TMS zl Module Release Notes ST.1.2.100916
Table Of Contents
- Release Notes: Version ST.1.2.100916 Software for the HP ProCurve Threat Management Services zl Module
- Contents
- Software Management
- Download Documentation from the Web
- Software Updates
- Special Considerations Prior to Updating
- Clarifications
- Enhancements
- Enhancements in ST.1.2.100916
- ST.1.1.100430
- ST.1.1.100226
- Command Line Interface (CLI) control of VPN functionality
- RADIUS authentication for management logins
- RADIUS authentication for L2TP users
- Renaming zones
- 256 VLANs now supported, increased from 19 VLANs
- Enhanced sort and filter capabilities for displaying log files
- Improved SNMP Monitoring for network traffic and key system resources
- Software Fixes in Releases ST.1.0.090213 - ST.1.2.100916
- Known Issues
52
Known Issues
Release ST.1.1.100430
■ PR_54222 — A terse error message is seen when doing a 'show l2tp user' command and the
user is not defined.
Example:
ProCurve Switch 8212zl(tms-module-D)# show l2tp user a
Software Revision : ST.1.1.100430
Error: DIM : No DiUsers Present
■ PR_54403 — An invalid username for L2TP shows an error message indicating the policy
name instead.
Example:
ProCurve Switch 8212zl(tms-module-D:config)# l2tp user
aaaaaaaaaaaaaaaaaaaaaaaaaaaaa
Error: Policy name is too long. Maximum length is 16 chars.
■ PR_55492 — After an HA failover, a Windows client using L2TP over IPsec will be
disconnected since client-to-site VPN connections do not failover. The Windows client does
not know about the state change and still believes the tunnel is up, but a user will not be able
to pass any traffic through the tunnel.
If the user disconnects the tunnel in Windows and immediately re-establishes it without waiting
for a few moments, then they will not be able to reconnect. They need to wait for a moment and
then it will work. It will usually be re-established within 2 to 3 retries.
■ PR_56250 — Web browser interface location: VPN>Certificates>IPsec Certificates.
After setting a CA server using SCEP, a user can import the CA certificate without any problems.
But when attempting to import an IPsec certificate using SCEP an error message appears: The
IPsec certificate could not be retrieved. After several attempts it was noted that this import will
fail if a CRL is not installed first.
The proper order when using SCEP is the following:
1. Install CA root certificate
2. Install the CRL
3. Install the IPsec certificates