Item | Description | Bug ID |
|---|---|---|
1. | Alteon XL and Extreme model platforms were vulnerable, on the data path only, to an Adaptive chosen-ciphertext (Bleichenbacher) SSL attack when using RSA key exchange, CVE-2017-17427. This vulnerability is now resolved. Note: For 5224 XL/EX and 5412 XL/EX platforms running in ADC-VX mode, the ADC-VX image must also be upgraded to this version in order to resolve the vulnerability. | DE34293 |
2. | Using WBM, with automatic sync enabled, when Apply was performed after a configuration change, and then Revert Apply was performed, the Sync button remained pressed until the user clicked it again. | DE27847 |
3. | Alteon rebooted itself with a powercycle message. | prod00259190,prod00259191 |
4. | In a VRRP environment, the backup Alteon did not change the source MAC and used the proxy MAC while routing the packet on the backup device. | prod00259162 |
5. | In an AppWall-integrated environment, even though Alteon VA had all the licenses needed for signature update, when uploading a signature file manually, the following error was generated: Failed to find valid license for signature update | prod00258685 |
6. | Using WBM, after performing a Revert-Apply with audit enabled, due to a garbage value of buffers in the username string of the audit message, a panic occurred. | prod00258610 |
7. | In an AppWall-integrated environment, the Websec tunnel was flapping and four (4) core dumps generated for AppWall. | prod00258523 |
8. | In an AppWall-integrated environment, the Websec tunnel was flapping and four (4) core dumps generated for AppWall. | prod00258520 |
9. | Using WBM, with FQDN configured, when the user tried to access Alteon WBM with a forward slash ("/") in the path, Alteon redirected traffic to the IP address instead of the FQDN host. | prod00258376 |
10. | Alteon stopped forwarding packets intermittently to a directly reachable destination. | prod00258185 |
11. | In an SLB filters environment, after an upgrade, the configuration flag matchdev under the filter was not restored correctly, causing incorrect filter handling and Alteon to not respond to SMTP incoming traffic | prod00258172 |
12. | In an environment with AppWall integrated with Alteon SLB on a service with backend SSL and without Layer 7, double billing to transactions occurred and AppWall reported an HTTP RFC violation error. | prod00258160 |
13. | In an SLB environment with the virtual service action set to discard or redirect, and a mixed version of a PIP address for the virtual service configured, Alteon failed to apply the configuration. | prod00258149 |
14. | In a Link Load Balancing environment, when the network class was used in PIP mode, some PIPs did not respond to ARP requests and did not send a GARP after HA switchover. | prod00258095 |
15. | In an RSTP environment, when a STP port went down, a non-STP port was also moved to the discard (DISC) state for a short period. | prod00258094 |
16. | After upgrading to 30.2.8.0, management access via a data port failed. Note: The default value for /cfg/sys/access/port was changed from data ports to the management port. | prod00258049 |
17. | In an SLB environment with the redirect action on a service, when the delayed binding (dbind) was automatically enabled, a panic occurred. Note: The fix was to change the default value of redirect action to dbind forceproxy, and to issue a warning if the user configures the redirect action with `dbind ena` | prod00257986 |
18. | Using WBM in an SSL environment and the virtual service was configured with SSL offloading, Alteon closed the session with a FIN packet without opening a back-end session to the real server. | prod00257959 |
19. | In a virtualization environment, when downloading techdata from a vADC, the syslog files were missing from the techdata output. | prod00257947 |
20. | Using APSolute Vision in an SLB environment, after enabling cookie persistency on Alteon in the HTTP Server Selection tab, the submission failed due to missing parameters. | prod00257922 |
21. | Using the CLI, the command /cfg/slb/virt 1/service 80 http/http/httpslb others, an empty HTTP header name was not allowed, and the same change using APSolute Vision or WBM caused a configuration corruption. | prod00257806 |
22. | In a configuration with DNSSOA objects configured, after upgrading the Alteon version, the configuration failed to apply after reboot, and the entire configuration was in diff. | prod00257768 |
23. | The TCP RST frame composed by Alteon was not designed per the RFC with 'srvdown reset' /creset features. As per RFC 793, the device must use the sequence number as zero if the packet it is resetting does not contain an ACK. However, Alteon used the client sequence number as the sequence number and acknowledgement number in the RST packet. | prod00257750 |
24. | When the Defense Messaging syslog configuration was added, because the port was set by default to 0, the Apply failed. | prod00257747 |
25. | Using WBM, when editing an HTTP Content Modification rule action, even though the rule action was changed from "replace/insert" to "remove", Alteon did not remove the path. | prod00257737 |
