Release Notes: Version ST.1.0.090213 Software for the HP ProCurve Threat Management Services zl Module These release notes include information on the following: ■ Downloading documentation from the Web (page 1) ■ Downloading and installing software updates (page 2) ■ Known Issues in release ST.1.0.090213 (page 7) S u p p or t N o t i c e s Caution The HP ProCurve Series 5400 zl and 8200zl switches require software version K.13.40 or later to support the Threat Management Services (TMS) zl Module.
© Copyright 2009 Hewlett-Packard Development Company, LP. The information contained herein is subject to change without notice.
Contents Software Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1 Download Switch Documentation from the Web . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 View or Download the Software Manual Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Software Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
(This page intentionally left blank.
Software Management Download Switch Documentation from the Web Software Management Download Switch Documentation from the Web You can download software updates and the corresponding product documentation from the ProCurve Networking Web site as described below. View or Download the Software Manual Set Go to: www.procurve.com/manuals You may want to bookmark this Web page for easy access in the future.
Software Management Software Updates Controller 800, and HP ProCurve DCM Controller. The following hardware mobility products have a one-year hardware warranty with extensions available: HP ProCurve M111 Client Bridge, HP ProCurve MSM3xx-R Access Points, HP ProCurve MSM7xx Mobility and Access Controllers, HP ProCurve RF Manager IDS/IPS Systems, HP ProCurve MSM Power Supplies, HP ProCurve 1 Port Power Injector, and HP ProCurve CNMS Appliances.
Software Management Software Updates Updating the Module Software Using the Web Browser Interface This section describes how to use the Web browser interface to download software to the module. For more detailed information, refer to "Update Software with the Web Browser Interface" in the HP ProCurve Threat Management Services zl Module Management and Configuration Guide (ProCurve manuals).
Software Management Software Updates 7. Wait for this message in the Latest Status field: Success: Image download and install have completed successfully. (see Figure 1). 8. Select the Reboot tab and click the Reboot button to complete the installation. Updating the Module Software Using the CLI Three separate processes are available for updating the nodule software using the TMS zl Module CLI.
Software Management Software Updates 4. When the prompt says that the installation is finished, reboot the module to complete the update. hostswitch(tms-module-C)# reboot Using a TFTP Server. 1. Transfer the compressed image onto a TFTP server. 2. Initiate a console session with the host switch. 3. Enter the ProductOS context for the TMS zl Module. hostswitch# services c 2 4. Copy the image from the server and install. 5. Reboot the module to complete the update.
Software Management Software Updates 7. Wait a few seconds, then mount the USB drive. hostswitch(services-module-C:HD)# usb mount 8. Copy the image from the drive to the module. For example, if the image directory name is ST.1.0.090213, you would type: hostswitch(services-module-C:HD)# usb copyfrom st.1.0.090213 You can type the first few letters of the directory name, then press the Tab key to complete the name.
Known Issues Release ST.1.0.090213 Known Issues Release ST.1.0.090213 The following problems are known issues as of release ST.1.0.090213. ■ PR_0000000665 — When an IPv4 address is entered into a field, regardless of whether the administrator is using the Web browser interface or CLI interface, the TMS zl Module is not doing the complete validation on the address based upon the field being used. For example, a multicast or broadcast address can be entered into source address fields.
Known Issues Release ST.1.0.090213 For example: ProCurve Switch(tms-module-D:config)# vlan 20 ip address Set IP parameters for communication within an IP network. igmp Enable IGMP on the VLAN. pim-sparse Enable PIM-SM on the device. ProCurve Switch(tms-module-D:config)# vlan 20 ProCurve Switch(tms-module-D:vlan-20)# ip address Set IP parameters for communication within an IP network. igmp Enable IGMP on the VLAN. rip Configure RIP on the VLAN. ospf Configure OSPF settings.
Known Issues Release ST.1.0.090213 2. Add a second syslog server using the same IP address ProCurve Switch(tms-module-D:config)# logging syslog 192.168.1.59 514 facility local2 3. Delete the syslog server ProCurve Switch(tms-module-D:config)# no logging syslog 192.168.1.59 The first syslog server is deleted and there is no way to specify the second syslog server except to execute the no logging syslog 192.168.1.59 command again.
Known Issues Release ST.1.0.090213 ■ PR_0000007914 — The TMS zl Module Web browser interface is designed to only have one client logged in as manager at any given time to avoid one manager's changes overwriting another manager's changes. In most cases, this works as expected. However, multiple clients can log in as manager by following the steps below. 1. Using the Web browser interface, login as manager on the TMS zl Module. 2. Connect to the Web browser interface page on a second client. 3.
Known Issues Release ST.1.0.090213 6. Multicast routing is disabled. 7. Add or edit a VLAN with Multicast enabled. 8. Refresh the Multicast page by pressing F5. 9. Multicast routing is now enabled (the box next to Enable multicast routing.. is checked). Expected Result: Multicast routing should remain disabled. ■ PR_0000009404 — SSH Buffer errors are shown in logs with varying severity. These messages represent temporary and recoverable conditions, but they should all be of the same severity.
