IBM Support

IBM Security Network Protection firmware update 5.3.2.3 Readme

Fix readme


Abstract

IBM Security Network Protection firmware version 5.3.2.3, a firmware update for the XGS NGIPS network protection platform, includes the following defect fixes to the IBM Security Network Protection firmware Version 5.3.2. Additionally, this technote includes compatibility, installation, and other getting-started information.

Content

Enhancements:

  • 81439: Reduced the time taken to start software bypass after XPU install while the packet processing service is restarting to ensure none to minimal traffic impact.
  • 82522: Added tuning parameter alpsd.ssl.intercept.domains in comma separate format to force outbound SSL inspection on the matched connections.
  • 82609: Reduced the occurrence rate of the false positive event that triggers FNXSY0003I "Network traffic flow rate exceeded the capabilities of the appliance" by adding CPU utilization as reference check.
  • 83867: Added filter function for network objects in creating NAP rules

Fixed Defects:
  • 74415: The Fps Dropped statistics graphs do not display correctly in the LMI.
  • 77640: A JavaScript error message is displayed when a network object is removed from a rule in Management Access Policy and an attempt is made to delete the same object without deploying the previous changes.
  • 79846: The Intrusion Prevention Policy link on the "Deploy Pending Changes" dialog links to Network Access Policy.
  • 81954: Geolocation IP address matching on connection response packets does not work as expected.
  • 82823: Network Protection appliance might experience a memory leak condition - increase in memory over a period of time - when the Network Access Policy has more than 10 rules enabled.
  • 82892: The largest allowed packet (for example, icmpv4's payload beyond 9174 bytes) got dropped when using the maximum MTU 9216 setting.
  • 83442: Packet processing daemon crashes when acl.algorithm = linearsearch tuning parameter is used to force Network Access Policy to use linearsearch algorithm and the policy has rules using URL List application objects.
  • 84172: The 1G-8 TX Network Interface Module (NIM) installed on XGS7100 with bypass firmware version earlier than 1.6.0 can not be activated at boot time and an error message appears on console.

Changed Features
This release contains no changed features at this time.

Security Bulletins
Compatibility
The following web browsers are currently supported by the IBM Security Network Protection local management interface:
  • Internet Explorer 10 or 11
  • Firefox 28 and newer
  • Google Chrome 34 and newer

To manage Network Protection 5.3.2.3 appliances using the SiteProtector System, you must apply the following database service packs before upgrading the appliance:
  • SiteProtector System 3.0 - Install all DBSPs up to and including SP3.0 DBSP 3.0.0.53
  • SiteProtector System 3.1.1 - Install all DBSPs up to and including SP3.1.1 DBSP 3.1.1.35
    Important: Ensure that the SiteProtector Core is at version 3.1.1.5 before applying this Database Service Pack (DBSP) update to the IBM Security Network Protection appliance.

Prior to running firmware updates on a Network Protection device, you should migrate your policies in SiteProtector to the new version. See technote #1959896 for more information:
http://www.ibm.com/support/docview.wss?uid=swg21959896

Installation and Configuration
For step-by-step installation instructions, see the Installing Updates topic in the IBM Knowledge Center: For other configuration instructions, see the following topics in the IBM Knowledge Center:
Known issues
  • 83209: Disabling unused protection port on XGS-V 5.3.2.x causes packet processing daemon crashes. If you don't want to use those virtual interfaces, please disconnect them in ESXi virtual machine setting and keep the default LMI protection interface settings.

Copyright statement

© Copyright IBM® Corporation 2012, 2016. U.S. Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.

Related information:
Contacting IBM Support



Document information

More support for: IBM Security Network Protection
Documentation

Software version: 5.3.2

Operating system(s): Firmware

Reference #: 1984078

Modified date: 19 July 2016


Translate this page: