IBM Security Network Protection firmware update 5.3.3.1 Readme

• XGS7100 stacking:


• Support for two XGS 7100 appliance installed with 40GbE network interface module to be stacked for load balancing. For more information, see technote #1993418.

• Flow data enhancement:
  • Support for flow data collector mode to increase flow data processing efficiency. For more information, see technote #1993417.
• Administrator Settings:
  • Added settings to limit the number of concurrent logon sessions. For more information, see technote #1993419.
  • Added the command "rescue" to unlock the admin account.

• Updating Security Network Protection application databases via SiteProtector X-Press Update Server: 
  • Support for application databases update via SiteProtector X-Press Update Server. For more information, see technote #1990298.

• Serviceability:
  • Enhanced the functionality of captive portal.
  • Enhanced the functionality of hardware bypass.

• 77850: Changed DNS server settings will not be utilized for updating the appliance until the License and Update service is restarted via the CLI.
• 84932: When configuring the management port IP settings, an invalid gateway entry was allowed.
• 85126: The update status for the firmware and XPU of the registered XGS appliance are not distinguished in the SiteProtector Console.
• 85499: Duplicate FNXDC0001E system events are logged when the appliance fails to connect to the application update servers.
• 85964: Quarantine response objects of type "Intrusion" should be the only type able to be created when editing the OpenSignature policy.
• 86005: On the Edit Email Object page, not all selected parameters can be copied to Body when the folder is also in the selection.
• 86031: Even when all IPS events are cleared, the Top 10 IPS Events widget still displays the 10 worst events.
• 86044: The Active Quarantine Rules on the managing SiteProtector Console displays a correct protocol ID while the Local Management Interface (LMI) displays an incorrect protocol ID.
• 86082: The Network Access Policy (NAP) rules configured with invalid network object can still be deployed.
• 86104: The default language settings are not applied to the Software License Agreement page.
• 86117: Importing OpenSignature rules from a file fails and generates a PAMOS0605E error if rules use recently supported keyword options.
• 86135: Captive portal fails to block the network traffic when using an unknown or non-standard protocol.
• 86170: When a local user setting other than the password is modified, the password is no longer valid and login attempts will fail.
• 86233: Remembering login password in Firefox causes "Password not set" error message in Manage System Settings > Administrator Settings.
• 86311: On the OpenSignature page from the SiteProtector Console, the table row does not fit content.
• 86515: When an Internet connection is unavailable, unsent URL feedback configured via the Manage Application Databases policy causes disk space to be insufficient. Unsent files will now be deleted.
• 86536, 86753, 86785: Invalid CIDR subnet mask can be submitted in editing NAP rules, which caused the analysis daemon to stop.
• 86559: Packet processing daemon crashes with signal 11 and code 128.
• 87125: From SiteProtector Console, deleting an undeployed NAP rule causes the other rules to be uneditable.
• 86572, 87314: Packet processing daemon crashes with signal 49.
• 87498, 87823: Upgrading from firmware version 5.2.x to 5.3.3 causes the remote syslog server policy to be lost, which could leave the appliance in an unconfigured state.
• 87866, 87882: Failed data merge with a large update to the Application Database causes packet processing daemon to stop querying IP Reputation.
• 87887: Firefox user may encounter an error message "sec_error_reused_issuer_and_serial" when browsing https sites with Outbound SSL Inspection enabled.
• 87911: Duplicate Hot Standby Routing Protocol (HSRP) traffic is not captured across different network adapters when using the CLI packet capture utility.
• 87941: Changing a NAP identity when the connection is being established causes incorrect NAP rule to be matched.
• 88666: Incorrect protection interface statistics are displayed in the command-line interface (CLI).
• 89281: Historical statistics may not migrate completely during firmware update.
• 89386: Login warning banner containing lengthy messages are truncated in the LMI.

• http://www-01.ibm.com/support/docview.wss?uid=swg21987978
• http://www-01.ibm.com/support/docview.wss?uid=swg21991724
• http://www-01.ibm.com/support/docview.wss?uid=swg21990083
• http://www-01.ibm.com/support/docview.wss?uid=swg21989336

• Internet Explorer 10 or 11
• Firefox 28 and newer
• Google Chrome 34 and newer

• SiteProtector System 3.0 - Install all DBSPs up to and including SP3.0 DBSP 3.0.0.60
• SiteProtector System 3.1.1 - Install all DBSPs up to and including SP3.1.1 DBSP 3.1.1.43
  Important: Ensure that the SiteProtector Core is at version 3.1.1.5 before applying this Database Service Pack (DBSP) update to the IBM Security Network Protection appliance.

• http://www.ibm.com/support/docview.wss?uid=swg21959896

• https://www.ibm.com/support/knowledgecenter/SSHLHV_5.5.0/com.ibm.alps.doc/tasks/alps_installing_updates.htm


• Note: After installation, clear web browser cache, cookies, and temporary internet files.

• https://www.ibm.com/support/knowledgecenter/SSHLHV_5.5.0/com.ibm.alps.doc/alps_collateral/alps_dochome_stg.htm 
• https://www.ibm.com/support/knowledgecenter/SSHLHV_5.5.0/com.ibm.alps.doc/concepts/alps_getting_started_container.htm
• https://www.ibm.com/support/knowledgecenter/SSHLHV_5.5.0/com.ibm.alps.doc/tasks/alps_configuring_settings_lmi.htm

© Copyright IBM® Corporation 2012, 2016. U.S. Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.

Related information: