Date post: | 26-Oct-2014 |
Category: |
Documents |
Upload: | anirban-das |
View: | 149 times |
Download: | 19 times |
North America
Radware Inc.
575 Corporate Dr., Lobby 1 Mahwah, NJ 07430 Tel: (888) 234-5763 International
Radware Ltd.
22 Raoul Wallenberg St. Tel Aviv 69710, Israel Tel: 972 3 766 8666
www.radware.com
LinkProof
Maintenance Release Notes
Version 4.38.01DL September 27, 2011
LinkProof version 4.38.01 Maintenance Release Notes Date: September 27, 2011
Page - 2 -
Page 2
These Maintenance Release Notes describe fixes for LinkProof version 4.38.01DL. These fixes are
part of the official product code, build 2, date September 27, 2011
Table of Contents
Supported Platforms and Modules ............................................................................................... 2 Maintenance Fixes ......................................................................................................................... 4
Fixed in version 4.38.01DL ........................................................................................................... 4 Fixed in version 4.38.01 ................................................................................................................ 5 Fixed in version 4.38.00 ................................................................................................................ 6 Fixed in version 4.37.12 ................................................................................................................ 7 Fixed in version 4.37.10 .............................................................................................................. 11 Fixed in version 4.37.09 .............................................................................................................. 13 Fixed in version 4.35.07 .............................................................................................................. 15 Fixed in version 4.35.06 .............................................................................................................. 19 Fixed in version 4.35.05 .............................................................................................................. 21 Fixed in version 4.35.04 .............................................................................................................. 26 Fixed in version 4.35.02 .............................................................................................................. 31 Fixed in version 4.35.01 .............................................................................................................. 36 Fixed in version 4.35.00 .............................................................................................................. 39
Known Limitations ....................................................................................................................... 40 Supported Platforms and Modules
This version is supported by the following platforms:
Note: This version allows the application software to support multiple boot versions. The config.ini
file defines the lowest boot version supported (BootRomVersion) and the highest boot version
supported (BootRomVersionInPackage). If the current boot version on the device is within these
parameters, no boot upgrade is required.
Platform Lowest
Boot
Version
Highest Boot
Version
Notes and Exceptions
Application Switch 1 4.53 6.01 For Application Switches 1 and 2 with a
SynApps license, it is recommended to use
256MB with this version. Large BWM
and/or Application Security configurations
that fit in 128MB in previous versions might
require 256MB with this version.
When upgrading Application Switch 1 from
version 4.21.02, boot upgrade is required.
Use the following procedure:
1. Reboot the device, stop at the
countdown and download the new boot
Application Switch 2 4.33 6.07
LinkProof version 4.38.01 Maintenance Release Notes Date: September 27, 2011
Page - 3 -
Page 3
Platform Lowest
Boot
Version
Highest Boot
Version
Notes and Exceptions
version via CLI.
2. After the new boot is uploaded to the
device, type ' @ ' (do not reboot the
device or change any dip-switch).
3. The device loads the old boot file –
4.5x and the old software version
4.21.02. Using CLI or Web Based
Management, upgrade the device by
sending the .tar file.
4. Once the process ends, the following
message is displayed in CLI :
Please toggle DPSW 1 to
select another boot bank.
Reboot will be performed.
5. Change dip-switch number 1, without
turning off the device.
The device reboots itself automatically and
uploads with the new boot and the new
version.
Application Switch 3 6.04 6.04
Compact Application
Switch
1.3*, 1.4** 6.012 * Only when upgrading from 4.30.
** Before starting the upgrade procedure
from version 3.81.0x, the boot EPROM must
be replaced with boot EPROM version 1.4
or higher (it is recommended to ask for the
highest boot version supported by the exact
bug fix version you are upgrading to).
Contact the Radware ordering department
for this. If you are upgrading from version
4.30, no boot change is required.
For upgrade from version 3.81.x the lowest
boot version to be used is 1.43.
For more information on platform specifications, refer to the Installation and Maintenance
Guide.
LinkProof version 4.38.01 Maintenance Release Notes Date: September 27, 2011
Page - 4 -
Page 4
This version includes the following modules:
Module Supported Version Notes and Exceptions
Application Security
(IPS, DoS and
BDoS)
3.402154
APSolute OS 10.03-01.10
Other 11.05.03 Network Driver
This version is supported by APSolute Insite version 2.85.02 and later.
Maintenance Fixes The following is a cumulative list of bugs fixed since the release of version 4.38.01DL.
Fixed in version 4.38.01DL
Item Description Bug ID
1. The trace-route command returned incorrect times 60363
2. Port Rules were not kept in configuration download from the device. 89618
3. Client couldn't create more than 10 local users in the user table, although
100 users were supported. 86831
4. While LinkProof encountered two routers who shared the same MAC
address the device crashed with the error: 'not correct FW physical addr
table index.' 122394
5. LinkProof stopped sending NTP client update requests after a valid SNMP
trap was sent to the device 131095
6. LinkProof crashed when using BWM .
The issue was identified as an unreleased memory buffer. 128295
7. When working in Redundancy modo (VRRP) after a failover (preemtion
was enabled), when the master device came back online it didn't send G-
ARP . arp-interface-grouping was set to 'avoid' 128681
8. The device crashed after the command 'redundancy vrrp trap-associated-id'
was issued from console. 131256
9. When a Health Monitoring binding configuration was created,
automatically created health check were available for binding . Binding
them caused on some occasions errors since the HC could have been
removed reboot. The behavior was fixed. 135788
10. Ping with Source option is not working and is replaced with default
gateway option. 139547
LinkProof version 4.38.01 Maintenance Release Notes Date: September 27, 2011
Page - 5 -
Page 5
Fixed in version 4.38.01
Item Description Bug ID
11. In a VRRP configuration, the ARP cache of the primary LinkProof
displayed its own VRID MAC Address. As a result, LinkProof stopped
forwarding traffic to the NHR. 77358
12. In version 4.37.11, LinkProof was accessible to SNMP traffic, although it
was explicitly blocked on specific interfaces via the security interface. 78615
13. In versions 6.1.0.01 and below, when LinkProof responded to an the
inbound DNS query, the response DNS packet carried the incorrect
corresponding VLAN tag ID. 78871
14. When working with SmartNAT in a full Class C range, the configuration
was changed to include a specific No NAT IP address. The No NAT
configuration could not be added until LinkProof was rebooted. 80417
15. When configuring application grouping through WBM, if the client table
mode was set to Layer 3, LinkProof generated the wrong error message. 82593
16. In a VRRP configuration, the primary LinkProof displayed the console
message "ICMPP_prtunrch_reply_ind: no buffer to send to a user", and then
after a while froze. 83673
17. After upgrading from version 4.35.07 to 4.37.12DL, the secondary
LinkProof did not respond to the primary ICMP requests, and vice versa. 84154
18. After upgrading from version 4.35.07 to 4.37.12, LinkProof used an
incorrect MAC address to respond to a packet coming from internal clients
that were accessing a VIP on LinkProof. 84344
19. In version 4.37.12 AS3, when passing FTP control traffic in passive mode,
the internal IP address of the server, instead of the public IP address, was
sent to the client within the payload. 85230
20. On LinkProof AS3, using FTP active mode inbound sessions handling and
the accelerator was enabled, in some cases the data session went to a
different NHR than the one the control session came from. 85362
21. When LinkProof stopped responding to ICMP requests, LinkProof reached
its NHR Tracking Table size limit, and then crashed. 86104
22. When downloading a LinkProof configuration via the CLI and uploading
the same configuration to an identical device, LinkProof generated the
following console error: "Error 07 in loading configuration - variable
number 01 of SNMP packet 637, variable name rsMLBSubnetSrvrStatus".
The error was related to the grouping policies setup on LinkProof. 89839
23. When creating a destination grouping rule using APSolute Insite version
2.89, the message "Error in MIB label " was generated in APSolute Insite.
This error did not occur using WBM. The bug was on identified in
LinkProof and not in APSolute Insite. 90975
LinkProof version 4.38.01 Maintenance Release Notes Date: September 27, 2011
Page - 6 -
Page 6
Fixed in version 4.38.01
Item Description Bug ID
24. When trying to add application port grouping rules, the message "Resource
Unavailable" was displayed, even though source and destination grouping
were working as expected. 97041
25. When using SmartNAT with Dynamic NAT, LinkProof did not rewrite the
source MAC address when it received a response from the NHR. 106484
26. When creating one BWM policy rule for FTP sessions with the name of
''ftp'', a 'Generic Error" was displayed in WBM, and LinkProof then crashed
and rebooted. 119083
27. When a DNS AAAA record request was sent to LinkProof, and the record
existed as an A record, LinkProof responded with a "Record Doesn't Exist"
message with the Authorization not being set in the Answer. This resulted
in the request being discarded by DNS Servers as "Lame Delegation". The
behavior was fixed to include the AA Flag. 120761
28. When using application grouping, when creating an incorrect application
port entry, the error message was misleading and displayed an illegal port
range. 128890
Fixed in version 4.38.00
Item Description Bug ID
29. When configuring Application Grouping using WBM, the value 65535 had
to be used to mean "other." The fix included adding the "other" option to
represent any non-explicit value. 21457
30. IP address entries in the IP Fast Forwarding Table (IPFFT) that did not
belong to any of the device's interface IP networks were not cleared
when these addresses were later used in configuring LinkProof. 22185
31. When multiple default gateways were configured, only the gateway that
was currently in the routing table could be deleted. 29866
32. Using RIP, the default value for AutoSend was set to Enabled, which
should have been set to Disabled because AutoSend is not standard as per
the RIP RFC. 42558
33. When reading the values of the octet counters from the following OIDs, the
OIDs generated incorrect 64bit numbers:
1.3.6.1.2.1.31.1.1.1.10.1 = Counter64:
1.3.6.1.2.1.31.1.1.1.10.2 = Counter64:
1.3.6.1.2.1.31.1.1.1.6.1 = Counter64:
1.3.6.1.2.1.31.1.1.1.6.2 = Counter64: 56992
LinkProof version 4.38.01 Maintenance Release Notes Date: September 27, 2011
Page - 7 -
Page 7
Fixed in version 4.38.00
Item Description Bug ID
34. In version 4.37.10, when a static route was added and a metric defined, the
static route could not later be deleted. 70826
35. After tuning the device, LinkProof did not correctly check if enough
memory was available for an application to run. 73010
36. When working with VRRP, the ARP Table incorrectly included the VRID
MAC address of its own associated addresses. 77358
37. When issuing the command "system device-info", the output included
incorrect information for device registration. 78848
38. On an Application Switch 3 platform, LinkProof did not change the TCP
sequence number correctly for active FTP sessions. 80167
39. When using Destination Grouping, if you deleted a destination group, or set
the recovery or grace timers to values > 0, the device rebooted. 82594
Fixed in version 4.37.12
Item Description Bug ID
1. The help display for 'lp global connectivity-check method help' was
incorrect. 09578
2. The CLI ping command did not have a help display when no flags were
added. 09799
3. For versions 4.35.04 and 4.35.05, the device had to be rebooted for the
Selective Interface Grouping feature to start working. 20983
4. For versions 4.3x, the CLI command 'system device-info' displayed
incorrect CPU information. 30686
5. In WBM, when changing the Static NAT configuration of existing entries
from Regular to Backup, and vice versa, the Submit button was missing
from the pane. 35986
6. On Application Switch 2, when issuing the CLI 'net l2-information"
command, the wrong information was displayed showing an '@' instead of
the port numbers. 36355
7. On Application Switch 1, when issuing the CLI 'system device info'
command, the Media Type was incorrect. It should have been "on board
flash" as the Application Switch does not have a Compact Flash. 36744
8. For version 4.35.07DL, a static NAT entry was mapping to an interface IP
even though static NAT was not working correctly. 43177
9. On Application Switch 2, during an SNMP task while receiving a
configuration upload, the device crashed. 53762
10. When working with Health Monitoring HTTP health-checks, LinkProof
received the HTTP response code 411 for the HTTP POST health-checks. 54007
LinkProof version 4.38.01 Maintenance Release Notes Date: September 27, 2011
Page - 8 -
Page 8
Fixed in version 4.37.12
Item Description Bug ID
According to the RFC, a Length Header must be included in the HTTP data
in the POST request, but LinkProof did not include it.
11. When editing or creating the destination IP in the Client View filters table,
the Client View did not find the correct matches when checking the filtered-
client-table. 54813
12. When editing an existing View Filter for the Client Views destination IP
resulted in the following error: "setting the vlan tag field must be in range
..." 54834
13. On an Application Switch 1 Alterra device using LinkProof Build 26 and
where there was only one port, auto-negotiation was set to "off" but
immediately reverted to "on."
Setting the physical port Auto-Negotiation to 'off' resulted in the changes
being accepted and the Auto-Negotiation configuration immediately
reverting to 'on'. 55993
14. When working in out-of-path mode with no Client Table, if a fragmented
packet entered the device from a different port than the port of the original
fragment, it was forwarded to same port as the original. In some cases, this
caused traffic loops. 56074
15. After upgrading from version 4.37.07 to 4.37.10 and using a redundant
configuration (where the device had multiple associated IP addresses),
when the Master device regained control, the Backup device kept trying to
become the Master. 56088
16. When working with APSolute Insite version 2.70.17DL (build 22) in order
to copy the configuration, SMTP and NTP settings switched back to the
default configuration after the copy. 57102
17. On a CAS platform, after upgrading from version 4.35.04 to 4.37.10,
enabling Any-Any Bandwidth Management rules dropped all of the VPN
tunnels. 57106
18. Health Monitoring Module started toggling up and down after the device
was up for 248 Days.
57376
19. After an upgrade from LP 4.21.07 to LP 4.35.07 Health Monitoring
parameters changed (Check Interval). 57589
20. When working in redundancy mode (VRRP) and the primary device took
over from the secondary device, after a short period the primary device
crashed and rebooted. 57712
21. On an Application Switch 3 platform, when working with VIP and NAT
(NHRs and Firewalls), packets were not forwarded correctly (ACK and
SEQ fields in the packet were incorrect), resulting in a broken session. 58000
22. When creating or deleting a Client View entry, the device froze and 58075
LinkProof version 4.38.01 Maintenance Release Notes Date: September 27, 2011
Page - 9 -
Page 9
Fixed in version 4.37.12
Item Description Bug ID
crashed.
23. When using a configuration with High Availability (two LinkProof devices)
and a Virtual Tunnel was created, the Backup device froze while retrieving
remote LinkProof information. 58754
24. Device froze after 248 days of operation. 59798
25. When using a configuration with both VIP and NAT, when for a specific
session the accelerators were enabled, the PASV FTP sessions were broken
due to miscalculations in the ACK and SEQ fields. 59942
26. When working with Virtual Tunneling with one NHR configured as the
Regular server and another NHR as the Backup server, and using the hash
dispatch method, traffic did not return to the Regular NHR after it entered
the Backup. 61075
27. The 'rdwrClientsTableNumEntries' OID in the Radware MIB file was not
available on the device. The MIB that was monitored was checking the
number of active entries in the Client Table. 61684
28. When working with Virtual Tunneling, the tunnels continued using the
Regular-Backup or Backup-Backup configurations and did not switch back
to a Regular-Regular configuration even after the Regular NHR came back
up. 61727
29. For version 4.37.10, when initiating a Port Scan, the scan showed port 21 as
open, even though FTP services were disabled on the device. 61866
30. On a CAS platform, when working with VPN, ping packets erroneously
passed through the interface which had been administratively brought
down. 62707
31. When working with VRRP, traffic was sent to the device's virtual DNS IP
according to the VRRP MAC address.
When the device port which was blocked and reset (as configured in the
Bandwidth Management policy), the reset contained the wrong MAC
address (the MAC address of the incoming packet.) 63152
32. In version 4.37.11DL (Build 34), when copying the configuration using
APSolute Insite 2.73.21, the VRRP trap summary was changed from "off"
to "on". 63836
33. The CLI command "redundancy vrrp msg-per ip" is no longer in use and
has been replaced by the command "redundancy vrrp trap-associated-id". 63859
34. On Application Switch 2 platforms, when issuing the "system config
immediate" command, the device crashed. 64295
35. When working with Virtual Tunneling and a link was configured as a back
link, the tunnel was configured to be Backup-Backup but LinkProof
erroneously recognized it as Active-Active. This resulted in the Default
Gateway destination grouping configuration to erroneously behave as if it 64344
LinkProof version 4.38.01 Maintenance Release Notes Date: September 27, 2011
Page - 10 -
Page 10
Fixed in version 4.37.12
Item Description Bug ID
were Active-Active.
36. On an Application Switch 3, in FireProof version 3.37.10, the picture of the
device displayed on the WBM interface was 2U although the device was
actually a 1U Application Switch 3. 64457
37. When changing DNAT tuning from Device -> Tuning, the memory check
did not correctly calculate the remaining memory after the tuning change. 64561
38. When setting the RADIUS timeout from Services-> RADIUS-> Timeout,
the timeout value could not be set and the device crashed. 64739
39. LinkProof did not allow creating more than 11 NHRs when the Proximity
Status was set to enabled. The limitation is now fixed, and proximity is only
checked for the first 10 NHRs. 65273
40. The error "REAG_buf_alloc: unable to allocate buffer" was changed to
appear only when Debug level 64 is set. 65474
41. When working in a redundant configuration with VLAN Tagging, the
Backup device took over from the Main device stopped tagging packets. 66948
42. When setting the LPB Port 1 to "auto", it still remained set to "auto off".
On CAS platforms, Port 1 showed a status of Auto-Negotiation set to
"Auto" even after it had been set to "Auto-Off" . 67511
43. On an Application Switch 1 platform, when the LPB was in status IDLE,
when a remote server attempted to start the IPSec, the LPB debug message
"No ISAkMP_SA" was issued.
On a CAS platform, every time the VPN went into IDLE status and the
remote sites tried to re-establish the VPN tunnel with it, a new IPSec SA
started (even with no timeout on the original IPSec SA). The result was the
error "no ISAKMP-SA" on the CAS. 68307
44. When loading the configuration file, the BER certification was incorrect.
After uploading the configuration file from LinkProof and then trying to
send it back, the error message "Error 07 in loading configuration" was
generated. 70695
45. When proximity was configured for 'Full Proximity - Both", it did not work
properly and the Dynamic Proximity table remained empty. 72438
46. When working with cluster servers and trying to delete a cluster, the
message "deleted successfully" appeared, although the cluster server was
not deleted. (For MIB change please refer to the Release Notes) 73576
LinkProof version 4.38.01 Maintenance Release Notes Date: September 27, 2011
Page - 11 -
Page 11
Fixed in version 4.37.10
Item Description Bug ID
1. After configuring and updating BWM policies (with the device in
transparent mode), the device froze.
30471
2. Using Mirroring, when an entry was deleted on the primary device, the
entry was not updated on the backup device.
30693
3. While upgrading from version 4.21.00 to 4.35.06, if there was a
destination grouping in the configuration, the device crashed and
rebooted.
30695
4. On Accelerated Platforms, when the accelerator was enabled the first
packet from the local server was sent without NAT.
30696
5. After removing all the interfaces from a device and rebooting it, a fatal
error occurs along with an error message.
31622
6. When a virtual IP was configured for the device interface, some health
checks for virtual tunneling failed.
34081
7. Configuring some IP addresses in the routing table caused those entries
to be deleted due to a problem with the way the device reads the IP
address.
34165
8. When working with both virtual DNS IPs and virtual tunnels, some of
the tunnel checks failed (CAS).
35472
9. While trying to change VRRP fields when VRID was active, the
resulting message was not informative enough.
36317
10. Some network ranges could not be accepted by Dynamic NAT local IP
ranges. The error message "The parameter 'To Local IP' must be an ip
address" was generated.
41436
11. When DNS for a local client was enabled and checksum was disabled, if
the device received a DNS packet with a checksum of 0, it changed the
checksum instead of ignoring it.
41616
12. While using SSH to manage the device, all management access
(HTTPS, SSH, Telnet, HTTP, Serial) froze. However, the device
continued to process packets.
42048
13. In VPN Configuration when a VPN rule to a specific host was defined,
the new rule did not work. The problem was related to the /32 mask
defined on the host. (CAS Platform)
42049
14. After configuring destination grouping and adding a destination Health
Check, the Health Check failed. The device needed to be rebooted for
the Health Check to succeed. (All Platforms)
42094
15. When a configuration file containing an illegal source or destination IP 42168
LinkProof version 4.38.01 Maintenance Release Notes Date: September 27, 2011
Page - 12 -
Page 12
Fixed in version 4.37.10
Item Description Bug ID
in a BWM policy was uploaded to the device, the device crashed during
boot. As part of the fix, the policy is now not loaded and a warning is
issued at boot time.
16. When the fragmentation table reached its limit, a notification message
was issued only once. As a result of the fix, the message is now issued
every 20 seconds if fragmentation reoccurs. (All Platforms)
46914
17. In a VLAN configuration with NHR, the MAC address of the NHR was
missing from the Client table.
47012
18. When working with proprietary redundancy after the main device
rebooted and took over the main position the device did not forward
traffic as expected.
47014
19. When viewing the Client Table in WBM, the CPU reached 100%
capacity.
47093
20. When fragmented traffic passed through the device and the
fragmentation table was not large, the device Throughput was much less
than expected (CAS)
47451
21. When using the FTP passive command and either a NAT or VIP was
changed, during retransmission the device handled the TCP sequence
and ACK numbers incorrectly.
47642
22. When NAT was enabled and traffic was set for a specific NHR, if the
'exclude static NAT' flag was disabled, the NAT translation was to an
incorrect NHR. (All Platforms)
48058
23. When NAT was enabled and the 'exclude static NAT flag' was disabled,
traffic was sent to a specific NHR, but the NAT translation was set to a
different NHR. (All Platforms)
48059
24. When processing VPN traffic, when ICMP was forwarded to the device,
the device crashed. (CAS)
49091
25. While opening an SSH & SNMP session concurrently, the device
console froze, but the device continued to process packets. (AS2)
50162
26. Under the following conditions, the device crashed:
- ARP table clean (after the device was booted or a manual cleanup)
- ARP Aging time is very short
Unknown ARP requests were put in the 'ARP waiting list'. The device
started to lose buffers until it crashed. (All platforms)
52293
27. After issuing the 'manage management-port' command from the CLI, 52301
LinkProof version 4.38.01 Maintenance Release Notes Date: September 27, 2011
Page - 13 -
Page 13
Fixed in version 4.37.10
Item Description Bug ID
the device froze.
28. When a session began with the first packet sent by a server, the
“application-aging-time” was calculated incorrectly according to the
source port instead of the destination port. This resulted in various
sessions disconnecting as these sessions used the global aging time
instead of the configured aging time. The problem was identified on MS
Terminal Server connections (RDP - TCP port 3389)
53930
29. LP device did not respond to Telnet command (Insite and WBM were
still working)
53767
Fixed in version 4.37.09
Item Description Bug ID
1. While trying to download the configuration file to LinkProof in BER
format, the download aborted.
43867
2. In VLAN configuration with NHR, the MAC address of the NHR was
missing from the Client table.
47012
3. If Switch VLAN configuration was applied, the operational status
remained UP even though the VLAN ports were down.
47716
4. When NAT was enabled and the 'exclude static NAT flag' was disabled,
while traffic was sent to a specific NHR, the device performed NAT
translations according to a different NHR.
48059
5. When processing VPN traffic, when ICMP was sent to LinkProof it
crashed. CAS platform.
49091
6. The LinkProof Device console froze while opening an SSH & SNMP
session concurrently, and the device continued to process packets.
50162
7. When using RIP with a basic configuration, the device crashed. 19215
8. When Mirroring was activated in VRRP configurations (AS3), the
device crashed and rebooted.
20952
9. While handling VPN session with fragmented traffic, the device
crashed.
25938
10. When using VPN, the device froze after several hours of operation. 26129
11. When Mirroring was used, both the primary and backup devices
crashed.
26539
LinkProof version 4.38.01 Maintenance Release Notes Date: September 27, 2011
Page - 14 -
Page 14
Fixed in version 4.37.09
Item Description Bug ID
12. While using mirroring, the primary device crashed. 26540
13. NTP configuration was not saved after loading the configuration file to
the device.
27695
14. While in VRRP mode. When the main device reboots, the mirrored
entries were not copied to the backup device.
30694
15. On Accelerated Platforms when mirroring was enabled, the backup
device reached high CPU usage.
30697
16. When virtual tunneling was used, when one of the NHR's modes was
changed (from backup to regular, or vice versa), the NHR mode was not
updated.
31088
17. After upgrading from version 3.81.06 to 4.35.04 using Insite, the device
crashed.
32969
18. After 'more-prompt' was enabled, when displaying more than one page
on the terminal, the actual behavior was as if it was disabled.
37641
19. When trying to add a Remote Station entry to the Remote Station Table
while using virtual tunneling, the device crashed.
37708
20. When VLAN Routed Redundant configuration and Interface Grouping
were enabled using Proprietary Redundancy, the device did not respond
to an ARP request. (All Platforms)
39842
21. When the command "system device-info" was initiated, the device
crashed. (Application Switch 1,Application Switch 2, and CAS )
41210
22. LP Version 4.35.07 (all licenses) BWM did not classify traffic that was
destined for the device IP itself.
43786
23. While trying to download the configuration file to the device in BER
format, the download aborted. (CAS Platform)
43867
24. VRRP had to be configured on the master device before it could be
configured on the backup device.
46145
25. When NTP was enabled, the following message was displayed
"WARNING Connection to NTP server timed out". The device then had
to be rebooted (All platforms)
47320
26. After issuing the 'system paste-config start' command in CLI, the device
froze.
51338
LinkProof version 4.38.01 Maintenance Release Notes Date: September 27, 2011
Page - 15 -
Page 15
Fixed in version 4.35.07
Item Description Bug ID
1. When AAAA query is received by LinkProof, the UDP length of its
reply was miscalculated and set to indicate 3 bytes longer payload.
19865
2. When a TCP proximity check failed, the device sent the check through
different NHRs but using wrong parameters, causing insertion of wrong
latency value in the proximity table.
26175
3. It was not possible to block or limit access to the device Virtual DNS or
Remote Virtual IP address. Please note that now BWM policies are
applied to all device IPs as well (Virtual DNS, Remote VIP or interface
IP) and use of “Any to Any” block policies can prevent access to device
management as well.
09819
4. In configurations where RIP is enabled, routing between two class A
subnets did not work properly.
09701
5. When BWM module used per-session classification mode, the policy
statistics were incorrect
9892
6. In VRRP redundancy configuration, when the main device failed and
than came back up it took over all VR IPs before the backup device had
a chance to mirror its client table to the main. This caused some of the
current active sessions to fail.
19103
7. Trace route command from the device, destined to a network for which
a static route entry existed, would go out via the default gateway NHR
when ping health checks were configured for this NHR, instead of the
NHR configured in the static route.
24947
8. The WBM device zoom was missing for Application Switch 2 - Dual
Power Supply.
25876
9. When Application Switch 3 worked with remove at session end
parameter enabled, it would occasionally send FIN/RST packets to
clients.
22915
10. In a redundancy configuration where the management port is excluded
from interface grouping, if no access via the management port was
attempted before a interface grouping is activated on the device (due to
a failed interface), once interface grouping was activated no
management access was available, though management port did not
participate in interface grouping.
25399
11. After a device reset previously configured Destination Health Checks
would fail.
19898
12. Device upgrade via TFTP (from Insite) would occasionally cause fatal 10481
LinkProof version 4.38.01 Maintenance Release Notes Date: September 27, 2011
Page - 16 -
Page 16
Fixed in version 4.35.07
Item Description Bug ID
error and the device reboots.
13. Occasionally the device would forward sessions without Dynamic NAT.
This occurred on Application Switch 3 only.
18515
14. LinkProof Branch with VPN license would in certain instances crash
when it received fragmented IPSEC packets.
19802
15. The values of an NHR warm-up and recovery time were not visible in
the output of the system config command.
24367
16. Device sent ARP requests with VLAN MAC as the sender MAC
(instead of the physical port's MAC address).
22748
17. OSPF multicast was dropped causing OSPF protocol to fail. 24907
18. Device would sometimes crash when configuration was downloaded
from the device via TFTP.
10165
19. Device would occasionally crash when deleting an IP VLAN while
under heavy traffic.
20003
20. Software upgrade to version 4.35.07 on an Application Switch 1 version
2 platform, required entering a password from the console.
24221
21. NAT was not performed for passive FTP sessions where the FTP server
replied with passive mode entered and not entering passive mode.
25722
22. When user attempted to delete an NHR that was defined as default
gateway for the device the message provided was unclear as to the
reason why this command fails.
27386
23. When an FTP control session packet with destination address an LP
Dynamic NAT IP arrived and its destination port that was already
allocated to an ICMP session, the device would crash.
9580
24. Application Switch 3 would occasionally crash under heavy traffic with
the message "Fatal Error: REAP_dsptchr_clnt_tbl_add_entry -
inconsistent client data" due to error in clearing client table entries.
Application Switch 3 devices crashed after 248 days, 13 hours, 13
minutes, 50 seconds due to overflow of timer.
9709,
23541
25. "Device would crash when the "snmp get
rsMLRBRNatHealthmonitoroperstatus.0" command was performed
from a MIB browser.
20381
26. Dynamic arp table entries were deleted before the aging time if the arp
table aging time was set to values greater than 21,000,000 seconds.
27711
27. The device crashed if user tried to attach IP address to a non-IP VLAN 27577
LinkProof version 4.38.01 Maintenance Release Notes Date: September 27, 2011
Page - 17 -
Page 17
Fixed in version 4.35.07
Item Description Bug ID
interface.
28. Generic fixes
Fixed in Generic 10.02-00.15:
a. Health monitoring module did not allow configuring health checks
with an empty password.
b. When TCP User Defined health check was in used, received packets
with binary matching were not matched correctly
c. In some cases, when HTTP or HTTPS check was in use and all the
check's arguments were configured, it was not possible to edit the
argument.
d. When multiple health checks with ARP method was configured with
the same destination IP address it was not possible to delete any of
them.
e. The device did not notify to reboot the device via telnet and SSH
when a status of features which requires reboot was changed. The
device notified only via the serial console.
f. In some Read-Only tables, the device displayed a "Delete" column
with an option to mark entries for deletion in the Web Based
Management.
g. In some cases the device did not displayed the "Set" button in the
Web Based Management.
h. Occasionally if the user tried to download a configuration file via
WBM, the download process would abort and the following error
message would appear: "tcp:no more packets".
i. Occasionally after sending a script via a Telnet session to the device,
the Telnet session would disconnect and the following error
messages would appear: "tnp_text_handler: No buffers. Text
discarded".
If the user then tried to reconnect to the device via Telnet the
connection would not succeed and in the following error message
would appear: "TELNET: New server connection refused. No
buffer".
j. Occasionally, when trying to download the support file via WBM,
only part of the file would be downloaded.
k. Occasionally, logins to Telnet, SSH or WBM were reported to the
console.
a. N/A
b. N/A
c. N/A
d. N/A
e. N/A
f. N/A
g. N/A
h. N/A
i. N/A
j. N/A
k. N/A
l. 23770
m. N/A
n. 23541
o. 21716,
22354
p. 23334
q. 23018
r. 28242
LinkProof version 4.38.01 Maintenance Release Notes Date: September 27, 2011
Page - 18 -
Page 18
Fixed in version 4.35.07
Item Description Bug ID
l. Occasionally, when the user tried to connect to a device with
HTTPS (secure web), a regular HTTP page would appear.
m. In some cases, when the uses accessed the check table via any of the
management interfaces, the device crashed.
n. After 248 days, 13 hours, 13 minutes, 50 seconds there would be a
fatal error regarding the tAxlUtils causing the device to crash.
Fixed in Generic 10.02-00.16: o. On LinkProof with DHCP Client, when a NHR IP address was
updated, the health check still used the old IP Address of the NHR.
p. SNMP vulnerability fix: SNMP packet with very long community
string to the management interface causes a nested fatal error:
Fatal Error Version 3.00.00 (Jan 24 2006, 23:28:21):
Exception vector number: 0x300
Pointer to exception stack frame: 0xaecf0e8
Program counter: 0x778158
Machine state register: 0xb030
Data access register: 0x399636c5
Data storage interrupt status register: 0x40000000
NESTED FATAL ERROR (exception)
NESTED FATAL ERROR (exception)
q. Occasionally, the device crashed with the following fatal error:
Fatal Error:
Fatal Error Version 8.20.03 (Dec 27 2004, 10:11:59):
Exception vector number: 0xc00
Pointer to exception stack frame: 0x3412268
Program counter: 0x264340
Machine state register: 0xb030
Data access register: 0
Data storage interrupt status register: 0
Date: 09-06-2005 11:12:47
Task Name : SNMP
09-01-2006 03:59:37 ERROR RADP_send_radius: Function failed.
09-01-2006 03:59:41 ERROR RADP_send_radius: Function failed.
Fixed in Generic 10.02-00.17: r. When OMPC or Content searching BWM rules were configured on
Application Switch 3, all the traffic was processed by Master CPU,
LinkProof version 4.38.01 Maintenance Release Notes Date: September 27, 2011
Page - 19 -
Page 19
Fixed in version 4.35.07
Item Description Bug ID
causing device crash when CPU reached 100% utilization.
29. BSP fixes:
a. Creation of a new directory in the file-system using the CLI
command "system file-system files mkdir" and a wrong path name
caused the device to freeze.
b. During the software upgrade and using a TAR file of an incorrect
platform the upgrade failed with no error message. A new test is
now done in order to verify that the TAR file matches the hardware
platform.
c. Starting BOOT version 6.06 Application Switch 2 supports
automatic boot PROM burning during the software upgrade process.
Notes:
º In order to be able to perform automatic upgrades to AS2, BOOT
6.06 must be burnt manually. Upgrading from 6.06 to future
versions will be done automatically.
º Automatic Software upgrade supported on hardware revisions
4.45, 4.50 and above.
d. After stopping the INIT of the Application Switch 3 device and
choosing to load the application from the compact flash, the device
generated the following error message: "Invalid value 1 for the
NewApplication".
a. 18348
b. 12419
c. N/A
d. 19447
a. 8
2
4
2
30. Fixed in IDS 1.53.20:
The summarized security log doesn't display the right info when
multiple source IPs are used. In addition source IPs of heavy attacks are
displayed inaccurately.
N/A
31. VRRP configurations with VLAN did not work properly due to the fact
that when the main device failed and the VLAN was disabled (interface
grouping) the physical ports of the VLAN were not physically
disconnected. The switch to which physical ports of the VLAN interface
were connected did not clear its MAC tables and continued to send
traffic to the main device though it had become inactive. To fix this the
Force Port Down feature was added. Please see the relevant section in
the user guide for details and limitations.
N/A
Fixed in version 4.35.06
Item Description Bug ID
LinkProof version 4.38.01 Maintenance Release Notes Date: September 27, 2011
Page - 20 -
Page 20
Fixed in version 4.35.06
Item Description Bug ID
1. In certain circumstances when LinkProof Branch used VPN that
required packet fragmentation assembly
N/A
2. In certain circumstances when LinkProof in VRRP configuration is
switching master appliance
N/A
3. New look support. Version 4.35.06 provides support for Radware
appliances new look design. This version is backward compatible with
old look as well. The following changes were done in this version:
a. The Synapps phrase was replaced with the phrase "BWM, IPS", in
all the management applications (CWI, Web, CLI).
b. In the CLI the term "License code" was changed to "License Key"
c. New licensing text is introduced. Instead of the word Synapps, the
words BWM, IPS will appear. For example if you had an LP license
that looked like lp-synapps, it will be replaced by lp-bwm-ips.
d. In CWI and the Web, new look gifs will be seen if the appliance is
of new look design.
N/A
4. Generic libraries fixes:
Fixed in Generic 10.02-00.14:
a. If a Path length + attack database file name length was above 106
characters the TFTP upload via Insite did not work and the
following error message appeared - "File too long".
b. When a request to download a configuration file that didn't exist to
the device was preformed, the device sent a read request to the
server. When it got the response "file doesn't exist", it sent a write
request with the same name, causing the file to be created.
c. In case a field in a MIB contained strings with %X (%s, %d, etc) the
device would crash when the CLI command "system config
immediate" was executed.
d. A capture of an SSL session could not be analyzed when a Diffie-
Hellman key exchange scheme was in use - due to it involving
random seed numbers. Current version supports only the RSA
scheme.
e. New Basic filters are now available for the P2P group: Baidux, Poco
and PPlive
f. In some case, enabling Bandwidth Management Statistics Collection
caused the device to generate a generic error message.
g. When multiple health checks with ARP methods was configured
a. 9820
b. 18334
c. N/A
d. N/A
e. N/A
f. 19653
g. 19813
h. 19783
i. N/A
j. N/A
k. N/A
l. N/A
LinkProof version 4.38.01 Maintenance Release Notes Date: September 27, 2011
Page - 21 -
Page 21
Fixed in version 4.35.06
Item Description Bug ID
with the same destination IP, some checks passed and some failed.
Starting this version it is not possible to configure more that a single
ARP check with the same destination IP address.
h. When multiple LDAP health checks were configured, after
rebooting the device all the LDAP checks, except the last check,
failed.
i. After a configuration file was sent to the device via TFTP using the
CLI command "manage tftp config-file get" the device did not notify
once the download was completed.
j. The device accepted any illegal IP address/Mask and changes it on
its own after pressing the "SET" button on the WBM.
k. When a malformed configuration file was send to the device the
software upload failed and it was not possible to send a new
configuration file to the device.
l. In some cases the device did not accept HTTP connection (for
device management) even if Web Based Management was enabled.
Disabling and enabling Web Based Management did not solve the
problem.
5. Application security fixes:
Fixed in IDS 1.51.16:
a. In CLI, when typing the command „security alerts-table get 0‟
(index=0) the device used to print an empty alert, instead of printing
the error message „no such instance or wrong value‟.
b. When updating a new signature file that included new attack groups,
the new groups did not appear till device was rebooted.
N/A
Fixed in version 4.35.05
Item Description Bug ID
1. Occasionally device crashed due to client table mirroring problem. 1168
2. When forwarding ICMP unreachable messages, whose original packet
had data, the device set incorrect ICMP header checksum, causing MTU
problems.
1740
3. When RIP is enabled there is wrong routing for whole class A IPs (or
1st prefix IPs) when specific route with same prefix is statically defined.
