TMS zl Module Release Notes ST.1.2.100916
Table Of Contents
- Release Notes: Version ST.1.2.100916 Software for the HP ProCurve Threat Management Services zl Module
- Contents
- Software Management
- Download Documentation from the Web
- Software Updates
- Special Considerations Prior to Updating
- Clarifications
- Enhancements
- Enhancements in ST.1.2.100916
- ST.1.1.100430
- ST.1.1.100226
- Command Line Interface (CLI) control of VPN functionality
- RADIUS authentication for management logins
- RADIUS authentication for L2TP users
- Renaming zones
- 256 VLANs now supported, increased from 19 VLANs
- Enhanced sort and filter capabilities for displaying log files
- Improved SNMP Monitoring for network traffic and key system resources
- Software Fixes in Releases ST.1.0.090213 - ST.1.2.100916
- Known Issues
61
Known Issues
Release ST.1.1.100226/ST.1.1.100330
DMZ maps to the name in the 4th row of the Zone table (4).
ZONE1 maps to the name in the 5th row of the Zone table (5).
ZONE2 maps to the name in the 6th row of the Zone table (6).
ZONE3 maps to the name in the 7th row of the Zone table (7).
ZONE4 maps to the name in the 8th row of the Zone table (8).
ZONE5 maps to the name in the 9th row of the Zone table (9).
ZONE6 maps to the name in the 10th row of the Zone table (10).
■ PR_46126 — HTTP does not respond on external zone. Even though the port is listening on
external zone, the page does not get loaded properly over HTTP but will work over HTTPS.
Steps to recreate:
1. Associate VLAN to the EXTERNAL zone.
2. Create an HTTP policy.
3. Attempt to establish an HTTP connection.
4. Page does not load properly in the browser.
■ PR_46963 — When rate limit reaches the limit defined per policy, a log message is generated
for every packet drop.
time="2009-10-26 16:47:32" severity=warning pri=5
fw=ProCurve-TMS-zl-Module id=fw_access_control ruleid=76 msg="RTLM:
packets rate exceeds to maximum, packets dropped" srczone=EXTERNAL
src=192.168.29.160 srcport=22925 dstzone=INTERNAL dst=192.168.0.2
dstport=139 proto=UDP rcvd=0 rcvdsc=0 sent=16 sentsc=0 srcnatport=0
destnatport=0 destnatipaddr=0.0.0.0 subfamid=accessdeny
mtype=access_control mid=633 srcnatipaddr=0.0.0.0
A log message should not be generated for every packet drop unless logging is enabled per policy
so behavior is the same as other access policies.
■ PR_47431 — From time to time, the TMS zl Module may generate the following erroneous
log message:
time="2009-11-03 16:21:15" severity=major pri=2
fw=ProCurve-TMS-zl-Module id=system_error msg="Socket sendto failed"
srczone=SELF dstzone=SELF errortype=memory_allocation subfamid=socke-
terror mtype=syserr mid=4562
■ PR_50209 — Log messages with mid=615, 1350, 1355, 624, 621, 605 are not critical but classified
as critical.
msg: FW: sctp packet header is less than expected, packets dropped
msg: IP header received without any data
msg: FW: icmp echo packet with invalid length, packets dropped