The update file "FRITZ.Box_4020.147.xx.xx.image" on ftp.avm.de contains the latest FRITZ!OS (Firmware) for the FRITZ!Box 4020. **Attention:** This update file is only intended for use with FRITZ!Box 4020! Please follow the instructions at the end of this file to install the update. ``` Product: FRITZ!Box 4020 Version: FRITZ!OS 7.03 Language: German, English, French, Italian, Polish, Spanish Release date: 09/04/2023 ``` **New Features:** - New functions and improvements for Mesh - New features for the FRITZ! Hotspot - MyFRITZ! access to FRITZ!Box via internet now comes without security information in the browser - Increased speed when using USB storage media with NTFS data systems Note: Instructions for configuring and using Mesh functions are presented at en.avm.de/mesh-faq Below you find a complete list and descriptions of the new functions in the latest FRITZ!OS, along with a list of further improvements in this version. --- # New Features in FRITZ!OS 7.00 ##Internet: - **NEW** register for regular status updates for your FRITZ!Box (MyFRITZ! report) - **NEW** MyFRITZ! internet access to the FRITZ!Box without a warning from the browser (SSL certificate from Let's Encrypt) ##Home network: - **NEW** User interface with new Home Network -> "Mesh" menu for all settings concerning Mesh - **NEW** Mesh Home Network Overview also shows telephone and Smart Home connections complete with topology and connection quality - **NEW** In the ex works settings, a second FRITZ!Box connected via Ethernet becomes a Mesh repeater at the push of a button (WPS) - **NEW** Switch for IP client or router operation in the network settings area - **NEW** Switch for the function of the FRITZ!Box in the home network (Mesh operating mode) as Mesh Master or Mesh Repeater in the Home Network>Mesh>Mesh Settings and WLAN areas - **NEW** Mesh events added to the event messages - **NEW** The settings for push services, auto updates and AVM services are applied to the entire Mesh WiFi More information on the new features for Mesh is presented at "New features for Mesh" More information on configuration and using Mesh is presented at en.avm.de/mesh-faq ##Wireless: - **NEW** With a "FRITZ! Hotspot it's easier than ever to give guests WiFi access in public places such as bars, restaurants, doctor's practices etc. For details, see Wireless / Guest Access. - **NEW** Improved wireless security through support of activated Protected Management Frames (PMF) ------------------------------------------------------------ With each FRITZ!OS update, AVM also updates its security functions. Therefore we recommend performing the update for all devices. ------------------------------------------------------------ # Further Improvements of FRITZ!OS 7.03 ## System: - **Fixed** stability and security increased # Additional improvements in FRITZ!OS 7.02 ## Internet: - **improved** Trusted root certificates renewed ## Wifi: - **Fixed** security fraud ("Fragattack") # Additional improvements in FRITZ!OS 7.01 ##Internet - **BUG FIX** - MyFRITZ!-Page would allow to change the user email-adress, even with no user registered - **BUG FIX** - in some configurations a VPN-config file could not be imported ##Homenetwork - **IMPROVED** - In the mesh operating mode ?Mesh Repeater? the FRITZ!Box receives a an unique network name ##System - **BUG FIX** - after FRITZ!OS update 7.00 no log in was possible if the password contained certain special characters - **BUG FIX** - Google Authenticator: Setup did not work with space in names ##WLAN - **BUG FIX** - on going LED flashing in repeater mode - **BUG FIX** - false behaviour by switching the option ?WLAN co-existence? in the mesh operating mode ?Mesh Repeater - **BUG FIX** - false display of access mode in Home network > Mesh > Home network access while in in the mesh operating mode ?Mesh Repeater - **BUG FIX** - some problems occured by activating 2,4 GHz radio - **BUG FIX** - Connection failed by changing the encryption type to devices in wlan bridege mode - **BUG FIX** - auto channel has been set, while wifi channels was fixed - **BUG FIX** - false display of data throughputs of some devices in system > event log - **BUG FIX** - wlan guest access of a wlan mesh repeater did not work after activating/deactivating mesh masters wlan ------------------------------------------------------------ # Additional improvements in FRITZ!OS 7.00 ## Internet - **IMPROVED** Display of internet connections on the Overview page also includes WAN connections - **IMPROVED** Simplified display for internet connections on the Overview page under Connections - **IMPROVED** Function for removing the FRITZ!Box from the MyFRITZ! account (myfritz.net) - **IMPROVED** Optimizations for data throughput - **IMPROVED** Optimizations for DNS resolution - **IMPROVED** Optimized registration with MyFRITZ! (myfritz.net) also possible without enabling MyFRITZ! internet access, under Internet > MyFRITZ! Account - **IMPROVED** SHA-2 support for VPN connections - **IMPROVED** Filter for port 25 (unsecured mail sending) also effective for the Guest Access (Wireless LAN/LAN) - **CHANGE** Type of internet connection "existing connection via wireless LAN" also supports non-encrypted wireless LAN - **CHANGE** Parental controls no longer differentiate between Windows users - **CHANGE** Devices blocked for internet use in the parental controls can be reached via VPN - **CHANGE** Internet service provider "GMX" removed - **CHANGE** FRITZ!Box devices in IP client mode (as for connection to existing network) can be registered with myfritz.net - **CHANGE** Certificate signed by letsencrypt.org (for MyFRITZ! addresses) - **BUG FIX** "Default user already exists" message when configuring parental controls - **BUG FIX** Possible circumvention of time limits defined in parental controls - **BUG FIX** Circumvention of parental controls for certain blocked websites - **BUG FIX** The LAN ports were switched for VPN LAN-LAN linkup - **BUG FIX** Improved VPN interoperability - **BUG FIX** VPN user connections not displayed in the home network overview - **BUG FIX** MyFRITZ! FTP links corrected - **BUG FIX** MyFRITZ! access or device with MyFRITZ! access could not be deleted under certain circumstances - **BUG FIX** Error while entering an already assigned IP address for a new device for port sharing - **BUG FIX** No IPv4 port sharing for devices with IPv6 interface ID during IPv4 internet connection without IPv6 - **BUG FIX** IPv6 NAS sharing link could not be used - **BUG FIX** Google DynDNS service not supported - **BUG FIX** Static IP address with /31 network mask not possible ##Home network: - **BUG FIX** Possible error message (Error code 1) when IP address entered manually in the Device Details - **CHANGE** Connection Statistics area for the powerline network moved from the Network Device Details to the Contents>FRITZ!Box Support area ##Wireless: - **IMPROVED** Improved changing of SSID in Wireless Assistant during first configuration - **BUG FIX** Display of interference sources on Wireless LAN / Radio Channel page in the "Use of the Wireless LAN Channels" list - **BUG FIX** The entire network environment of the base station is displayed in repeater mode ##Security: - **CHANGE** The "Login without password (not recommended) option in the FRITZ!Box user interface now requires pressing a button on the FRITZ!Box ##Diagnostics: - **IMPROVED** Function diagnostics shows insufficient memory for saving faxes and voice messages when USB storage is full - **CHANGE** Display of port for Diagnostics & Maintenance ##System: - **NEW** Additional confirmation for certain changes can now be performed using the Google Authenticator - **IMPROVED** Redesigned Auto Update page - **IMPROVED** Event protocol on the Mesh Master also contains all events on the other FRITZ! devices in the Mesh WiFi - **IMPROVED** Push service sends mail after the update with additional information on the version and update progress - **IMPROVED** Push service change notice now also includes information on the registration of a new DECT device - **IMPROVED** Push service change notice on new devices in the home network now also includes information on new Mesh repeaters - **IMPROVED** "New FRITZ!OS" push service mail now also includes planned time of for auto updates - **IMPROVED** Optimized time synchronization (NTP) after internet dial-in - **IMPROVED** Consent to "Diagnostics and Maintenance" does not include permission for software updates - **IMPROVED** Simplified display for configuration of wireless LAN, LAN and WAN in the Interfaces area of the Overview menu - **IMPROVED** Redesigned push services overview - **CHANGE** For security reasons, the preconfigured user "ftpuser" can no longer be granted access from the internet - **CHANGE** For FRITZ!Box users who are granted access from the Internet, the password must be different from the user name - **CHANGE** The security of new password assignments must be rated at least "medium" or they will be rejected. - **CHANGE** Additional confirmation for creating VPN connections ##USB: - *IMPROVED** Message notifying about possible detriment to FRITZ!Box functions when contents deleted