HP AF5000-CMW520-R3206P22 Release Notes © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.
Contents Important information ·················································································································1 Version information ····················································································································1 Version number ·····························································································································1 Version history ······································································
List of Tables Table 1 Version history ........................................................................................................................................ 1 Table 2 Hardware and software compatibility matrix............................................................................................ 1 Table 3 MIB updates ........................................................................................................................................... 3 Table 4 Hardware features .
This document describes the features, restrictions and guidelines, open problems, and workarounds for version R3206P22. Important information In this software the format of the configuration files has been changed. To avoid any problems downgrading software, please backup the configuration file before upgrading. More details may be found in the Open problems and workarounds Version information Version number Comware software, Version 5.
Item Specifications MPU: Basic section 3.0 , extended section 1.0 LPUA: Basic section 1.0, extended section 1.0 CPLD GE interface module: 2.0 10-GE interface module: 1.0 BootWare version 1.09 Host software SECPATH5000FA-CMW520-R3206P22.bin iMC version iMC PLAT 7.0 (E0102) To display the host software and BootWare version of the F5000-A5, perform the following: display version HP Comware Platform Software ------- Note① Comware Software, Version 5.
RMON statistics restriction The interfaces on the MPUs and 12-GE interface modules do not support the RMON statistics function. This is a hardware restriction. ICMP fragement sending restriction When the length of an ICMP echo request used for a ping operation is greater than 35000 bytes, the packet will be fragmented due to the restriction of the interface MTU. The longer the ping packet, the more the fragments.
Restrictions and cautions ALG restriction The deny ip destination rules in the ACL for the nat outbound command affects the operation of ALG. we does not recommend configuring deny ip destination rules with . Known hardware bus bug When virtual packet reassembling is enabled, the SPI4.2 bus can process only the first five fragments of a packet, resulting in fragment loss. Known PHY chip bug In forced mode, the BCM 5464 chip does not support automatic cross-over/straight-through adaption.
Workaround: The F5000-A5 does not support the ARP detection function. Do not use this function on the F5000-A5. HSD92090 Description: Configure IPsec protection for BFD packets. After the SA negotiation is finished, the DUT reboots. Workaround: Do not configure IPsec protection for BFD packets. HSD79737 Description: If you change dynamic aggregation to static aggregation on the F5000-A5 when there is traffic, the F5000-A5 reboots.
201310290163 Symptom;Device could not handle invalid SNMP packet and resulted in an exception. Condition;Device received an invalid SNMP packet which had an oversize ContextName field. P201310290149 Symptom:Device could not handle invalid SNMP packet and resulted in an exception. Condition:Device received an invalid SNMP packet with overlong OID. 201310250241 Symptom:The master board experiences unexpected reboot or hung because of fatal error.
HSD85021 Symptom: The internal server cannot communicate with itself through its public address. Condition: This symptom might occur when NAT server is configured on the F5000-A5. HSD85020 Symptom: The maximum number of DNS mapping entries that F5000-A5 supports is less than 256. Condition: None HSD78997 Symptom: The stack reboots after the F5000-A5 operates for a period and dynamic .
Related documentation Documentation set HP F5000 Firewall Installation Guide-6PW102 HP F5000 Firewall NSQ1MPUA0 Card Manual-6P102 HP F5000 Firewall NSQ1GT8C40 Card Manual-6P102 HP F5000 Firewall NSQ1GT8P40 Card Manual-6P102 HP F5000 Firewall NSQ1XP20 Card Manual-6P102 HP A-F5000 Firewall Compliance and Safety Manual-5PW102 HP High-End Firewalls Configuration Guides (R3166_R3206)-6PW101 HP High-End Firewalls Command References (R3166_R3206)-6PW101 Obtaining documentation To fi
Appendix A Feature list Hardware features Table 4 Hardware features Item Description Ports One console port One AUX port (for backup) Up to 48 10/100/1000M Ethernet interfaces or 8 10G interfaces Four service slots that support the following types of interface modules: GE interface module with eight copper Ethernet ports and four copper/fiber combo interfaces Slots 10-GE interface module with two 10-GE XFP ports GE interface module with eight 1000BASE-X fiber Ethernet ports and four combo
Category Features Packet filtering Security zone-based access control Time-based access control ASPF status-based packet filtering Virtual firewall Firewall Attack detection and protection, against attacks including Land, Smurf, Fraggle, WinNuke, Ping of Death, Tear Drop, IP Spoofing, IP fragments, packet fragments, TCP Flag, large ICMP, address scanning, port scanning, SYN flood, and ICMP flood attacks URL filtering Control of ICMP redirect or unreachable packets Control of Tracert packets Control of pac
Category Features Static routes IP routing RIP-1/RIP-2 OSPF BGP Reliability VRRP, stateful failover Local login through the console port Remote login through the AUX port Local or remote login through Telnet or SSH Command privilege levels, which help prevent unauthorized access to the device Rich debugging information that is helpful for network troubleshooting CLI Network test tools, including tracert and ping commands Using Telnet to log in to another network device to manage the device FTP server a
Appendix B Upgrading software This chapter describes how to upgrade system software while the firewall is operating normally or when the firewall cannot correctly start up. System software types The firewall system software includes BootWare image, system software images, and configuration files. This chapter describes how to upgrade the system software images and configuration files. BootWare images The BootWare image comprises a basic section and an extended section.
NOTE: The command outputs in this document are for reference only. Preparing for the upgrade IMPORTANT: F5000- firewalls are not shipped with TFTP or FTP server software. Prepare it by yourself. Configuration files of different versions may not be compatible. The upgrade can cause the configuration in the configured files invalid. For information about configuration file compatibility, see the Release Notes.
Upgrading from the CLI You can use the TFTP or FTP commands on the firewall to access the TFTP or FTP server to back up or download files. This section describes the following topics: Using TFTP to upgrade software Using FTP to upgrade software Using TFTP to upgrade software This section describes how to upgrade system software by using TFTP. Backing up the running system software image and configuration files 1. Perform the save command in any view to save the current configuration.
252900 KB total (139932 KB free) File system type of cfa0: FAT16 This example uses the default system software image file name main.bin and the default configuration file names startup.cfg and system.xml. The startup.cfg file saves configuration that can be made in CLI and Web. The system.xml file saves configuration that can be made only in Web, IDS collaboration configuration for example. 3. Perform the tftp put command in user view to upload the main.bin file to the TFTP server.
2. Perform the boot-loader command in user view to load the file f5000.bin and specify the file as the main image file at the next reboot. boot-loader file f5000.bin main This command will set the boot file. Continue? [Y/N]:y The specified file will be used as the main boot file at the next reboot on sl ot 0! 3. Perform the display boot-loader command in user view to verify that the file has been loaded. display boot-loader The boot file used this time:cfa0:/main.
Using FTP to upgrade software This section describes how to upgrade system software by using FTP. Backing up the running system software image and configuration files 1. Perform the save command in any view to save the current configuration. save The current configuration will be written to the device. Are you sure? [Y/N]:y Please input the file name(*.cfg)[cfa0:/startup.cfg] (To leave the existing filename unchanged, press the enter key): cfa0:/startup.
This example uses the default system software image file name main.bin and the default configuration file names startup.cfg and system.xml. 3. Perform the ftp command in user view to access the FTP server. ftp 192.168.0.2 Trying 192.168.0.2 ... Press CTRL+K to abort Connected to 192.168.0.2. 220 3Com 3CDaemon FTP Server Version 2.0 User(192.168.0.2:(none)):user123 331 User name ok, need password Password: 230 User logged in [ftp] 4.
FTP: 16969732 byte(s) received in 88.243 second(s), 224.00K byte(s)/sec. [ftp] 2. Perform the quit command in FTP client view to return to user view. [ftp] quit 221 Service closing control connection 3. Perform the boot-loader command in user view to load the file f5000.bin and specify the file as the main image file at the next reboot. boot-loader file f5000.bin main This command will set the boot file.
Extend BootWare Version: 1.09 [FIXED PORT] CON (Hardware)Ver.B, (Driver)1.0, (Cpld)3.0 [FIXED PORT] AUX (Hardware)Ver.B, (Driver)1.0, (Cpld)3.0 [FIXED PORT] M-GE0/0 (Hardware)Ver.B, (Driver)1.0, (Cpld)3.0 [FIXED PORT] H-GE0/1 (Hardware)Ver.B, (Driver)1.0, (Cpld)3.0 [SUBCARD 1] NSQ1GT8P40 (Hardware)Ver.B, (Driver)1.0, (Cpld)1.
