首页-> 服务与支持-> 客户支持-> 售后服务

服务与支持

抗拒绝服务系统 V4.5R89F00升级包列表

名称: update_ADS_x86_V4.5R89F00.sp03_20160908.zip 版本:update_ADS_x86_V4.5R89F00.sp03_20160908
MD5:2b202e40aad72c2f3fdc41fc75065609 大小:24.45M
描述:

【升级基础版本】
V4.5R89F00.sp02 V4.5R89F00SP02.patch-routed V4.5R89F00.sp02.patch-uploadpath
【升级版本】
V4.5R89F00.sp03
【配套联动版本】
ADSM V4.5R89F00SP03 + for_ads_sp03

配套使用的 NTA版本:
V4.5.61.2
V4.5R89F00
V4.5R89F00SP01/02/03/04/06

【新增功能说明】
1. 第三方管理新增“文件上传路径”
功能说明:
用户通过在第三方管理指定“文件上传路径”,ADS将往指定的“文件上传路径”上传攻击事件、攻击流量等信息。“文件上传路径”支持配置URL和端口。
2. 第三方管理上报的traffic xml文件中包含攻击类型隐射表
功能说明:
在traffic xml中加入包含攻击类型映射表,方便第三方解析攻击类型
3. TLS基础库升级到v1.2版本
功能说明:
TLS升级v1.2之后web页面只支持TLSv1.2,所以访问之前需要配置浏览器相关设置,打开对TLSv1.2的支持,否则会出现无法访问WEB页面的情况。另外,需要配套正确的ADSM和NTA版本才能正常联动。具体请参考版本配套关系一节。
4. 新增“OAM检测链路虚通”功能
功能说明
针对对端为思科路由器的场景,在路由器上开启OAM功能,ADS引擎检测OAM报文,超过设定阈值时间内未收到OAM报文则认为链路出现异常,ADS主动DOWN掉接口。
5. 新增“HTTP GET源IP限速”功能
功能说明
对源IP加入高级信任的HTTP GET报文进行限速。
6. 登陆安全相关功能变更
功能变更说明
a、新增“用户名最小长度”、“密码最小长度”和“密码黑名单”功能。
b、用户名只支持字母、数字和下划线的组合。
c、用户登录时,当用户名正确密码错误时,提示“密码错误”,变更为“用户名或密码错误”。
7. 关闭自动连接绿盟云
功能说明:
默认关闭自动连接绿盟云和屏蔽web页面“接入云端”图标,并可通过命令行开关控制。

【修复问题说明】
105008 重启设备后内置Bypass默认启动
104793 ADS群组牵引的时候,ADSM还可以下发增加群组IP的配置
104316 ADSM集群同步环境,获取和同步图片验证模板失败
104568 手工流量牵引删除流程没有判断牵引状态
107352 NTA突发大量牵引停止的消息导致ADS无响应/挂死

【注意事项】
本升级包只能基于V4.5R89F00.sp02或者V4.5R89F00SP02.patch-routed或者V4.5R89F00.sp02.patch-uploadpath版本升级。


【Upgrade Base Version】
V4.5R89F00.sp02 V4.5R89F00SP02.patch-routed V4.5R89F00.sp02.patch-uploadpath
【Software Version】
V4.5R89F00.sp03
【Version Mapping】
ADS-M Version:
ADSM V4.5R89F00SP03 + for_ads_sp03

NTA Version:
V4.5.61.2
V4.5R89F00
V4.5R89F00SP01/02/03/04/06

【Function Changes】
1. File Upload Path for Third-Party Management
? Function description
The parameter File Upload Path is available when Management Platform Type is set to Third-Party Management. After configuration, ADS will upload information about attack events and attack traffic to the specified file upload path. File Upload Path can be set to be a combination of URL and port number.
2. Attack Type Mappings Added to the Traffic XML File for Third-Party Management
? Function Description
Attack type mappings are added to the traffic XML file for a third party to parse attack types.

3. TLS Basic Database Upgraded to V1.2
? Function Description
After upgrade to TSLv1.2, the web-based manager of ADS supports only TLSv1.2. Therefore, the browser should be configured to support TLSv1.2 before you log in to the web-based manager. Otherwise, you cannot access the web-based manager. In addition, ADS can collaborate properly with ADS M and NTA of only compatible versions.For details, see Version Mapping.

4. OAM Check Function
? Function Description
In a scenario where the Cisco router is configured as a peer device on which the OAM function is enabled, the ADS engine detects OAM packets. If no OAM packet is received in the specified time, ADS assumes that the link is abnormal and proactively shuts down the interface.
5. Limiting the Speed of HTTP GET Packets
? Function Description
The speed of HTTP GET packets whose source IP addresses are added to the high-level trust list can be limited.
6. Changes to Login Security Settings
? Change Description
? Under System > Security Configuration > Login Security Settings, Min User Name Length, Min Length, and Password Blacklist are added.
? The user name can only be a combination of letters, digits, and underscores.
? When a user logs in with a correct user name but an incorrect password, the system prompts "Incorrect user name or password", which used to be "Incorrect password".
7. Disabling Auto Connection to the NSFOCUS Cloud
? Function Description
By default, auto connection to the NSFOCUS cloud is disabled and Connect to Cloud is not displayed. This function can be enabled and disabled by running commands.

【Fixed Bugs】
105008 By default, the built-in bypass is enabled after device restart.
104793 During ADS's traffic diversion for a group, users can add IP addresses to this group on ADS M.
104316 In the ADS M cluster synchronization environment, obtaining and synchronizing image verification templates fails.
104568 The manual diversion process does not check the diversion status when deleting a diversion route.
107352 NTA generates a large number of messages indicating that the diversion stops, causing ADS to fail to respond or suspend.

【Notice】
V4.5R89F00.sp02.patch01 can be upgraded from V4.5R89F00.sp02, V4.5R89F00SP02.patch-routed, or V4.5R89F00.sp02.patch-uploadpath.

发布时间:2016-09-13 16:10:29
名称: update_ADS_x86_V4.5R89F00.sp02_20160711.zip 版本:update_ADS_x86_V4.5R89F00.sp02_20160711
MD5:e4a83db146d00a54f592175a3e56c155 大小:29.64M
描述:

【升级基础版本】
V4.5R89F00, V4.5R89F00.sp01,V4.5R89F00.sp01pr01,V4.5R88F40.sp02H61.patch-V4.5R88F40-to-V4.5R89
【升级版本】
V4.5R89F00.sp02
【配套联动版本】
配套使用的ADS-M版本:
ADS M V4.5R89F00
ADS M V4.5R89F00SP01
ADS M V4.5R89F00SP02

配套使用的 NTA版本:
V4.5.61
V4.5R89F00
V4.5R89F00SP01/02/03/04

【新增功能说明】
1 新增对新硬件型号ADS 200E和600E的支持
1)新增说明:
从当前版本开始在原有支持硬件型号ADS 2010/2020/4020/6025/8000的基础上新增对硬件型号ADS 600E和200E的支持。
2 ADS 2020 新增包处理能力为744000pps,清洗容量为1Gbps的证书。
1)新增说明:
ADS 2020支持包处理能力为744000pps,清洗容量为1Gbps防护证书,证书选择更加灵活。


【修复问题说明】
103592 ADS600E上,ADSM上配置ADS设备时提示错误导致无法配置
103005 arbor syslog牵引对于某些格式的syslog不能正确的触发牵引
100520 ADS集群部署,与ADSM联动。停掉ADS的群组牵引后,ADSM仍然不能同步ADS的群组策略配置
101427 web上删除端口IP地址在未点应用前就对后台进行了操作
101737 URL-ACL防护规则配置的URL中包含参数时,URL-ACL过滤失效
101862 HTTP关键字检查策略的Request Url字段填入字符串xml,下发配置错误
102419 ADSM上编辑防护群组或者业务IP组中的TCP正则表达式防护策略中的防护规则失败
102979 【实时监控界面】点击实时监控菜单,实时监控界面概率性出现界面刷不出来的情况

【注意事项】


【Upgrade Base Version】
V4.5R89F00, V4.5R89F00.sp01,V4.5R89F00.sp01pr01,V4.5R88F40.sp02H61.patch-V4.5R88F40-to-V4.5R89
【Software Version】
V4.5R89F00.sp02
【Version Mapping】
ADS-M Version:
ADS M V4.5R89F00
ADS M V4.5R89F00SP01
ADS M V4.5R89F00SP02

NTA Version:
V4.5.61
V4.5R89F00
V4.5R89F00SP01/02/03/04

【Function Changes】
Support for ADS 200E/600E
In addition to ADS 2010/2020/4020/6025/8000, the current version also supports ADS 600E/200E.
ADS 2020 Supporting a License with the Processing Capacity of 744000 pps and Cleaning Capacity of 1 Gbps
In the new version, a new license boasting a processing capacity of 744000 pps and a cleaning capacity of 1 Gbps is available for customers to choose for ADS 2020. This provides more flexibility for customers to choose licenses.



【Fixed Bugs】
103592 An error occurs during configuration of ADS 600E on ADS M.
103005 After configuration of Arbor syslog diversion, syslog messages of certain formats cannot properly trigger the diversion as expected.
100520 In cluster mode, ADS collaborates with ADS M. When group diversion is disabled on ADS, ADS M still cannot synchronize the group policy configuration with ADS.
101427 When a port and IP address are deleted on the web-based manager of ADS, the configuration takes effect in the background before users click Apply in the upper-right corner of the page.
101737 During configuration of a URL-ACL protection rule under Policies > Access Control > URL-ACL Protection Rules, if URL contains a question mark (?), the URL-ACL protection rule does not take effect.
101862 During configuration of an HTTP keyword checking policy under Policies > Access Control > HTTP Keyword Checking, if Request Url contains "xml", the policy does not work as expected.
102419 On ADS M, protection rules in the TCP regular expression protection policy under Device Management > ADS > TCP Control Parameters Protection Policy and Region > Region Management > Region IP Group do not take effect after being edited.
102979 Occasionally, clicking Real-Time Monitoring does not display the Real-Time Monitoring page.

【Notice】

发布时间:2016-09-13 16:01:47
名称: update_ADS_x86_V4.5R89F00.sp01pr01_20160531.zip 版本:V4.5R89F00.sp01pr01
MD5:a9449ba4b108d0c7f711385a75231bde 大小:27.91M
描述:

【升级基础版本】
支持从V4.5R89F00和V4.5R89F00.sp01包升级
【升级版本】
V4.5R89F00.sp01pr01
【配套联动版本】
配套使用的ADS-M版本:
V4.5R89F00
配套使用的 NTA版本:
V4.5.61
V4.5R89F00
V4.5R89F00SP01

【新增功能说明】


【修复问题说明】
102843 使用R89F00SP01版本,合法的UDP报文被ADS报为UDP_HEAD_INVALID,并且被丢弃

【注意事项】


【Upgrade Base Version】
Must be upgraded from V4.5R89F00 or V4.5R89F00.sp01.
【Software Version】
V4.5R89F00.sp01pr01
【Version Mapping】
ADS M: V4.5R89F00
NTA: V4.5.61 V4.5R89F00 V4.5R89F00SP01
【Function Changes】
Syslog-based Diversion Compatible with Arbor CP of the New Version
As the format of syslog logs is changed in Arbor CP 7.5.1, the syslog-based diversion function of ADS is adjusted to be compatible with Arbor CP 7.5.1.

【Fixed Bugs】
102843 Valid UDP packages may be dropped by ADS
【Notice】
none

发布时间:2016-07-15 17:43:48
名称: update_ADS_x86_V4.5R89F00_20160324.zip 版本:V4.5R89F00_20160324
MD5:269067399b87e572724bb7ff0b539d9f 大小:30.86M
描述:

【主要说明】
V4.5R89F00 发布版本升级包
升级路径:
V4.5R88F40 或 V4.5R88F40 SP0X升级到V4.5R89F00版本

升级包已包含R88.F40到R89.F00的配置文件更新

【新增功能】
群组清洗流量控制
ICMP流控
ACK防护改进
水印防护
自动抓包
IP信誉云
增加反射攻击日志
支持接入云端
HTTP多端口支持
WEB文档下载
ACK信任限速
无效SYN包告警开关
UDP防护改进

发布时间:2016-05-18 09:15:50