TMS zl Module Release Notes ST.1.2.101122
40
Software Fixes in Releases ST.1.0.090213 - ST.1.2.101122
Release ST.1.2.100916
1. Client 1 establishes L2TP over IPsec to TMS. The NAT router translates all outgoing
connections to its external IP. However, NAT router cannot modify the L2TP port which is
encrypted by IPsec.
2. When Client 2 establishes an L2TP over IPsec to the TMS, the NAT router translates all
outgoing connections to its external IP but it cannot modify the L2TP port again. As a result,
all traffic will then be sent to Client 2 that matches the tunnel established by Client 1. The
result is that Client 2 has effectively ended Client 1's connection to the TMS since it can no
longer receive traffic
■ PR_60934 — A port-trigger configured for traffic that passes between two endpoints
through the module will slow down and potentially disrupt traffic that is directed to the
module when a traffic match is detected. Typically, this is seen on TMS management traffic.
For instance, a port trigger configured between endpoint1 and endpoint2 for HTTPS could
impact HTTPS management traffic between an endpoint and the TMS.
IPS/IDS
■ PR_56611 — Disabling backdoor client signatures using the GUI client Protection filter
should only disable client backdoor signatures, and not any Server protection signatures
Steps to recreate:
1. Enable all backdoor signatures
2. Filter ANY/CLIENT
3. Disable Backdoor signatures
4. Go to another page
5. Filter ANY/SERVER
6. Backdoor signatures are disabled
■ PR_58312 — Planned TMS signature server changes required multi-level CA capability to
properly authenticate the server's certificates. ST.1.2.100916 will be required in the future
to download signatures.
Monitor Mode
(None.)
High Availability
PR_ 60023 — IP address configuration removed on HA cluster participant when CLI write mem
executed. In order to warn users that such a change could cause problems, the following message
will be printed by the wr mem command if it is executed on an HA cluster participant.