Manualshelf

HP Switch Services Modules - H3C SecBladeII-CMW520-F3171P11 Release Notes

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
12345678910
H3C SecBladeII-CMW520-F3171P11
Release Notes
Hangzhou H3C Technologies Co., Ltd.
6
5. The rule "deny ip destination" configured in nat outbound ACL will affect the normal
working of alg, so we suggest the customer not to configure this rule when enable alg
function.
6. If the device version from F3166, R3166, or F3169 series upgrade to F3171 series, you
need to pay attention to whether there are issues the following configuration:
a. Verify that the device has been configured nat server and if there are binding ACL
configuration on the nat server configuration, if there is the configuration, which
has bound the ACL nat server configuration will be lost after the upgrade.
b. Confirm the interface is configured static NAT address mapping (nat static), NAT
address pool (nat address-group) and server mapping (NAT Server), if there is the
configuration and the global address of NAT configuration and interface address is
not in the same network segment , the default firewall interface for NAT global
address received in response to the ARP request will not respond. The firewall on
the client device is not configured to point NAT global address of NAT routing
disruption may cause problems in the interface can be configured with NAT global
addresses in the same network to achieve sub ARP response.
c. F3171 series version adds the maximum number of sessions of the virtual device
configuration. Confirm the device before the upgrade is configured on the virtual
device, if you have configured, upgrade to the F3171 series version, the maximum
number of each virtual device's sessions is set to 0 by default, users need to adjust
the actual situation of each virtual device maximum number of sessions.
d. F3166 and R3166 version of the address of some resource (including the host
address, address range, subnet address) name, custom services, resource name,
resource name of the service group configuration can be configured to allow
certain special characters (including :"!","#" ,"?","@","~","(",")"), but the F3171 series
version does not support these special characters, so the need to upgrade before
replacing these characters into other characters.
e. In F3166, R3166, and F3169 series version of the configuration of TCP Proxy in the
protected IP, upgrade to the F3171 series version will have a configuration is lost,
need to reconfigure the protected IP.
f. After upgrading code from F3207R3206 or F3208 to F3210, the threshold unit for
udp flood detect will be changed from connection/second to packets/second.
Need to adjust it accorsing to the customer's requirement.
g. After upgrading code from F3207R3206 or F3208 to F3210, the threshold unit for
icmp flood detect will be changed from connection/second to packets/second.
Need to adjust it accorsing to the customer's requirement.