from the FRITZ! folder - **BUG FIX** System folders no longer indexed for the FRITZ! media server USB/UMTS: - **BUG FIX** Internet via mobile network not offered for all detected 3G dongles during first configuration --- ##New features for Mesh ------------------------------------------------------------- General information on Mesh is presented at en.avm.de/mesh-networking. ------------------------------------------------------------- **Enabling the Mesh Function** To check whether a FRITZ! product is enabled for Mesh, see the Mesh Overview of the FRITZ!Box (the Mesh Master) under "fritz.box -> Home Network -> Mesh". Here the products in the Mesh are designated with a corresponding "Mesh active" symbol. A FRITZ!WLAN Repeater or FRITZ!Powerline Adapter with FRITZ!OS 6.90 or higher installed can be enabled for Mesh in various ways: - If the product has the ex works settings configured and is being connected with the FRITZ!Box for the first time, it will be automatically enabled for Mesh. - If the product is already connected, but not enabled for Mesh, it is added to the Mesh by pressing a button on the product to be integrated and a button on the FRITZ!Box. On the FRITZ!Box, use the button that initiates WPS (depending on the model, press the "Connect" or "WPS" button briefly, or the "WLAN/WPS button for 6 seconds) Detailed instructions, additional information and the answers to frequently asked questions about Mesh are presented at en.avm.de/mesh-faq. ------------------------------------------------------------- **Configuring a second FRITZ!Box as a Mesh repeater with the press of a button** Requirements: - Your existing FRITZ!Box supports Mesh (FRITZ!OS 6.90 or higher). This box is the Mesh Master. - The FRITZ!Box to be deployed as a Mesh repeater has been updated to FRITZ!OS 7.0 and you have restored its settings ex works. This box is to become the Mesh repeater. Here's how: - Connect the LAN1 port of the Mesh repeater with the Master using a LAN cable - Initiate the Connect function on both boxes (7590: press the "Connect" button briefly; 7490: press and hold down the WLAN/WPS button for 6 seconds) After the connection procedure is concluded, the second FRITZ!Box is ready for operation as a Mesh repeater. (It operates in "IP client" mode and, as a Mesh repeater, adopts the wireless LAN settings and other important settings from the FRITZ!Box). Please note that this function can be used only if the second FRITZ!Box is permanently connected with the first box by LAN cable. Instructions for configuring a FRITZ!Box connected via wireless LAN as a Mesh repeater are presented at en.avm.de/mesh-faq ------------------------------------------------------------ ##Additional Innovations in FRITZ!OS 7.0 ------------------------------------------------------------ **What's new for the FRITZ! Hotspot** The new FRITZ!OS 7.0 vmakes setting up and using the FRITZ! Hotspot even easier. It's now even easier for users to choose whether the wireless guest access should be provided as an open hotspot, or encrypted as a private hotspot. If an open hotspot is chosen, the guests do not need to enter a security key. Cafés, doctor's offices and small businesses, as well as all FRITZ!Box users, can provide their customers and visitors an easy-to-use internet access that complies with the current legal regulations. Whether it's private or public hotspot, guests cannot access the home network, but surf using a second wireless LAN provided by the FRITZ!Box. Secure and Complete Control The operator of the hotspot can decide which applications can be used in the guest network and which are prohibited. Daily email messages notify the operator of the hotspot about which devices were registered in the radio network and when. Another advantage is the option to reserve bandwidth. This options allows you to specify how much of the data rate is reserved for their own wireless LAN and how much is available to their guests. Individual & Convenient The Welcome page of the FRITZ! Hotspot offers additional convenience. Cafés or businesses can greet their guests with a short welcome text, photo or logo. If desired, the guests can also be requested to consent to the terms of use for the hotspot. The hotspot is also available in locations where FRITZ!WLAN Repeaters or powerline devices supporting WiFi provide for better coverage. ------------------------------------------------------------ ------------------------------------------------------------ **Increased speed when using USB storage media with NTFS data systems** If you're using USB sticks or