Release Notes > What’s CHANGED in 33.5.2.0
What’s CHANGED in 33.5.2.0
 
SSH Library Upgrade to Support SHA2 MAC Algorithm
Proxy ARP Entries
External Health Check
EAAF for Alteon Feed Eligibility Based on GEL Entitlement
FastView GUI Configuration Removal
OpenSSL Upgrade
AppWall Integrated
SSH Library Upgrade to Support SHA2 MAC Algorithm
The Mocana SSH library was upgraded to support the SHA2 MAC algorithm.
It is now possible to disable the hmac-sha1 MAC algorithm using the following command:
/cfg/sys/access/sshd/weakmac command
NFR ID: 210718-000079
Proxy ARP Entries
Prior to this release, the number of Proxy IP (PIP) addresses that could be configured on Alteon was limited to 2048 because only 2048 ARP entries were reserved for PIP. This has now been increased to up to 8192 entries for IPv4 PIP addresses and up to 4096 NBR entries for IPv6 PIP addresses.
NFR ID: 220303-000127
External Health Check
The external script capability that was released in version 33.5.0.0 for ADFS health checks can now be used to define generic external health checks.
Notes
*Currently, curl is the only command-line tool these scripts support.
*To use this capability on a vADC, the ADC-VX must also be updated to version 33.5.2.0.
Limitation: This capability does not currently work on Alteon VAs installed using an Ubuntu18 image.
EAAF for Alteon Feed Eligibility Based on GEL Entitlement
Alteon devices deployed with the GEL Secure Pro license are now eligible for the ERT Active Attacker feed download directly from MIS or via APSolute Vision versions 5.4 and 4.85.20 based on the entitlement ID and without the need to register the devices’ MAC addresses.
FastView GUI Configuration Removal
Starting with this version, the FastView configuration is only available via the CLI.
OpenSSL Upgrade
The OpenSSL version was updated, for both the data and management path, to version 1.1.1p.
AppWall Integrated
*Signature Operation Mode:
A new Operation mode, Forced Active, is now available. If the Database Security filter or the Vulnerabilities Security filter are in Passive mode, the RuleID or PatternID configured as Forced Active will block the traffic.
From the AppWall Management Console, in the Database Security filter, the configuration has been consolidated. Two tabs exist today:
*Rule Operations allows the configuration of the Auto Passive Mode, the definition of the Operation Mode for any RuleID, and an aggregated view of the Database Security filter of each Application Path where the Database filter is defined.
*Parameter Refinements allows to exclude RuleIDs per parameters/headers.
*FileUpload Security filter:
*Support of files with no extension.
*Advanced support of files upload with content the Content-Type multipart/form-data.