IBM Support

Late breaking updates to DataPower 7.5 documentation



The version 7.5 documentation for IBM DataPower Gateway is not the latest available information. This document covers late breaking updates that are not in IBM Knowledge Center.

Last updated, October 2017.


The late breaking updates in this document apply to DataPower Gateway version 7.5 documentation.

To access specific updates, click the appropriate link:

To view the change history of this document, see Change history

The corrections in the following sections apply to DataPower Gateway version 7.5 in IBM Knowledge Center.

    When you upgrade to 7.5.2, the following changes apply to SSH connection.
    • Disabled diffie-hellman-group-exchange-sha1 and diffie-hellman-group1-sha1 algorithms by default.
    • Disabled MD5-based MAC algorithms.
    • Limited DH-GEX to 4096 bits for Cisco devices.

    Although the key exchange algorithms were updated, they cannot be edited. If you need to enable the legacy algorithm you can use the hidden enable-legacy-kex yes command.
    • The enable-legacy-kex command for the SSH server profile in available in
    • The enable-legacy-kex command for the SSH client profile is available in

    To help you understand the support, review the following supported algorithms and cipher suites.
    • Default cipher suites (CHACHA20-POLY1305_AT_OPENSSH.COM)
        aes128-ctr (AES128-CTR)
        aes192-ctr (AES192-CTR)
        aes256-ctr (AES256-CTR) (AES128-GCM_AT_OPENSSH.COM) (AES256-GCM_AT_OPENSSH.COM)
        arcfour256 (ARCFOUR256)
        arcfour128 (ARCFOUR128)
        aes128-cbc (AES128-CBC)
        3des-cbc (3DES-CBC)
        blowfish-cbc (BLOWFISH-CBC)
        cast128-cbc (CAST128-CBC)
        aes192-cbc (AES192-CBC)
        aes256-cbc (AES256-CBC)
    • Default KEX algorithms
    • Default MAC algorithms

    Remember the following points for the establishment of an SSH connection.
    • The SSH client always initiates the banner exchange.
    • During the SSH2 banner exchange, use CR+LF termination for the banner.
    • The SSH client ignores any message from the SSH server until the banner exchange.

    The command to troubleshoot power supplies states to use show other-sensors. The correct command is show sensors-other. This problem exists also in the available PDF versions of the installation documentation.

    Added supported for the undocumented Global clear gatewayscript-cache path command. This command clears the data from the GatewayScript path cache.

File management
    The documentation provides inconsistent information about which directories of the DataPower Gateway you create and delete subdirectories. You can create and remove subdirectories in the following directories.
    • isamwebroot
    • local
    • policyframework

    The documentation for the Message Filter Action type command incorrect states the block keyword instead of the shape keyword. For correct information see type command.

Change history
Last modified: 30 October 2017.
  • 30 October 2017: Added information about nonexisting block keyword for Message Filter Action type command.
  • 19 October 2017: Added information about which directories you can create and remove subdirectories.
  • 19 July 2016: Added data about the wrong command troubleshooting command in the installation documentation.
  • 17 June 2016: Added data about the undocumented Global command.
  • 22 March 2016: Created for 7.5.

Document information

More support for: IBM DataPower Gateways

Software version: 7.5

Operating system(s): Firmware

Software edition: Edition Independent

Reference #: 1974106

Modified date: 30 October 2017