Release Notes Threat Management Services zl Module ST.1.2.110909 11-2011
86
Known Issues
Release ST.1.0.090603
time="2009-05-17 16:17:20" severity=warning pri=4 fw=ProCurve-TMS-zl-Module
id=fw_l2l3_attack msg="IRC:Size of Message is more than MAX_IRCSIZE"
srczone=INTERNAL src=192.168.80.100 srcport=39489 dstzone=EXTERNAL
dst=192.168.70.100 dstport=6667 proto=TCP subfamid=intergritycheck
mtype=attack mid=118
time="2009-05-17 16:11:58" severity=warning pri=4 fw=ProCurve-TMS-zl-Module
id=fw_l2l3_attack msg="TFTP-ALG: Request size length exceeded Max
size...dropping connection!" srczone=INTERNAL src=192.168.70.67
srcport=1599 dstzone=SELF dst=192.168.70.1 dstport=69 proto=UDP subf-
amid=intergritycheck mtype=attack mid=131
■ PR_40666 — TMS zl Module reports an entry in the log about being unable to complete
firewall processing due to a memory allocation failure, but does not experience any firewall
processing problems. For example:
time="2009-05-17 14:30:54" severity=minor pri=3 fw=ProCurve-TMS-zl-Module
id=system_error msg="FW: could not complete firewall processing due to
memory allocation failure" srczone=EXTERNAL dstzone=INTERNAL error-
type=memory_allocation subfamid=memoryallocationfailure mtype=syserr
mid=685
IPS
■ PR_38562 — The Port Scan IPS Signature category is listed in the Help file. It should be
removed as it describes functionality that is not present.
VPN
■ PR_40354 — When 4893 Internet Key Exchange Security Associations are established, no
more IKE responses are generated by the TMS zl Module and no logs reporting this condition
are generated.
■ PR_40903 — When an L2TP Policy exists and is disabled, traffic continues passing through
the tunnel. The L2TP Policy must be deleted.
Example:
1. Go to VPN > IPsec > L2TP Remote Access.
2. Add an L2TP Policy.
3. Create access policies.
4. Verify that the traffic gets through the tunnel.
5. Edit the L2TP Policy, uncheck the Enable this policy check box.
Traffic gets through the tunnel.