TMS zl Module Release Notes ST.1.2.100916
Table Of Contents
- Release Notes: Version ST.1.2.100916 Software for the HP ProCurve Threat Management Services zl Module
- Contents
- Software Management
- Download Documentation from the Web
- Software Updates
- Special Considerations Prior to Updating
- Clarifications
- Enhancements
- Enhancements in ST.1.2.100916
- ST.1.1.100430
- ST.1.1.100226
- Command Line Interface (CLI) control of VPN functionality
- RADIUS authentication for management logins
- RADIUS authentication for L2TP users
- Renaming zones
- 256 VLANs now supported, increased from 19 VLANs
- Enhanced sort and filter capabilities for displaying log files
- Improved SNMP Monitoring for network traffic and key system resources
- Software Fixes in Releases ST.1.0.090213 - ST.1.2.100916
- Known Issues
66
Known Issues
Release ST.1.1.100226/ST.1.1.100330
■ PR_44478 — TMS zl Module does not support CRL retrieval via HTTP, LDAP, or OCSP.
■ PR_44479 — TMS zl Module will use the old CRL past the next CRL update time if it has
not retrieved the new CRL.
■ PR_44555 — When checking the IKE SA status on the Web browser interface, the SA lifetime
value is not automatically updated. For example, if a user clicks on View Status several times,
the SA lifetime remains the same and is not updated.
■ PR_44671 — A log entry shows authentication of remote L2TP peer is successful (mid=526)
despite failure. The L2TP user is not allowed access due to lack of a service-type Frame
attribute being returned from the RADIUS server. See PR_43916 for details.
■ PR_44781 — The TMS zl Module may log an erroneous log message when a user connects
via L2TP.
time="2009-09-04 13:39:27" severity=info pri=6
fw=ProCurve-TMS-zl-Module id=routing msg="KRT READ STATIC 172.16.80.2
mask 255.255.255.255 router 172.16.80 flags <UP STATIC>401: queuing
delete for duplicate entry
■ PR_44860 — The TMS zl Module Log messages do not provide enough detail to help
troubleshoot IPsec using certificate authentication.
■ PR_44911 — Removing an IKE policy displays different output from removing an IPsec
policy and proposal. For consistency, this should be reworded.
■ PR_45392 — No logging messages are generated when attempting to retrieve a certificate
from a server by SCEP. In a situation where the certificate retrieval failed, it is difficult to
tell what may have caused the failure
■ PR_45525 — A TMS zl Module that receives GRE keep-alive packets may log those as a DoS
attack. Steps:
1. Create GRE tunnel
2. Go to Logging>View Log page and filter "gre"
Notice a log similar to this one:
time="2009-09-24 17:19:33" severity=minor pri=3
fw=ProCurve-TMS-zl-Module id=fw_l2l3_attack msg="Invalid source &
destination: dropping packet" srczone=ZONE6 src=172.15.2.254 srcport=0
dstzone=ZONE5 dst=172.15.2.250 dstport=0 proto=GRE subfamid=dosattack
mtype=attack mid=1530
■ PR_45634 — An incorrect IP address is accepted in the destination field when editing a
multicast policy. Steps:
1. Go to Firewall/Access policies/Multicast