Manualshelf

Release Notes Threat Management Services zl Module ST.1.2.110427 06-2011

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
61626364656667686970
55
Known Issues
Release ST.1.1.100430
5406#(config) "connection-settings timeout default icmp 5"
Another workaround is to disable FW attack setting ICMP replay
PR_54897 — If a VLAN is configured with DHCP and the lease expires, if master gets a
different IP address from the DHCP server, the IP address does not get synced to participant.
When the participant takes over after a failover, it will use the old IP address.
PR_56234 — The proper order to break up a High-Availability Active/Standby Cluster is to
do the following via the switch Command Line Interface (CLI)
For ST.1.0.XXXXXX
Login to the switch chassis where the Participant is located. Go to the TMS CLI (located in
Slot E in this example) using the 'services' command.
HP E-5406zl(tms-module-E)#config t
HP E-5406zl(tms-module-E:config)#no high
HP E-5406zl(tms-module-E:config)#Wr mem
HP E-5406zl(tms-module-E:config)#boot
On the master, use the CLI or web browser interface to disable HA.
RESULT: IP address that was used by the HA cluster is lost. Each TMS blade must be
configured for a unique IP address independently.
For ST.1.1.YYYYYY
Login to the switch chassis where the Participant is located. Go to the TMS CLI (located in
Slot E in this example) using the 'services' command.
HP E-5406zl(tms-module-E)#config t
HP E-5406zl(tms-module-E:config)#no high delete
HP E-5406zl(tms-module-E:config)#wr mem
HP E-5406zl(tms-module-E:config)#boot
On the master, use the CLI or web browser interface to disable HA. If using the CLI, use the
"no high" command without the 'delete' option.
RESULT: The IP address that was used by the HA cluster now belongs to the TMS blade that
was formerly the Master. The former Participant will have to be configured for a unique IP
address.
VPN
PR_49849 — For IPsec certificates, when private keys are generated manually by the
manager, they are automatically saved, regardless of whether the configuration is saved or
not. Private keys that are generated but not wanted must be manually deleted.
PR_43957 — IKE and IPsec SAs will still get created even if the IPsec VPN is explicitly
disabled. To workaround this issue, remove the access policy which allows UDP 500.