H3C SecBladeII-CMW520-F3171P11 Release Notes H3C SecBladeII-CMW520-F3171P11 Release Notes
H3C SecBladeII-CMW520-F3171P11 Release Notes H3C SecBladeII-CMW520-F3171P11 Release Notes Keywords: FW, NAT, ASPF, IPSec, GRE, VPN Abstract: This release notes describes the SecBladeII release with respect to hardware and software compatibility, released features and functions, software upgrading, and documentation.
H3C SecBladeII-CMW520-F3171P11 Release Notes Contents Important information ············································································································ 4 Version Information ················································································································ 4 Version Number ·························································································································4 Version History ···································
H3C SecBladeII-CMW520-F3171P11 Release Notes List of Tables Table 1 Version history ................................................................................................................................... 4 Table 2 Hardware and software compatibility matrix ............................................................................ 4 Table 3 SecBlade FW hardware features ..................................................................................................
H3C SecBladeII-CMW520-F3171P11 Release Notes Important information In this software the format of the configuration files has been changed. To avoid any problems downgrading software, please backup the configuration file before upgrading. More details may be found in the Open problems and workarounds section 下方. Version Information Version Number List the version number with the command display version. For example: Comware software, Version 5.
H3C SecBladeII-CMW520-F3171P11 Release Notes Item Specifications Host software SECBLADEII-CMW520-F3171P11.bin S7500E version S7500E-CMW520-R6626 S9500 version S9500-CMW310-R1651P05 S9500E version S9500E-CMW520-R1335P03 S12500 version S12500-CMW520-R1335P03 S5800 version S5800_5820X-CMW520-R1211P02 SR6600 version SR6600-CMW520-R2603 SR8800 version SR8800-CMW520-R3345P02 iMC version iMC PLAT 5.
H3C SecBladeII-CMW520-F3171P11 Release Notes 5. The rule "deny ip destination" configured in nat outbound ACL will affect the normal working of alg, so we suggest the customer not to configure this rule when enable alg function. 6. If the device version from F3166, R3166, or F3169 series upgrade to F3171 series, you need to pay attention to whether there are issues the following configuration: a.
H3C SecBladeII-CMW520-F3171P11 Release Notes Feature List Hardware Features Table 3 SecBlade FW hardware features SecBladeII SecBladeII SecBladeII SecBladeII SecBladeII SecBladeII (S5800) (S7500E) (S9500E) (S12500) (SR6600) (SR8800) Dimensions (H × W × D) 36.7×250.0× 249.8mm 40.1×399.2× 376.8mm 40.1×399.2× 379.0mm 40.1×399.2× 498.8mm 45.2×399.2× 434.6mm 40.1×399.2× 379.0mm Weight 1.5kg 3.23kg 3.6kg 4.3kg 3.5kg 3.6kg Max.
H3C SecBladeII-CMW520-F3171P11 Release Notes Category Features Packet Filter Access control based on security areas Access control based on time-range ASPF Firewall Virtual firewall Anti DoS/DDoS URL Filter Static and Dynamic Blacklist P2P HTTP/SMTP/POP3/FTP/TELNET packet content filtering Attack log Black list log Security Management Session log Binary format log Traffic measurement and analysis Security events statistics Address pool ACL Easy IP NAT NAT Server Configure the valid time of NAT ALG, i
H3C SecBladeII-CMW520-F3171P11 Release Notes Category Features Static route RIP-1/RIP-2 IP Route OSPF BGP Policy Route ICMPv6 TCP6 UDP6 RAWIP6 Ping6 Basic Protocol DNS6 TraceRT6 Telnet6 FIB6 DHCPv6 Client DHCPv6 Relay IPv6 RIPng OSPFv3 BGP4+ Routing & Multicast Static Route policy Route PIM-SM PIM-DM NAT-PT Security IPv6 Tunnel IPv6 Packet Filter Radius VRRP VRRP Session failover High Availability Stateful failover IPSec failover Asymmetric path Configuration synchronization Console AUX Suppo
H3C SecBladeII-CMW520-F3171P11 Release Notes Category Features Login and Authentication WEB Web configuration SNMPV3/V1/V2C NTP Version Updates Feature Updates Table 5 Feature updates Version number Item Description Hardware feature updates New features: None Deleted features: None New features: • Consistency of the time recorded for each event in the userlog and the exact system time. F3171P11 Software feature updates • The userlog can be sent with UTC time or local time.
