TMS zl Module Release Notes ST.1.0.090213

Known Issues

Release ST.1.0.090213

time="2008-08-09 18:10:32" severity=info pri=6 fw=ProCurve-TMS-zl-Module

id=config_configuration ruleid=0 msg="IPDB record modified" srczone=SELF

dstzone=SELF result=0 throttledcount=0 subfamid=configurationchanges oper-

ation=0 mtype=config mid=1051 recname=b2222

■ PR_0000009711 — When a user authenticates by way of the firewall using RADIUS, they

get the correct policy for their group. However, if the policy is changed while the user’s

session is active, the user is not disconnected automatically to force re-authentication to

provide the updated policy. In contrast, a user that is authenticated by way of the Local

database is disconnected and must re-authenticate when the policy is updated.

Example:

1. Use username/password to RADIUS Authenticate to the TMS zl Module through the firewall.

2. From a separate management session, delete all access for that user group

3. The user still has access through firewall

■ PR_0000011874 — On the Firewall > Access Policy > Unicast page in the Web browser

interface, when adding a policy there is an advanced tab that allows for limit settings.

The valid range for entries in connections, Kilobytes, packets, and seconds are not listed. The valid

ranges are 1 - 4294967295 for all fields except Kilobytes, which is 1 - 4194304.

■ PR_0000012598 — In the Web browser interface, address objects and address groups can

be added using the same name. This results in ambiguity when adding an access policy. To

prevent such ambiguity, make sure address objects and address groups have unique names.

Service objects and service groups also should have unique names.

■ PR_0000015328 — When a DNS object has been created and used in an access policy, if

the DNS name cannot be resolved, no further packet processing is done and the packet is

dropped. This behavior can cause problems when the DNS server is unavailable. To prevent