Item | Description | Bug ID |
|---|---|---|
1. | Alteon XL and Extreme model platforms were vulnerable, on the data path only, to an Adaptive chosen-ciphertext (Bleichenbacher) SSL attack when using RSA key exchange, CVE-2017-17427. This vulnerability is now resolved. Note: For 5224 XL/EX and 5412 XL/EX platforms running in ADC-VX mode, the ADC-VX image must also be upgraded to this version in order to resolve the vulnerability. | DE34293 |
2. | Using WBM, with automatic sync enabled, when Apply was performed after a configuration change, and then Revert Apply was performed, the Sync button remained pressed until the user clicked it again. | DE27847 |
3. | The certificate hit statistics were zeroed out for VIPs and filters. | DE24635 |
4. | In a VRRP environment, the backup Alteon did not change the source MAC and used the proxy MAC while routing the packet on the backup device. | prod00259176 |
5. | Using WBM, after performing a revert-apply with audit enabled, due to a garbage value of buffers in the username string of the audit message, a panic occurred. | prod00258609 |
6. | Using WBM, when importing a PFX file, even though the passphrase was correct, it failed with the following error: 406 Not Acceptable. Invalid passphrase | prod00258487 |
7. | Using WBM through Chrome, the MP spiked to 100%. | prod00258466 |
8. | In an AppWall-integrated environment, the Websec tunnel was flapping and four (4) core dumps generated for AppWall. | prod00258330, prod00257819 |
9. | In an RSTP environment, when a STP port went down, a non-STP port was also moved to the discard (DISC) state for a short period. | prod00258276 |
10. | Alteon stopped forwarding packets intermittently to a directly reachable destination. | prod00258186 |
11. | In an SLB filters environment, after an upgrade, the configuration flag matchdev under the filter was not restored correctly, causing incorrect filter handling and Alteon to not respond to SMTP incoming traffic | prod00258154 |
12. | When using a network class as proxy IP (NAT) addresses, some PIPs did not respond to ARP requests and did not send a GARP after HA switchover. | prod00258138 |
13. | Using WBM, when an SSL policy was configured and the Intermediate CA Type was changed from Group to None, Alteon closed the sessions that arrived at the virtual services using that SSL policy with a FIN packet without opening a back-end session to the real server, due to configuration corruption. | prod00258134 |
14. | After the change to the licensing scheme for DPS, it was not possible to install new instances of Alteon in Cloud WAF. | prod00258133 |
15. | In an SLB environment with the virtual service action set to discard or redirect, and a mixed version of a PIP address for the virtual service configured, Alteon failed to apply the configuration. | prod00258123 |
16. | After upgrading to 30.2.8.0, management access via a data port failed. Note: The default value for /cfg/sys/access/port was changed from data port to the management port. | prod00258050 |
17. | In an SLB environment with the redirect action on a service, when the delayed binding (dbind) was automatically enabled, a panic occurred. Note: The fix was to change the default value of redirect action to dbind forceproxy, and to issue a warning if the user configures the redirect action with `dbind ena` | prod00258045 |
18. | In a virtualization environment, when downloading techdata from a vADC, the syslog files were missing from the techdata output. | prod00258040 |
19. | Using WBM, with FQDN configured, when the user tried to access Alteon WBM with a forward slash ("/") in the path, Alteon redirected traffic to the IP address instead of the FQDN host. | prod00258032 |
20. | In an SLB environment, when a server group was configured with the roundrobin metric, the first client request always selected the last real server associated to that group, and selection of a real server was local to the server group. | prod00257896 |
21. | Using the CLI, the command /cfg/slb/virt 1/service 80 http/http/httpslb others, an empty HTTP header name was not allowed, and the same change using APSolute Vision or WBM caused a configuration corruption. | prod00257807 |
22. | In a configuration with DNSSOA objects configured, after upgrading the Alteon version, the configuration failed to apply after reboot, and the entire configuration was in diff. | prod00257769 |
23. | The TCP RST frame composed by Alteon was not designed per the RFC with 'srvdown reset' /creset features. As per RFC 793, the device must use the sequence number as zero if the packet it is resetting does not contain an ACK. However, Alteon used the client sequence number as the sequence number and acknowledgement number in the RST packet. | prod00257751 |
24. | In a virtualization environment, when the primary ADC-VX was upgraded, a panic occurred on the secondary ADC-VX. | prod00257744 |
25. | In an SLB environment, the passive cookie persistent entries never were aged out or cleared. | prod00257741 |
26. | Using WBM, when editing an HTTP Content Modification rule action, even though the rule action was changed from "replace/insert" to "remove", Alteon did not remove the path. | prod00257738 |
27. | In an AppWall-integrated environment, adding two refinements for the same URI with different character cases caused an AppWall failure. | prod00257707 |