H3C SecBladeII-CMW520-F3171P11 Release Notes Version number Item Description Deleted features: None Modified features: None Hardware feature updates New features: None Deleted features: None New features: F3169P04 Software feature updates • IPv6 • Configuration synchronization Deleted features: None Modified features: None Command Line Updates Table 6 Command line updates Version number Item Description [undo] userlog flow export timestamps localtime Web: • Navigate to Log Report > Userlog, and a
H3C SecBladeII-CMW520-F3171P11 Release Notes Version number Item Description commands F3171P03 Modified commands None New commands None Removed commands None Modified commands None display udp-helper server reset udp-helper packet [ undo ] udp-helper enable New commands [ undo ] udp-helper port [ undo ] udp-helper server F3170 [ undo ] packet-rate-limit class default cir < cir-value > cbs < cbs-value > Removed commands None Modified commands None MIB Updates Table 7 MIB updates Version
H3C SecBladeII-CMW520-F3171P11 Release Notes Operation Changes in F3170 First release. Open Problems and Workarounds HSTB09465 • First found-in version: F3171P07 • Description: In this version of code, the password encryption within configuration files has been enhanced and cannot be interpreted by earlier revisions of the agent code. This means that if a unit is downgraded to earlier code, it may no longer be possible to login and manage the device.
H3C SecBladeII-CMW520-F3171P11 Release Notes List of Resolved Problems Resolved Problems in F3171P11 Problem 1 • First found-in version: SECBLADEII-CMW520-F3171P07 • Condition: The device has been running for over 30 weeks. • Description: There is a drift of several minutes between the time recorded in the userlog and the exact system time. Resolved Problems in F3171P07 Problem 1 • First found-in version: F3170 • Condition: Query the system log by Web UI.
H3C SecBladeII-CMW520-F3171P11 Release Notes • Description: None. Problem 3 • First found-in version: F3170 • Condition: Through the firewall FTP login, the firewall network configuration of Nat Server cases, the client through the private network address directly login, data channel establishing matching Nat Server leads to the data passage establishment failure. • Description: None.
H3C SecBladeII-CMW520-F3171P11 Release Notes Related Documentation Documentation Set Table 8 Documentation set Document title Version H3C LSQ1FWBSC0 Card Manual V1.01 H3C S9500 LSB1FW2A0 Card Manual V1.
H3C SecBladeII-CMW520-F3171P11 Release Notes Table 9 Hardware compatibility Firewall card Network device LSWM1FW10 H3C S5800 Switch Series LSQ1FWBSC0 H3C S7500E Switch Series LSB1FW2A0 H3C S9500 Switch Series LSR1FW2A1 H3C S9500E Switch Series LST1FW2A1 H3C S12500 Routing Switch Series SPE-FWM SPE-FWM-200 IM-FW IM-FW-II CR-IM-FW1A H3C SR6600 Router Series H3C SR8800 10G Core Routers H3C CR16000 Router Series NOTE: The following example was created and verified on the firewall card LSQ1FWBSC0
H3C SecBladeII-CMW520-F3171P11 Release Notes • Main system software image—Used by default. • Backup system software image—Used when the main system software image is invalid. • Secure system software image—Used when the backup system software image is invalid. If the secure system software image is also invalid, the system displays a failure prompt. A system software image is an .bin file such as main.bin. The system software images of the firewall card are saved in a CF card by default.
