首页-> 服务与支持-> 客户支持-> 售后服务

服务与支持

抗拒绝服务系统 V4.5R89F01升级包列表

名称: update_ADS_x86_V4.5R89F01CN.sp01_20170103.zip 版本:ADS_x86_V4.5R89F01CN.sp01_20170103
MD5:c0d50eb33e61cf0d2a00506b6e0d37df 大小:28.49M
描述:

【升级基础版本】
V4.5R89F01CN
【升级版本】
V4.5R89F01CN.sp01
【配套联动版本】
ADSM V4.5R89F01CN V4.5R89F01CN.sp01

配套使用的 NTA版本:
V4.5.61.2.BF19,V4.5.61.2.BF20
V4.5R89F01CN V4.5R89F01CN.sp01

【新增功能说明】


【修复问题说明】
bug113732 更换CBB后,bypass状态切换有问题
bug113311 OAM功能引入性能问题


【注意事项】


【Upgrade Base Version】
V4.5R89F01CN
【Software Version】
V4.5R89F01CN.sp01
【Version Mapping】
ADS-M Version:
ADSM V4.5R89F01CN V4.5R89F01CN.sp01

NTA Version:
V4.5.61.2.BF19,V4.5.61.2.BF20
V4.5R89F01CN V4.5R89F01CN.sp01

【Function Changes】
None

【Fixed Bugs】
Bug113732 After replacement of CBB, bypass switch state has a problem.
Bug113311 ADS 8000 performance degradation after joining the OAM function.

【Notice】
None

发布时间:2017-03-15 12:02:37
名称: update_ADS_x86_V4.5R89F01CN_20161125.zip 版本:ADS_x86_V4.5R89F01CN_20161125
MD5:d0251afdfc7ac4f4c9be42bf02faa1bc 大小:34.42M
描述:

【升级基础版本】
V4.5R89F00,V4.5R89F00.sp01,V4.5R89F00.sp01pr01,V4.5R89F00.sp02,V4.5R89F00.sp03,V4.5R89F00.sp04
【升级版本】
V4.5R89F01CN
【配套联动版本】
ADSM V4.5R89F01CN

配套使用的 NTA版本:
V4.5.61.2.BF19,V4.5.61.2.BF20
V4.5R89F01CN

【新增功能说明】
1.Web实时监控页面修改
增加ADS处理的流量趋势图、攻击流量图和TOP10被攻击目的IP流量图,硬件信息的实时监控展示。

2.ICMP防护优化
去除ICMP防护流程中对非TCP/UDP报文和TCP/UDP分片报文的处理

3.协议号检查防护策略
增加对非TCP/UDP/ICMP/ICMPv6协议报文的处理流程,用户可以单独配置各个协议的静态规则

4.TCP/UDP/ICMP分片报文处理
增加可配置TCP/ICMP分片报文的静态规则,修改UDP分片报文的处理规则

5.Web群组搜索
在web上根据精确的IP地址搜索此IP所在的群组;或根据字符模糊搜索群组名包含字符的群组

6.Web攻击日志搜索
可根据多种选择条件搜索web攻击日志详情里面的攻击日志

7.Syslog日志格式变化
(1)ADS通过syslog发送的攻击事件中增加被攻击目的IP的目的端口信息,并在被攻击端口第一次改变时,额外发送一条syslog日志
(2)新增硬件信息syslog日志。

8.千兆电口不支持配置1000M/full
当前89F01CN版本支持的ADS设备的千兆电口不支持在web上配置1000M/full模式

9.增加绿盟云服务开关
显式增加针对绿盟云服务的开关配置项

10.TLS1.2升级
ADS的web只支持TLS1.2连接

11.2020型号增加1Gbps清洗容量证书
2020增加一种可选择的证书

12.Web登录安全配置优化
增加对web登录账户的账号密码安全配置选项

13. Syslog牵引对Arbor新版本的支持
新增对 Arbor CP 7.5.1版本的syslog日志支持

14.管理口22端口访问控制
新增管理口22端口访问黑名单

15.XML文件优化
第三方管理新增“文件上传路径”,上报的traffic xml文件中包含攻击类型映射表

16.链路虚通检测
针对对端为思科路由器的场景,在路由器上开启OAM功能,ADS引擎检测OAM报文,超过设定阈值时间内未收到OAM报文则认为链路出现异常,ADS主动DOWN掉接口。