1686
4. For device in static forwarding configuration, when attacks with the IP 1667
LinkProof version 4.38.01 Maintenance Release Notes Date: September 27, 2011
Page - 22 -
Page 22
Fixed in version 4.35.05
Item Description Bug ID
header bigger then 20 bytes (has timestamp in the IP option) occurs, the
attack is not matched by Application Security.
5. The device changed the sequence number of retransmitted TCP packets,
and therefore the TCP packets got out of order.
1604
6. One trap settings did not work on "WARNING Routing to
NextHopRouter x.x.x.x is problematic” messages and therefore separate
messages were sent for each occurrence.
1513
7. Fixed in Network Driver: Application Switch 2 device dropped packet
with Ethernet type 0x9000.
N/A
8. Fixed in Network Driver: When copper GBICs were in use on
Application Switch 2 with 7G, in some cases the device recognized the
links as down, but traffic was forwarded successfully.
N/A
9. It was not possible to configure OSPF interfaces metric via WBM or
CLI, only via Insite.
1281
10. Device crashed after entering the command net ospf parameters lsa 1821
11. When an FTP control session packet with destination address a LP
Dynamic NAT IP arrived and its destination port that was already
allocated to an ICMP session, the device would crash.
N/A
12. In certain instances, problems with client table mirroring of FTP
sessions (redundant configurations) occurred, creating inconsistencies in
the client table and causing the device to crash.
N/A
13. Basic NAT range was limited to 70,000 entries; it has now been
increased to 224
-1.
N/A
14. Via CLI illegal configurations of Basic NAT were allowed, causing
device failure after reboot event.
N/A
15. When using DNS health checks, if the DNS response contained 2
answers (CNAME and A record), a fatal error would occur.
N/A
16. Qmail servers would discard the mail alerts (traps) sent by the device. 1512
17. Support for license that limits throughput to 100 Mbps was added. This
license is available on Application Switch 1 only.
N/A
18. Fixed in Network Driver: Application Switch 1 version 2 supported
both cross and straight cable. Starting this version, Application Switch 1
version 2 supports only crossover cables.
N/A
19. Fixed in Network Driver: Application Switch 2 lost synchronization
with copper GBICs upon reboots.
N/A
LinkProof version 4.38.01 Maintenance Release Notes Date: September 27, 2011
Page - 23 -
Page 23
Fixed in version 4.35.05
Item Description Bug ID
20. Fixed in Boot: In some cases, after upgrading from Pre-File-System
version to File-System version the Application Switch 1 device lost its
license.
N/A
21. Fixed in Boot: In case the command "system file-system copy-to-flash"
was executed with invalid index on Application Switch 2 or Application
Switch 3, the device erased the internal flash.
N/A
22. Fixed in Boot: A new protection is now available to protect uploading
incorrect files when burning the BOOT file on Application Switch 2 and
Application Switch 3.
N/A
23. Fixed in Boot: When downgrading the device to lower versions,
Application Switch 2 and Application Switch 3 did not erase the old
software versions from the compact flash.
N/A
24. Fixed in Boot: The Application Switch 3 device displayed incorrect
hardware version under "system device-information".
N/A
25. Application Security fixes:
Fixed in IDS 1.51.16:
a. Configuring 10 security policies or more caused the device to crash.
b. When adding or removing attacks from a policy that includes a user-
defined attack, the device reported an error "couldn't delete dummy
classification entry"
c. Update Policy command performed via Configware Insite could
cause device to crash.
m. 1620
n. N/A
o. N/A
26. Telnet session hung up when a large client table was displayed. 1618
27. Dynamic host name definition was recorded in the configuration as a
regular host name entry with corrupted URL.
1672,
1677
28. DNS for Local Clients capability was not working when the request
source and destination UDP ports were the same.
1777
29. If the length of the Virtual Tunneling remote service name was longer
than 14 characters the device sent the following messages:
"Problem in create tunnels" / "Tunnel health monitoring description
problem (1)". The supported length was increased to 20 characters.
1764
30. Could not add VLAN tag to a VLAN interface. 1825
31. Vlan Tag max value (4095) could not be set. N/A
32. The options date and time were missing from the system CLI menu. N/A
33. If device reboot was performed after date/time change a warning N/A
LinkProof version 4.38.01 Maintenance Release Notes Date: September 27, 2011
Page - 24 -
Page 24
Fixed in version 4.35.05
Item Description Bug ID
message appeared.
34. When adding a VPN rule via Insite, the following message appeared on
CLI: "Problem to get the next tunnel entry: remote service not match”.
N/A
35. A message was received on LinkProof Application Switch 3, software
version 4.21.07, that the number of free client table entries is larger than
the total number of client table entries configured, followed by device
crash.
1698
36. When upgrading the device via Configware Insite, the password was
verified only after the file was downloaded to the device, now it is
verifying the password at the beginning of the process, to save time in
case of incorrect password.
N/A
37. 802.1q environment support (VLAN environment) could not be enabled
(after reboot, the functionality would still be disabled).
1780
38. Destination health monitoring functionality did not work – automatic
health checks were not created causing a loop after first device reboot.
1675
39. Personality change for NFR units (not for resale) between products such
as DP to LP is problematic.
1396
40. System uptime readings did not change over time. 1652
41. Classification did not work properly with one way Layer 4 Bandwidth
Management policies.
N/A
42. Device crash when trying to edit/add VPN rule via CWI. N/A
43. Problems with SW Download via the WBM. No indication is received
that download finished. SW download started again without user
request.
N/A
44. Error message appeared on CLI after using command: lp global client-
table aging-time set 100.
N/A
45. When a fragmented IPSec packet would arrive to the Integrated VPN
gateway on the LinkProof Branch, an ICMP error was sent to the source
VPN gateway to stop sending fragmented packets and reduce MTU.
Some gateways recognize this message and act accordingly and some do
not. In this version the fragmented message is reassembled and
decrypted in order to find the IP address of the originating client, and an
ICMP error message asking it to lower its MTU is sent to this client. Of
course the message is encrypted and sent via the source VPN gateway.
Reassembled and decrypted message is forwarded to the destination, in
case its size is less than current MTU on the forwarding port.
N/A
LinkProof version 4.38.01 Maintenance Release Notes Date: September 27, 2011
Page - 25 -
Page 25
Fixed in version 4.35.05
Item Description Bug ID
46. Generic libraries fixes:
Fixed in Generic 10.01.00-13:
a. When Bandwidth Management policies were used to classify P2P
traffic, in some cases, packets were classified incorrectly.
b. A SYN packet with an illegal TCP option could cause the
accelerator to hang when replying to the SYN packet with a SYN
cookie. In such cases the master CPU would then crash with no log
messages (Application Switch 3 only).
c. When "SSL Hello" health check was in use, and the SSL version
was "SSL V3.0" the device did not include the SSL version when it
generated the check.
d. The SSH client did not process "window adjust" messages.
e. Sending configuration files to the device, which were not in BER
format, caused the configuration to be erased.
f. After upgrading to software versions that supports SNMPv3, it was
not possible to connect to the device using SNMP anymore.
g. vacmAccess* entries in ASCII configuration did not have the correct
snmpGroup key
h. When SSL based check was in use (HTTPS or LDAPS) and the
server was using the CBC ciphers, the check failed.
i. When SSL check was in use, and the physical link, which was use to
send the check, became disconnected, the check did not fail.
j. In some cases UDP Port Health Checks succeeded even if the UDP
port was unavailable.
k. 2 new Basic Filters for BitTorrent (UDP) are now available. P2P
filters group is also updated with the new filters.
l. When Port Bandwidth Statistics were collected and BWM module
was disabled, the device crashed with a fatal error.
m. When BWM module was disabled, it was possible to delete basic
filters, which were used by BWM policies.
n. When Using BWM policies with Bandwidth Limitations and the
maximum bandwidth allowed was 1K, the device did not classify the
traffic correctly. The Minimum Bandwidth Limitation for policy is
now limited to 12K.
o. TCP and UDP traffic on port 512 caused high CPU utilization.
p. When Bandwidth Management was enabled and Application
Security was disabled and Session Table was full, the device crashes
with the following fatal error: "Fatal Error:
bwmSessionTableProcessCallback error - linked session wasn't
a. 1632
b. N/A
c. N/A
d. 5275
e. N/A
f. N/A
g. N/A
h. N/A
i. N/A
j. N/A
k. N/A
l. 1707
m. N/A
n. 1726
o. 1738
p. 1697
q. 1716
r. N/A
s. N/A
t. N/A
u. N/A
v. 1813
w. N/A
x. N/A
y. N/A
LinkProof version 4.38.01 Maintenance Release Notes Date: September 27, 2011
Page - 26 -
Page 26
Fixed in version 4.35.05
Item Description Bug ID
found".
q. When HTTP or HTTPS health checks were is use and the servers
replied with "HTTP 1/0" and "200 OK" in two packets, the check
failed.
r. A new argument is now available for "TCP Port" health checks –
"Complete with FIN". When this argument is enabled, the device
ends the TCP check with a FIN Packet. In case the server replies to
this FIN with an ACK, the device sends another ACK to the server.
In case the server doesn't reply to the FIN packet – the check doesn‟t
fail (the check fails only if the server doesn't reply to the SYN
packet). The default value of the argument is "Disable".
s. After sending a configuration file, that contained two (or more)
entries in the Community Table with the same community string,
only the first community sting appeared in the community table.
t. After converting the configuration file to a newer software version
using Configware Insite, and uploading the converted configuration
to the device, it was not possible to connect to the device using
SNMP.
u. The device allowed uploading configuration files which were not in
BER format and deleted the current configuration afterwards.
v. In order to delete an entry from the OSPF interface table, it was
required to use the command net ospf interface del <ip address>
<interface number>. However it should only be required to specify
the IP address.
w. In order to improve DoS Shield performance, a new DoS Shield
filter is now available.
x. When the configuration file was downloaded from the device, the
SNMP community table was missing was the downloaded
configuration file.
y. A bug in the escaping sequence of Health Monitoring Module did
not read the methods arguments correctly.