flash drives on your FRITZ!Box that are formatted with the data system NTFS, you can benefit from increased speed during transmission. You don't have to do anything - just continue to use the existing USB storage media as before. To check what data system is used, go to Home Network -> USB Storage Media in the FRITZ!Box user interface. ------------------------------------------------------------ ------------------------------------------------------------ **New security feature in the wireless LAN: "Protected Management Frames (PMF)"** FRITZ!OS now supports additional security during registration of devices with the wireless LAN. "Protected Management Frames" ("PMF" for short) offer additional protection for the wireless connection during the setup phase. PMF is standardized according to IEEE 802.11w-2009 and is automatically offered to or negotiated with wireless devices that support this technology. The new feature is available in the user interface under Wireless > Security > Additional Security Settings. ------------------------------------------------------------ ------------------------------------------------------------ **MyFRITZ! access to your FRITZ!Box via internet now without security messages in the browser** When you access the user interface of your FRITZ!Box from the internet, a security warning may be displayed in the browser. The new FRITZ!OS version enables your FRITZ!Box to receive a SSL certificate for your MyFRITZ! address from the organization letsencrypt.org. Browser access via the MyFRITZ! address to the interface of FRITZ!Box is no longer accompanied by a security warning, since most browsers trust the certificates from letsencrypt.org. Proceed as follows: 1. First you need to register your FRITZ!Box with MyFRITZ! (myfritz.net). 2. Under "Internet / MyFRITZ! Account", enable the "Let's encrypt" optLet's Encryption. 3. Confirm by clicking "Apply" and wait for the status "Certificate issued successfully". Your FRITZ!Box has the certificate created for your MyFRITZ! address and uses it for browser access to this address, for example when you access your FRITZ!Box via your account on https://myfritz.net. It's also possible to send links for FRITZ!NAS file sharing (for example photos) to third parties, who'll have access without annoying certificate warnings. This way, FRITZ!NAS becomes an even greater alternative to cloud storage services. Note: To receive the certificate, the TCP port 443 of your FRITZ!Box is open for a few minutes. The certificate is currently valid for 60 days and is then renewed by the FRITZ!Box. HTTPS access to your FRITZ!Box via public or local IP address, "fritz.box" in the home network or over a DynDNS provider do not use the certificate from letsencrypt. MyFRITZ!App: After activation of the Let's Encrypt certificate in the FRITZ!Box, the MyFRITZ!App notifies you once about the change of the certificate fingerprint. Select "trust" to continue using the new certificate. ------------------------------------------------------------ ------------------------------------------------------------ **Instructions for installing the update:** Use the update function offered in the user interface to install the update. This automatically offers you the right FRITZ!OS. Click "Wizards", select "Update" and then follow the instructions on the screen. --- (c) AVM GmbH 2004-2018. All rights reserved. This AVM firmware package contains files that are propagated under different licenses, in particular under a license held by AVM or under an open-source license (namely the GNU General Public License, GNU Lesser General Public License or FreeBSD License). For details on the various licenses, see the "license.txt" file (https://download.avm.de/fritzbox/license.txt). The source code of the files propagated as open source files can be obtained upon a written request to fritzbox_info@avm.de. AVM grants the non-exclusive right to use this AVM firmware package, which is supplied exclusively in object code format. The licensee may create only one copy of the software, which may be used exclusively for backup use. AVM reserves all rights that are not expressly granted to the licensee. Without previous approval in writing, and except for in cases permitted by law, it is particularly forbidden for this AVM firmware packet to be - copied, propagated, or in any other manner made publicly accessible, or - processed, disassembled, reverse engineered, translated, decompiled or in any other manner "opened" and subsequently copied, propagated or made publicly accessible in any other manner. DHA 2023/09/04