26. | In an SLB environment, the backup server participated in load balancing even though the primary real server was restored to normal: the current sessions were reduced from the maximum connection (maxcon). | prod00257648 |
27. | In an SLB environment, when a server group was configured with the roundrobin metric, the first client request always selected the last real server associated to that group, and selection of a real server was local to the server group. | prod00257626 |
28. | Using WBM, the temperature and fan statuses displayed incorrectly. | prod00257615 |
29. | In a Global SLB environment, Alteon selected the incorrect IP address by using network fallback. For example, if Site1 Alteon lost connectivity to all defined public servers (its own public virtual and remote servers, if configured), while its private virtual server was UP (in a production environment, other servers could be utilized for internal clients), external clients would incorrectly resolve with a private IP address instead of not receiving responses at all. The absence of a response forces their DNS resolver to query the next NS record (Site2 Alteon) that potentially could resolve with valid public IP address. However, as this behavior is desirable to support GEO-based load balancing (DC preference) while allowing DC failover in case of a DC failure (a pure public environment), the fix was to add a command to control this behavior: /cfg/slb/gslb/rule <rule#>/fallback [ena|dis]. The command default is disabled for newly created rules, but upgraded rules from previous versions have the command default as enabled. | prod00257575 |
30. | In SLB environment with content rules attached, content rules statistics fetched through REST API returned invalid statistics. | prod00257451 |
31. | In an SLB environment, the passive cookie persistent entries never were aged out or cleared. | prod00257377 |
32. | Using the CLI, the /cfg/dump command allowed normal users to use parameters a, b, c, d, n, and s, while only Support users should be allowed to use them. | prod00257360 |
33. | In an SSL environment, when an SSL key was deleted and the associated server certificate was modified with the same Apply, the syslog message AlteonOS <system>: Saved config is not proper. Modify configuration or Reset vadc with factory config displayed. Alteon had to be rebooted to fix the service outage issue. | prod00257351 |
34. | Using WBM with health checks configured, when a scripted SMTP health check was configured from WBM, Alteon removed the escape character '\' (backslash) when parsing the incoming data received from WBM. | prod00257334 |
35. | Using the CLI, the ACK message for the command /oper/slb/gslb/rrem did not indicate whether any remote entries were actually deleted correctly, especially when there were no remote entries | prod00257328 |
36. | With the Alteon DPS licensing model, when using the aas-perform-cookie license, you could not enable the LinkProof module using ADC-VX. | prod00257316 |
37. | In a virtualization environment, the administrator password (/cfg/vadc x/user/admpw xx) for a vADC was not synchronized properly between the vADC and the ADC-VX configuration. | prod00257299 |
38. | When configuring Alteon using REST API, when attempting to add a real server in the GSLB network rule, there was no option to input the Preference field. | prod00257256 |
39. | Using the CLI, the command for GSLB persistence table (/i/slb/gslb/pers <IP Address> <Mask>), displayed the entire table with irrelevant entries, instead of a single entry. | prod00257242 |
40. | Using the CLI, the command for the GSLB persistence table (/i/slb/gslb/pers <IP Address> <Mask>) displayed entries that were different from the IP address specified. | prod00257235 |
41. | Using the WAF WBM in an AppWall-integrated, changes made by the Configuration Files Editor tool were saved by default even if the user did not save them. | prod00257214 |
42. | The HTTPS management access to IPv6 (data) IP addresses did not work. | prod00257138 |
43. | In a DNS environment with two FQDN real servers configured with the same FQDN, because of case insensitivity with TTL expiration, new DNS requests were not sent to the FQDN real server. | prod00257041 |
44. | Using WBM, you could not add an SLB POP3 application as there was no way to enter the server group. | prod00256872 |
45. | In an SLB environment with delayed binding (dbind) enabled, the MSS value was taken from the client's SYN packet and used in the response. If client packets arrived with MSS 8960 (jumbo packets), Alteon used this value in the response even though Alteon does not support jumbo packets. | prod00256772 |
46. | In an AppWall-integrated environment, with DNS defined via a data port, the Automatic Signature and Geo Location updates were not successful. | prod00256682 |
47. | In an Alteon HA environment, when attempting to configure a slave, the slave started to announce OSPF hosts and its router received two similar routes. | prod00256651 |
48. | In a DNS SLB environment, when selecting the back-end real servers, the configuration was not saved. | prod00256636 |
