IBM Support

IBM QRadar Network Security firmware update 5.4.0.1 readme

Fix Readme


Abstract

IBM QRadar Network Security firmware version 5.4.0.1, a firmware update for the XGS NGIPS platform, includes the following defect fixes to the IBM QRadar Network Security firmware Version 5.4.0. Additionally, this technote includes compatibility, installation, and other getting-started information.

Content

New Functionality:
  • Full-featured IBM X-Force Exchange (XFE) integration
    • Data captured from network can be sent to XFE for Malware Analysis.
    • It is recommended that you install the latest X-Press Updates (37.050 or above), which includes additional enhancements for Malware Analysis.

Enhancements:
  • Intrusion Prevention Policy
    • Enhanced the performance of IPS policy in-line editing on IBM SiteProtector System. Quick editing/saving multiple changes of IPS policy on IBM SiteProtector System at one time is supported.
    • IPS event details now include Network Access policy’s custom rule name/label.
  • Link propagation:
    • Maintaining port state when the fault signaling fails on the interconnected devices.
    • Added new tuning parameters for reducing link propagation duration. For more information, see technote #2003106.
  • Serviceability
    • When File Capture daemon terminates unexpectedly, a system event (GLGSY0000W) will be reported and triggers an automated support request.

Fixed Defects:
  • 92964: Packet processing service fails to initialize due to mishandling of the data.
  • 64296: URL and Network Access events can squeeze event bandwidth on XGS local database, leading to lost IPS events.
  • 90767: Packet processing daemon fails to start after the flexible performance level (FPL) has been changed for multiple times in a short period of time.
  • 92463: XPU updates/rollback causes all interfaces to recycle.
  • 92671: Memory usage is reported higher than actual due to kernel module upgrade.
  • 92887: Authentication is not validated when a user clicks Test Connectivity for a remote AD server.
  • 92890: Apache access log files only show "vhost_combined."
  • 92906: Interface Speed/Duplex is missing on LMI > Protection Interfaces > Edit Interface Settings due to incorrect NIM allocation and key mapping.
  • 92915: An error occurs when attempting to log on portal where ForestDnsZones/DomainDnsZones referred domain is accessible.
  • 92961: SSL Inspection downgrades connection to TLS 1.0 when XGS is fully intercepting a session with channel_id.
  • 93047: Packet processing daemon fails to start on XGS 5200 or 7100 when multiple ports on NIMs are concurrently connected.
  • 93904: HA mode fails when a single XGS 7100 is populated with four 10G NIMs.
  • 93979: The euro symbol “€” is incorrectly displayed on Remote Directory Servers > Server Details.
  • 94119: Lengthy server name truncated on Remote Directory Servers > Server Details.
  • 90649: Race condition occurs when advanced threat policy daemon and packet processing daemon are running, leading to high CPU usage on XGS.
  • 92586: The disk usage of the appliance may increase unexpectedly if specific IPS events are sustained.
  • 92865: Link flapping occurs when deploying network policy in monitoring mode.

Compatibility 
The following web browsers are currently supported by the IBM QRadar Network Security local management interface:
  • Internet Explorer 10 or 11
  • Firefox 28 and newer
  • Google Chrome 34 and newer

To manage Network Security 5.4.0.1 appliances using the SiteProtector System, you must apply the following database service packs before upgrading the appliance:
  • SiteProtector System 3.0 - Install all DBSPs up to and including SP3.0 DBSP 3.0.0.70
  • SiteProtector System 3.1.1 - Install all DBSPs up to and including SP3.1.1 DBSP 3.1.1.53
    Important: Ensure that the SiteProtector Core is at version 3.1.1.5 and newer before applying this Database Service Pack (DBSP) update to the IBM QRadar Network Security appliance.

To use IBM Security Network Protection Manager (NPM), an add-on module to the SiteProtector System, to interoperate with IBM QRadar Network Security, you must apply the latest NPM hotfix or update. Contact IBM Support for details.

Installation and Configuration 
Prior to running firmware updates on a Network Security device, you should migrate your policies in SiteProtector to the new version. See technote #1959896 for more information:
For step-by-step installation instructions, see the Installing Updates topic in the IBM Knowledge Center: Note: After installation, clear web browser cache, cookies, and temporary internet files.

For other configuration instructions, see the following topics in the IBM Knowledge Center:
Known issues 
  • 93043: Unable to upgrade IBM QRadar Network Security firmware version 5.3.x to 5.4.x by using USB boot drive. For more information, see technote #2001911.
  • 94921: If the file captured is part of another file, it can not be uploaded to IBM X-force Exchange (XFE) for Malware Analysis.

Copyright statement

© Copyright IBM® Corporation 2012, 2017. U.S. Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.

Related information:


Contacting IBM Support

[{"Product":{"code":"SSFSVP","label":"IBM QRadar Network Security"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Firmware","Platform":[{"code":"PF009","label":"Firmware"}],"Version":"5.4","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}},{"Product":{"code":"SSHLHV","label":"IBM Security Network Protection"},"Business Unit":{"code":"BU008","label":"Security"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
24 January 2021

UID

swg22002664

Page Feedback