Upload
donald-lucero
View
222
Download
0
Embed Size (px)
Citation preview
8/3/2019 NSP_5.1.7.7-5.1.7.44_5.1.7.43_Release_Notes
http://slidepdf.com/reader/full/nsp5177-5174451743releasenotes 1/9
Network Security Platform v5.1 Page 1Release Notes
McAfee® Network Security Platform[formerly McAfee® IntruShield®]
Release Version 5.1
(Document was revised on 07/09/09)
Software versions in this release
This document applies only to the following software versions.
Network Security Manager Image for Windows
Server 2003/MySQL Signature set
Network Security
Sensor M-6050/ M-8000 image
Network Security
Sensor M-3050/ M-4050 image
Network Security
Sensor M-2750 image
Network Security
Sensor M-1250/ M-1450 image
5.1.7.7 5.1.16.22 5.1.7.33 5.1.7.31 5.1.7.43 5.1.7.44
This 5.1 maintenance release is for addressing Sensor software issues in M-series Sensor models: M-1250, M-1450,
and M-2750.
The 5.1.7.7 Manager image includes a critical fix related to signature set push failure to I-series Sensors [version
5.1.1.16 and 5.1.5.6] with certain combinations of policies, UDSes, and alert filters.
This version of 5.1 Manager software can be used to configure and manage I-series, M-series, and N-series Sensors.
700-2013-00
8/3/2019 NSP_5.1.7.7-5.1.7.44_5.1.7.43_Release_Notes
http://slidepdf.com/reader/full/nsp5177-5174451743releasenotes 2/9
Network Security Platform v5.1 Page 2Release Notes
Contents
1 What’s new in this re lease . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 2 I ssues reso lved in this re lease . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 2.1 Resolved Sensor software issues ........................................................................................................................ 3 2.2 Resolved Manager software issues ..................................................................................................................... 4 3 Known outstanding issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . 5 3.1 Known Sensor software issues ........................................................................................................................... 5 3.2 Known Manager software issues ......................................................................................................................... 5 4 Instal lat ion and upgrade notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. 7 5 Technical ass istance and problem report ing . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. 8 6 More Information . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
700-2013-00
8/3/2019 NSP_5.1.7.7-5.1.7.44_5.1.7.43_Release_Notes
http://slidepdf.com/reader/full/nsp5177-5174451743releasenotes 3/9
Network Security Platform v5.1 Page 3Release Notes
1 What’s new in this releaseThis section details the additions and/or enhancements delivered with the 5.1 Release.
2 Issues resolved in this releaseThe following table contains issues resolved in this release of Network Security Platform 5.1.
Infrastructure upgrade for Manager
With this release of 5.1, the Manager software runs on Apache httpd version 2.2.11 (bundled with OpenSSL version
0.9.8j).
2.1 Resolved Sensor software issues
High severity Sensor software issues
ID # Issue
496162 When the ACL Rule action is set to Permit for TCP-based protocols, network delay/packet drops is
seen on connections matching the ACL Permit rule.
494437 Sensor performance can drop during policy push from the Manager to the Sensor.
485480 After a Sensor reboot, the ports are enabled before the Sensor is ready to process traffic.
483130 Some enhancements done to the SSH protocol (first released in signature sets 4.1.46.13/5.1.16.12),
exposed an error condition in the Sensor software that could cause performance/latency issues on the
Sensors when parsing certain types of SSH traffic.
473739 Sensor occasionally reboots to recover from an internal error.
466116 Alert process in the sensor crashes after sensor is up for long period of time.
Medium severity Sensor software issues
ID # Issue
476538 SYN Cookie, Host Quarantine and Guest Access redirection do not work.
Low severity Sensor software issues
ID # Issue
466141 IP Spoofing outbound drop counter does not work.
700-2013-00
8/3/2019 NSP_5.1.7.7-5.1.7.44_5.1.7.43_Release_Notes
http://slidepdf.com/reader/full/nsp5177-5174451743releasenotes 4/9
Network Security Platform v5.1 Page 4Release Notes
2.2 Resolved Manager software issues
High severity Manager software issues
ID # Issue
473839 The signature set push fails to an I-series Sensor (with version 5.1.1.16 or 5.1.5.6) when the Sensor is
configured with certain combinations of policies, UDSes, and alert filters.
469523 The signature set push fails when trying to add M-6050 Sensors on a Manager upgraded from 4.1 to
5.1.
462552 During an upgrade from 5.1.1.5 to 5.1.5.6, scheduled reports are lost.
451630 Database purging fails for performance metrics data.
451380 If the report generation is canceled while generating a PDF report in Japanese, an error occurs.
Medium severity Manager software issues
ID # Issue
474260 "Sensor configuration download failure" and "Signature set download failure" fault messages show up
after completing an upgrade from 3.1 > 4.1 > 5.1.
466520 Unable to open the View/Edit Attack response page in the Threat Analyzer.
465002 The Manager does not display the creation date for newly created incidents; the date is displayed after
a restart of the Manager.
465731 Incorrect data is displayed in the Incident Viewer after acknowledging an alert.
466339 In the Big Movers report, the values displayed under 'Previous Attack Count Value' and 'Recent Attack
Count Value' are interchanged.
467085 Syslog forwarding does not work for sending attack counts on custom strings.
467357 After upgrading to 5.1.5.6, a Local Manager connected to the Central Manager is unable to display
data from an LDAP Server that was explicitly defined in a Local Manager before the upgrade.
467358 Unable to generate User Defined Reports.
471191 In Japanese OS, scheduled reports zip and html file name in the File Download window appear as
garbled text.
This fix ensures that the File Download window will render the file name in Japanese font properly,
and the zip file name is also proper along with the extension.
For rendering the .html file name in Japanese font, there is no JDK support for this issue -
http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=4244499. Currently, the winRAR tool can be
used for opening of this zip file but this will not render the .html file name in Japanese font properly.
471624 The Threat Analyzer "Group By Interface" does not show the expected result when more than one
Sensor reports attack on the same port number.
471756 Database connectivity issue with the secondary Manager of MDR and as a result, several email alerts
are being generated.
700-2013-00
8/3/2019 NSP_5.1.7.7-5.1.7.44_5.1.7.43_Release_Notes
http://slidepdf.com/reader/full/nsp5177-5174451743releasenotes 5/9
Network Security Platform v5.1 Page 5Release Notes
3 Known outstanding issuesThe following tables contain the known, outstanding issues for this release of Network Security Platform 5.1.
3.1 Known Sensor software issues
Medium severity Sensor issues
ID # Issue Workaround
432648 [NAC]When multiple interfaces are active on a host
simultaneously, and a single Sensor sees traffic from the same
host, NAC can be done only on traffic from one of the interfaces.
Ensure that your NAC configuration is
enabled for only one interface on the
Sensor.
432067 [McAfee NAC] The OS information for MAC hosts are displayed
as “Unknown” instead of “Unmanageable”.
None
422502 Fragmented packets within tunneled traffic are dropped whenboth inner and outer headers are fragmented.
Disable tunneling using "setparsetunneledtraffic
disable"
426038 ACLs do not work when applied to tunneled traffic. None.
423144 Attack detection does not work for tunneled flows containing
MPLS or double VLAN tagged packets.
None.
394083 When TACACS+ is used with a 64 character encryption key,
remote authentication fails.
Use a key of 63 characters or less.
391706 Only in the case of copper SFPs set to 1Gbps w/auto-negotiation,
ports can come up at 100Mbp or 10Mbps depending on the
behavior of the peer device. All other configurations (fiber SFPs
and 10Mbps or 100Mbps copper set to auto-negotiation) result inbehavior that matches the documentation. If the peer device
supports the configured speed the link comes up, otherwise it
does not.
Reconfigure using ISM to match peer
port setting.
366047 Some stats displayed by the sensor CLI command “show
inlinepktdropstats” are not cleared when the “clrstats” command
is entered at the CLI.
None
3.2 Known Manager software issues
High severity Manager issues
ID # Issue Workaround
474838 After upgrading from 4.1.11.4 to 5.1.7.5, the scheduled reports
generation fails.
After upgrade, edit and save all
scheduled reports once without any
change. This will provide the
information required for the report
format. Following this, you can
generate the upgraded scheduled
reports.
Newly created reports will work
700-2013-00
8/3/2019 NSP_5.1.7.7-5.1.7.44_5.1.7.43_Release_Notes
http://slidepdf.com/reader/full/nsp5177-5174451743releasenotes 6/9
Network Security Platform v5.1 Page 6Release Notes
High severity Manager issues
ID # Issue Workaround
without any issue.
454395 After upgrading from 4.1 to 5.1, the configurations for alert filters
and rule sets created in the Central Manager [before upgrade]
are not pushed to the Manager automatically.
The rule sets and alert filters created
before upgrade can be pushed to the
Manager by forcibly doing Full
Synchronization through Central
Manager.
241789 (Client on Windows 2003 and IE 6.0) Any Export/Import
functionality closes the Configuration Tool window.
This functionality is currently
unavailable when using the ISM
client on a Windows 2003 system.
Use Windows XP instead.
If you wish to use Windows 2003,
use IE 7.0 as your browser.
Medium severity Manager issues
ID Summary Workaround
475945 On changing the NAZ policy on the Threat Analyzer for a VPN
Host, the new NAZ policy name is not dynamically updated on
the Threat Analyzer, but gets correctly updated on the Sensor.
Restart the Threat Analyzer.
475864 On importing the sensor configuration into the Manager, the
‘IPv4 Fragment Reassembly’ field is not correctly updated.
Manually change the setting for ‘IPv4
Fragment Reassembly’ after import.
432613 [IBAC] The backup AD for a domain in the user identity store is
not used for role derivation lookup if the primary AD for the
same domain is down.
None
432259 OS information for unmanageable hosts is not displayed in the
Threat Analyzer Hosts page.
None
374833 When users with system security roles access the Managerusing the Central Manager, and attempts to add/modify
configurations, a blank page is displayed.
None
344861 Received the anomSnmpGetNextTimedDosEndTime exception
while accessing the Manage DoS Filters page.
None
341718 In Alert Manager preferences, when the Max row limit value is
increased, it requires a restart for the changes to take effect.
Restart the Alert Manager.
315951 The Resource Tree does not refresh after changing from span to
inline mode.
Perform a manual refresh after
changing the mode.
307619 In Alert Manager, description for Entercept alerts is blank. None.
280073 The long running processes status page does not display statusfor ‘online backup’ and ‘reading from the database’ operations
None.
244712 Bulk editing a very large number of attacks causes 100% CPU
utilization.
None.
231216 In some instances, the faultlog table may not get updated (for
example, a fault persists after acknowledgement).
None.
231052 Archive files larger than 4GB become corrupted due to .ZIP file
format limitations.
Any time you create an archive,
validate the archive on a separate
700-2013-00
8/3/2019 NSP_5.1.7.7-5.1.7.44_5.1.7.43_Release_Notes
http://slidepdf.com/reader/full/nsp5177-5174451743releasenotes 7/9
Network Security Platform v5.1 Page 7Release Notes
Medium severity Manager issues
ID Summary Workaround
machine before deleting alerts and
packet logs that have been archived.
An archive file larger than 4GB is verylikely corrupted.
454399 "Synchronization Required" (Manager List -> Policy
Synchronization tab) status is not becoming true when Alert
filters / Rule Sets are created in the Central Manager after
upgrade. Reason column also remains blank.
None
Low severity Manager issues
ID # Issue Workaround
449608 NAZ Assigned by Admin is not updated in the NAC Dashboard. None
431480 The Threat Analyzer displays the session time as "Not Available" for
quarantined hosts after a sensor reboot.
None
233770 SNMP Traps are not including all details for UDS attacks. None.
4 Installation and upgrade notesThe following table provides the Network Security Platform components versions supported for upgrading to this
release of 5.1 Sensor and Manager software:
Manager image M-6050, M-8000 Sensor Image
M-3050, M-4050 Sensor Image
M-2750 Sensor Image
M-1250/M-1450 Sensor Image
5.1.1.5 or above 5.1.7.4 5.1.7.2 5.1.7.4 5.1.7.11
4.1.11.5 or above 4.1.11.10 5.1.3.12
4.1.7.27
Upgrade from the 4.1 version of the Sensor software is not applicable for the following models:
M-1250, M-1450, M-2750, M-3050, M-4050
If you have 4.1 M-6050/M-8000 Sensors in your setup, and are planning to upgrade to 5.1, note that features
such as VLAN bridging and parsing of GRE tunneled traffic are not supported on M-series Sensors in 5.1.
700-2013-00
8/3/2019 NSP_5.1.7.7-5.1.7.44_5.1.7.43_Release_Notes
http://slidepdf.com/reader/full/nsp5177-5174451743releasenotes 8/9
Network Security Platform v5.1 Page 8Release Notes
5 Technical assistance and problem reportingTechnical support may request certain information from you to assist you in troubleshooting. A description of this
information is provided in Troubleshooting Guide.
5.1.1 On-line
Contact McAfee Technical Support at http://mysupport.mcafee.com
Registered customers can obtain up-to-date documentation, technical bulletins, and quick tips on McAfee’
24x7 comprehensive KnowledgeBase. In addition, customers can also resolve technical issues with the
online case submit, software downloads, and signature updates.
5.1.2 Via Phone
Technical Support is available 7:00am to 5:00pm PST Monday-Friday. 24x7 Technical Support is available for
customers with PrimeSupport Priority or Enterprise service contracts.
Phone: 1-800-338-8754 (US Toll Free) or +1.972.963.8000 (Outside US)
Note: McAfee requires that you provide your GRANT ID and the serial number of your system whenopening a ticket with Technical Support. You will be provided with a username and password for the
online case submission.
6 More InformationTo view the complete Network Security Platform 5.1 Documentation,
1. Go to http://mysupport.mcafee.com/Eservice/ 2. Click ‘Read Product Documentation’.
3. To view sensor related information, under ‘Product’ categories, select:
Network Security Sensor Hardware - select the sensor model number followed by version as 5.1
Network Security Sensor Software - select the version as 5.1
4. Similarly, to view Manager related information, under ‘Product’ categories, select:
Network Security Manager Software
Refer the table below if you are looking for more information on Network Security Platform 5.1:
Information regarding… Where can I find?
Information on the immediate previous 5.1 releases:
5.1.7.7 - 5.1.7.4/5.1.7.2 [M-6050,M-8000/M-3050,M-
4050]
5.1.5.9 - 5.1.7.4/5.1.7.2 [M-6050,M-8000/M-3050,M-4050]
5.1.5.9 - 5.1.3.12 [M-3050,M-4050]
5.1.5.7 - 5.1.3.5 [N-450]
5.1.5.6 - 5.1.5.6 [I-series]
Go to http://mysupport.mcafee.com/Eservice/ > Read
Product Documentation > Network Security Sensor
Software / Network Security Manager Software.
Look for Release Notes marked with the releasedSensor and Manager software versions in the title.
Features introduced in the previous 5.1 releases Refer the Release Notes for the corresponding version.
Resolved/known issues in previous versions of 5.1 Refer the Release Notes for the corresponding version.
700-2013-00
8/3/2019 NSP_5.1.7.7-5.1.7.44_5.1.7.43_Release_Notes
http://slidepdf.com/reader/full/nsp5177-5174451743releasenotes 9/9
Network Security Platform v5.1 Page 9Release Notes
Information regarding… Where can I find?
Sensor/Manager/Signature Set requirements Manager Installation Guide
Sensor requirementsRefer the corresponding Sensor Product Guide for the
sensor model that you have purchased.
Compatibility with 3rd-Party tools Manager Installation Guide
Database requirements Manager Installation Guide
Manager system and client requirements Manager Installation Guide
Additional server requirements Manager Installation Guide
License requirements Manager Installation Guide
Upgrade instructions 4.1 to 5.1 Upgrade Guide
Sensor CLI commands Sensor CLI Guide
Supported protocols listGo to http://mysupport.mcafee.com/Eservice/ > Search
the KnowledgeBase > KB61036.
Providing a diagnostics trace for a sensor Troubleshooting Guide
700-2013-00