49. | In an SLB environment with an AppShape++ script and an AppWall policy attached to the virtual server, the Web page was not loaded after refreshing the page on the browser. | prod00256607 |
50. | Using in the CLI in a virtualization environment, when running the command /cfg/gtcfg all command on an ADC-VX, the configuration of last vADC was not restored. | prod00256593 |
51. | In an SLB environment, when performing an Apply with any SLB- or VRRP-related configuration, all the current sessions were cleared out. | prod00256590 |
52. | In a virtualization environment, when the primary ADC-VX was upgraded, a panic occurred on the secondary ADC-VX. | prod00256588 |
53. | Using the CLI, when using the /maint/pktcap/captures command for Wireshark captures, the packet time in the Wireshark capture displayed for the next day's capture, but Alteon displayed only the current date and time. | prod00256555 |
54. | Because some DHCP Discover messages were not relayed to the DHCP server, smartphones were not able to receive IP addresses. | prod00256553 |
55. | After the change to the licensing scheme for DPS, it was not possible to install new instances of Alteon in Cloud WAF. | prod00256545 |
56. | The command usage text of the ena and dis commands in the /cfg/l2/lldp menu displayed "llldp" instead of "LLDP". | prod00256537 |
57. | In an SSL environment, changing the user-defined-expert cipher-suite did not work until after reboot. | prod00256515 |
58. | When receiving an ICMP unreachable message on the Alteon management port, a panic occurred | prod00256513 |
59. | Using WBM in a monitoring environment, you could not load the "virtual servers" status when accessing Alteon through a data port. | prod00256493 |
60. | In an SLB environment, when compression was disabled and APM was enabled, the Web page became blank without any response body data. | prod00255332 |
61. | Using WBM, In an Alteon SLB environment, when configuring the maximum number of services on a server and the last service with content rules, the list of content rules for Content Based Rules of Selected Virtual Service did not display. | prod00255291 |
62. | In a Smart NAT environment, when using the same public address for static NAT and dynamic NAT, the response for outbound traffic (that matched the dynamic NAT entry when generated) matched the static NAT entry, and was NATed incorrectly. As a fix, a warning message was added when using the same dynamic NAT address as the static NAT address. | prod00255111 |
63. | Using WBM, when using a clone to duplicate an existing virtual server, when selecting new SSL data for the new virtual server, Alteon also changed the SSL setting for the original virtual server. | prod00253449 |
64. | A FIPS device was exposed to vulnerability CVE-2016-2183, exploiting a weak cipher "3DES-CBC" in TLS encryption. | prod00253270 |
65. | The BWM report feature does not belong to DPM and is an old feature that does not work. The fix was to remove the feature. | prod00252231 |
66. | When running MSTP, after reboot, even though ports were enabled, the Layer 3 interface was not up. | prod00251658 |
67. | In an SSL environment, when applications were configured with SSL offloading and '?0' in the request, the request was not forwarded to the back-end server, resulting in the application intermittedly not working. The fix was part of upgrading OpenSSL to 1.0.2.m. | prod00248606 |
68. | Using WBM, you could not upload the entire GeoLite2 database all at once. | prod00248321 |
Item | Description | Bug ID |
|---|---|---|
1. | A legitimate JSON request with allowed body was blocked. | DE30739 |
2. | Adding two refinements for the same URI with different character case caused an AppWall failure. | DE32155 |
3. | After upgrade, the AppWall console became inaccessible. | DE32294 |
4. | A failure occurred when parsing an encoded Base64 request. | DE32324 |
5. | Increasing the number of CUs did not affect traffic processing. | DE32559 |
6. | The wrong HTTP response code was generated when requesting AllowList APIs. | DE30691 |
7. | There were missing details in parameters when requesting the ExportTunnel API call. | DE31606 |
8. | The wrong HTTP response code was generated when requesting SecTunnels API calls. | DE31765 |
9. | There was an invalid type declaration with the HttpTunnels API call. | DE32872 |
10. | Visual icons did not change depending on the chosen option. | DE8734 |
11. | The wrong mandatory value was generated with the DatabaseRefinements API call. | DE32873 |
12. | A security page was not uploaded when using WebAppName. | DE33103 |
13. | A failure in auto-policy generation occurred after sending specific HTTP requests. | DE31185 |
14. | Under certain conditions, a failure occurred when parsing the HTTP response header. | DE31670 |
15. | AppWall management Application saved the configuration file even when Exit without Saving was selected. | DE31796 |
16. | The AppWall Management Application was not updated when the AppWall mode changed from Out-Of-Path to Inline. | DE30865 |
17. | The common landing page displayed no matter which links were selected from the Web Security menu. | DE31027 |