HP OfficeConnect Firewall Getting Started Guide
________________________________________________________________________________
3Com OfficeConnect VPN Firewall Software Version 2.02 Release Notes
Product Number: 3CR870-95
This document provides the following information:
1. Legal Rights
2. Fixes in this release
3. Recommendations when using this release
4. Known problems with this release
5. Upgrading Your Software
6. 3Com's World Wide Web site
Please use these notes in conjunction with the following document:
"OfficeConnect VPN Firewall User Guide"
Part number: DUA08709-5AAA04
________________________________________________________________________________
1. Legal Rights
IMPORTANT: READ THIS BEFORE INSTALLING OR USING THIS SOFTWARE
You should carefully read the terms and conditions of the Software License
Agreement. This text is supplied with your Firewall, and also contained in
a file called license.txt on the Firewall's CD-ROM.
Your legal rights are defined therein.
USE OF THIS SOFTWARE INDICATES THAT YOU ACCEPT SUCH TERMS AND CONDITIONS.
IF YOU DO NOT AGREE WITH SUCH TERMS AND CONDITIONS, DO NOT USE THIS SOFTWARE.
________________________________________________________________________________
2. Fixes between 2.01 and 2.02 releases
- The total number of sessions has been limited with 1440. Once the session
number reaches 1024, the sessions start getting cleaned aggressively. The
aggressive timeout is 60 seconds i.e all sessions older than 60 seconds
start getting cleaned. Once the number of sessions drops below 1024 the
session cleaning is stopped.
- The session cleaning is handled by a timer thread ("tALCwTimer"). It was
running every 500 ms to clean sessions. It is now made to run every 50 ms
so that when the sessions are in huge number the timer thread cleans them
as quickly as it can.
- The issue with PC Privilege that the DNS traffic from the local out was
getting blocked on firewall has been fixed.
- One crash when box is trying to get connected as a PPPoE client has been
identified and fixed.
- One crash on user mode when packets which has not been belonging to any of
the
interfaces is entering into DNS loopback, is fixed.
- A crash on ALIKE daemon task is fixed by merging the two tasks "ALIKE_d"
and
"ALIKEMonitor since the crash is identified as these are trying to
access/free
common objects in the VPN.
- The maximum URL size is increased to 2048 as it is recognised to cause
problem
in content filtering.
- The PPPoE issue with some servers is fixed, as the box will remove the
existing
AP protocol objects whenever LCP re-establishes, to make it compatible
with such
server behaviour. Updates for handling LCP/AP connection abort is added.
- Updates for VPN hangs issue when simultaneous negotiation happens is
included.
- The issue of VPN with 1-2-1 NAT is not working is solved by adding the
static IPs
with mask 255.255.255.255 for each 1-2-1 NAT alias interfaces.
- Updates to resolve VPN issue with INVALID_MAJOR_VERSION error when renegotiating
Phase 2 is added. The root cause is that phase 2 negotiation is threemessage
exchange, there is a chance that because the last phase 2 message is
processed by
IKE, IPsec packet has already arrived. In NAT traversal scenario, the
IPsec packet
is encapsulate in IKE NAT-T UDP, thus, will reach IKE daemon. The update
prevents
IKE from processing IPsec NAT-T packet.
- PPTP would fail with no such user message just after the boot time since
the VPN
requires 5 minutes delay to complete its configuration. Now the VPN will
complete
its configuration when the box rebooted.
- Fixed an issue with Safenet client that safenet client is not
renegotiating phase1
after the SA life timeout. VPN Firewall is modified to make it compatible
with
safenet client's behaviour.
________________________________________________________________________________
3. Recommendations when using this release
____________________________________________________________________________
4. Known problems with this release
- The VPN is updated to start without any delay. Though the other components
Loading...