Print
this page
Email this topic
Feedback
View PDF
Download EPUB5.3.2.2 Release Notes
Overview
Extreme Security Threat Protection firmware version 5.3.2.2 is a firmware update for the XGS IPS network protection platform.
Fixed Defects
- 80786 - Embedded knowledge center contains unnecessary note for configuring IP address on protection interface pair for SSL decryption.
- 80776 - Security event SSL_Malformed_Certificate is triggered by outgoing SSL traffic on internal Network Protection appliance due to Outbound SSL inspection being enabled on external Network Protection appliance.
- 80593 - Changing the admin password using the CLI prints cleartext password in the system log.
- 80196 - Can not change speed/duplex on management interface M.1 through advanced tuning parameter with latest BMC firmware. For more information, see technote #1964988.
- 80171 - LMI login warning banner does not contain an OK button as acknowledgement.
- 80145 - Packet processing daemon crashes in ISNP 5.3.2.1 when traffic matches a domain certificate object used in a Network Access Policy rule and there are at least 10 Network Access Policy rules enabled.
- 80136 - In the SiteProtector Management policy, the proxy password in the Agent Manager configuration is stored in plain text.
- 80095 - The appliance fails to block IPv6 unspecified address '::' when used in Network Access Policy rules.
- 79803 - If the Enable X-Force Protection Level Blocking option on the IPS Object general Configuration tab is disabled, installing a new XPU causes events to be blocked.
- 79723 - GLGUP1002E system event indicates a failed upgrade attempt is incorrectly logged after changing the active partition to an earlier firmware and accessing the Available Updates page in the LMI.
- 79664 - Hardware Diagnostics should be disabled on Extreme Security Threat Protection for VMware.
- 79662 - The Appliance SSL Certificate used by the LMI is renewed 1 day prior to expiration.
- 78614 - Open signature rules cannot be used to detect outbound SSL traffic. This requires XPU 36.020, released February 2016.
- 77677 - The USB device detection event GLGHW9001I does not contain USB manufacturer and product information.
- 81528 - When compiling the Network Access rule set, the packet processing daemon crashes with signal 11 if at least 10 Network Access Policy rules are enabled and at least one contains a schedule object.
Changed Features
Due to the DROWN OpenSSL TLS vulnerability (CVE-2016-0800), SSLv2 was removed from the Outbound SSL inspection supported protocols.
Known Issues
This release contains no known issues at this time.
Security Bulletins
- http://www.ibm.com/support/docview.wss?uid=swg21978438
- http://www.ibm.com/support/docview.wss?uid=swg21977281
- http://www.ibm.com/support/docview.wss?uid=swg21975835
- http://www.ibm.com/support/docview.wss?uid=swg21975225
- http://www.ibm.com/support/docview.wss?uid=swg21974989
- http://www.ibm.com/support/docview.wss?uid=swg21974550