Item | Description | Bug ID |
---|---|---|
1. | In an IPv6 Hot Standby environment (where an IPv6 virtual router is configured), a panic occurred. | prod00256609 |
2. | In an SLB environment with an AppShape++ script and AppWall policy attached to the virtual server, the Web page did not load after refreshing the page in the browser. | prod00256604 |
3. | Shortly after configurationally enabling ports that were previously disabled, the MP CPU reached 100% and Layer 3 interfaces remained down. | prod00256438 |
4. | Shortly after configurationally enabling ports that were previously disabled, the MP CPU reached 100% and Layer 3 interfaces remained down. | prod00256381 |
5. | In an SLB environment with X-Forward for enabled on a virtual server and the current persistent binding mode set as cookie, intermittently the X-forward for and client IP address was not added to header. | prod00256343 |
6. | In a VRRP environment with the switch group enabled, when the directly connected Master device rebooted, the backup device moved to the INIT state rather than changing state to Master. | prod00256308 |
7. | In an SLB environment, when gateway per VLAN was enabled and operational, client traffic was forwarded to a switch port on which the VLAN gateway was learned rather than forwarding to the default gateway, causing client traffic to fail. | prod00256305 |
8. | In a monitoring environment with TACACS and command logging enabled, when executed the global commands together with a slash i.e. "apply/save", a panic occurred on the platform. | prod00256269 |
9. | In an SLB environment with some of the real servers containing multiple services (with the same IP address but different ports), if the ARP resolution did not yet finish, only the first health check towards that real server would get queued up, while the rest were discarded, resulting in the real server health check flapping. | prod00256171 |
10. | In a Global SLB environment, when a DSSP health check is configured as part of logical expression, the logical expression (logexp) health check did not work as expected. | prod00256104 |
11. | In a DNS SLB environment, when the real server's IP address was altered for the origin server to point the domain name, and if this address was same as a virtual server, a network loop occurred. As a fix, a validation has been added during the apply operation to not have same IP address on the virtual server and the real server. | prod00256101 |
12. | When using an APSolute Vision version 3.80.00 VM to configure Alteon, when performing an Apply or Save operation, errors occurred. | prod00256097 |
13. | Using the CLI, when trying to execute the command '/cfg/slb/gslb/dssphc", the following error message was not generated, as expected: Warning: This command is obsolete, use command \"/c/slb/real <ID>/health dssp\" per relevant remote server to get that server availability via DSSP | prod00256080 |
14. | Using WBM, the wrong number of Network Subnets within a Network Class displayed. | prod00256039 |
15. | Using WBM, when the UI timed out, the browser displayed the 'Authentication Required' pop-up to log in again, but also displayed a Configuration Error - The server is busy processing requests window. | prod00256037 |
16. | In a Global SLB environment on all user interfaces, uploading the GeoLite2 data base resulted in "406 Not Acceptable". | prod00256020 |
17. | In WBM, the HTTP HOST header value was used when redirecting the WBM request for "/" to the "/webui/default.html" path, incorrectly indicating an HTTP host header attack vulnerability. | prod00256016 |
18. | When executing a Revert Apply, the port links toggled, disturbing the data traffic. | prod00255974 |
19. | In an AppWall integrated with Alteon environment, the AppWall module logs failed to send syslog messages on the configured Alteon port (other than the default port). | prod00255958 |
20. | Using the CLI, when pressing Tab to view the command syntax, the output was displayed on the same line instead of the next line. | prod00255944 |
21. | When the IP fragmentation table was full, Alteon dropped the traffic. Commands have been added to the configure IP Fragmentation table size (/c/l3/fragtble) and to clear fragmentation table statistics (/oper/l3/ipfrgclr). | prod00255911 |
22. | Using WBM, when accessing the virtual services Create/Edit a Virtual Server pane, an IP address with 255 in the last octet (x.x.x.255) resulted in a validation error message. | prod00255880 |
23. | In an SLB environment, the SIPOPTIONS health check failed and caused a service outage. | prod00255846 |
24. | In High Availability Switch mode, on a backup device working as the DHCP relay, a MAC flap occurred. | prod00255842 |
25. | In a BGP environment, during BGP state change, SNMP traps were not generated. | prod00255839 |
26. | When vDirect Automation was run, traffic stopped going through Alteon. | prod00255800 |
27. | When the SNMP community string contained the @ symbol followed by any three (3) characters, the SNMP query failed, causing APSolute Vision to not add an Alteon device. | prod00255757 |
28. | In an SLB environment with an AppShape++ script configured, when a new group was configured and saved using WBM, after performing a Revert Apply operation, client requests were forwarded to a different real server rather than to the real server attached to the AppShape++ script. | prod00255713 |
29. | In an SLB environment with AppXcel (where delayed binding (dbind) set to forceproxy mode), the expected behavior of sending a client's ICMP error packets to the server without any source NAT caused a client MAC flapping issue on an adjacent Layer 2 device. | prod00255662 |
30. | You could not delete the syslog hosts from the configuration. The fix now accepts /c/sys/syslog/hst1 0.0.0.0 7 0 all 0 to delete the syslog host configuration. | prod00255621 |
31. | In an HA environment with data class configured, when performing configuration sync, the data class configuration was not synced while the rest of the configuration was. | prod00255467 |
32. | In an SIP SLB environment, when the SIP content-length was incorrect, Alteon stopped forwarding SIP messages. | prod00255411 |
33. | In FTP Active mode, due to an endian issue when performing TCP sequence adjustments for retransmitted PORT command packets, clients experienced FTP communication failures. | prod00255390 |
34. | In a Link Load Balancing (LLB) environment, during client processing of the ICMP destination with an unreachable packet containing a payload matching an outbound-LLB session, a panic occurred. | prod00255311 |
35. | In an SLB environment, when both nonat and rport were configured for a DNS service, nonat overrode the rport settings, causing packets to be sent to the real server without modifying the rport configuration. | prod00255261 |
36. | In an SLB environment with the metric set to phash, when requests arrived from a few specific client IP addresses, Alteon failed to distribute the traffic among the real servers. | prod00255226 |
37. | In an SLB environment with acceleration, if a caching policy was associated with a service, the persistency timeout (/c/slb/virt 1/service 80/ptmout X) was ignored and the persistency entry was created only after 10 minutes of timeout. | prod00255203 |
38. | When the security configuration was set to /c/security/websec/authsrv/ldap <n>/base xyz, and a sync was performed or the device was rebooted, this configuration was lost. | prod00255197 |
39. | When processing SSL data from the WBM client over the management port, a panic occurred. | prod00255158 |
40. | In an AppWall integrated on Alteon environment, you could access the AppWall configuration even though no AppWall license was installed. | prod00255121 |
41. | In an SLB environment, using the REST API, when configuring other applications, reserved ports reserved ports such as 20, 21, 69, 389, and 5060 were allowed. | prod00255070 |
42. | In an IPv6 environment with link local address configured, connection to device with an IPv6 gateway address did not work. | prod00255054 |
43. | Using the CLI, while configuring an LDAP health check, the usage/guidance message for the LDAP bind input was not clear, leading to misconfigured input. | prod00255049 |
44. | When the default gateway ARP entry aged out and health check instances attempted to send a TCP SYN to real servers, an ARP burst for the default gateway flooded the network. | prod00255045 |
45. | For servers indirectly connected to Alteon, the Maximum Segment Size (MSS) was set to 536 in the TCP header, causing servers to segment their large-sized packets. | prod00255000 |
46. | In a BGP environment with VIP advertisement send enabled (/cfg/l3/bgp/vipa e) and the virtual server configurationally disabled, if the virtual server had active sessions, it was not removed from the ARP and routing tables. | prod00254987 |
47. | When attempting to log in through a TACACS server, after a few unsuccessful login attempts Alteon rebooted. | prod00254981 |
48. | In an SLB environment, when a client request arrived with a query that was followed by some malicious content in the URI, Alteon incorrectly identified the query string. | prod00254978 |
49. | During configuration synchronization, when configuring a real server with the name and ID greater than 32 bytes, when the real server was synced to a peer device, a dummy real server was also created. | prod00254923 |
50. | In a Layer 7 SLB environment, when a non-existent Web application was associated with a content class, even though the content class was in the disabled state, after performing an Apply a panic occurred. | prod00254841 |
51. | In a VRRP hot standby environment, right after a VRRP fail-over due to a link down at the master site, a network loop occurred. To fix the network loop in this scenario, a new command was introduced: /cfg/l3/vrrp/fovdelay. When enabled, the new master moves blocked ports to forwarding after the master interval, avoiding a network loop. The health checks and services are delayed and the client traffic is not processed. If the command is disabled, the new master moves blocked ports to forwarding after 100 milliseconds (after about 1024 milliseconds for IPv6), as it does today. Note: By default, fovdelay is disabled. The command can be enabled only if hot standby is also enabled (/cfg/l3/vrrp/hotstand e). | prod00254831 |
52. | In an SLB environment, when the real server ID definition was very long, configuration synchronization did not work. | prod00254812 |
53. | In a SIP SLB environment with forceproxy, the SIP packets were dropped, even with very low traffic. | prod00254798 |
54. | In SLB environment using REST API, real server statistics using the API command SlbStatEnhContRuleActionGroupTable did not display all the information properly. | prod00254759 |
55. | In an SLB environment, even though the gateway mentioned in the ICMP packet was not in the subnet of the real server, Alteon forwarded (load-balanced) ICMP redirects (ICMP Type 5, Code 1 / redirect for host) to the real server. | prod00254440 |
56. | In an SLB environment, when attempting to configure two different virtual servers with same the SERVICE port, the same VIP, and a unique source network, the following error displayed: Virtual server region1 has the same IP address and vport and Source Network as virtual server region2. | prod00253836 |
57. | In a virtualization environment on an ADC-VX using WBM, after importing the WBM certificate, key, and intermCA, there were issues with the diff display and the Certificate Repository displayed nothing in WBM. | prod00253613 |
58. | In an SLB SmartNAT environment, a real server's IP address could not be the same as the SmartNAT local address and was prevented by a configuration validation. To support this scenario, real proxy is now mandatory. As a result, during configuration validation, if the SmartNAT local address matches any real server's IP address, the real server is checked for its proxy (address/nwclss mode). If not, a validation error message displays. During proxy processing, SLB's (VIRT/FILT) server traffic returning to the PIP address is classified, and this classification is used in the server processing. | prod00253260 |
59. | Using WBM, both the techdata and packet capture exports caused health checks to stop for a long interval. | prod00253174 |
60. | Alteon was vulnerable to CVE-2107-3730, AlteonOS OpenSSL. The OpenSSL version has now been upgraded to version 1.0.2. | prod00251523 |
61. | Alteon was vulnerable to CVE-2107-3731, AlteonOS OpenSSL. The OpenSSL version has now been upgraded to version 1.0.2. | prod00251521 |
62. | Using WBM, In an SLB environment with SSL certificates, a user with the username crtadmin could not be used to log in to the device, although it worked using CLI. | prod00248567 |
63. | In an SLB environment, the IDS servers could not be configured without an IP address, and an error displayed during Apply. | prod00244588 |
64. | When the RADIUS server was down, when logging in to or logging out from RADIUS through Alteon, a panic occurred. | DE27909 |
Item | Description | Bug ID |
---|---|---|
1. | When an HTTP parsing failure occurred, an incorrect security event message displayed. | DE24622 |
2. | Under certain conditions, the options “Support Base 64 Data” and “Support XML Data” within the database filter became disabled although they had been enabled. | DE23364 |
3. | The HTTP parser blocked requests with a double slash in the URL without any security event. | DE25505 |
4. | When changing the Cluster Manager’s management IP address, policy sync between the nodes and the Cluster Manager failed. | DE24408 |
5. | The AppWall disk partition became full due to an unmanaged log file. | DE25918 |
6. | When connecting with TACACS to AppWall, the Administration Event in Forensics did not display the login name. | DE27516 |
7. | In a first time configuration change after the Alteon upgrade process, a failure sometimes occurred in the AppWall configuration file once changes were applied. | DE27962 |
8. | Different AppWall instances running on the Alteon platform sent logs to APSolute Vision with different hostnames, but with the same management IP address. | DE28056 |
9. | The AppWall Management application failed after creating a complex RegEx in the security policies settings. | DE28086 |
10. | The hostname field truncated in the logs sent to APSolute Vision. | DE28456 |
11. | Under certain conditions, AppWall sent messages to APSolute Vision with the wrong destination IP address in the message. | DE28650 |
12. | Under certain conditions, the tunnel name was not properly imported during an import process. | DE28721 |