Fixed in version 4.35.04
Item Description Bug ID
1. Occasionally an FTP session where many data sessions were attached to
the same control session would cause the device to crash.
1315
2. Proximity checks do not reach the minimum packet size of 60 bytes. In N/A
LinkProof version 4.38.01 Maintenance Release Notes Date: September 27, 2011
Page - 27 -
Page 27
Fixed in version 4.35.04
Item Description Bug ID
the past this caused the packet to be padded by garbage. Now every
TCP and ICMP check packet that is smaller than 60 bytes is padded
with zeroes. To the UDP proximity checks packets the
linkproof.proximity.advance packet is added.
3. In certain cases the MAC table was update according to dynamic ARP
packets, even though there was a static entry in the ARP table.
1477
4. BootP messages were not forwarded by the device when it was
configured as BootP relay.
1500
5. The application port number that could be configured for aging per
application functionality was limited to 49151 instead of 65534 (fixed in
CLI and Web).
N/A
6. Using CLI, strange numbers were displayed in the output of net l2-
information command when it was used after the command system inf-
stats reset.
1334
7. It was possible to set a Gig port to 100Mb via CLI. 1320
8. The caption of the Port Mirroring parameter Receive Broadcast was
changed to Promiscuous Mode.
1337
9. In certain conditions, when using passive FTP in environment with
many retransmissions, new traffic sessions would stop being forwarded,
due to lack of available Dynamic NAT ports.
N/A
10. When using Virtual Tunneling between two sites in certain
configurations, the tunnel health was not detected correctly (one site
detected tunnel as active while the other side detected it as failed)
causing the traffic for this tunnel to fail permanently.
1446
11. If an ARP packet was received from subnet not defined on the device,
the device did not answer. Now it will answer, if routing entry to that
subnet is defined.
N/A
12. Dual power supply is supported on Application Switch 2 and 3. N/A
13. During software upgrade between minor versions password was
required. This is fixed for updates from this version on.
N/A
14. New information has been added to the system device-info command
output: network driver version, health monitoring module version,
active and secondary boot version.
N/A
15. When upgrading a device with a file-system, and there is not enough
free space on the flash, the device generated an error message. During
software upgrades the device now erases the old version in case there is
1082
LinkProof version 4.38.01 Maintenance Release Notes Date: September 27, 2011
Page - 28 -
Page 28
Fixed in version 4.35.04
Item Description Bug ID
not enough space on the flash.
16. A spelling mistake was fixed in CLI output: "Couldn't prepare
temporary directory cm:/TARTMP for tar extration." (extration instead
of extraction).
N/A
17. In rare conditions, Application Switch 2 and Application Switch 3 Strata
Flash (Internal Flash), would loose its content upon frequent reboots.
1424,
1489
18. Application Switch 2 and Application Switch 3 device would suddenly
crash with the following error:
"Warning: Non-formatted Strata Flash media.
Please, prepare Strata Flash for File System ('z') and execute DOS
format ('y')"
1489
19. On Application Switch 3 with 9 Giga Ports (Fireproof on Voyager only)
when one port which was part of Static Forwarding ports was down, the
device did not fail to second port.
N/A
20. On Application Switch 3 the 10G port did not work properly. N/A
21. When bandwidth management per traffic flow was used, the device
occasionally crashed.
1487
22. Fixed in Generic 10.00-00.13a: When Protocol Discovery was enabled
and the device did not have enough memory, the device crashed with a
fatal error: “Fatal Error: No Memory available to create statistics table”.
1433
23. Fixed in Generic 10.00-00.13a: When Bandwidth Management was
configured to block or limit eDonkey traffic the CPU was overloaded.
1476
24. Fixed in Generic 10.00-00.13a: When updating policies, sometimes the
device crashed with a fatal error: "Fatal Error: Accelerator: 0, CPU: 0,
no longer responding".
1511
25. Fixed in Generic 10.00-00.13a: The device would become inaccessible
via Telnet or SSH, if multiple successive attempts to login were done by
the user.
1481
26. When using LP Branch VPN gateway, if the VPN Rule local subnet (for
example 10.2.1.0) was included in the same VPN Rule remote subnet
(for example 10.0.0.0) the device didn‟t reply to messages sent to its IP
belonging to the local subnet, because it recognized the session as VPN
session.
N/A
27. Occasionally an FTP session where many data sessions were attached to
the same control session would cause the device to crash
1315
LinkProof version 4.38.01 Maintenance Release Notes Date: September 27, 2011
Page - 29 -
Page 29
Fixed in version 4.35.04
Item Description Bug ID
28. Proximity checks do not reach the minimum packet size of 60 bytes. In
the past this caused the packet to be padded by garbage. Now every
TCP and ICMP check packet that is smaller than 60 bytes is padded
with zeroes. To the UDP proximity checks packets the
linkproof.proximity.advance packet is added.
N/A
29. In certain cases the MAC table was update according to dynamic ARP
packets, even though there was a static entry in the ARP table.
1477
30. BootP messages were not forwarded by the device when it was
configured as BootP relay.
1500
31. The application port number that could be configured for aging per
application functionality was limited to 49151 instead of 65534 (fixed in
CLI and Web).
32. Using CLI, strange numbers were displayed in the output of net l2-
information command when it was used after the command system inf-
stats reset.
1334
33. It was possible to set a Gig port to 100Mb via CLI. 1320
34. The caption of the Port Mirroring parameter Receive Broadcast was
changed to Promiscuous Mode.
1337
35. In certain conditions, when using passive FTP in environment with
many retransmissions, new traffic sessions would stop being forwarded,
due to lack of available Dynamic NAT ports.
N/A
36. When using Virtual Tunneling between two sites in certain
configurations, the tunnel health was not detected correctly (one site
detected tunnel as active while the other side detected it as failed)
causing the traffic for this tunnel to fail permanently.
1446
37. If an ARP packet was received from subnet not defined on the device,
the device did not answer. Now it will answer, if routing entry to that
subnet is defined.
N/A
38. Dual power supply is supported on Application Switch 2 and 3. N/A
39. During software upgrade between minor versions password was
required. This is fixed for updates from this version on.
N/A
40. New information has been added to the system device-info command
output: network driver version, health monitoring module version,
active and secondary boot version.
N/A
41. When upgrading a device with a file-system, and there is not enough
free space on the flash, the device generated an error message. During
1082
LinkProof version 4.38.01 Maintenance Release Notes Date: September 27, 2011
Page - 30 -
Page 30
Fixed in version 4.35.04
Item Description Bug ID
software upgrades the device now erases the old version in case there is
not enough space on the flash.
42. A spelling mistake was fixed in CLI output: "Couldn't prepare
temporary directory cm:/TARTMP for tar extration." (extration instead
of extraction).
N/A
43. In rare conditions, Application Switch 2 and Application Switch 3 Strata
Flash (Internal Flash), would loose its content upon frequent reboots.
1424,
1489
44. Application Switch 2 and Application Switch 3 device would suddenly
crash with the following error:
"Warning: Non-formatted Strata Flash media.
45. Please, prepare Strata Flash for File System ('z') and execute DOS
format ('y')".
1489
46. On Application Switch 3 with 9 Giga Ports (Fireproof on Voyager only)
when one port which was part of Static Forwarding ports was down, the
device did not fail to second port.
N/A
47. On Application Switch 3 the 10G port did not work properly. N/A
48. When bandwidth management per traffic flow was used, the device
occasionally crashed.
1487
49. Fixed in Generic 10.00-00.13a: When Protocol Discovery was enabled
and the device did not have enough memory, the device crashed with a
fatal error: “Fatal Error: No Memory available to create statistics table”.
1433
50. Fixed in Generic 10.00-00.13a: When Bandwidth Management was
configured to block or limit eDonkey traffic the CPU was overloaded.
1476
51. Fixed in Generic 10.00-00.13a: When updating policies, sometimes the
device crashed with a fatal error: "Fatal Error: Accelerator: 0, CPU: 0,
no longer responding".
1511
52. Fixed in Generic 10.00-00.13a: The device would become inaccessible
via Telnet or SSH, if multiple successive attempts to login were done by
the user.
1481
53. When using LP Branch VPN gateway, if the VPN Rule local subnet (for
example 10.2.1.0) was included in the same VPN Rule remote subnet
(for example 10.0.0.0) the device didn‟t reply to messages sent to its IP
belonging to the local subnet, because it recognized the session as VPN
session.
N/A
54. After reset the default status of virtual tunnels (Virtual Tunneling
functionality) was active. A flag has been added now (available only via
N/A
LinkProof version 4.38.01 Maintenance Release Notes Date: September 27, 2011
Page - 31 -
Page 31
Fixed in version 4.35.04
Item Description Bug ID
CLI) that allows to determine the initial status of the virtual tunnel –
Active (default) or Not-In-service (NIS). If initial status is Not-in-
service, the virtual tunnel status will be updated to active only after
tunnel health monitoring checks are successfully completed. The CLI
command to change the initial status of the virtual tunnel is lp vir-tunnel
tweaks vt-init-oper-stat.
Notes:
1. The new flag is manageable only via CLI.
2. The new flag's value is not kept during upload or download
of the configuration.
55. When a virtual tunnel was defined, health monitoring checks were
created even if global Health Monitoring status was Disable.
N/A
56. After reboot device did not send ARPs via the last physical port. N/A
57. In VLAN redundancy configuration, in case the device interface
grouping parameter is enabled and some of the interfaces in VLAN are
disconnected or/and connected the device did not detect the port status
change.
