TMS zl Module Release Notes ST.1.0.090603

Known Issues

Release ST.1.0.090213

2. From a separate management session, delete all access for that user group

3. The user still has access through firewall

■ PR_0000011874 — On the Firewall > Access Policy > Unicast page in the Web browser

interface, when adding a policy there is an advanced tab that allows for limit settings.

The valid range for entries in connections, Kilobytes, packets, and seconds are not listed. The valid

ranges are 1 - 4294967295 for all fields except Kilobytes, which is 1 - 4194304.

■ PR_0000012598 — In the Web browser interface, address objects and address groups can

be added using the same name. This results in ambiguity when adding an access policy. To

prevent such ambiguity, make sure address objects and address groups have unique names.

Service objects and service groups also should have unique names.

■ PR_0000015328 — When a DNS object has been created and used in an access policy, if

the DNS name cannot be resolved, no further packet processing is done and the packet is

dropped. This behavior can cause problems when the DNS server is unavailable. To prevent

these problems, minimize the use of DNS objects. If you must use them, be sure to put them

towards the end of the list of rules so that other processing can take place on the packet

before the attempt to resolve the DNS name is made.

■ PR_0000017344 — In the Web browser interface for the Firewall Access Policy, adding an

access policy is done using a dialog. This dialog has drop-down boxes for source and

destination zones. These drop-down boxes do not accept ANY as a value. However, if you

customize the HTTP POST request sent from the browser and modify it to include ANY for

the zone, it will be accepted.

■ PR_0000018409 — A log entry with mid=677 is generated for an invalid TCP packet where

the flags of RST+ACK are set. This log message indicates that the packet was dropped, but

in fact, it was not dropped; it was sent to the TCP peer.