TMS zl Module Release Notes ST.1.2.100916
Table Of Contents
- Release Notes: Version ST.1.2.100916 Software for the HP ProCurve Threat Management Services zl Module
- Contents
- Software Management
- Download Documentation from the Web
- Software Updates
- Special Considerations Prior to Updating
- Clarifications
- Enhancements
- Enhancements in ST.1.2.100916
- ST.1.1.100430
- ST.1.1.100226
- Command Line Interface (CLI) control of VPN functionality
- RADIUS authentication for management logins
- RADIUS authentication for L2TP users
- Renaming zones
- 256 VLANs now supported, increased from 19 VLANs
- Enhanced sort and filter capabilities for displaying log files
- Improved SNMP Monitoring for network traffic and key system resources
- Software Fixes in Releases ST.1.0.090213 - ST.1.2.100916
- Known Issues
49
Known Issues
Release ST.1.1.100430
■ PR_54897 — If a VLAN is configured with DHCP and the lease expires, if master gets a
different IP address from the DHCP server, the IP address does not get synced to participant.
When the participant takes over after a failover, it will use the old IP address.
■ PR_56234 — The proper order to break up a High-Availability Active/Standby Cluster is to
do the following via the switch Command Line Interface (CLI)
For ST.1.0.XXXXXX
Login to the switch chassis where the Participant is located. Go to the TMS CLI (located in
Slot E in this example) using the 'services' command.
ProCurve Switch 5406zl(tms-module-E)#config t
ProCurve Switch 5406zl(tms-module-E:config)#no high
ProCurve Switch 5406zl(tms-module-E:config)#Wr mem
ProCurve Switch 5406zl(tms-module-E:config)#boot
On the master, use the CLI or Web browser interface to disable HA.
RESULT: IP address that was used by the HA cluster is lost. Each TMS blade must be
configured for a unique IP address independently.
For ST.1.1.YYYYYY
Login to the switch chassis where the Participant is located. Go to the TMS CLI (located in
Slot E in this example) using the 'services' command.
ProCurve Switch 5406zl(tms-module-E)#config t
ProCurve Switch 5406zl(tms-module-E:config)#no high delete
ProCurve Switch 5406zl(tms-module-E:config)#wr mem
ProCurve Switch 5406zl(tms-module-E:config)#boot
On the master, use the CLI or Web User Interface to disable HA. If using the CLI, use the "no
high" command without the 'delete' option.
RESULT: The IP address that was used by the HA cluster now belongs to the TMS blade that
was formerly the Master. The former Participant will have to be configured for a unique IP
address.
VPN
■ PR_49849 — For IPsec certificates, when private keys are generated manually by the
manager, they are automatically saved, regardless of whether the configuration is saved or
not. Private keys that are generated but not wanted must be manually deleted.
■ PR_43957 — IKE and IPsec SAs will still get created even if the IPsec VPN is explicitly
disabled. To workaround this issue, remove the access policy which allows UDP 500.
■ PR_54925 — Shrew Soft VPN client cannot establish the tunnel when XAUTH is enabled.
■ PR_55003 — VPN client will remain connected even if the IPsec policy is disabled.