首页-> 服务与支持-> 客户支持-> 售后服务

服务与支持

抗拒绝服务系统 V4.5R90F00升级包列表

名称: update_ADS_x86_V4.5R90F00.sp06_20181010.zip 版本:update_ADS_x86_V4.5R90F00.sp06_20181010.zip
MD5:d8307e6df00c7169784d2c9be4250953 大小:28.45M
描述:

【版本号】
ADS V4.5R90F00.sp06

【升级基础版本】
V4.5R90F00,V4.5R90F00.sp01,V4.5R90F00.sp02,V4.5R90F00.sp03,V4.5R90F00.sp04,V4.5R90F00.sp05

【升级版本】
V4.5R90F00.sp06

【配套联动】
NTA: V4.5.61.2、V4.5R90F00、V4.5R90F00.sp01、V4.5R90F00.sp02、V4.5R90F00.sp03
ADSM: V4.5R90F00、V4.5R90F00.sp01、V4.5R90F00.sp02、V4.5R90F00.sp03、V4.5R90F00.sp04

【功能变更说明】
V4.5R90F00.sp06功能变更:


V4.5R90F00.sp05功能变更:
1.增加IPv6许可证授权

V4.5R90F00.sp04功能变更:


V4.5R90F00.sp03功能变更:
1.优化syn3-seqcheck算法

V4.5R90F00.sp02功能变更:
1.新增SYN算法SeqCheck
2.新增对源端口80的syn/ack报文的过滤功能
3.群组中应用的DNS关键字策略扩展到20条

V4.5R90F00.sp01功能变更:
1.增加硬件资源监控阈值配置,增加SNMP发送硬件资源告警。

【修复问题说明】
V4.5R90F00.sp06修复问题:
Bug 142931 MSS平台查看不到ADS设备上传的ADS设备日志信息
Bug 145397 设备引擎故障问题
Bug 145394 下载当天攻击日志,浏览器显示一片空白
Bug 145486 修改系统用户权限时,点击确定后,提示Invalid token

V4.5R90F00.sp05修复问题:
Bug 141596 手工流量牵引搜索功能使用之后导致其他手工流量牵引条目丢失
Bug 141050 配置合法的IPV6地址,提示IP地址不合法
Bug 140612 连接耗尽防护规则唯一性的校验
Bug 141168 ADS通过白名单webapi导入白名单后,下载文件查看不到导入的白名单信息
Bug 141639 通过白名单webapi查询白名单IP,返回结果为no
BUG 140612 内核升级

V4.5R90F00.sp04修复问题:
Bug140219 配置模式匹配,引擎不生效

V4.5R90F00.sp03修复问题:
Bug136353 一定条件下从R89F03版本升级到R90F00,HTTPS配置文件升级适配出现错误,导致集群同步时报错
Bug137194 点击清除信任按钮,IP地址仍然在信任状态
Bug133490 正则规则全部填0时出错
Bug137156 设备运行一段时间之后和BGP邻居断开,和对端地址ping不通
Bug131190 设置合法的DNS query name的时候,提示域名格式错误
Bug135897 ADSM添加和删除牵引的业务域,ADS返回500错误
Bug132852 通过IP搜索群组,当IP以*.*.*.*/32格式存在时,搜索不到对应的群组
Bug132584 通过webapi下发的acl规则无法删除
Bug132922 周报报表和日报报表内容有差异
Bug131310 ADS-M 不断同步主ADS的同一配置文件给从ADS设备
Bug135314 多条等价路由实现负载均衡时,如果某一条路由的注入接口down掉,流量会负载到down的接口
Bug135555 访问控制规则web api与web页面部分参数规则不一致
Bug124208 DNS关键字动作选放行加白名单,加白失败
Bug135507 WEBAPI群组http选择不保护,http post依然为启用,且会对post攻击流进行防护
Bug135510 WEBAPI群组https设置为不保护,关闭ack防护会弹出提示“使用https必须开启ack”
Bug135912 WEBAPI群组DDoS配置擦掉群组URL在引擎的数据
Bug138606 版本不支持适配千兆光内置bypass板卡和万兆光内置bypass板卡
Bug138903 导入的ssl证书在版本升级后会被还原成默认的ssl证书

V4.5R90F00.sp02修复问题:
Bug133390 编辑包含1024个IP的群组,执行时间约30s
Bug133033 集群设备同步手工流量牵引,从设备牵引环境不符合预期,路由仍牵引成功
Bug131310 ADS-M 不断同步主ADS的ACL配置给从ADS设备
Bug134616 时间服务器ntpdate进程数量不断增加

V4.5R90F00.sp01修复问题:
Bug126518 设置成GMT-03:00巴西利亚,保存重启后不生效,导致ADS时间不在设置的时区
Bug129427 点击注入路由mac学习,学习到的mac地址关联接口IP错误
Bug129514 接口内核mac地址和引擎mac地址不一致,导致bgp邻居建立不起来
Bug132401 更新证书保存的时候ADS出现接口updown,导致流量切换到外置bypass交换机
Bug133251 无法启用和查看外置bypass状态

【注意事项】

- END -

[Version No. of Upgrade Package]
V4.5R90F00.sp06

[Source Version]
V4.5R90F00, V4.5R90F00.sp01, V4.5R90F00.sp02, V4.5R90F00.sp03, V4.5R90F00.sp04, V4.5R90F00.sp05

[Target Version]
V4.5R90F00.sp06

[Matching Versions of Collaborative Devices]
NTA: V4.5.61.2, V4.5R90F00, V4.5R90F00.sp01, V4.5R90F00.sp02, V4.5R90F00.sp03
ADSM: V4.5R90F00、V4.5R90F00.sp01、V4.5R90F00.sp02、V4.5R90F00.sp03、V4.5R90F00.sp04

[Function Changes]
Function changes in V4.5R90F00.sp06:
None

Function changes in V4.5R90F00.sp05:
1.IPv6 authorization is added to licenses.

Function changes in V4.5R90F00.sp04:
None

Function changes in V4.5R90F00.sp03:
1. The SeqCheck algorithm is optimized.

Function changes in V4.5R90F00.sp02:
1. The SeqCheck algorithm is added.
2. The function of filtering SYN/ACK packets on source port 80 is added.
3. A maximum of 20 rules can be added for the DNS keyword checking policy of a protection group.

Function changes in V4.5R90F00.sp01:
1. Hardware alert threshold settings are added and hardware alerts can be sent via SNMP traps.

[Fixed Bugs]
Fixed bugs in V4.5R90F00.sp06:
Bug 142931 ADS didn't upload it's device log to MSS platform
Bug 145397 detected engine problem
Bug 145394 The web page shows nothing when download attack log of current day
Bug 145486 When modify the user's permission on User Management page, it prompts:Invalid token

Fixed bugs in V4.5R90F00.sp05:
Bug 141596 After a user retrieves a manual diversion rule from the rule list and enables or disables it, all other rules will disappear from the rule list and even refreshing the page cannot recover them.
Bug 141050 On the IP Address page under Diversion & Injection > General Settings, after a valid IPv6 address is configured, the system prompts "Incorrect IP address".
Bug 140612 The Destination Port parameter is not used as a condition for checking the uniqueness of connection exhaustion protection rules.
Bug 141168 If the whitelist is imported via the web API, no information is found after a user downloads the whitelist file and opens it.
Bug 141639 When a user queries an IP address via the web API for whitelist, the system always returns "no" no matter whether this IP address is a whitelisted one.
BUG 140612 update kernel