N/A
58. Device hung - no CLI, no ping reply, no management at all after
changing the configuration of VRRP settings.
1559
59. Fixed in AS 1.51.11: Anti scanning problem – sometimes the device
detected scanning attempt but did not block the attack.
N/A
Fixed in version 4.35.02
Item Description Bug ID
1. The number of VPN tunnels supported has been increased to 30
(previously it was 10).
N/A
2. Backup gateways configured for a VPN Rule were not saved in the
configuration. As a result during upload\download configuration
process the backup gateways were lost.
N/A
3. The Keep Alive interval could accept negative values. N/A
4. The CLI command system config was not displaying the VPN
commands in the correct order.
N/A
5. When VPN functionality was enabled proprietary redundancy
mechanism did not work properly.
N/A
LinkProof version 4.38.01 Maintenance Release Notes Date: September 27, 2011
Page - 32 -
Page 32
Fixed in version 4.35.02
Item Description Bug ID
6. Configuration that included Switch IP VLAN could not be uploaded to
the device.
1346
7. On Application Switch 3 a single network processor was activated
causing performance degradation.
1327
8. Device working in VRRP redundancy mode with priority 255 was not
sending ARP requests.
1158
9. On Web Based Management there was a spelling mistake in the name of
the DNS Virtual IP menu (under LinkProof/DNS Configuration).
1318
10. If a DNS request for a record type not supported by the device was
received (such as MX record), device was not answering. Now device
will answer that the record type is not supported. The device will answer
with Authoritative Answer 0, which specifies that the responding name
server is not an authority for the domain name in question. Return code
is set to 0 No error meaning that the request was completed successfully.
N/A
11. The device will answer only if the specified URL is configured on the
device. If the URL is not configured then the device will continue not to
answer.
1272
12. In redundancy configurations where VLAN was used, after redundancy
is enforced twice, messages sent by the device to email server or syslog
server did not reach their destination (the server MAC was learnt on the
wrong physical port).
N/A
13. The maximum number of SNMP communities supported by the device
was increased from 16 to 256.
N/A
14. Fixed in network driver: When Interface Grouping was enabled and a
port, with the negotiation mode set to off, became unavailable, the
device switched off all other interfaces, but the LEDs remained
illuminated.
N/A
15. Fixed in network driver: When Interface Grouping was enabled and the
Interface Admin Status of a port, with negotiation mode set to off, was
changed to "Down" the LED remained illuminated.
N/A
16. Fixed in network driver: Application Switch 2 with 7 Giga ports did not
detect changes in link status on ports 5-7. As a result it did not detect
that the links are up and did not forward traffic to those ports.
1300
17. Fixed in BSP: Sometimes, the device did not write correctly to the
Strata Flash (Internal Flash).
N/A
18. In Virtual Tunneling configurations when one tunnel was down, all the N/A
LinkProof version 4.38.01 Maintenance Release Notes Date: September 27, 2011
Page - 33 -
Page 33
Fixed in version 4.35.02
Item Description Bug ID
clients that used any virtual tunnel were deleted, not only those using the
failed tunnel.
19. When the device crashes due to a Fatal Error, the error is now logged
into the NVRAM, rather then the Flash memory. After the device is
reloaded, the application copies the log to the Flash.
N/A
20. The Network Processors on Application Switch 3 could occasionally
crash and stop responding.
N/A
21. Application Switch 3 with port rules configuration occasionally stopped
forwarding traffic.
N/A
22. If the value of the SYN Flood Protection parameter was changed, when
trying to retrieve configuration file from the device using WBM, the
following error message was displayed: “Error 10 in loading
configuration - variable number 01 of SNMP packet 001, variable name
unknown”.
N/A
23. On Application Switch 3 device when Static NAT was performed for
local traffic the following message appeared: “WARNING:
reaPrepareFlowEntry - Unexpected Configuration (2)!!”
N/A
24. When Application Switch 3 device had a very large numbers of entries
in ARP table, the device would stop forwarding traffic.
1328
25. Fixed in BSP: In some cases, during software upgrades (or
downgrades) on Application Switch 2 and 3, the boot upgrade failed.
N/A
26. Fixed in BSP: In previous versions of BSP, configuration changes were
saved to the Compact Flash every second (on Application Switch 2 and
3). Now BSP saves the changes to the Compact Flash immediately.
1166
27. Health Monitoring module fixes:
Fixed in Generic 10.00-00.10:
a. Username and Password fields size were limited to 20 characters for
HTTP and SSL checks. This Health Monitoring Module version
enlarges the size of each field to 80 characters. Please note that the
total size of all fields cannot exceed 80 characters.
b. The Health Monitoring Module used to send a trap with an "info"
severity when a health check failed. Starting with this version the
"warning" severity is used when a check fails and "info" severity is
used when a check passes.
c. In some cases, when the user pasted a configuration file to the
device with CDBSET commands and TCP User Defined health
N/A
LinkProof version 4.38.01 Maintenance Release Notes Date: September 27, 2011
Page - 34 -
Page 34
Fixed in version 4.35.02
Item Description Bug ID
checks were in use, the device crashed with a Fatal Error.
d. When the Health Monitoring Module was using DNS and SNMP
checks, it would not reuse the UDP ports. When all the UDP ports
were already in use, the device stopped performing DNS and SNMP
checks and generated the following trap: "ERROR
UDPP_alloc_free_port: no free ports”.
e. When hundreds of health checks were in use, occasionally the
device would stop performing health checks.
28. Terminal module fixes:
Fixed in Generic 10.00-00.10:
a. The "system config" command was missing flags and command
parts.
b. Using the CLI command "system paste-config” while the device has
several hundreds of configured objects, the following errors
occurred: "TCP: No more packets ", and the Telnet / SSH sessions
were disconnected.
c. The last physical port was not visible in the output of the CLI
command "management management-ports".
d. The device would hang if the user entered the " ' " character (a single
quote in the Hebrew language character set) in the device login or
prompt.
e. In some cases, when the output of messages was too long, the device
crashed.
a. 1332
b. 1265
c. N/A
d. N/A
e. N/A
29. When the majority of the traffic to the device was Telnet Sessions, the
device generated the following error message: "tnp_text_handler: no
more buffers".
1325
30. Help for CLI commands "manage snmp versions" and "manage snmp
versions
N/A
31. Fixed in Generic 10.0:0: Downloading configurations from the device
using Configware Insite, using long file name (more than 100
characters), caused the device to crash with a fatal error:
1290
32. Bandwidth Management module fixes:
Fixed in Generic 10.00-00.10:
a. In some cases BWM rules resulted in false positives, and blocked
legitimate sessions or packets.
a. 1319
b. N/A
c. N/A
d. 1371, 1376
e. 1248
LinkProof version 4.38.01 Maintenance Release Notes Date: September 27, 2011
Page - 35 -
Page 35
Fixed in version 4.35.02
Item Description Bug ID
b. In order to improve performance and classification speed, the
FastTrack filter is now using the OMPC mechanism instead of URL
search.
c. In cases where the first fragmented IP packet that contained a TCP
header was not the first session packet, the device did not classify
the packet correctly.
d. When Bandwidth Management was used and there was a policy with
a specific IP address in the source network or in the destination
network, the device would crash.
e. Bandwidth Management Tuning and Session table were not
available without a SynApps license. The users could not tune the
Bandwidth Management (for number of policies) or the session
table.
33. Protocol Statistics module fixes:
Fixed in Generic 10.00-00.10:
a. When Bandwidth Management was Disabled, and Protocol Statistics
was Enabled, the device would crash after "Update Policy" action.
b. A new memory protection is used in order to verity that the device
has enough memory for Protocol Statistics Module.
c. When Protocol Statistic table was full the device continuously sent
traps notifying the user about it.
N/A
34. Application Security fixes:
Fixed in Application Security 1.51.10:
a. In some rare cases the device stopped responding to management
commands via SNMP, WEB, SSL, SSH, Telnet, CLI. Static
forwarding ports however did continue to operate normally.
b. Sometimes using CWIS it was not possible to retrieve the device
security log file when using TFTP.
c. CLI printouts of internal Application Security tables could not be
interrupted.
d. On AS-III platform setting attack filters to match SYN packets did
not block the attacks.
e. When application security global action mode was set to forward,
port-scanning filters continued to block scanning traffic.
a. 1398
b. 1355
c. 1399
d. 1368
e. 1322
LinkProof version 4.38.01 Maintenance Release Notes Date: September 27, 2011
Page - 36 -
Page 36
Fixed in version 4.35.01
Item Description Bug ID
1. This version allows application software to support multiple boot
versions. The config.ini file defines the lowest boot version supported
(BootRomVersion) and the highest boot version supported
(BootRomVersionInPackage). If the current boot version on the device
is within these parameters, no boot upgrade is required.
N/A
2. In VLAN configurations, when BWM was enabled, device would
occasionally crash in task L2.
1161
3. When using proprietary redundancy mechanism with Backup Fake ARP
functionality enabled, the following problem was observed. When main
device came up the advertisements sent by the backup device on behalf
of the main device did not include the Virtual DNS address. Instead of
the Virtual DNS address, an address equal to the highest Static NAT
address plus one was advertised.
1244
4. In some cases when backup interface grouping was enabled, the backup
device was reporting some of the interfaces as active. If broadcast was
heard from the main device the backup device replied directly to the
main that the interface belonged to. This confused some L3 switches and
the redundancy was broken.
1239
5. In some cases, usually in VLAN configuration, destination grouping
entries could not be added. The following error message was observed:
"DSGRP_add_dest_subnet: NULL default destination subnet".
1246
6. The flag “Use grouping decision inside proximity” was checked even
when proximity was disabled. This caused DNS reply to always use the
NHR from which the request arrived.
