Release Notes Threat Management Services zl Module ST.1.2.110301

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

101

102

103

104

105

106

107

108

109

110

100

Known Issues

Release ST.1.0.090213

■ PR_12598 — In the web browser interface, address objects and address groups can be

added using the same name. This results in ambiguity when adding an access policy. To

prevent such ambiguity, make sure address objects and address groups have unique names.

Service objects and service groups also should have unique names.

■ PR_15328 — When a DNS object has been created and used in an access policy, if the DNS

name cannot be resolved, no further packet processing is done and the packet is dropped.

This behavior can cause problems when the DNS server is unavailable. To prevent these

problems, minimize the use of DNS objects. If you must use them, be sure to put them towards

the end of the list of rules so that other processing can take place on the packet before the

attempt to resolve the DNS name is made.

■ PR_17344 — In the web browser interface for the Firewall Access Policy, adding an access

policy is done using a dialog. This dialog has drop-down boxes for source and destination

zones. These drop-down boxes do not accept ANY as a value. However, if you customize the

HTTP POST request sent from the browser and modify it to include ANY for the zone, it will

be accepted.

■ PR_18409 — A log entry with mid=677 is generated for an invalid TCP packet where the flags

of RST+ACK are set. This log message indicates that the packet was dropped, but in fact, it

was not dropped; it was sent to the TCP peer.

IPS/IDS

■ PR_10287 — In the signature file for the TMS zl Module, there are a few mentions of IPv6.

This is incorrect. The TMS zl Module is an IPv4 only device.

■ PR_18204 — If you filter signatures by severity, then disable a family of signatures, the

expected result is that all displayed signatures in that family will be disabled. However, the

actual result is that only some of the signatures displayed get disabled. This can be observed

by viewing info signatures, then disabling the XSS family. When the operation completes,

refresh the page, and view info signatures. When you inspect the XSS family you will see

that not all XSS family info signatures are disabled.

VPN

■ PR_15755 — When displaying the number of VPN tunnels in the web browser interface,

there may be unnecessary blank pages at the end of the display. All the VPN tunnel

information is displayed first, but these unnecessary blank pages appear at the end.

■ PR_17972 — In the web browser interface, in the Help for VPN, the wrong performance

numbers are reported.

■ PR_38173 — Misleading error messages appear when adding or editing an IKE policy in the

web browser interface (VPN > Certificates > IPsec Certificates).