Manualshelf

TMS zl Module Release Notes ST.1.1.100330

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
21222324252627282930
18
Software Fixes in Releases ST.1.0.090213 - ST.1.1.100330
Release ST.1.0.090603
rulefam=BACKDOOR ruledsc="BackDoor Digital Root Beer" subf-
amid=ips_signature_based_logs attackid=no-id
mtype=iips_l5_l7_attack mid=3189 timetolive=3 actiontype=terminate
PR_38512 — When the same IPS attack was continuously launched against the TMS zl
Module and generating log entries, log throttling was not working and many of the same IPS
log entries were populating the log file.
Monitor Mode
PR_14582 — In monitor mode, the CLI command ips help does not reflect the commands
that are actually available in monitor mode as opposed to routing mode.
High Availability
PR_38385 — Connection reservations do not fail over from the Master to the Participant in
an Active-Standby configuration.
Example:
PC DMZ 10.10.30.254 | TMS | Zone1 192.168.1.254 PC Server
10.10.30.1 192.168.1.1
Zone limits DMZ = 5
Connection reservation DMZ, inbound, reserved for 192.168.1.1, Reservation count = 3
If the PC opens TCP connections through the Master, and a fail over situation occurs, the
reservation count was not correctly followed.
PR_38959 — In High Availability Active-Standby configuration, when running a mix of RTSP
and SMTP traffic for a period, the command no connections does not reset some of the current
connections.
VPN
PR_17972 — In the Web browser interface, in the Help for VPN, the wrong performance
numbers are reported.
PR_38173 — Misleading error messages appear when adding or editing an IKE policy in the
Web browser interface (VPN > Certificates > IPsec Certificates).
PR_38217 — When setting up an IPsec policy with a Key Exchange of Manual, it was possible
to specify an SPI number that was already in use by another IPsec policy and it would not
be detected. Duplicate SPI numbers across IPsec policies are not allowed and an error needs
to be displayed.
PR_38223 — When adding an IPsec policy with action Bypass or Ignore, and setting the
direction to Inbound, the traffic selector's local and remote addresses would be swapped.