N/A
7. In VRRP configurations when the active device changed traps where
sent to all management interfaces for each associated IP. In cases where
there were large numbers of associated IPs the large number of traps
sent every time the active device changed was problematic. A flag is
now available via the CLI interface that allows disabling these
messages. In case the flag redundancy vrrp ms-per-ip is disabled the
only trap received will be to announce the new active VRID. The flag is
enabled by default.
N/A
8. If “Use Port Rules in Advertisement” is enabled for RIP or OSPF
routing, device would occasionally crash.
N/A
9. The message of the SNMP traps for NTP and VRRP errors were
incorrect and did not match Syslog messages.
1163
LinkProof version 4.38.01 Maintenance Release Notes Date: September 27, 2011
Page - 37 -
Page 37
Fixed in version 4.35.01
Item Description Bug ID
10. Device was occasionally sending incorrect warning messages regarding
NTP (“server unsynchronized according to leap indicator” and “Stratum
unspecified”).
1014
11. Terminal module fixes:
Fixed in Terminal Module:
a. When using the CLI command "system config", the device
might have crashed with the following message: “Fatal Error:
termCfgFilePrintf: text is too long”.
b. When “manage terminal trap-outputs” command was used, it
was not saved as part of the configuration and returned to its
default value after reboot.
c. Security risk in the terminal login page allowed users to
exploit a possible vulnerability.
d. Using the CLI command to check memory usage of device
internal modules, such as web, SSH, Terminal and others
occasionally showed negative values.
e. Using the CLI command "system paste-config” while the
device has several hundreds of configured objects, the
following errors occurred: "TCP: No more packets ", and the
Telnet / SSH sessions were disconnected.
a. 1001
b. 1148
c. N/A
d. N/A
e. 1265
f. Problems were encountered in certain units due to new strataflash
technology – the application failed during boot up.
1018
g. Device upgrade via Secure WBM interface failed. 996
h. In certain cases it was not possible to delete a Local Service entry from
Virtual tunneling tables. The following message was displayed: ”Error:
resource unavailable”.
N/A
i. Virtual Tunneling fixes:
a. When Dispatch Method was set to Cyclic and more than one
NHR was defined as backup, only the first backup NHR was
ever selected.
b. TRP was not working properly; it only kept TRP data for one
tunnel per remote station.
c. When Dispatch Method was set to a value other than Cyclic and
Hash (weight dispatch method) for local device and an NHR was
defined as backup, destination grouping was not applied
properly.
a. N/A
b. 1108
c. N/A
d. N/A
e. N/A
LinkProof version 4.38.01 Maintenance Release Notes Date: September 27, 2011
Page - 38 -
Page 38
Fixed in version 4.35.01
Item Description Bug ID
d. When Dispatch Method was Cyclic for both local and remote
devices, tunnels whose VT Mode was Backup-Backup, were
never selected.
e. When Dispatch Method was set to a value other than Cyclic and
Hash for local device, the local NHR load was not taken into
consideration.
f. The Dispatch Method on the local device determines the remote
link selection now: if local Dispatch Method is set to a value
other than Hash, the remote link selection will use Cyclic mode,
if local Dispatch Method is set to Hash, the remote link selection
will use Hash mode. The Remote Link Weight parameter is now
obsolete and has been removed.
j. Bandwidth Management fixes:
Fixed in Bandwidth Management:
a. Bandwidth Management module was identifying traffic it
monitored as belonging to wrong port.
b. When SYN protection was enabled, packets were forwarded with
wrong sequence/ack numbers. This could cause session
disconnection.
c. When SYN protection and BWM were enabled performance was
affected excessively.
d. When the group to which a policy belonged was changed, after
Update Policies command, all change attempts to any policy
parameter resulted in error.
e. If Dynamic Borrowing parameter was enabled, though
Classification was disabled the device would be in an infinite
loop.
f. Uploading a configuration that included policies and policy
groups to a device that had BWM module disabled, failed.
g. The tuning memory check did not take into account the filters
assigned to the application security, thus when the application
security was enabled device could crash after reboot, if not
enough memory was available.
h. On Application Switch 3 policies that looked for layer 7
information were not always properly matched.
a. N/A
b. N/A
c. N/A
d. N/A
e. N/A
f. N/A
g. N/A
h. 1106
k. When tuning changes for protocol discovery caused lack of memory, N/A
LinkProof version 4.38.01 Maintenance Release Notes Date: September 27, 2011
Page - 39 -
Page 39
Fixed in version 4.35.01
Item Description Bug ID
after reboot the device would enter infinite boot loop.
l. If device ran out of entries in the protocol discovery table, the device
would crash.
N/A
m. When Protocol Discovery functionality was enabled the “Update
Policies” command occasionally caused device to crash.
n. Fixed in Boot/BSP: Bandwidth limitations enforced by BWM module
on Application Switch 3, did not work due to synchronization problems
between master and accelerator CPUs.
1117
o. CLI command "system file-system copy-to-flash help" would sometimes
delete the internal flash.
1150
p. Configuration changes that were performed closely to device power
switch or power failure were sometimes lost, partially or completely .
917
q. CLI display results for "system file-system config act-appl" were
misaligned.
1078
r. When an Application Switch 3 device was used in redundancy
configuration with an Application Switch 2 or Application Switch 1
device and client table mirroring as enabled, corrupted client table and
fatal error were caused in the backup device.
N/A
s. When DoS Shield module is enabled in Static forwarding, but no filters
are configured, the overload mechanism was sometimes activated even
though there were no active filters.
865
t. When Source Grouping was configured and Use grouping decision
inside proximity was enabled, the proximity did not take into
consideration the Source Grouping settings.
N/A
u. For inbound traffic load balancing the proximity data was not taken into
consideration.
N/A
v. Configuration upload/download failed if VLAN was defined. N/A
Fixed in version 4.35.00
Item Description Bug ID
1. Health Monitoring module fixes:
Fixed in Health Monitoring Module:
a. Using TCP User Defined and creating a packet sequence with
more than 512 characters, the device ignored the sting without
a. 997
b. 1000
c. 1004
d. N/A
e. N/A
LinkProof version 4.38.01 Maintenance Release Notes Date: September 27, 2011
Page - 40 -
Page 40
Fixed in version 4.35.00
Item Description Bug ID
any error message.
b. In some cases, after editing a string of TCP User Defined packet
sequence, the data moved from the "string" field to the
"description" field and from the "Regular Expression" field to
the "Sequence String" field.
c. Using Packet sequence TCP User Defined health check and
defining a health check, the device accepted value of 0 for
destination TCP port, and then alerts next message : "ERROR
cckArgError: bad arg for func contol2".
d. Using TCP User Defined checks, the device does not increase
the sequence number after sending packets.
e. Using Health Monitoring module, the device accepted TCP or
UDP port 0 in several checks.
2. When CLI command manage terminal grid-mode set disabled is used, it
doesn't apply for all cases – for example it does not apply for system
internal driver stat all command.
878
Known Limitations The following are known limitations for this maintenance version:
Item Description Bug ID
1. Destination Health Check web page is missing webhelp 135405
2. Application Switch 2 7G with copper Gbics does not recognize link
failures.
N/A
3. If large numbers of Static NAT or Basic NAT public addresses is
configured (thousands), after a reboot or during redundancy failover process
the device must advertise this large number of IP addresses and this can
cause problems in device functionality. In such cases it is recommended
that no configuration changes are performed for the first 5 minutes after
reboot, and in case of redundancy the VRRP method is used.
N/A
4. Insite does not support License Upgrade for LinkProof Branch (It can be
performed via the WBM and CLI interfaces).
N/A
5. On Application Switch 3 ports can only be attached to pre-defined switched
VLAN and not to user-defined switched VLANs.
N/A
6. On Application Switch 1 platforms that have 8Mb flash, if 4.35.01 and an
additional version are loaded on the device, the device boots up slowly
because of the small amount of free memory available on the strataflash.
N/A
LinkProof version 4.38.01 Maintenance Release Notes Date: September 27, 2011
Page - 41 -
Page 41
Item Description Bug ID
The boot up time can be improved by deleting the second (inactive)
software version to free memory space.
7. On Application Switch 3, queuing, prioritization and bandwidth guarantee
capabilities are not supported for accelerated traffic (traffic that is processed
by accelerators only). Access control, bandwidth limitations per policies
and per traffic flow are supported by ASIII for all types of traffic
(accelerated or not). The bandwidth limitation capabilities allow AS3 to
provide attack isolation functionality.
N/A
8. Application Switch 3 cannot work in 802.1q environment and does not
support switched VLAN on Fast Ethernet ports.
N/A
9. Health checks created automatically (by the Virtual Tunneling or
Destination Health Monitoring functions) should not be manually bound to
any element. They are automatically bound to the relevant elements. This
can cause problems after reboot.
N/A
10. In the health monitoring module, the "SIP TCP" health check method is not
supported.
N/A
11. In the Health Monitoring Check Table view (via all management tools) the
Method of the existing health checks is displayed as a number instead of a
string (Ping, HTTP, etc).
N/A
Versions 4.35.05 and up do not work properly on Application Switch 1
hardware revision 2.40.
N/A
12. Cluster Server support supported only in WBM and CLI N/A
13. Force Port Down Feature supported only in WBM and CLI N/A
14. Client Views supported only in WBM and CLI N/A
15. Transparent Load Balancing supported only in WBM and CLI N/A
16. Subnet Persistency Mask Mode supported only in WBM and CLI N/A
17. New dispatch methods (L3 Hashing, SrcIP Hashing & Customized Hash)
supported only in WBM and CLI
N/A
18. Mirroring is not supported. N/A
© 2011 Radware, Ltd. All Rights Reserved. Radware and all other Radware product and service names are registered trademarks of Radware in the U.S. and other countries. All other trademarks and names are the property of their respective owners.