Known Issues Release ST.1.0.090213 ■ PR_0000011016 — When users are being authenticated by the TMS zl Module and the user accidently closes the logout window, the user no longer has the ability to explicitly logout. The user must wait for the timeout to occur and then login again or must be explicitly disconnected by the administrator of the TMS zl Module. ■ PR_0000010023 — The TMS zl Module does not log authenticated user logins and logouts. There is no workaround for this issue at this time.
Known Issues Release ST.1.0.090213 ■ • GRE (IP Tunnel, local and remote IP, selector IP and MASK) • SCEP (SCEP server) PR_0000012477 — When logging in as an operator in the Web browser interface, some drop down selections are not disabled. This behavior does not allow an operator to perform any management functions, but the drop down selections should be disabled to prevent the impression that management operations can be performed. For example: Log in as an operator.
Known Issues Release ST.1.0.090213 1. Open a Web browser interface session. 2. Go to Network > Zones > VLAN Associations. 3. Add two or three VLAN Associations. 4. Open a CLI session with the TMS zl Module via the switch, ProCurve Switch# services d 2 5. Display VLAN information by using the show vlans command. ■ PR_0000013220 — When a software update is performed by retrieving the image via FTP, SCP, or TFTP, a generic error message is displayed for any user input error.
Known Issues Release ST.1.0.090213 3. Save the startup-config ProCurve Switch (tms-module-D:config)#copy startup-config ftp 192.168.1.1 backup.cfg user administrator 4. If prompted, enter the password for the FTP account. CLI hangs for sixty seconds. ■ PR_0000014561 — An unexpected group already exists error may show up when a user deletes a group and then adds a group with the same name again. The TMS zl Module marks groups for deletion, but the actual deletion may take a few seconds.
Known Issues Release ST.1.0.090213 ■ PR_0000015081 — When using the Web browser interface for the software update feature, the Latest Status field is not automatically refreshed. Refreshing the browser displays the Latest Status correctly but also clears the download form. Although no longer needed by the TMS zl Module to perform the software update, the clearing of the download form removes some information from view.
Known Issues Release ST.1.0.090213 ■ PR_0000015477 — When adding and removing VLANs via the CLI, additional log messages are created that are not created when using the Web browser interface to add and remove VLANs. ■ PR_0000015522 — There is a difference in how the timezone information is displayed in the TMS zl Module as compared to the switch. The TMS zl Module follows the POSIX standard for displaying the time, for example, 'GMT+6' is displayed to indicate the timezone.
Known Issues Release ST.1.0.090213 ■ PR_0000000999 — In the Web browser interface, Firewall > Access Policies, if a user deletes all the rules in an access policy, the Web browser interface doesn't remove the empty policy until a screen refresh is done. This is a visual issue only, the policy has actually been removed. ■ PR_0000002379 — In the Web browser interface, when adding a Service Object, if the Service Object already exists, an error message is displayed.
Known Issues Release ST.1.0.090213 time="2008-08-09 18:10:32" severity=info pri=6 fw=ProCurve-TMS-zl-Module id=config_configuration ruleid=0 msg="IPDB record modified" srczone=SELF dstzone=SELF result=0 throttledcount=0 subfamid=configurationchanges operation=0 mtype=config mid=1051 recname=b2222 ■ PR_0000009711 — When a user authenticates by way of the firewall using RADIUS, they get the correct policy for their group.
Known Issues Release ST.1.0.090213 these problems, minimize the use of DNS objects. If you must use them, be sure to put them towards the end of the list of rules so that other processing can take place on the packet before the attempt to resolve the DNS name is made. ■ PR_0000017344 — In the Web browser interface for the Firewall Access Policy, adding an access policy is done using a dialog. This dialog has drop-down boxes for source and destination zones.
Known Issues Release ST.1.0.090213 ■ PR_0000038228 — A misleading error occurs when the traffic selector's IP range starts or ends with 255. Workaround: Correct the range. ■ PR_0000038229 — IPsec policy advanced settings are displayed incorrectly after the default settings are changed and then edited in the Web browser interface. ■ PR_0000038231 — On the advanced settings screen (VPN > IPsec > IPsec Policies) Enable fragment before IPsec cannot be disabled.
Known Issues Release ST.1.0.090213 ■ PR_0000009688 — After an HA link is restored, the TMS zl Module with higher priority does not rejoin the cluster as a Master. ■ Example: 1. Configure a module in HA as Master (Active) with priority set to 1. 2. Configure a module as Participant (Standby) with priority set to 254. 3. Once both modules are in the cluster, remove the HA link (cable) that connects both switches. Both devices become Master independently. 4. Re-connect the HA link.
Known Issues Release ST.1.0.090213 rate or count drops, the state is transferred correctly. However, should a failover from the Master to the Participant occur at the time when TCP state information cannot be sent, there will be an additional failover delay as applications re-establish their TCP state with the Participant (now the Master after the failover). Monitor Mode Only ■ PR_0000005928 — When in Monitor Mode, a scan of the open ports will reveal TCP port 616 and TCP port 9999 as being open.
© 2009 Hewlett-Packard Development Company, LP. The information contained herein is subject to change without notice.