TMS zl Module Release Notes ST.1.2.100916
Table Of Contents
- Release Notes: Version ST.1.2.100916 Software for the HP ProCurve Threat Management Services zl Module
- Contents
- Software Management
- Download Documentation from the Web
- Software Updates
- Special Considerations Prior to Updating
- Clarifications
- Enhancements
- Enhancements in ST.1.2.100916
- ST.1.1.100430
- ST.1.1.100226
- Command Line Interface (CLI) control of VPN functionality
- RADIUS authentication for management logins
- RADIUS authentication for L2TP users
- Renaming zones
- 256 VLANs now supported, increased from 19 VLANs
- Enhanced sort and filter capabilities for displaying log files
- Improved SNMP Monitoring for network traffic and key system resources
- Software Fixes in Releases ST.1.0.090213 - ST.1.2.100916
- Known Issues
68
Known Issues
Release ST.1.1.100226/ST.1.1.100330
■ PR_48372 — VPN traffic can be denied without a proper log message. Unfortunately, the
log messages are confusing:
time="2009-11-18 18:22:36" severity=warning pri=5
fw=ProCurve-TMS-zl-Module id=fw_access_control ruleid=125 msg="FW: VPN
inbound processing deny, packets dropped" srczone=EXTERNAL
src=10.60.0.10 srcport=60 dstzone=INTERNAL dst=10.50.0.10 dstport=60
proto=UDP rcvd=0 rcvdsc=0 sent=138592 sentsc=0 ruleaction=permit
srcnatport=0 destnatport=0 destnatipaddr=0.0.0.0 rulepos=1 ruledsc="1
access-policy INTERNAL EXTERNAL permit any any any (ID: 125)" subf-
amid=accessdeny rulefromzone=INTERNAL ruletozone=EXTERNAL
mtype=access_control duplicatecount=500 mid=620 srcnatipaddr=0.0.0.0
time="2009-11-18 18:22:36" severity=info pri=6
fw=ProCurve-TMS-zl-Module id=vpn_ipsecipv4 msg="IPsec APPLY policy has
been configured for the received plain packet. Closing the Firewall
connection" src=60.0.0.10 srcport=0 dst=50.0.0.10 dstport=0 proto=UDP
policyid=3 subfamid=ipsecv4accesscontrol mtype=ipsecv4 duplicate-
count=500 mid=6560
■ PR_48459 — NIMv2.1: Delete CA Certificates shows Status "Completed Successfully" but
it actually does not delete the CA Certificates due to the Script MIB introducing a extra escape
MIB.
■ PR_49913 — If a Certificate Signing Request is created, then a software update is performed,
the Certificate Signing request is not saved across a software update.
■ PR_50227 — After setting up a GRE tunnel and then rebooting the TMS zl Module, the TMS
zl Module state will be recorded as Thu Jan 1 00:00:00 1970 instead of the startup date and time
of the TMS zl Module. As a result, the tunnel state shows improper values:
Tunnel State
State : Enabled 14615 days
Changed : Thu Jan 1 00:00:00 1970
■ PR_50274 — L2TP connections can be displayed for a RADIUS user but cannot display L2TP
connections from local L2TP user.
■ PR_50586 — RADIUS server modification is not allowed after an L2TP connection. Steps
to recreate:
1. Create a global RADIUS server (the server for example.com)
2. Use an L2TP connection to login a user with the domain name that corresponds to the global
name (example.com), but without specifying the domain name.
3. Log out the user.
4. Attempt to delete/modify global RADIUS server is not allowed.