NSP_5.1.7.7-5.1.7.44_5.1.7.43_Release_Notes

8/3/2019 NSP_5.1.7.7-5.1.7.44_5.1.7.43_Release_Notes

http://slidepdf.com/reader/full/nsp5177-5174451743releasenotes 1/9

Network Security Platform v5.1 Page 1Release Notes

McAfee® Network Security Platform[formerly McAfee® IntruShield®]

Release Version 5.1

(Document was revised on 07/09/09)

Software versions in this release

This document applies only to the following software versions.

Network Security Manager Image for Windows

Server 2003/MySQL Signature set

Network Security

Sensor M-6050/ M-8000 image

Network Security


Network Security

Sensor M-2750 image

Network Security


5.1.7.7 5.1.16.22 5.1.7.33 5.1.7.31 5.1.7.43 5.1.7.44

This 5.1 maintenance release is for addressing Sensor software issues in M-series Sensor models: M-1250, M-1450,

and M-2750.

The 5.1.7.7 Manager image includes a critical fix related to signature set push failure to I-series Sensors [version

5.1.1.16 and 5.1.5.6] with certain combinations of policies, UDSes, and alert filters.

This version of 5.1 Manager software can be used to configure and manage I-series, M-series, and N-series Sensors.

700-2013-00




Contents

1 What’s new in this re lease . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 2 I ssues reso lved in this re lease . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 2.1 Resolved Sensor software issues ........................................................................................................................ 3 2.2 Resolved Manager software issues ..................................................................................................................... 4 3 Known outstanding issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . 5 3.1 Known Sensor software issues ........................................................................................................................... 5 3.2 Known Manager software issues ......................................................................................................................... 5 4 Instal lat ion and upgrade notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. 7 5 Technical ass istance and problem report ing . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. 8 6 More Information . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

700-2013-00




1 What’s new in this releaseThis section details the additions and/or enhancements delivered with the 5.1 Release.

2 Issues resolved in this releaseThe following table contains issues resolved in this release of Network Security Platform 5.1.

Infrastructure upgrade for Manager

With this release of 5.1, the Manager software runs on Apache httpd version 2.2.11 (bundled with OpenSSL version

0.9.8j).

2.1 Resolved Sensor software issues

High severity Sensor software issues

ID # Issue

496162 When the ACL Rule action is set to Permit for TCP-based protocols, network delay/packet drops is

seen on connections matching the ACL Permit rule.

494437 Sensor performance can drop during policy push from the Manager to the Sensor.

485480 After a Sensor reboot, the ports are enabled before the Sensor is ready to process traffic.

483130 Some enhancements done to the SSH protocol (first released in signature sets 4.1.46.13/5.1.16.12),

exposed an error condition in the Sensor software that could cause performance/latency issues on the

Sensors when parsing certain types of SSH traffic.

473739 Sensor occasionally reboots to recover from an internal error.

466116 Alert process in the sensor crashes after sensor is up for long period of time.

Medium severity Sensor software issues

ID # Issue

476538 SYN Cookie, Host Quarantine and Guest Access redirection do not work.

Low severity Sensor software issues

ID # Issue

466141 IP Spoofing outbound drop counter does not work.

700-2013-00




2.2 Resolved Manager software issues

High severity Manager software issues

ID # Issue

473839 The signature set push fails to an I-series Sensor (with version 5.1.1.16 or 5.1.5.6) when the Sensor is

configured with certain combinations of policies, UDSes, and alert filters.

469523 The signature set push fails when trying to add M-6050 Sensors on a Manager upgraded from 4.1 to

5.1.

462552 During an upgrade from 5.1.1.5 to 5.1.5.6, scheduled reports are lost.

451630 Database purging fails for performance metrics data.

451380 If the report generation is canceled while generating a PDF report in Japanese, an error occurs.

Medium severity Manager software issues

ID # Issue

474260 "Sensor configuration download failure" and "Signature set download failure" fault messages show up

after completing an upgrade from 3.1 > 4.1 > 5.1.

466520 Unable to open the View/Edit Attack response page in the Threat Analyzer.

465002 The Manager does not display the creation date for newly created incidents; the date is displayed after

a restart of the Manager.

465731 Incorrect data is displayed in the Incident Viewer after acknowledging an alert.

466339 In the Big Movers report, the values displayed under 'Previous Attack Count Value' and 'Recent Attack

Count Value' are interchanged.

467085 Syslog forwarding does not work for sending attack counts on custom strings.

467357 After upgrading to 5.1.5.6, a Local Manager connected to the Central Manager is unable to display

data from an LDAP Server that was explicitly defined in a Local Manager before the upgrade.

467358 Unable to generate User Defined Reports.

471191 In Japanese OS, scheduled reports zip and html file name in the File Download window appear as

garbled text.

This fix ensures that the File Download window will render the file name in Japanese font properly,

and the zip file name is also proper along with the extension.

For rendering the .html file name in Japanese font, there is no JDK support for this issue -

http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=4244499. Currently, the winRAR tool can be

used for opening of this zip file but this will not render the .html file name in Japanese font properly.

471624 The Threat Analyzer "Group By Interface" does not show the expected result when more than one

Sensor reports attack on the same port number.

471756 Database connectivity issue with the secondary Manager of MDR and as a result, several email alerts

are being generated.

700-2013-00

http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=4244499

http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=4244499




3 Known outstanding issuesThe following tables contain the known, outstanding issues for this release of Network Security Platform 5.1.

3.1 Known Sensor software issues

Medium severity Sensor issues

ID # Issue Workaround

432648 [NAC]When multiple interfaces are active on a host

simultaneously, and a single Sensor sees traffic from the same

host, NAC can be done only on traffic from one of the interfaces.

Ensure that your NAC configuration is

enabled for only one interface on the

Sensor.

432067 [McAfee NAC] The OS information for MAC hosts are displayed

as “Unknown” instead of “Unmanageable”.

None

422502 Fragmented packets within tunneled traffic are dropped whenboth inner and outer headers are fragmented.

Disable tunneling using "setparsetunneledtraffic

disable"

426038 ACLs do not work when applied to tunneled traffic. None.

423144 Attack detection does not work for tunneled flows containing

MPLS or double VLAN tagged packets.

None.

394083 When TACACS+ is used with a 64 character encryption key,

remote authentication fails.

Use a key of 63 characters or less.

391706 Only in the case of copper SFPs set to 1Gbps w/auto-negotiation,

ports can come up at 100Mbp or 10Mbps depending on the

behavior of the peer device. All other configurations (fiber SFPs

and 10Mbps or 100Mbps copper set to auto-negotiation) result inbehavior that matches the documentation. If the peer device

supports the configured speed the link comes up, otherwise it

does not.

Reconfigure using ISM to match peer

port setting.

366047 Some stats displayed by the sensor CLI command “show

inlinepktdropstats” are not cleared when the “clrstats” command

is entered at the CLI.

None

3.2 Known Manager software issues

High severity Manager issues


474838 After upgrading from 4.1.11.4 to 5.1.7.5, the scheduled reports

generation fails.

After upgrade, edit and save all

scheduled reports once without any

change. This will provide the

information required for the report

format. Following this, you can

generate the upgraded scheduled

reports.

Newly created reports will work

700-2013-00




High severity Manager issues


without any issue.

454395 After upgrading from 4.1 to 5.1, the configurations for alert filters

and rule sets created in the Central Manager [before upgrade]

are not pushed to the Manager automatically.

The rule sets and alert filters created

before upgrade can be pushed to the

Manager by forcibly doing Full

Synchronization through Central

Manager.

241789 (Client on Windows 2003 and IE 6.0) Any Export/Import

functionality closes the Configuration Tool window.

This functionality is currently

unavailable when using the ISM

client on a Windows 2003 system.

Use Windows XP instead.

If you wish to use Windows 2003,

use IE 7.0 as your browser.

Medium severity Manager issues

ID Summary Workaround

475945 On changing the NAZ policy on the Threat Analyzer for a VPN

Host, the new NAZ policy name is not dynamically updated on

the Threat Analyzer, but gets correctly updated on the Sensor.

Restart the Threat Analyzer.

475864 On importing the sensor configuration into the Manager, the

‘IPv4 Fragment Reassembly’ field is not correctly updated.

Manually change the setting for ‘IPv4

Fragment Reassembly’ after import.

432613 [IBAC] The backup AD for a domain in the user identity store is

not used for role derivation lookup if the primary AD for the

same domain is down.

None

432259 OS information for unmanageable hosts is not displayed in the

Threat Analyzer Hosts page.

None

374833 When users with system security roles access the Managerusing the Central Manager, and attempts to add/modify

configurations, a blank page is displayed.

None

344861 Received the anomSnmpGetNextTimedDosEndTime exception

while accessing the Manage DoS Filters page.

None

341718 In Alert Manager preferences, when the Max row limit value is

increased, it requires a restart for the changes to take effect.

Restart the Alert Manager.

315951 The Resource Tree does not refresh after changing from span to

inline mode.

Perform a manual refresh after

changing the mode.

307619 In Alert Manager, description for Entercept alerts is blank. None.

280073 The long running processes status page does not display statusfor ‘online backup’ and ‘reading from the database’ operations

None.

244712 Bulk editing a very large number of attacks causes 100% CPU

utilization.

None.

231216 In some instances, the faultlog table may not get updated (for

example, a fault persists after acknowledgement).

None.

231052 Archive files larger than 4GB become corrupted due to .ZIP file

format limitations.

Any time you create an archive,

validate the archive on a separate

700-2013-00

http://bugzilla1.na.nai.com/bugzilla/show_bug.cgi?id=231216







Medium severity Manager issues

ID Summary Workaround

machine before deleting alerts and

packet logs that have been archived.

An archive file larger than 4GB is verylikely corrupted.

454399 "Synchronization Required" (Manager List -> Policy

Synchronization tab) status is not becoming true when Alert

filters / Rule Sets are created in the Central Manager after

upgrade. Reason column also remains blank.

None

Low severity Manager issues


449608 NAZ Assigned by Admin is not updated in the NAC Dashboard. None

431480 The Threat Analyzer displays the session time as "Not Available" for

quarantined hosts after a sensor reboot.

None

233770 SNMP Traps are not including all details for UDS attacks. None.

4 Installation and upgrade notesThe following table provides the Network Security Platform components versions supported for upgrading to this

release of 5.1 Sensor and Manager software:

Manager image M-6050, M-8000 Sensor Image

M-3050, M-4050 Sensor Image

M-2750 Sensor Image

M-1250/M-1450 Sensor Image

5.1.1.5 or above 5.1.7.4 5.1.7.2 5.1.7.4 5.1.7.11

4.1.11.5 or above 4.1.11.10 5.1.3.12

4.1.7.27

Upgrade from the 4.1 version of the Sensor software is not applicable for the following models:

M-1250, M-1450, M-2750, M-3050, M-4050

If you have 4.1 M-6050/M-8000 Sensors in your setup, and are planning to upgrade to 5.1, note that features

such as VLAN bridging and parsing of GRE tunneled traffic are not supported on M-series Sensors in 5.1.

700-2013-00






5 Technical assistance and problem reportingTechnical support may request certain information from you to assist you in troubleshooting. A description of this

information is provided in Troubleshooting Guide.

5.1.1 On-line

Contact McAfee Technical Support at http://mysupport.mcafee.com

Registered customers can obtain up-to-date documentation, technical bulletins, and quick tips on McAfee’

24x7 comprehensive KnowledgeBase. In addition, customers can also resolve technical issues with the

online case submit, software downloads, and signature updates.

5.1.2 Via Phone

Technical Support is available 7:00am to 5:00pm PST Monday-Friday. 24x7 Technical Support is available for

customers with PrimeSupport Priority or Enterprise service contracts.

Phone: 1-800-338-8754 (US Toll Free) or +1.972.963.8000 (Outside US)

Note: McAfee requires that you provide your GRANT ID and the serial number of your system whenopening a ticket with Technical Support. You will be provided with a username and password for the

online case submission.

6 More InformationTo view the complete Network Security Platform 5.1 Documentation,

1. Go to http://mysupport.mcafee.com/Eservice/ 2. Click ‘Read Product Documentation’.

3. To view sensor related information, under ‘Product’ categories, select:

Network Security Sensor Hardware - select the sensor model number followed by version as 5.1

Network Security Sensor Software - select the version as 5.1

4. Similarly, to view Manager related information, under ‘Product’ categories, select:

Network Security Manager Software

Refer the table below if you are looking for more information on Network Security Platform 5.1:

Information regarding… Where can I find?

Information on the immediate previous 5.1 releases:

5.1.7.7 - 5.1.7.4/5.1.7.2 [M-6050,M-8000/M-3050,M-

4050]

5.1.5.9 - 5.1.7.4/5.1.7.2 [M-6050,M-8000/M-3050,M-4050]

5.1.5.9 - 5.1.3.12 [M-3050,M-4050]

5.1.5.7 - 5.1.3.5 [N-450]

5.1.5.6 - 5.1.5.6 [I-series]

Go to http://mysupport.mcafee.com/Eservice/ > Read

Product Documentation > Network Security Sensor

Software / Network Security Manager Software.

Look for Release Notes marked with the releasedSensor and Manager software versions in the title.

Features introduced in the previous 5.1 releases Refer the Release Notes for the corresponding version.

Resolved/known issues in previous versions of 5.1 Refer the Release Notes for the corresponding version.

700-2013-00

http://mysupport.mcafee.com/

http://mysupport.mcafee.com/Eservice/




http://mysupport.mcafee.com/




Information regarding… Where can I find?

Sensor/Manager/Signature Set requirements Manager Installation Guide

Sensor requirementsRefer the corresponding Sensor Product Guide for the

sensor model that you have purchased.

Compatibility with 3rd-Party tools Manager Installation Guide

Database requirements Manager Installation Guide

Manager system and client requirements Manager Installation Guide

Additional server requirements Manager Installation Guide

License requirements Manager Installation Guide

Upgrade instructions 4.1 to 5.1 Upgrade Guide

Sensor CLI commands Sensor CLI Guide

Supported protocols listGo to http://mysupport.mcafee.com/Eservice/ > Search

the KnowledgeBase > KB61036.

Providing a diagnostics trace for a sensor Troubleshooting Guide

700-2013-00



Documents

NSP_5.1.7.7-5.1.7.44_5.1.7.43_Release_Notes