28. | In an SLB environment, the backup server participated in load balancing even though the primary real server was restored to normal: the current sessions were reduced from the maximum connection (maxcon). | prod00257649 |
29. | Using WBM, the temperature and fan statuses displayed incorrectly. | prod00257616 |
30. | Using WBM with health checks configured, when a scripted SMTP health check was configured from WBM, Alteon removed the escape character '\' (backslash) when parsing the incoming data received from WBM. | prod00257611 |
31. | In a DNS environment with two FQDN real servers configured with the same FQDN, because of case insensitivity after TTL expiration, new DNS requests were not sent to one of the FQDN real servers. | prod00257605 |
32. | In a Global SLB environment, Alteon selected the incorrect IP address by using network fallback. For example, if Site1 Alteon lost connectivity to all defined public servers (its own public virtual and remote servers, if configured) while its private virtual server was UP (in a production environment, other servers could be utilized for internal clients), external clients would incorrectly resolve with a private IP address instead of not receiving responses at all. The absence of a response forces their DNS resolver to query the next NS record (Site2 Alteon) that potentially could resolve with valid public IP address. However, as this behavior is desirable to support GEO-based load balancing (DC preference) while allowing DC failover in case of a DC failure (a pure public environment), the fix was to add a command to control this behavior: /cfg/slb/gslb/rule <rule#>/fallback [ena|dis]. The command default is disabled for newly created rules, but upgraded rules from previous versions have the command default as enabled. | prod00257576 |
33. | In the Alteon VA CLI, even though the command /info/transceiver is not applicable to Alteon VA, it displayed and the command output displayed garbage values. Note: This command was removed from the Alteon VA CLI. | prod00257465 |
34. | In SLB environment with content rules attached, content rules statistics fetched through REST API returned invalid statistics. | prod00257452 |
35. | Using WBM, you could not add an SLB POP3 application as there was no way to enter the server group. | prod00257433 |
36. | In an SSL environment, when an SSL key was deleted and the associated server certificate was modified with the same Apply, the syslog message AlteonOS <system>: Saved config is not proper. Modify configuration or Reset vadc with factory config displayed. Alteon had to be rebooted to fix the service outage issue. | prod00257404 |
37. | Using the CLI, the /cfg/dump command allowed normal users to use parameters a, b, c, d, n, and s, while only Support users should be allowed to use them. | prod00257361 |
38. | In a virtualization environment, the administrator password (/cfg/vadc x/user/admpw xx) for a vADC was not synchronized properly between the vADC and the ADC-VX configuration. | prod00257301 |
39. | Using the CLI, the ACK message for the command /oper/slb/gslb/rrem did not indicate whether any remote entries were actually deleted correctly, especially when there were no remote entries. | prod00257211 |
40. | When the Defense Messaging syslog configuration was added, because the port was set by default to 0, the Apply failed. | prod00257110 |
41. | Using the CLI, the command for the GSLB persistence table (/i/slb/gslb/pers <IP Address> <Mask>) displayed entries that were different from the IP address specified. | prod00257028 |
42. | Using the CLI, the command for GSLB persistence table (/i/slb/gslb/pers <IP Address> <Mask>), displayed the entire table with irrelevant entries, instead of a single entry. | prod00257027 |
43. | The HTTPS management access to IPv6 (data) IP addresses did not work. | prod00257014 |
44. | In an SLB environment with delayed binding (dbind) enabled, the MSS value was taken from the client's SYN packet and used in the response. If client packets arrived with MSS 8960 (jumbo packets), Alteon used this value in the response even though Alteon does not support jumbo packets. | prod00256891 |
45. | In a DNS SLB environment, when selecting the back-end real servers, the configuration was not saved. | prod00256845 |
46. | When configuring Alteon using REST API, when attempting to add a real server in the GSLB network rule, there was no option to input the Preference field. | prod00256749 |
47. | When receiving an ICMP unreachable message on the Alteon management port, a panic occurred | prod00256739 |
48. | In a Smart NAT environment, when using the same public address for static NAT and dynamic NAT, the response for outbound traffic (that matched the dynamic NAT entry when generated) matched the static NAT entry, and was NATed incorrectly. Note: As a fix, a warning message was added when using the same dynamic NAT address as the static NAT address. | prod00256734 |
49. | In an AppWall-integrated environment, with DNS defined via a data port, the Automatic Signature and Geo Location updates were not successful. | prod00256698 |
50. | With the Alteon DPS licensing model, when using the aas-perform-cookie license, you could not enable the LinkProof module. | prod00256619 |
51. | In an SLB environment with an AppShape++ script and an AppWall policy attached to the virtual server, the Web page was not loaded after refreshing the page on the browser. | prod00256606 |
52. | Using in the CLI in a virtualization environment, when running the command /cfg/gtcfg all command on an ADC-VX, the configuration of last vADC was not restored. | prod00256594 |
53. | In an SLB environment, when performing an Apply with any SLB- or VRRP-related configuration, all the current sessions were cleared out. | prod00256591 |
54. | Using the CLI, when using the /maint/pktcap/captures command for Wireshark captures, the packet time in the Wireshark capture displayed for the next day's capture, but Alteon displayed only the current date and time. | prod00256556 |
55. | Because some DHCP Discover messages were not relayed to the DHCP server, smartphones were not able to receive IP addresses. | prod00256554 |
56. | In an SSL environment, changing the user-defined-expert cipher-suite did not work until after reboot. | prod00256524 |
57. | Using WBM in a monitoring environment, you could not load the "virtual servers" status when accessing Alteon through a data port. | prod00256494 |
58. | In an Alteon HA environment, when attempting to configure a slave, the slave started to announce OSPF hosts and its router received two similar routes. | prod00256301 |
59. | The command usage text of the ena and dis commands in the /cfg/l2/lldp menu displayed "llldp" instead of "LLDP". | prod00256271 |
60. | Using WBM, the SSL key with Key Passphrase could not be imported. | prod00256220 |
61. | WBM users were not removed from the who list after idle timeout of the WBM session. Note: The following new CLI command has been added. Because this is an operator command, it is not supported for WBM/SNMP. >> Standalone ADC - Access menu# /oper/sys/access/termwbm USER COS TERM LOGIN TIME FROM IP LAST CMD ==== === ==== ========== ======= ======== 1. admin admin WBM 11:54:42 10.75.20.128 Press <enter> to terminate all the WBM connections, or Enter <index> and press <enter> to terminate the respective connection | prod00255937 |
62. | Using WBM, In an Alteon SLB environment, when configuring the maximum number of services on a server and the last service with content rules, the list of content rules for Content Based Rules of Selected Virtual Service did not display. | prod00255365 |
63. | In an SLB environment, when compression was disabled and APM was enabled, the Web page became blank without any response body data. | prod00255333 |
64. | The BWM report feature does not belong to DPM and is an old feature that does not work. The fix was to remove the feature. | prod00254434 |
65. | In a virtualization environment on a vADC, there was no enforcement for AppWall throughput allocation. Note: As a fix, when the vADC does not have allocated resources for AppWall, a warning displays. | prod00254264 |
66. | Using WBM, when using a clone to duplicate an existing virtual server, when selecting new SSL data for the new virtual server, Alteon also changed the SSL setting for the original virtual server. | prod00253450 |
67. | When running MSTP, after reboot, even though ports were enabled, the Layer 3 interface was not up. | prod00251659 |
68. | In an SSL environment, when applications were configured with SSL offloading and '?0' in the request, the request was not forwarded to the back-end server, resulting in the application intermittently not working. The fix was part of upgrading OpenSSL to 1.0.2.m. | prod00248607 |
69. | Using WBM, you could not upload the entire GeoLite2 database all at once | prod00248324 |
70. | When deployed a new Alteon VA or performing a recovery, the syslog messages time stamp incorrectly displayed. | DE31754 |
Item | Description | Bug ID |
|---|---|---|
1. | A legitimate JSON request with allowed body was blocked. | DE30739 |
2. | Adding two refinements for the same URI with different character case caused an AppWall failure. | DE32155 |
3. | After upgrade, the AppWall console became inaccessible. | DE32294 |
4. | A failure occurred when parsing an encoded Base64 request. | DE32324 |
5. | Increasing the number of CUs did not affect traffic processing. | DE32559 |
6. | The wrong HTTP response code was generated when requesting AllowList APIs. | DE30691 |
7. | There were missing details in parameters when requesting the ExportTunnel API call. | DE31606 |
8. | The wrong HTTP response code was generated when requesting SecTunnels API calls. | DE31765 |
9. | There was an invalid type declaration with the HttpTunnels API call. | DE32872 |
10. | Visual icons did not change depending on the chosen option. | DE8734 |
11. | The wrong mandatory value was generated with the DatabaseRefinements API call. | DE32873 |
12. | A security page was not uploaded when using WebAppName. | DE33103 |
13. | A failure in auto-policy generation occurred after sending specific HTTP requests. | DE31185 |
14. | Under certain conditions, a failure occurred when parsing the HTTP response header. | DE31670 |
15. | AppWall management Application saved the configuration file even when Exit without Saving was selected. | DE31796 |
16. | The AppWall Management Application was not updated when the AppWall mode changed from Out-Of-Path to Inline. | DE30865 |
17. | The common landing page displayed no matter which links were selected from the Web Security menu. | DE31027 |