TMS zl Module Release Notes ST.1.2.100916
Table Of Contents
- Release Notes: Version ST.1.2.100916 Software for the HP ProCurve Threat Management Services zl Module
- Contents
- Software Management
- Download Documentation from the Web
- Software Updates
- Special Considerations Prior to Updating
- Clarifications
- Enhancements
- Enhancements in ST.1.2.100916
- ST.1.1.100430
- ST.1.1.100226
- Command Line Interface (CLI) control of VPN functionality
- RADIUS authentication for management logins
- RADIUS authentication for L2TP users
- Renaming zones
- 256 VLANs now supported, increased from 19 VLANs
- Enhanced sort and filter capabilities for displaying log files
- Improved SNMP Monitoring for network traffic and key system resources
- Software Fixes in Releases ST.1.0.090213 - ST.1.2.100916
- Known Issues
38
Software Fixes in Releases ST.1.0.090213 - ST.1.2.100916
Release ST.1.2.100916
■ PR_ 52119 — A DSA generated CA certificate does not show on the Web browser interface
or CLI after the certificate is imported, while an RSA generated CA certificate will display
okay. After importing the CA certificate on the Web browser interface (VPN> certificates>
certificate authorities > import certificate), the CA display is empty. Attempting to import the
certificate again results in a dialog that indicates "the certificate authority already exists".
The CA certificate doesn't display on CLI either. The CA certificate is actually stored and
used in communication, but isn't displayed.
■ PR_52763 — In the Web browser interface, the 'operator' user was allowed to flush VPN
connections like a 'manager' user.
■ PR_54812 — IPsec Certificate and CRL cannot be retrieved using SCEP
High Availability
■ PR_46778 — High Availability cannot be disabled without serious service disruption and
loss of connectivity.
■ PR_46900 — High Availability Master and Participant can get out of synch in regards to
connections when a large amount of connections have been established.
■ PR_49472 — In certain High Availability situations, the Participant fails to receive any
sessions from the Master.
Release ST.1.2.100916
The following problems were resolved in release ST.1.2.100916
General
■ PR_58095 — Log Message IDs 657 and 685 had different severities for the same issue. Mid
657 dealt with unicast spoofing and mid 685 dealt with multicast spoofing. Changed the
severity mid 685 to 'info'.
Example:
2010-06-15 09:41:27 info IPROUTE: packet spoof detected date:
2010-06-15 time: 09:41:27 msg: IPROUTE: packet spoof detected
severity: infomid: 6572010-06-15 09:56:04 minor MCAST: packet spoof
detected date: 2010-06-15 time: 09:56:04 msg: MCAST: packet
spoof detectedMid: 685
Firewall
■ PR_59614 — Only one L2TP client was able to traverse through a NAT.
Example: