Manualshelf

TMS zl Module Release Notes ST.1.1.100330

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
41424344454647484950
40
Known Issues
Release ST.1.1.100226
PR_44860 — The TMS zl Module Log messages do not provide enough detail to help
troubleshoot IPsec using certificate authentication.
PR_44911 — Removing an IKE policy displays different output from removing an IPsec
policy and proposal. For consistency, this should be reworded.
PR_45392 — No logging messages are generated when attempting to retrieve a certificate
from a server by SCEP. In a situation where the certificate retrieval failed, it is difficult to
tell what may have caused the failure
PR_45525 — A TMS zl Module that receives GRE keep-alive packets may log those as a DoS
attack. Steps:
1. Create GRE tunnel
2. Go to Logging>View Log page and filter "gre"
Notice a log similar to this one:
time="2009-09-24 17:19:33" severity=minor pri=3
fw=ProCurve-TMS-zl-Module id=fw_l2l3_attack msg="Invalid source &
destination: dropping packet" srczone=ZONE6 src=172.15.2.254 srcport=0
dstzone=ZONE5 dst=172.15.2.250 dstport=0 proto=GRE subfamid=dosattack
mtype=attack mid=1530
PR_45634 — An incorrect IP address is accepted in the destination field when editing a
multicast policy. Steps:
1. Go to Firewall/Access policies/Multicast
2. Click on Add a policy
3. On the source field, go to Options button and select Enter custom IP,IP/mask or IP-Range and
enter a non-multicast IP address.
4. On the destination field, go to Options button and select Enter custom IP,IP/mask or IP-Range
and enter a multicast IP address.
5. Before you click on Apply button and Close button, make sure you make a note of what zones
you picked for the policy.
6. Click on Apply button.
7. Pick the previously created policy and click on the edit icon.
8. In the destination field, specify a Unicast IP address.
Unicast IP address in the destination field should cause an error message. Instead, no error
message is displayed and the incorrect IP address is accepted.
PR_45671 — In the Web browser interface, Firewall->Access Policies->Addresses, duplicate
Network (IP/mask) entries can be added for a given name. For instance, 10.10.10.0/24,
10.10.20.0/24, 10.10.10.0/24 could be added under a given name.