5.3.2.1 Release Notes

Overview

Extreme Security Threat Protection firmware version 5.3.2.1 is a firmware update for the XGS IPS network protection platform.

Enhancements

• 78459 - Added ability to trigger different system events for different PSU/FAN sensor statuses.
• 77608 - Added tuning parameter callhome.job.lifetimeinminutes (default 4320, 3 days), for a specific lifetime to queue errors for problems without creating PMRs.
• 79481 - Added BMC firmware info into support file.
• 79097 - Added du -h /var/support (after "df") in support file in order to dump the disk usage of /var/support directory

Fixed Defects

• 77793 - Missing translated MESA event catalogs for system event GLGSY0044W could result in broken event log records.
• 79416 - SNMP manager failed to query appliance info using snmpget through its IPv6 address.
• 77304 - During appliance startup, inappropriate process startup sequence caused false positives for some of the system events for pktcapd and user identity.
• 79350 - The value of callhome.job.frequency should default to 60 minutes when any another callhome parameter is added.
• 78834 - Appliance incorrectly adds a quarantine response for tcp_port_scan event when quarantine response to probe events, such as tcp_probe_ssh, is set.
• 78825 - Changed severity for the the PMRs created through callhome to 2 for the system events related to mesa_eventsd (Events Processing Daemon).
• 78803 - Configuring XGS7100 in high availability mode with asymmetric traffic causes alpsd to crash.
• 78203 - Appliance incorrectly reports Quarantine End Time as Jan 1, 1970 8:00:00 AM in IPS Event Details window.
• 78149 - Local Management interface can be accessed from protection interface IP address if the client connects using fully qualified domain name (FQDN) of the appliance.
• 78117 - Incomplete resource cleanup during analysis process restart can cause management configuration to fail through CLI.
• 78088 - Improper handling of passive authentication event requests resulted in incorrect identity information.
• 77877 - The local management interface dashboard graphs for SSL inspection rate and connection rate are using up to 10% below the actual values because they are expressed as binary units.
• 77829 - Graphs on SSL connections statistics page on the local management interface (Monitor->Network Graphs) uses improper graph label "Connections/sec".
• 77815 - Incorrect format displayed in CLI (stat > show > 6 protection interface) when experiencing large frame numbers.
• 77732 - Large packet capture (more than 500MB) cannot be downloaded using the LMI.
• 77681 - Protection interface network graph for all NIM interfaces incorrectly shows a spike during XPU install/rollback.
• 77678: Start and end time of ongoing packet capture file is corrupted when capturing traffic on management interface.
• 77339 - Inbound SSL inspection incorrectly logs an SSL decryption error event error: Bad handshake sequence: error:14094085:SSL routines:SSL3_READ_BYTES:ccs received early during SSL handshake.
• 77298 - Using capture connection can prematurely terminate the packet capture before connection being captured is closed completely.
• 77190 - After eight policy deployments, next NAP deployment fails and causes resource errors along with alpsd restart, due to connections retaining a reference to old NAP rulesets indefinitely.
• 77189 - When using Internet Explorer 11 to edit a rule in a long list of NAP rules, the page appears to jump around, making it difficult to double-click on a NAP rule to edit.
• 74318 - IPS events that are enabled in the default Trust XForce objects aren't actually turned off inside PAM when disabled in all in-used IPS objects.
• 73968 - DcaClient logs too much information when debug mode is enabled.

Known Issues

This release contains no known issues at this time.

Security Bulletins

• http://www.ibm.com/support/docview.wss?uid=swg21972209
• http://www.ibm.com/support/docview.wss?uid=swg21969670
• http://www.ibm.com/support/docview.wss?uid=swg21969771
• http://www.ibm.com/support/docview.wss?uid=swg21974231
• http://www.ibm.com/support/docview.wss?uid=swg21972382
• http://www.ibm.com/support/docview.wss?uid=swg21974242