17.HTTP GET包源IP限速
对源IP加入高级信任的HTTP GET报文进行限速。

【修复问题说明】
105008 重启设备后内置Bypass默认启动
104793 ADS群组牵引的时候,ADSM还可以下发增加群组IP的配置
104316 ADSM集群同步环境,获取和同步图片验证模板失败
104568 手工流量牵引删除流程没有判断牵引状态
107352 NTA突发大量牵引停止的消息导致ADS无响应/挂死


【注意事项】
本升级包只能基于V4.5R89F00,V4.5R89F00.sp01,V4.5R89F00.sp01pr01,V4.5R89F00.sp02,V4.5R89F00.sp03,V4.5R89F00.sp04升级

【Upgrade Base Version】
V4.5R89F00,V4.5R89F00.sp01,V4.5R89F00.sp01pr01,V4.5R89F00.sp02,V4.5R89F00.sp03,V4.5R89F00.sp04
【Software Version】
V4.5R89F01CN
【Version Mapping】
ADS-M Version:
ADSM V4.5R89F01CN

NTA Version:
V4.5.61.2.BF19,V4.5.61.2.BF20
V4.5R89F01CN

【Function Changes】
1.Real-Time Monitoring page modified on the web-based manager
Traffic Trend, Attack Traffic, Top 10 Ongoing Attack Event, System Resources and Hardware informations are added.

2.Optimized ICMP protection
Non-TCP/UDP packets and TCP/UDP fragments are no longer checked against the ICMP protection process.

3.Protocol ID checking policy
Handling processes for non-TCP/UDP/ICMP/ICMPv6 packets are added so that users can configure separate static rules for packets of different protocols.

4.Handling of TCP/UDP/ICMP fragments
Users are now allowed to configure static rules for TCP and ICMP fragments and the method for handling UDP fragments is changed.

5.Group search
On the web-based manager, users can type an exact IP address to search for the group to which the IP address belongs. They can also type characters for fuzzy search of groups whose name contains these characters.

6.Attack log search
On the web-based manager, users can search for specific attack logs according to the search condition on the Attack Details page.

7.Syslog log format changes
1.The destination port is added in attack event logs sent via syslog and an additional syslog message is sent when the attacked port changes for the first time.
2.Add the hardware information syslog log.

8.1000M/full not supported for 1000M electrical ports
1000M electrical ports on ADS devices of V4.5R89F01CN cannot be configured to work in 1000M/full mode on the web-based manager.

9.Addition of a switch to turn on or off NSFOCUS Cloud
A switch is added on the web-based manager to turn on or off NSFOCUS Cloud.

10.Upgrade to TLS 1.2
The web-based manager of ADS can only be connected via TLS 1.2.

11.Addition of a license with the cleaning capacity of 1 Gbps for the NX3-2020 model
One more license is available for the NX3-2020 model.

12.Optimized security configuration for web accounts
Security configuration items are added for web accounts.

13.Support for the new version of Arbor products for syslog diversion
The new version provides additional support for Arbor CP 7.5.1 for syslog diversion.

14.Management Port 22 Port Access Control
IP addresses that are denied access to port 22 of the management interface are added to the blacklist.

15.Optimized XML files
File Upload Path is added when Management Platform Type is set to Third-Party Management under System > Local Settings > Management Mode. The traffic.xml file reported to the third-party management platform contains an attack type mapping table.

16.Link connectivity check
In a scenario where the Cisco router is configured as a peer device on which the OAM function is enabled, the ADS engine detects OAM packets. If no OAM packet is received in the specified time, ADS assumes that the link is abnormal and proactively shuts down the interface.

17.Restriction of HTTP GET traffic of source IP addresses
The speed of HTTP GET packets whose source IP addresses are added to the high-level trust list can be limited.
【Fixed Bugs】
105008 By default, the built-in bypass is enabled after device restart.
104793 During ADS's traffic diversion for a group, users can add IP addresses to this group on ADS M.
104316 In the ADS M cluster synchronization environment, obtaining and synchronizing image verification templates fails.
104568 The manual diversion process does not check the diversion status when deleting a diversion route.
107352 NTA generates a large number of messages indicating that the diversion stops, causing ADS to fail to respond or suspend.

【Notice】
V4.5R89F01CN can be upgraded from V4.5R89F00,V4.5R89F00.sp01,V4.5R89F00.sp01pr01,V4.5R89F00.sp02,V4.5R89F00.sp03 orV4.5R89F00.sp04

发布时间:2017-03-15 12:01:36