Manualshelf

Release Notes Threat Management Services zl Module ST.1.2.110427 06-2011

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
31323334353637383940
30
Software Fixes in Releases ST.1.0.090213 - ST.1.2.110427
Release ST.1.0.090603
PR_38217 — When setting up an IPsec policy with a Key Exchange of Manual, it was possible
to specify an SPI number that was already in use by another IPsec policy and it would not
be detected. Duplicate SPI numbers across IPsec policies are not allowed and an error needs
to be displayed.
PR_38223 — When adding an IPsec policy with action Bypass or Ignore, and setting the
direction to Inbound, the traffic selector's local and remote addresses would be swapped.
PR_38226 — Changing a bypass or ignore IPsec policy to apply shows an erroneous key
exchange method.
PR_38228 — A misleading error occurs when the traffic selector's IP range starts or ends
with 255. Workaround: Correct the range.
PR_38229 — IPsec policy advanced settings are displayed incorrectly after the default
settings are changed and then edited in the web browser interface.
PR_38231 — On the advanced settings screen (VPN > IPsec > IPsec Policies) Enable fragment
before IPsec cannot be disabled.
PR_38240 — Cannot import IPsec Certificates (intermittently fails) from the web browser
interface (VPN > Certificates > IPsec Certificates).
PR_38887 — In the web browser interface, when viewing the IPsec VPN Tunnels, the local
gateway IP address may be truncated in the display.
PR_39898 — A denial of service attack against the TMS zl Module is possible when an
IPSecuritas client establishes a VPN connection with the TMS zl Module. Set the IKE
authentication method to RSA certificates on both the client and the TMS zl Module. On the
IPsecuritas client, clear the Request Certificate, Send Certificate, and Verify Certificate check
boxes in the Options tab of the Connections window. When the IPSecuritas client attempts
to establish a VPN connection with the TMS zl Module, the module will be inoperable with
its current settings.
PR_40144 — When using Internet Explorer 7 and viewing IPsec VPN tunnels, the
information does not appear. However, when using Firefox 3.x, the IPsec VPN tunnel does
show up. This has been changed in this release so that the IPsec VPN tunnel information
does appear in Internet Explorer.
PR_41209 — A Certificate Revocation List (CRL) was not retained across a reboot.
Example:
1. Go to VPN>Certificates> CRL page and load a CRL list.
2. Save the entire configuration.
3. Reboot the TMS zl Module.
4. Once the TMS zl Module is available, go to VPN> Certificates> CRL page and the CRL is no
longer available.