TMS zl Module Release Notes ST.1.2.101122
39
Software Fixes in Releases ST.1.0.090213 - ST.1.2.101122
Release ST.1.2.100916
■ PR_ 52119 — A DSA generated CA certificate does not show on the web browser interface
or CLI after the certificate is imported, while an RSA generated CA certificate will display
okay. After importing the CA certificate on the web browser interface (VPN> certificates>
certificate authorities > import certificate), the CA display is empty. Attempting to import the
certificate again results in a dialog that indicates "the certificate authority already exists".
The CA certificate doesn't display on CLI either. The CA certificate is actually stored and
used in communication, but isn't displayed.
■ PR_52763 — In the web browser interface, the 'operator' user was allowed to flush VPN
connections like a 'manager' user.
■ PR_54812 — IPsec Certificate and CRL cannot be retrieved using SCEP
High Availability
■ PR_46778 — High Availability cannot be disabled without serious service disruption and
loss of connectivity.
■ PR_46900 — High Availability Master and Participant can get out of synch in regards to
connections when a large amount of connections have been established.
■ PR_49472 — In certain High Availability situations, the Participant fails to receive any
sessions from the Master.
Release ST.1.2.100916
The following problems were resolved in release ST.1.2.100916
General
■ PR_58095 — Log Message IDs 657 and 685 had different severities for the same issue. Mid
657 dealt with unicast spoofing and mid 685 dealt with multicast spoofing. Changed the
severity mid 685 to 'info'.
Example:
2010-06-15 09:41:27 info IPROUTE: packet spoof detected date:
2010-06-15 time: 09:41:27 msg: IPROUTE: packet spoof detected
severity: infomid: 6572010-06-15 09:56:04 minor MCAST: packet spoof
detected date: 2010-06-15 time: 09:56:04 msg: MCAST: packet
spoof detectedMid: 685
Firewall
■ PR_59614 — Only one L2TP client was able to traverse through a NAT.
Example: