Resolved Issues in IPSO 6.2 MR3
This section includes information about limitations that existed in previous versions, that have been fixed in IPSO 6.2 MR3.
ID Description/Improvement
00258443 UniDirectional Link Detection (UDLD) protocol packets are no longer dropped by ADP cards.
00258312 Stability issues with the xpand process used by Network Voyager and the configuration system have been fixed.
00257523 The clish command "show asset packages" now works correctly when used in CRON.
00258072 Invalid error messages displayed in the Network Voyager page Monitor > System Health >
SecureXL Firewall Connection Statistics are fixed.
00258250 The Static Routes page in the HA Voyager tab shows up to 50 static routes, and there is a link to see more. This link now works correctly when running VRRP and HA Voyager is enabled, and there are hundreds of Static Routes configured.
00558347 The snmp interface index number of the interface on which a Virtual Router (VR) is created now stays the same, as it should, after a VRRP transition.
00258282 When disabling and then re-enabling a Link Aggregation Group (LAG), the interface settings are now correctly set to the values that were used before the interface was disabled.
00258218 The value of the snmp v1 trap "vrrpTrapNewMaster" enterprise field is now the same as in IPSO 4.2 and other vendor snmp v1 implementations.
00258705 Site-to-Site VPN performance of IPSO 6.2 with R70 and higher on uniprocessor platforms has been improved so that it is the same as the performance of IPSO 4.2 with R65.
Resolved Issues in IPSO 6.2 MR3
00258217 tcpdump has been fixed so that it no longer reports duplicate packets.
00258237 On IP290 and IP390 appliances, the "ipsctl -a hw:memory" command now reports correct information.
00258553 Previous releases were not able to process TCP connections that require PSL processing in bridging mode. Samba services therefore did not work properly. This is now fixed.
00258409 When a tcpdump was performed on an IP Appliance Security Gateway, the gateway would do a core dump and reboot, in certain hardware configurations. This has been fixed.
00258466 The dbpasswd command required by Horizon Manager was added.
00257961 The Disable/Enable All Virtual Routers option (introduced in IPSO 4.2) now appears in the Network Voyager Legacy VRRP Configuration page.
00548028 If a host sends a traceroute request through the IP Appliance gateway to a network that is defined in the gateway routing tables as unreachable, the gateway sends a "Destination Unreachable"message to the host. In previous versions, when the default route is defined as unreachable, the gateway does not send a "Destination Unreachable" message. In this version, gateway does send a "Destination Unreachable"message.
00258008 When performing an advanced upgrade to IPSO 6.2 from IPSO 4.2 using the
upgrade_export and upgrade_import commands, the management server configuration is correctly imported to the target management server.
00258105 The Clish command for VRRP monitored circuits: "set vrrp interface <interface name>
monitored-circuit vrid <vrid #> <on/off>" now recognizes the on/off portion of the command.
ID Description/Improvement
Resolved Issues in IPSO 6.2 MR3
00258783 The time-out for applying configuration changes has been increased, to avoid time-out errors when saving changes to a very large configuration database (such as 2 MB).
00258746 In previous versions the snmp counters of ethernet interfaces incorrectly reported counter values using 32-bit values. In this version the counters are correctly shown using 64-bit values.
00259282 When handling IPv6 traffic, the operating system is now stable
00628433 Generic Routing Encapsulation (GRE) tunnel keepalive packets are not dropped by the IP Appliance gateway.
00257866 Adding overlapping routes from the Network Voyager page "Add New Static Route" no longer causes a problem in the ipsrd routing configuration file.
If an overlapping route was added in a previous IPSO 6.2 version, clean up the database as follows:
1. Run dbset on all the static route bindings to set them to NULL. For example:
dbset ipsrd:instance:default:static:network:10.10.10.0:masklen:23:gateway:address:
dbset ipsrd:instance:default:static:network:10.10.10.0:masklen:23:gateway:address:192.168.81.1 2. Save the database. Run
dbset :save
00259284 The IP Appliance will now forward non-RFC compliant DHCP and BOOTP packets.This makes it possible to use the IP Appliance as a relay that connects certain older-model printers to a LAN.
00259117 It is now possible to creates a graph for a logical interface using the "Interface Dashboard"
function (found in Network Voyager under Monitor > Performance Monitor) even after changing the name of the logical interface.
ID Description/Improvement
Resolved Issues in IPSO 6.2 MR3
00258966 Internal BGP sessions use a metric called the local preference, which is carried in internal BGP update packets in the path attribute LOCAL_PREF. This metric indicates the degree of preference for an external route. LOCAL_PREF no longer changes when it passing through IP Appliance.
00258738 The system status view for an IP 390 appliance (in Network Voyager System > Monitor >
Hardware Monitoring > System Status) now shows all the values (Fan, Power Supply, Temperature and Voltage).
00259360 It is now possible to enable VRRP if support for an external load balancer is enabled.
00259059 When adding a new member to a VRRP High Availability (HA) cluster, the HA secret can now use special characters. For example: !, $, %,@,&,*,(,),<,>,+).
00259199 The Network Voyager option "Monitor Firewall State" (under System > Configuration > IPv6 Configuration > Router Services > IPv6 VRRP) is now handled correctly.
00259324 URL logging now works correctly with Check Point R71. (URL Logging is configured in SmartDashboard by adding a URI Resource to the service of a Firewall rule.)
00635221 When disabling a Policy Based Routing (PBR) route within Network Voyager, the route is now removed from the list of routes.
00635219 SNMP performance monitoring messages generated by the perfmond daemon, such as
"perfmond: SQL error fwd: database is locked" are now limited so that fewer messages are printed. These messages are not serious, so they are limited in order not to distract monitoring systems.
00259440 Link aggregation and link redundancy incoming packet errors on Ethernet interfaces are now counted correctly by the "netstat" command.
ID Description/Improvement
Resolved Issues in IPSO 6.2 MR3
00259614 IPv6 route advertisement packets no longer cause memory leaks.
ID Description/Improvement