H3C SecBladeII-CMW520-F3171P11 Release Notes • Log in to the CLI of the firewall card through the console port. (Skip this task if you upgrade the system software from Web.) • Copy the upgrade file to the file server and correctly set the working directory on the TFTP or FTP server. • Make sure that the upgrade has minimal impact on the network services. During the upgrade, the firewall card cannot provide any services.
H3C SecBladeII-CMW520-F3171P11 Release Notes Using TFTP to upgrade software This section describes how to upgrade system software by using TFTP. Backing up the running system software image and configuration files 1. Perform the save command in any view to save the current configuration. save The current configuration will be written to the device. Are you sure? [Y/N]:y Please input the file name(*.cfg)[cfa0:/startup.
H3C SecBladeII-CMW520-F3171P11 Release Notes TFTP: 19790016 bytes sent in 38 second(s). File uploaded successfully. 4. Perform the tftp put command in user view to upload the startup.cfg file and system.xml file to the TFTP server. tftp 192.168.0.2 put startup.cfg File will be transferred in binary mode Sending file to remote TFTP server. Please wait... \ TFTP: 1301 bytes sent in 0 second(s). File uploaded successfully. tftp 192.168.0.2 put system.
H3C SecBladeII-CMW520-F3171P11 Release Notes The boot file used next time:cfa0:/fw_card.bin attribute: main Failed to get the backup boot file used next time! Failed to get the secure boot file used next time! 4. Perform the reboot command in user view to reboot the firewall card. reboot Start to check configuration with next startup configuration file, please wait. ........DONE! This command will reboot the device. Continue? [Y/N]:y System start booting... … 5.
H3C SecBladeII-CMW520-F3171P11 Release Notes (To leave the existing filename unchanged, press the enter key): cfa0:/startup.cfg exists, overwrite? [Y/N]:y Validating file. Please wait.... Configuration is saved to device successfully. 2. Perform the dir command in user view to identify the system software image and configuration file names and verify that the CF card has sufficient space for the new system software image.
H3C SecBladeII-CMW520-F3171P11 Release Notes 5. Perform the put command in FTP client view to upload the startup.cfg file and the system.xml file to the FTP server. [ftp] put startup.cfg 227 Entering passive mode (192,168,0,2,26,3) 125 Using existing data connection 226 Closing data connection; File transfer successful. FTP: 1301 byte(s) sent in 0.187 second(s), 6.00Kbyte(s)/sec. [ftp] put system.
H3C SecBladeII-CMW520-F3171P11 Release Notes The boot file used next time:cfa0:/fw_card.bin attribute: main Failed to get the backup boot file used next time! Failed to get the secure boot file used next time! 5. Perform the reboot command in user view to reboot the firewall card. reboot Start to check configuration with next startup configuration file, please wait. ........DONE! This command will reboot the device. Continue? [Y/N]:y System start booting... … 6.
H3C SecBladeII-CMW520-F3171P11 Release Notes Table 10 Default login information Login information Default setting Username admin Password admin IP address of GigabitEthernet 0/0 on the firewall card for S5800 and SR6600 192.168.0.1/24 IP address of GigabitEthernet 0/1on the firewall card for other network devices 192.168.0.1/24 To upgrade the system software from the Web: 1. Use an Ethernet cable to connect the firewall card to the PC. 2. Assign an IP address on subnet 192.168.0.
H3C SecBladeII-CMW520-F3171P11 Release Notes Item Description Set the file type. • Main—Used at the next startup • Backup—Used when the main system software image is File Type invalid. If a file with the same name already exists, overwrite it without any prompt If you do not select the option, the message "The file already exists." appears when a file with the same name is on the firewall card. You cannot continue the upgrading.
H3C SecBladeII-CMW520-F3171P11 Release Notes Flash Size : 4MB cfa0 Size : 247MB CPLD Version : 3.0 PCB Version : Ver.A BootWare Validating... Press Ctrl+B to enter extended boot menu... … NOTE: The command outputs are for reference only. 2. Press Ctrl + B at the prompt. Please input BootWare password: 3. Enter the BootWare password at the prompt to access the BootWare menu. By default, no password is required. If three password attempts are failed, the system reboots.
H3C SecBladeII-CMW520-F3171P11 Release Notes Item Description <5> Modify BootWare Password Modify the BootWare password. <6> Skip Current System Configuration Start the firewall card with the factory default configuration. This is a one-time operation and does not take effect at the next reboot. You use this option when you forget the console login password. <7> BootWare Operation Menu Access the BootWare Operation menu for backing up, restoring, or upgrading BootWare.
H3C SecBladeII-CMW520-F3171P11 Release Notes ==================================================== |Note: | '-' = Go to previous field. | | '.' = Clear field. | Ctrl+D = Quit. | ============================================================================ Protocol (FTP or TFTP) :tftp Load File Name :main.bin : Target File Name :main.bin : Server IP Address :192.168.0.2 Local IP Address :192.168.0.1 Gateway IP Address :0.0.0.
H3C SecBladeII-CMW520-F3171P11 Release Notes Updating File cfa0:/main.bin............................................... ....................................................
H3C SecBladeII-CMW520-F3171P11 Release Notes Item Description <5> Modify Serial Interface Parameter Modify serial port parameters <0> Exit To Main Menu Return to the BootWare menu. NOTE: If you use the baud rate of 9600 bps, jump to step 10. 2. Enter 5 to enter the baud rate setting menu.
H3C SecBladeII-CMW520-F3171P11 Release Notes Figure 4 Properties dialog box 6. Select 115200 from the Bits per second list and click OK. Hangzhou H3C Technologies Co., Ltd.
H3C SecBladeII-CMW520-F3171P11 Release Notes Figure 5 Modifying the baud rate 7. Select Call > Call to reestablish the connection. Figure 6 Reestablishing the connection 8. Press Enter.
H3C SecBladeII-CMW520-F3171P11 Release Notes ============================================================================ Enter your choice(0-5): 9. Enter 0 to return to the Serial submenu.
H3C SecBladeII-CMW520-F3171P11 Release Notes Figure 8 File transfer progress 13. When the Serial submenu appears after the file transfer is complete, enter 0 at the prompt to return to the BootWare menu. Download successfully! 19790016 bytes downloaded! Input the File Name:main.bin Updating File cfa0:/main.bin.............................................. .....................................................
H3C SecBladeII-CMW520-F3171P11 Release Notes Managing files from the BootWare menu To change the type of a system software image, retrieve files, or delete files, enter 4 in the BootWare menu.
H3C SecBladeII-CMW520-F3171P11 Release Notes ============================================================================ Enter your choice(0-4): Changing the type of a system software image System software image file attributes include main (M), backup (B), and secure (S). You can store only one main image, one backup image, and one secure image on the firewall card. A system software image can have any combination of the M, B, and S attributes.
H3C SecBladeII-CMW520-F3171P11 Release Notes To delete files: 1. Enter 4 in the File Control submenu. Deleting the file in cfa0: 'M' = MAIN 'B' = BACKUP 'S' = SECURE 'N/A' = NOT ASSIGNED ============================================================================ |NO. Size(B) Time Name | |1 6819 Feb/03/2012 10:39:24 N/A Type cfa0:/system.xml | |2 207865 Dec/07/2011 17:43:38 N/A cfa0:/logfile/~/logfile.log | |3 1271 Feb/03/2012 10:39:26 M+B cfa0:/startup.
H3C SecBladeII-CMW520-F3171P11 Release Notes Copyright © 2012 Hangzhou H3C Technologies Co., Ltd. All rights reserved. No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of Hangzhou H3C Technologies Co., Ltd. The information in this document is subject to change without notice. Hangzhou H3C Technologies Co., Ltd.