5.3.2 Release Notes

Overview

Extreme Security Threat Protection firmware version 5.3.2 is a firmware update for the XGS IPS network protection platform. This release provides the following updates to Extreme Security Threat Protection firmware version 5.3.1:

• Support for session ID and session ticket resumption for inbound SSL inspection.
• Added Do Not Inspect action in the Network Access Policy to bypass traffic from analysis completely.
• CLI enhancement that provides access to information for the following statistics from the command line interface stats > show mode:
  • PU load information
  • Memory usage information
  • Storage usage information
  • Processed packet information
  • Protection interface information
  • Inbound SSL connections information
  • Outbound SSL connections information
  • Admin account password expiry information
  • NTP time drift information
  • Last policy modification time
  • Appliance reboot information
• LMI enhancements:
  • Added key services memory usage information to the Monitor > System Graphs page.
  • Completed web application framework migration to improve LMI stability.
• Policy migration enhancements:
  • Enhanced migration of Security Network IPS policies using child repositories in the SiteProtector™ System system.
  • Enhanced migration of filter object and service object names to reflect objects' contents.
    

    Note

    For information about policy migration, see the Network IPS policy migration topics.
• Added Log with Raw option for intrusion prevention objects and Open Signature policy.

This release includes all of the defect fixes from firmware update 5.3.1.5. See the Extreme Networks Release Notes page at: www.extremenetworks.com/support/release-notes for a list of those fixes.

Announcement

Known Issues

• 72617 - Clicking Manage > Overview in the LMI does not display the last update time after firmware update.
• 74318 - IPS issues in the default Trust X-Force objects are not turned off inside PAM when disabled.
• 74415 - The Fps Dropped statistics graphs do not display correctly in the LMI when the response in an unanalyzed policy is set to Drop.
• 74484 - Remote syslog messages contain erroneous values, such as APPNAME and PROCID, which are not relevant to the event being forwarded.
• 75612 - UDP throughput testing for VMware shows high latency and low throughput when the frame size is larger than 1024.
• 76736 - Misleading event GLGSY0000W - System service was terminated unexpectedly and subsequently restarted is logged in system events when packet processing exits with a failure and analysis daemon is no longer running.
• 77189 - When using Internet Explorer 11 to edit a rule in a long list of NAP rules, the page appears to jump around, making it difficult to select a NAP rule to edit.
• 77298 - Packet capture can stop prematurely.
• 77339 - Inbound SSL inspection does not print the correct detail in system events when receiving an unexpected alert during handshake.
• 77380 - Unexpected quarantine responses for tcp_port_scan events blocks internal traffic, affecting application access for network users.

  As a work-around, you can add IPS event filters to ignore tcp_probe signatures that have enabled quarantine for specific VA hosts.

• 77385 - "Authorization is Required" error appears in messages log on every attempt to communicate with SiteProtector System.
• 77640 - LMI displays a JavaScript error message when you remove a network object from a Management Access Policy rule and delete it.
• 77641 - Network objects using CIDR format that is not supported in Management Access Policy are not filtered out in LMI.
• 77677 - The USB device detection event GLGHW9001I missing the USB manufacturer and product.
• 77678 - Start and end time of ongoing packet capture is incorrectly displayed on LMI immediately after the management interface capture starts.
• 77681 - NIM protection interface network graph shows spike during an XPU installation or rollback.
• 77732 - Large packet captures (greater than 500MB) cannot be downloaded using the LMI. Users can use SFTP as a workaround.