IBM Security Network Protection firmware update 5.3.2 release notes

IBM Security Network Protection firmware version 5.3.2 is available. These release notes address compatibility, installation, and other getting-started issues.

Description
IBM Security Network Protection firmware version 5.3.2 is a firmware update for the XGS NGIPS network protection platform. This release provides the following updates to IBM Security Network Protection Firmware Version 5.3.1:

• Support for session ID and session ticket resumption for inbound SSL inspection.
• Service and support enhancement:
  • Added the capability to submit a Service and Support request automatically upon system error.
  
  
  • Note: For information about this enhancement, see Enabling automated Service and Support Requests to IBM Customer Support in the IBM Knowledge Center.
• Added Do Not Inspect action in the Network Access Policy to bypass traffic from analysis completely.
• CLI enhancement that provides access to information for the following statistics from the command line interface stats > show mode:
  • CPU load information
  • Memory usage information
  • Storage usage information
  • Processed packet information
  • Protection interface information
  • Inbound SSL connections information
  • Outbound SSL connections information
  • Admin account password expiry information
  • NTP time drift information
  • Last policy modification time
  • Appliance reboot information
• LMI enhancements:
  • Added key services memory usage information to the Monitor > System Graphs page.
  • Completed web application framework migration to improve LMI stability.
• IBM Security Network Intrusion Prevention System (IPS) policy migration enhancements:
  • Enhanced migration of Security Network IPS policies using child repositories in the SiteProtector™ System system.
  • Enhanced migration of filter object and service object names to reflect objects' contents.
  
  
  • Note: For information about policy migration, see the Network IPS policy migration topics on the IBM Knowledge Center.
• Added Log with Raw option for intrusion prevention objects and Open Signature policy.

This release includes all of the defect fixes from firmware update 5.3.1.5. For a list of those fixes, see technote #1968449:
http://www.ibm.com/support/docview.wss?uid=swg21968449

Announcement
The IBM Security Network Protection firmware version 5.3.2 announcement is available at http://www.ibm.com/common/ssi/index.wss. See the announcement for the following information:

• Detailed product description, including a description of new functionality
• Product-positioning statement
• Packaging and ordering details
• International compatibility information

Compatibility
The following web browsers are currently supported by the IBM Security Network Protection local management interface:

• Internet Explorer 10 or 11
• Firefox 28 and later
• Google Chrome 34 and later

To manage Network Protection 5.3.2 appliances using the SiteProtector System, you must apply the following database service packs before you upgrade the appliance:

• SiteProtector System 3.0 - Install all DBSPs up to and including SP3.0 DBSP 3.0.0.44
• SiteProtector System 3.1.1 - Install all DBSPs up to and including SP3.1.1 DBSP 3.1.1.22

Note: If you are migrating Network Access or Open Signatures policies, you must perform the migration after installing the DBSP and before upgrading the appliance.

Installation and Configuration
For step-by-step installation instructions, see the Installing Updates topic in the IBM Knowledge Center:

• https://www.ibm.com/support/knowledgecenter/SSHLHV_5.5.0/com.ibm.alps.doc/tasks/alps_installing_updates.htm

For other configuration instructions, see the following topics in the IBM Knowledge Center:

• https://www.ibm.com/support/knowledgecenter/SSHLHV_5.5.0/com.ibm.alps.doc/alps_collateral/alps_dochome_stg.htm
• https://www.ibm.com/support/knowledgecenter/SSHLHV_5.5.0/com.ibm.alps.doc/concepts/alps_getting_started_container.htm
• https://www.ibm.com/support/knowledgecenter/SSHLHV_5.5.0/com.ibm.alps.doc/tasks/alps_configuring_settings_lmi.htm

Security Bulletins

• A security vulnerability has been discovered in Libxml used with IBM Security Network Protection. For more information, see technote #1969664.
• Security vulnerabilities have been discovered in glibc used with IBM Security Network Protection. For more information, see technote #1967169.

Known issues
IBM Security Network Protection 5.3.2 includes the following known issues:

• 72617: Clicking Manage > Overview in the LMI does not display the last update time after firmware update.
• 74318: IPS issues in the default Trust X-Force objects are not turned off inside PAM when disabled. If you select a security mode in an IPS object setting, such as Aggressive - Trust X-Force, then manually disable an issueID, the issueID is not disabled in PAM. It will still be detected and filtered based on the disable setting.
• 74415: The Fps Dropped statistics graphs do not display correctly in the LMI when the response in an unanalyzed policy is set to Drop.
• 74484: Remote syslog messages contain erroneous values, such as APPNAME and PROCID, which are not relevant to the event being forwarded.
• 75612: UDP throughput testing on IBM Security Network Protection for VMware shows high latency and low throughput when the frame size is larger than 1024.
• 76736: Misleading event "GLGSY0000W - System service was terminated unexpectedly and subsequently restarted" is logged in system events when packet processing exits with a failure and analysis daemon is no longer running.
• 77189: When using Internet Explorer 11 to edit a rule in a long list of NAP rules, the page appears to jump around, making it difficult to select a NAP rule to edit.
• 77298: Packet capture can stop prematurely. When PAM reports that a connection has closed, it sends a signal to stop packet capture. However, PAM does not check whether the connection that closed is related to the current packet, so packet capture might close prematurely.
• 77339: Inbound SSL inspection does not print the correct detail in system events when receiving an unexpected alert during handshake.
• 77380: Unexpected quarantine responses for tcp_port_scan events blocks internal traffic, affecting application access for network users.
  As a work-around, you can add IPS event filters to ignore tcp_probe signatures that have enabled quarantine for specific VA hosts.
• 77640: LMI displays a JavaScript error message when you remove a network object from a Management Access Policy rule and delete it.
• 77641: Network objects using CIDR format that is not supported in Management Access Policy are not filtered out in LMI.
• 77677: The USB device detection event GLGHW9001I missing the USB manufacturer and product.
• 77678: Start and end time of ongoing packet capture is incorrectly displayed on LMI immediately after the management interface capture starts.
• 77681: NIM protection interface network graph shows spike during an XPU installation or rollback.
• 77732: Large packet captures (greater than 500MB) cannot be downloaded using the LMI. Users can use SFTP as a workaround.

Copyright statement

© Copyright IBM® Corporation 2012, 2015. U.S. Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.

Related information:

Contacting Technical Support