TMS zl Module Release Notes ST.1.2.100916
Table Of Contents
- Release Notes: Version ST.1.2.100916 Software for the HP ProCurve Threat Management Services zl Module
- Contents
- Software Management
- Download Documentation from the Web
- Software Updates
- Special Considerations Prior to Updating
- Clarifications
- Enhancements
- Enhancements in ST.1.2.100916
- ST.1.1.100430
- ST.1.1.100226
- Command Line Interface (CLI) control of VPN functionality
- RADIUS authentication for management logins
- RADIUS authentication for L2TP users
- Renaming zones
- 256 VLANs now supported, increased from 19 VLANs
- Enhanced sort and filter capabilities for displaying log files
- Improved SNMP Monitoring for network traffic and key system resources
- Software Fixes in Releases ST.1.0.090213 - ST.1.2.100916
- Known Issues
28
Software Fixes in Releases ST.1.0.090213 - ST.1.2.100916
Release ST.1.0.090603
time="2009-03-19 02:01:49" severity=critical pri=1
fw=ProCurve-TMS-zl-Module id=ips_attack_family rule=3189 msg="IPS
detection: Allow: BackDoor Digital Root Beer" src=192.168.1.20
srcport=1050 dst=192.168.3.20 dstport=2600 proto=TCP ruleac-
tion=Allow rulethreat=Critical connectiondirection=initiator pack-
etdirection=2 packetlength=60 ipidentification=38912
rulefam=BACKDOOR ruledsc="BackDoor Digital Root Beer" subf-
amid=ips_signature_based_logs attackid=no-id
mtype=iips_l5_l7_attack mid=3189 timetolive=3 actiontype=terminate
■ PR_38512 — When the same IPS attack was continuously launched against the TMS zl
Module and generating log entries, log throttling was not working and many of the same IPS
log entries were populating the log file.
Monitor Mode
■ PR_14582 — In monitor mode, the CLI command ips help does not reflect the commands
that are actually available in monitor mode as opposed to routing mode.
High Availability
■ PR_38385 — Connection reservations do not fail over from the Master to the Participant in
an Active-Standby configuration.
Example:
PC DMZ 10.10.30.254 | TMS | Zone1 192.168.1.254 PC Server
10.10.30.1 192.168.1.1
Zone limits DMZ = 5
Connection reservation DMZ, inbound, reserved for 192.168.1.1, Reservation count = 3
If the PC opens TCP connections through the Master, and a fail over situation occurs, the
reservation count was not correctly followed.
■ PR_38959 — In High Availability Active-Standby configuration, when running a mix of RTSP
and SMTP traffic for a period, the command no connections does not reset some of the current
connections.
VPN
■ PR_17972 — In the Web browser interface, in the Help for VPN, the wrong performance
numbers are reported.
■ PR_38173 — Misleading error messages appear when adding or editing an IKE policy in the
Web browser interface (VPN > Certificates > IPsec Certificates).