TMS zl Module Release Notes ST.1.1.100330

Known Issues

Release ST.1.0.090213

2. From a separate management session, delete all access for that user group

3. The user still has access through firewall

■ PR_11874 — On the Firewall > Access Policy > Unicast page in the Web browser interface,

when adding a policy there is an advanced tab that allows for limit settings.

The valid range for entries in connections, Kilobytes, packets, and seconds are not listed. The valid

ranges are 1 - 4294967295 for all fields except Kilobytes, which is 1 - 4194304.

■ PR_12598 — In the Web browser interface, address objects and address groups can be

added using the same name. This results in ambiguity when adding an access policy. To

prevent such ambiguity, make sure address objects and address groups have unique names.

Service objects and service groups also should have unique names.

■ PR_15328 — When a DNS object has been created and used in an access policy, if the DNS

name cannot be resolved, no further packet processing is done and the packet is dropped.

This behavior can cause problems when the DNS server is unavailable. To prevent these

problems, minimize the use of DNS objects. If you must use them, be sure to put them towards

the end of the list of rules so that other processing can take place on the packet before the

attempt to resolve the DNS name is made.

■ PR_17344 — In the Web browser interface for the Firewall Access Policy, adding an access

policy is done using a dialog. This dialog has drop-down boxes for source and destination

zones. These drop-down boxes do not accept ANY as a value. However, if you customize the

HTTP POST request sent from the browser and modify it to include ANY for the zone, it will

be accepted.

■ PR_18409 — A log entry with mid=677 is generated for an invalid TCP packet where the flags

of RST+ACK are set. This log message indicates that the packet was dropped, but in fact, it

was not dropped; it was sent to the TCP peer.