IBM Security Network Protection firmware update 184.108.40.206 Readme
IBM Security Network Protection firmware version 220.127.116.11, a firmware update for the XGS NGIPS network protection platform, includes the following defect fixes to the IBM Security Network Protection firmware Version 5.3.2. Additionally, this technote includes compatibility, installation, and other getting-started information.
- 81439: Reduced the time taken to start software bypass after XPU install while the packet processing service is restarting to ensure none to minimal traffic impact.
- 82522: Added tuning parameter alpsd.ssl.intercept.domains in comma separate format to force outbound SSL inspection on the matched connections.
- 82609: Reduced the occurrence rate of the false positive event that triggers FNXSY0003I "Network traffic flow rate exceeded the capabilities of the appliance" by adding CPU utilization as reference check.
- 83867: Added filter function for network objects in creating NAP rules
- 74415: The Fps Dropped statistics graphs do not display correctly in the LMI.
- 79846: The Intrusion Prevention Policy link on the "Deploy Pending Changes" dialog links to Network Access Policy.
- 81954: Geolocation IP address matching on connection response packets does not work as expected.
- 82823: Network Protection appliance might experience a memory leak condition - increase in memory over a period of time - when the Network Access Policy has more than 10 rules enabled.
- 82892: The largest allowed packet (for example, icmpv4's payload beyond 9174 bytes) got dropped when using the maximum MTU 9216 setting.
- 83442: Packet processing daemon crashes when acl.algorithm = linearsearch tuning parameter is used to force Network Access Policy to use linearsearch algorithm and the policy has rules using URL List application objects.
- 84172: The 1G-8 TX Network Interface Module (NIM) installed on XGS7100 with bypass firmware version earlier than 1.6.0 can not be activated at boot time and an error message appears on console.
This release contains no changed features at this time.
The following web browsers are currently supported by the IBM Security Network Protection local management interface:
- Internet Explorer 10 or 11
- Firefox 28 and newer
- Google Chrome 34 and newer
To manage Network Protection 18.104.22.168 appliances using the SiteProtector System, you must apply the following database service packs before upgrading the appliance:
- SiteProtector System 3.0 - Install all DBSPs up to and including SP3.0 DBSP 22.214.171.124
- SiteProtector System 3.1.1 - Install all DBSPs up to and including SP3.1.1 DBSP 126.96.36.199
Important: Ensure that the SiteProtector Core is at version 188.8.131.52 before applying this Database Service Pack (DBSP) update to the IBM Security Network Protection appliance.
Prior to running firmware updates on a Network Protection device, you should migrate your policies in SiteProtector to the new version. See technote #1959896 for more information:
Installation and Configuration
For step-by-step installation instructions, see the Installing Updates topic in the IBM Knowledge Center:
- 83209: Disabling unused protection port on XGS-V 5.3.2.x causes packet processing daemon crashes. If you don't want to use those virtual interfaces, please disconnect them in ESXi virtual machine setting and keep the default LMI protection interface settings.
© Copyright IBM® Corporation 2012, 2016. U.S. Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.
Contacting IBM Support
More support for:
IBM Security Network Protection
Software version: 5.3.2
Operating system(s): Firmware
Reference #: 1984078
Modified date: 19 July 2016
Translate this page: