that the Digi device provides by dynamically adding new OIDs to the MIB. This allows users to monitor additional properties about the Digi device that wouldn’t normally be available. Any properties configured in this section will be added to the ACCELERATED-MIB::runtInfo.X MIB in the SNMP query response. All runtInfo values are a string type in the SNMP MIB.
Some example values that can be pulled from the runt database:
Name |
Runt location |
MAC address |
system.mac |
System name |
system.name |
System CPU temp |
system.cpu_temp |
IPsec tunnel name |
vpn.ipsec.tunnel.[tunnel_name].device
|
|
IPsec tunnel disconnects |
vpn.ipsec.tunnel.[tunnel_name].disconnects |
IPsec tunnel status |
vpn.ipsec.tunnel.[tunnel_name].up |
IPsec tunnel local IP |
vpn.ipsec.tunnel.[tunnel_name].ip_local
|
|
IPsec tunel remote IP |
vpn.ipsec.tunnel.[tunnel_name].ip_remote |
See documentation for details on configuring dynamic SNMP properties.
Return-on-Investment
Improved Integration with HotspotSystems
Hotspotsystems is the leading provider of captive portal and Wi-Fi hotspot services around the world. Digi devices have supported basic integration with Hotspotsystems for some time, but now we have full integration with PSD2 SessionGarden for walled garden support, options for specifying a login/logout URL, and a fully configurable remote webserver FQDN. See this documentation link for details on setting up your Digi device with Hotspotsystems.
On-device Activation of Premium Features
For devices that can’t contact DigiRM directly (private networks, firewall restrictions, etc), users can now export licenses for add-on services such as Digi WAN Bonding and Digi Containers from Digi Remote Manager, and import locally on the device’s web UI, thereby allowing them to utilize these valuable solutions in environments they were previously unable to.
Full Changelog
For more details on the above features included in the new DAL OS firmware along with details on additional enhancements, bug fixes, and security updates, please see the changelog link for the relevant product family:
Any questions or concerns about the below features, or for assistance updating your device(s), please contact the Digi Support team at tech.support@digi.com.
Next Steps