Manualshelf

Release Notes Threat Management Services zl Module ST.1.2.110909 11-2011

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
71727374757677787980
69
Known Issues
Release ST.1.1.100226/ST.1.1.100330
msg: IP header checksum failed
msg: FW: gre packet header length is less than expected, packets dropped
msg: MCAST: icmp packet type is unknown, packets dropped
PR_50433 — When DHCP is used as the IP address acquisition method for VLANs, the TMS
zl Module can take a long time to reboot as it has to acquire an IP address for each VLAN
serially. The worst case time is 28 minutes to reboot with 254 VLANs
PR_51204 The web browser interface for Port Triggers allows a Port Trigger Policy Name
to accept invalid characters
PR_51215 — In the web browser interface under Network > Zones > Management Access,
when user clicks Apply, changes to the loading graphic never stops, as if the changes were
still loading, even when the changes have been applied. This behavior occurs with IE6. Steps:
1. Clear cache, cookies and browser's temp files.
2. Open the TMS zl Module web browser interface and go to Network > Zones > Management
Access
3. Make any change to the Management Access and click Apply My changes.
The loading icon never stops, as if changes were still being applied.
PR_51704 — Once a web-authenticated firewall user has provided a valid
username/password, the TMS zl Module uses the source IP address to map subsequent
packets from that address to the user. If an intermediate infrastructure device could
potentially map multiple IP addresses to a single IP address (such as a web proxy or NAT
device), the TMS zl Module cannot distinguish one user from another. For proper operation
of the user authentication feature of the firewall, be sure to maintain source IP address
integrity for the users that require that feature.
1. User logon to TMS zl Module
2. TMS zl Module allows traffic based on the proxy server's ip address instead of the user's ip
address. (TMS zl Module only checks for IP)
3. Now the proxy server has the logged in user's access policy applied and user's using the
proxy server can have those policies too.
PR_52458Active TCP sessions are incorrectly closed when a failover occurs as a result
of modifying a Firewall policy or policies prior to the failover.
IPS/IDS
PR_43542 — Enabling an already enabled IPS signature gives an error that it failed to
enable instead of indicating it was already enabled.
PR_51666 — In the CLI, an insufficient memory allocation message is displayed
when trying to view IPS signature and using the show tech command.