Figure 2 Upgrading the software 6. Specify the software upgrading configuration items as described in Table 7 . Table 7 Configuration items Item Description Click Browse to set the path to the system software image file. File The file name must end with .bin. Set the file type. File Type Main—Used at the next startup Backup—Used when the main system software image is invalid.
**************************************************************************** * * * HP A-F5000 BootWare, Version 1.09 * * * * * **************************************************************************** Copyright (c) 2010-2011 Hewlett-Packard Development Company, L.P.
Table 8 BootWare menu options Item Description <1> Boot System Boot the system software image. <2> Enter Serial SubMenu Access the Serial submenu (see Table 11 ) for upgrading system software through the console port or changing the serial port settings. <3> Enter Ethernet SubMenu Access the Ethernet submenu (see Table 9 ) for upgrading system software through an Ethernet port or changing Ethernet settings.
Item Description <0> Exit To Main Menu Return to the BootWare menu. 2. Enter 5 to configure the network settings. ==================================================== |Note: | | '.' = Clear field. | '-' = Go to previous field. | Ctrl+D = Quit. | ============================================================================ Protocol (FTP or TFTP) :tftp Load File Name :main.bin : Target File Name :main.bin : Server IP Address :192.168.0.2 Local IP Address :192.168.0.
....................................................
| Change The HyperTerminal's Baudrate Accordingly | |------------------------------------------------------| |<1> 9600(Default)* | |<2> 19200 | |<3> 38400 | |<4> 57600 | |<5> 115200 | |<0> Exit | ============================================================================ Enter your choice(0-5): 3. Select an appropriate baud rate for the console port. For example, enter 5 to select 115200 bps. The following messages appear: Baudrate has been changed to 115200 bps.
Figure 4 Properties dialog box 6. Select 115200 from the Bits per second list and click OK.
Figure 5 Modifying the baud rate 7. Select Call > Call to reestablish the connection. Figure 6 Reestablishing the connection 8. Press Enter.
====================================================== |Note:the operating device is cfa0 | |<1> Download Application Program To SDRAM And Run | |<2> Update Main Application File | |<3> Update Backup Application File | |<4> Update Secure Application File | |<5> Modify Serial Interface Parameter | |<0> Exit To Main Menu | ============================================================================ Enter your choice(0-5): 10.
Figure 8 File transfer progress 13. When the Serial submenu appears after the file transfer is complete, enter 0 at the prompt to return to the BootWare menu. Download successfully! 19790016 bytes downloaded! Input the File Name:main.bin Updating File cfa0:/main.bin.............................................. .....................................................
The File Control submenu appears: ============================================================== |Note:the operating device is cfa0 | |<1> Display All File(s) | |<2> Set Application File type | |<3> Set Configuration File type | |<4> Delete File | |<0> Exit To Main Menu | ============================================================================ Enter your choice(0-4): Table 12 File Control submenu options Item Description <1> Display All File(s) Display all files.
============================================================== |Note:the operating device is cfa0 | |<1> Display All File(s) | |<2> Set Application File type | |<3> Set Configuration File type | |<4> Delete File | |<0> Exit To Main Menu | ============================================================================ Enter your choice(0-4): Changing the type of a system software image System software image file attributes include main (M), backup (B), and secure (S).
1. Enter 4 in the File Control submenu. Deleting the file in cfa0: 'M' = MAIN 'B' = BACKUP 'S' = SECURE 'N/A' = NOT ASSIGNED ============================================================================ |NO. Size(B) Time Type Name |1 6647 May/17/2012 06:38:16 N/A cfa0:/system.xml |2 4304 Aug/30/2010 15:06:00 N/A cfa0:/default_ca.cer |3 10485688 |4 1410 Feb/24/2012 06:50:14 N/A May/17/2012 06:38:18 M May/17/2012 07:53:22 M cfa0:/logfile/logfile.log | | | | cfa0:/startup.
6. If the message "Something is wrong with the file" appears, check the file for file corruption.
