Manualshelf

HP Switch Services Modules - HP SECBLADEII-CMW520-R3175 Release Notes Release Notes

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
12345678910
3
no route to the global address, NAT sessions might be disconnected. To solve this
problem, configure a sub address that is on the same subnet as the global address for
that interface so the firewall can respond to ARP requests for the global address.
F3166 and some other R3166 series versions allow for special characters
(including :"!","#" ,"?","@","~","(",")") in address resource names such as host address,
address range, and subnet address names, but the F3171 or higher version does not
support those special characters. Therefore, before the upgrade, you must replace
those characters with other characters.
After the upgrade, the SYN flood detection configuration gets lost and you must
reconfigure it.
If the address-group in nat outbound configured on an interface is not on the same
subnet as the IP address of that interface, the device will not respond to gratuitous ARP
requests for IP addresses in that address group. To solve this problem, you must
configure a sub address that is on the same subnet as the address group for the
interface.
The new version supports NAT between VPNs. After you upgrade from R3166 to the
new version, you must adjust nat static and nat server settings.
After the upgrade, the threshold unit for udp flood detect is changed from
connection/second to packets/second. You need to adjust the setting accordingly.
After the upgrade, the threshold unit for icmp flood detect is changed from
connection/second to packets/second. You need to adjust the setting accordingly.
For F3166 series, if you configure nat outbound on an interface in a VPN, you only need
to add the VPN in the referenced ACL. For F3171 or higher, you also need to add the
vpn-instance in nat outbound. For details, see the configuration guide.
A software upgrade from F3171 to F3174/R3175 or later causes the following changes:
The Output Log Entries For Session Creation or Output Log Entries For Session Deletion
function, if enabled in F3171, gets lost after the upgrade becau se F3174 and R3175 do
not support these functions.
The IPsec stateful failover function, if enabled in F3171, is disabled after the upgrade.
You need to re-enable the function.
Hardware feature updates
None.
Software feature and command updates
For more information about the software feature and command update history, see HP
SECBLADEII-CMW520-R3175 Release Notes (Software Feature Changes).
MIB updates
Table 4 MIB updates
Item
MIB file
Module
Description
SECBLADEII-CMW520-R3175
New
/
/
/