Fixed bugs in V4.5R90F00.sp04:
Bug 140219: Pattern matching does not work

Fixed bugs in V4.5R90F00.sp03:
Bug 136353: Under certain conditions, for upgrade from V4.5R89F03 to V4.5R90F00, if no related adjustments are made to the HTTPS configuration file, an error is reported during cluster synchronization.
Bug 137194: The Clear Whitelist button does not work on the Whitelist page. After a user clicks this button, no entry is deleted from the whitelist.
Bug 133490: An error is reported when all parameters except Access Control and Time of Creation are set to 0 for a regular expression rule during rule creation.
Bug 137156: After running for some time, ADS automatically disconnects from the BGP neighbor and the neighbor's IP address cannot be pinged from ADS.
Bug 131190: A domain name format error is reported when some legal domain names are specified for DNS Query Name for a DNS keyword checking policy under Policies > Access Control.
Bug 135897: When a region for diversion is created or deleted, status code 500 is returned.
Bug 132852: When a protection group is retrieved in terms of an IP address in the format of *.*.*.*/32, no protection group is found even if there is actually a protection group that contain such IP address.
Bug 132584: Access control rules dispatched via the web API cannot be deleted.
Bug 132922: Some contents in weekly reports are not correct.
Bug 131310: ADS-M keeps synchronizing the same configuration file from the master ADS to a backup ADS.
Bug 135314: When the injection interface of one route, among multiple equal-cost routes working in load-balancing mode, is down, traffic is still forwarded to this interface.
Bug 135555: Some parameters of access control rules are under different setting constraints between the web API and web-based manager.
Bug 124208: When Allow+Whitelist is selected for Action in a DNS keyword checking policy under Policies > Access Control, source IP addresses of matching packets cannot be added to the whitelist.
Bug 135507: If HTTP protection for a protection group is disabled via web API, the HTTP POST protection policy is still enabled and protects against HTTP POST attacks.
Bug 135510: If HTTPS protection for a protection group is disabled via web API, disabling ACK protection will cause the system to display a message, saying "To use HTTP protection policies, you must enable ACK flood protection. Whether to disable the HTTP protection policy?"
Bug 135912: If DDoS settings for a protection group are specified via web API, the DDoS settings will erase the group's URL-related data in the engine.
Bug 138606: This version does not support 1000M and 10G optical built-in bypass cards.
Bug 138903: The newly imported SSL certificate will be restored to the default one upon upgrade.

Fixed bugs in V4.5R90F00.sp02:
Bug 133390: After a user edits a protection group that contains 1024 IP addresses, the system takes about 30 seconds to commit configuration changes.
Bug 133033: After manual diversion rules are synchronized within a cluster, traffic can be successfully diverted to a backup device even if its diversion environment is not the same as expected.
Bug 131310: ADS-M keeps synchronizing ACL configurations from the master ADS to a backup ADS.
Bug 134616: The number of ntpdate processes increases continuously on the time server.

Fixed bugs in V4.5R90F00.sp01:
Bug 126518: When a user sets Time Zone to (GMT-03:00), Brasilia and saves it, restarting the system fails to make the setting take effect, resulting in incorrect system time.
Bug 129427: Under Diversion & Injection > Traffic Injection > Injection Routes, after a user clicks in the Operation column of an injection route, an incorrect MAC address is learned.
Bug 129514: Since the MAC address of the interface used for the Linux kernel is different from that of the engine, the BGP neighborship cannot be established.
Bug 132401: When a new license is changed, the interface used by ADS to connect to an external bypass switch is down and the traffic on ADS is taken over by such switch.
Bug 133251: External bypass cannot be enabled and its status is not displayed.

[Important Notes]
None

发布时间:2018-11-05 16:39:05
名称: update_ADS_x86_V4.5R90F00.sp05_20180810.zip 版本:update_ADS_x86_V4.5R90F00.sp05_20180810
MD5:7dbe5f74ba297ef91353e3dadf064a6d 大小:28.42M
描述:

【版本号】
ADS V4.5R90F00.sp05

【升级基础版本】
V4.5R90F00,V4.5R90F00.sp01,V4.5R90F00.sp02,V4.5R90F00.sp03,V4.5R90F00.sp04

【升级版本】
V4.5R90F00.sp05

【配套联动】
NTA: V4.5.61.2、V4.5R90F00、V4.5R90F00.sp01、V4.5R90F00.sp02、V4.5R90F00.sp03
ADSM: V4.5R90F00、V4.5R90F00.sp01、V4.5R90F00.sp02、V4.5R90F00.sp03、V4.5R90F00.sp04

【功能变更说明】
1.增加IPv6许可证授权

V4.5R90F00.sp03功能变更:
1.优化syn3-seqcheck算法

V4.5R90F00.sp02功能变更:
1.新增SYN算法SeqCheck
2.新增对源端口80的syn/ack报文的过滤功能
3.群组中应用的DNS关键字策略扩展到20条

V4.5R90F00.sp01功能变更:
1.增加硬件资源监控阈值配置,增加SNMP发送硬件资源告警。

【修复问题说明】

Bug 141596 手工流量牵引搜索功能使用之后导致其他手工流量牵引条目丢失
Bug 141050 配置合法的IPV6地址,提示IP地址不合法
Bug 140612 连接耗尽防护规则唯一性的校验
Bug 141168 ADS通过白名单webapi导入白名单后,下载文件查看不到导入的白名单信息
Bug 141639 通过白名单webapi查询白名单IP,返回结果为no
BUG 140612 内核升级

V4.5R90F00.sp04修复问题:
Bug140219 配置模式匹配,引擎不生效

V4.5R90F00.sp03修复问题:
Bug136353 一定条件下从R89F03版本升级到R90F00,HTTPS配置文件升级适配出现错误,导致集群同步时报错
Bug137194 点击清除信任按钮,IP地址仍然在信任状态
Bug133490 正则规则全部填0时出错
Bug137156 设备运行一段时间之后和BGP邻居断开,和对端地址ping不通
Bug131190 设置合法的DNS query name的时候,提示域名格式错误
Bug135897 ADSM添加和删除牵引的业务域,ADS返回500错误
Bug132852 通过IP搜索群组,当IP以*.*.*.*/32格式存在时,搜索不到对应的群组
Bug132584 通过webapi下发的acl规则无法删除
Bug132922 周报报表和日报报表内容有差异
Bug131310 ADS-M 不断同步主ADS的同一配置文件给从ADS设备
Bug135314 多条等价路由实现负载均衡时,如果某一条路由的注入接口down掉,流量会负载到down的接口
Bug135555 访问控制规则web api与web页面部分参数规则不一致
Bug124208 DNS关键字动作选放行加白名单,加白失败
Bug135507 WEBAPI群组http选择不保护,http post依然为启用,且会对post攻击流进行防护
Bug135510 WEBAPI群组https设置为不保护,关闭ack防护会弹出提示“使用https必须开启ack”
Bug135912 WEBAPI群组DDoS配置擦掉群组URL在引擎的数据
Bug138606 版本不支持适配千兆光内置bypass板卡和万兆光内置bypass板卡
Bug138903 导入的ssl证书在版本升级后会被还原成默认的ssl证书

V4.5R90F00.sp02修复问题:
Bug133390 编辑包含1024个IP的群组,执行时间约30s
Bug133033 集群设备同步手工流量牵引,从设备牵引环境不符合预期,路由仍牵引成功
Bug131310 ADS-M 不断同步主ADS的ACL配置给从ADS设备
Bug134616 时间服务器ntpdate进程数量不断增加

V4.5R90F00.sp01修复问题:
Bug126518 设置成GMT-03:00巴西利亚,保存重启后不生效,导致ADS时间不在设置的时区
Bug129427 点击注入路由mac学习,学习到的mac地址关联接口IP错误
Bug129514 接口内核mac地址和引擎mac地址不一致,导致bgp邻居建立不起来
Bug132401 更新证书保存的时候ADS出现接口updown,导致流量切换到外置bypass交换机
Bug133251 无法启用和查看外置bypass状态

【注意事项】

- END -

[Version No. of Upgrade Package]
V4.5R90F00.sp05

[Source Version]
V4.5R90F00, V4.5R90F00.sp01, V4.5R90F00.sp02, V4.5R90F00.sp03

[Target Version]
V4.5R90F00.sp05

[Matching Versions of Collaborative Devices]
NTA: V4.5.61.2, V4.5R90F00, V4.5R90F00.sp01, V4.5R90F00.sp02, V4.5R90F00.sp03
ADSM: V4.5R90F00、V4.5R90F00.sp01、V4.5R90F00.sp02、V4.5R90F00.sp03、V4.5R90F00.sp04

[Function Changes]
1.IPv6 authorization is added to licenses.

Function changes in V4.5R90F00.sp03:
1. The SeqCheck algorithm is optimized.

Function changes in V4.5R90F00.sp02:
1. The SeqCheck algorithm is added.
2. The function of filtering SYN/ACK packets on source port 80 is added.
3. A maximum of 20 rules can be added for the DNS keyword checking policy of a protection group.

Function changes in V4.5R90F00.sp01:
1. Hardware alert threshold settings are added and hardware alerts can be sent via SNMP traps.

[Fixed Bugs]
Bug 141596 After a user retrieves a manual diversion rule from the rule list and enables or disables it, all other rules will disappear from the rule list and even refreshing the page cannot recover them.
Bug 141050 On the IP Address page under Diversion & Injection > General Settings, after a valid IPv6 address is configured, the system prompts "Incorrect IP address".
Bug 140612 The Destination Port parameter is not used as a condition for checking the uniqueness of connection exhaustion protection rules.
Bug 141168 If the whitelist is imported via the web API, no information is found after a user downloads the whitelist file and opens it.
Bug 141639 When a user queries an IP address via the web API for whitelist, the system always returns "no" no matter whether this IP address is a whitelisted one.
BUG 140612 update kernel


Fixed bugs in V4.5R90F00.sp04:
Bug 140219: Pattern matching does not work

Fixed bugs in V4.5R90F00.sp03:
Bug 136353: Under certain conditions, for upgrade from V4.5R89F03 to V4.5R90F00, if no related adjustments are made to the HTTPS configuration file, an error is reported during cluster synchronization.
Bug 137194: The Clear Whitelist button does not work on the Whitelist page. After a user clicks this button, no entry is deleted from the whitelist.
Bug 133490: An error is reported when all parameters except Access Control and Time of Creation are set to 0 for a regular expression rule during rule creation.
Bug 137156: After running for some time, ADS automatically disconnects from the BGP neighbor and the neighbor's IP address cannot be pinged from ADS.
Bug 131190: A domain name format error is reported when some legal domain names are specified for DNS Query Name for a DNS keyword checking policy under Policies > Access Control.
Bug 135897: When a region for diversion is created or deleted, status code 500 is returned.
Bug 132852: When a protection group is retrieved in terms of an IP address in the format of *.*.*.*/32, no protection group is found even if there is actually a protection group that contain such IP address.
Bug 132584: Access control rules dispatched via the web API cannot be deleted.
Bug 132922: Some contents in weekly reports are not correct.
Bug 131310: ADS-M keeps synchronizing the same configuration file from the master ADS to a backup ADS.
Bug 135314: When the injection interface of one route, among multiple equal-cost routes working in load-balancing mode, is down, traffic is still forwarded to this interface.
Bug 135555: Some parameters of access control rules are under different setting constraints between the web API and web-based manager.
Bug 124208: When Allow+Whitelist is selected for Action in a DNS keyword checking policy under Policies > Access Control, source IP addresses of matching packets cannot be added to the whitelist.
Bug 135507: If HTTP protection for a protection group is disabled via web API, the HTTP POST protection policy is still enabled and protects against HTTP POST attacks.
Bug 135510: If HTTPS protection for a protection group is disabled via web API, disabling ACK protection will cause the system to display a message, saying "To use HTTP protection policies, you must enable ACK flood protection. Whether to disable the HTTP protection policy?"
Bug 135912: If DDoS settings for a protection group are specified via web API, the DDoS settings will erase the group's URL-related data in the engine.
Bug 138606: This version does not support 1000M and 10G optical built-in bypass cards.
Bug 138903: The newly imported SSL certificate will be restored to the default one upon upgrade.

Fixed bugs in V4.5R90F00.sp02:
Bug 133390: After a user edits a protection group that contains 1024 IP addresses, the system takes about 30 seconds to commit configuration changes.
Bug 133033: After manual diversion rules are synchronized within a cluster, traffic can be successfully diverted to a backup device even if its diversion environment is not the same as expected.
Bug 131310: ADS-M keeps synchronizing ACL configurations from the master ADS to a backup ADS.
Bug 134616: The number of ntpdate processes increases continuously on the time server.

Fixed bugs in V4.5R90F00.sp01:
Bug 126518: When a user sets Time Zone to (GMT-03:00), Brasilia and saves it, restarting the system fails to make the setting take effect, resulting in incorrect system time.
Bug 129427: Under Diversion & Injection > Traffic Injection > Injection Routes, after a user clicks in the Operation column of an injection route, an incorrect MAC address is learned.
Bug 129514: Since the MAC address of the interface used for the Linux kernel is different from that of the engine, the BGP neighborship cannot be established.
Bug 132401: When a new license is changed, the interface used by ADS to connect to an external bypass switch is down and the traffic on ADS is taken over by such switch.
Bug 133251: External bypass cannot be enabled and its status is not displayed.

[Important Notes]
None

发布时间:2018-11-05 16:38:52
名称: update_ADS_x86_V4.5R90F00.sp04_20180628.zip 版本:update_ADS_x86_V4.5R90F00.sp04_20180628
MD5:ecc0246e0fd917a1ca8271f0bb0a645b 大小:24.52M
描述:

【版本号】
ADS V4.5R90F00.sp04

【升级基础版本】
V4.5R90F00,V4.5R90F00.sp01,V4.5R90F00.sp02,V4.5R90F00.sp03

【升级版本】
V4.5R90F00.sp04

【配套联动】
NTA: V4.5.61.2、V4.5R90F00、V4.5R90F00.sp01、V4.5R90F00.sp02、V4.5R90F00.sp03
ADSM: V4.5R90F00.sp02、V4.5R90F00.sp03

【功能变更说明】


【修复问题说明】
Bug140219 配置模式匹配,引擎不生效

【注意事项】

- END -

[Version No. of Upgrade Package]
V4.5R90F00.sp04

[Source Version]
V4.5R90F00, V4.5R90F00.sp01, V4.5R90F00.sp02, V4.5R90F00.sp03

[Target Version]
V4.5R90F00.sp04

[Matching Versions of Collaborative Devices]
NTA: V4.5.61.2, V4.5R90F00, V4.5R90F00.sp01, V4.5R90F00.sp02, V4.5R90F00.sp03
ADSM: V4.5R90F00.sp02, V4.5R90F00.sp03

[Function Changes]
None

[Fixed Bugs]
Bug 140219: Pattern matching does not work

[Important Notes]
None

发布时间:2018-11-05 16:38:41
名称: update_ADS_x86_V4.5R90F00.sp03_20180608.zip 版本:update_ADS_x86_V4.5R90F00.sp03_20180608.zip
MD5:226709e67a720db03d967db807b7fff9 大小:24.52M
描述:

【版本号】
ADS V4.5R90F00.sp03

【升级基础版本】
V4.5R90F00,V4.5R90F00.sp01,V4.5R90F00.sp02

【升级版本】
V4.5R90F00.sp03

【配套联动】
NTA: V4.5.61.2、V4.5R90F00、V4.5R90F00.sp01、V4.5R90F00.sp02、V4.5R90F00.sp03
ADSM: V4.5R90F00.sp02、V4.5R90F00.sp03

【功能变更说明】
1.优化syn3-seqcheck算法



【修复问题说明】
Bug136353 一定条件下从R89F03版本升级到R90F00,HTTPS配置文件升级适配出现错误,导致集群同步时报错
Bug137194 点击清除信任按钮,IP地址仍然在信任状态
Bug133490 正则规则全部填0时出错
Bug137156 设备运行一段时间之后和BGP邻居断开,和对端地址ping不通
Bug131190 设置合法的DNS query name的时候,提示域名格式错误
Bug135897 ADSM添加和删除牵引的业务域,ADS返回500错误
Bug132852 通过IP搜索群组,当IP以*.*.*.*/32格式存在时,搜索不到对应的群组
Bug132584 通过webapi下发的acl规则无法删除
Bug132922 周报报表和日报报表内容有差异
Bug131310 ADS-M 不断同步主ADS的同一配置文件给从ADS设备
Bug135314 多条等价路由实现负载均衡时,如果某一条路由的注入接口down掉,流量会负载到down的接口
Bug135555 访问控制规则web api与web页面部分参数规则不一致
Bug124208 DNS关键字动作选放行加白名单,加白失败
Bug135507 WEBAPI群组http选择不保护,http post依然为启用,且会对post攻击流进行防护
Bug135510 WEBAPI群组https设置为不保护,关闭ack防护会弹出提示“使用https必须开启ack”
Bug135912 WEBAPI群组DDoS配置擦掉群组URL在引擎的数据
Bug138606 版本不支持适配千兆光内置bypass板卡和万兆光内置bypass板卡
Bug138903 导入的ssl证书在版本升级后会被还原成默认的ssl证书



【注意事项】

- END -

[Version No. of Upgrade Package]
V4.5R90F00.sp03

[Source Version]
V4.5R90F00, V4.5R90F00.sp01, V4.5R90F00.sp02

[Target Version]
V4.5R90F00.sp03

[Matching Versions of Collaborative Devices]
NTA: V4.5.61.2, V4.5R90F00, V4.5R90F00.sp01, V4.5R90F00.sp02, V4.5R90F00.sp03
ADSM: V4.5R90F00.sp02, V4.5R90F00.sp03

[Function Changes]
1. The SeqCheck algorithm is optimized.


[Fixed Bugs]
Bug 136353: Under certain conditions, for upgrade from V4.5R89F03 to V4.5R90F00, if no related adjustments are made to the HTTPS configuration file, an error is reported during cluster synchronization.
Bug 137194: The Clear Whitelist button does not work on the Whitelist page. After a user clicks this button, no entry is deleted from the whitelist.
Bug133490: An error is reported when all parameters except Access Control and Time of Creation are set to 0 for a regular expression rule during rule creation.
Bug 137156: After running for some time, ADS automatically disconnects from the BGP neighbor and the neighbor's IP address cannot be pinged from ADS.
Bug 131190: A domain name format error is reported when some legal domain names are specified for DNS Query Name for a DNS keyword checking policy under Policies > Access Control.
Bug 135897: When a region for diversion is created or deleted, status code 500 is returned.
Bug 132852: When a protection group is retrieved in terms of an IP address in the format of *.*.*.*/32, no protection group is found even if there is actually a protection group that contain such IP address.
Bug 132584: Access control rules dispatched via the web API cannot be deleted.
Bug 132922: Some contents in weekly reports are not correct.
Bug 131310: ADS-M keeps synchronizing the same configuration file from the master ADS to a backup ADS.
Bug 135314: When the injection interface of one route, among multiple equal-cost routes working in load-balancing mode, is down, traffic is still forwarded to this interface.
Bug 135555: Some parameters of access control rules are under different setting constraints between the web API and web-based manager.
Bug 124208: When Allow+Whitelist is selected for Action in a DNS keyword checking policy under Policies > Access Control, source IP addresses of matching packets cannot be added to the whitelist.
Bug 135507: If HTTP protection for a protection group is disabled via web API, the HTTP POST protection policy is still enabled and protects against HTTP POST attacks.
Bug 135510: If HTTPS protection for a protection group is disabled via web API, disabling ACK protection will cause the system to display a message, saying "To use HTTP protection policies, you must enable ACK flood protection. Whether to disable the HTTP protection policy?"
Bug 135912: If DDoS settings for a protection group are specified via web API, the DDoS settings will erase the group's URL-related data in the engine.
Bug 138606: This version does not support 1000M and 10G optical built-in bypass cards.
Bug 138903: The newly imported SSL certificate will be restored to the default one upon upgrade.


[Important Notes]
None

发布时间:2018-11-05 16:38:27
名称: update_ADS_x86_V4.5R90F00.sp02_20180326.zip 版本:update_ADS_x86_V4.5R90F00.sp02_20180326
MD5:dc3005d22b828a5ef1a961a7f8d5f0aa 大小:24.44M
描述:

【升级基础版本】
V4.5R90F00,V4.5R90F00.sp01

【升级版本】
V4.5R90F00.sp02

【配套联动】
NTA: V4.5.61.2、V4.5R90F00、V4.5R90F00.sp01、V4.5R90F00.sp02
ADSM: V4.5R90F00.sp02

【功能变更说明】
1.新增SYN算法SeqCheck
2.新增对源端口80的syn/ack报文的过滤功能
3.群组中应用的DNS关键字策略扩展到20条

【修复问题说明】
Bug133390 编辑包含1024个IP的群组,执行时间约30s
Bug133033 集群设备同步手工流量牵引,从设备牵引环境不符合预期,路由仍牵引成功
Bug131310 ADS-M 不断同步主ADS的ACL配置给从ADS设备
Bug134616 时间服务器ntpdate进程数量不断增加


【注意事项】


[Source Version]
V4.5R90F00,V4.5R90F00.sp01

[Target Version]
V4.5R90F00.sp02

[Matching Versions of Collaborative Devices]
NTA:V4.5.61.2、V4.5R90F00、V4.5R90F00.sp01
ADSM:V4.5R90F00.sp02

[Function Changes]
1.Added SYN algorithm SeqCheck
2.Added the function of filtering the syn/ack packets on source port 80
3.The DNS Keyword Checking applied to the group extends to 20

[Fixed Bugs]
Bug133390 Edit a group containing 1024 IPs, execution time is about 30s
Bug133033 The cluster device synchronizes the Manual Diversion,The divert environment of the slave device does not meet expectations ,but the route is still pulled successfully.
Bug131310 ADS-M constantly synchronizes the master ADS ACL configuration to slave ADS
Bug134616 The number of time server ntpdate processes continues to increase

[Important Notes]
None

发布时间:2018-11-05 16:38:14
名称: update_ADS_x86_V4.5R90F00.sp01_20180202.zip 版本:update_ADS_x86_V4.5R90F00.sp01_20180202
MD5:b5d20aa8211b3138fd5ddd9663500641 大小:24.45M
描述:

【升级基础版本】
V4.5R90F00

【升级版本】
V4.5R90F00.sp01

【配套联动】
NTA: V4.5.61.2、V4.5R90F00、V4.5R90F00.sp01
ADSM: V4.5R90F00、V4.5R90F00.sp01

【功能变更说明】
1.增加硬件资源监控阈值配置,增加SNMP发送硬件资源告警。

【修复问题说明】
Bug126518 设置成GMT-03:00巴西利亚,保存重启后不生效,导致ADS时间不在设置的时区
Bug129427 点击注入路由mac学习,学习到的mac地址关联接口IP错误
Bug129514 接口内核mac地址和引擎mac地址不一致,导致bgp邻居建立不起来
Bug132401 更新证书保存的时候ADS出现接口updown,导致流量切换到外置bypass交换机
Bug133251 无法启用和查看外置bypass状态
【注意事项】


[Source Version]
V4.5R90F00

[Target Version]
V4.5R90F00.sp01

[Matching Versions of Collaborative Devices]
NTA: V4.5.61.2、V4.5R90F00、V4.5R90F00.sp01
ADSM: V4.5R90F00、V4.5R90F00.sp01

[Function Changes]
1.Hardware alert threshold settings are added and hardware alerts can be sent via SNMP traps.

[Fixed Bugs]
Bug126518 When a user sets Time Zone to (GMT-03:00), Brasilia and save it, restarting the system fails to make the setting take effect, rendering it impossible for the system to be within this time zone.
Bug129427 Under Diversion & Injection > Traffic Injection > Injection Routes, after a user clicks "MAC Learning"in the Operation column of an injection route, the learned MAC address is incorrect.
Bug129514 Since the MAC address of interface used for the Linux kernel is different from that of the engine, BGP neighbors cannot be established.
Bug132401 When a user changes a new license, the traffic on ADS is taken over by the external bypass because the interface on ADS is down.
Bug133251 External bypass cannot be enabled and its status is not displayed.

[Important Notes]
None

发布时间:2018-11-05 16:38:02
名称: update_ADS_x86_V4.5R90F00_20180110.zip 版本:V4.5R90F00_20180110
MD5:72812cd3c97f9a4b3531d057d7f2277f 大小:24.97M
描述:

【升级基础版本】
V4.5R89F03,V4.5R89F03.sp01,V4.5R89F03.sp02,V4.5R89F03.sp03

【升级版本】
V4.5R90F00 (MD5: 72812CD3C97F9A4B3531D057D7F2277F)

【配套联动】
NTA: V4.5.61.2、V4.5R90F00
ADSM: V4.5R90F00

【功能变更说明】
1. R90F00新增和变更功能
(1) 黑白名单冲突处理优化
(2) http关键字增加限速功能
(3) dns关键字增加限速功能
(4) 正则规则增加限速功能
(5) 模式匹配增加限速功能
(6) 增加群组UDP正则规则防护策略
(7) 增加群组反射攻击防护策略
(8) 在原有的30秒流量统计基础上,新增更精确的5秒峰值流量统计
(9) 登录页面可选择提供验证码
(10) 部分ACL规则的优先级顺序可在WEB上调整
(11) 升级说明在升级重启后可继续查看
(12) 部分设备型号新增https应用层防护
(13) 支持多任务手动抓包
(14) 支持多任务自动抓包
(15) 抓包参数新增自定义协议号、源IP网段、TCP/UDP端口等
(16) 新增网络诊断tcpdump抓包功能
(17) 修复某个系统接口失效后web接口展示乱序的问题
(18) 手工牵引页面增加分页机制和过滤查询
(19) 新增回注报文长度超过MTU的分片处理
(20) ESPC/ESPP支持域名配置
(21) 内核漏洞修复

2. 合入R89F03.sp03功能
(1) 增加管理口的状态日志
(2) 邮件配置优化,增加发送测试邮件



[Source Version]
V4.5R89F03,V4.5R89F03.sp01,V4.5R89F03.sp02,V4.5R89F03.sp03

[Target Version]
V4.5R90F00 (MD5: 72812CD3C97F9A4B3531D057D7F2277F)

[Matching Versions of Collaborative Devices]
NTA: V4.5.61.2、V4.5R90F00
ADSM: V4.5R90F00

[Function Changes]
1. New and changed functions in R90F00:
(1) The mechanism for handling blacklist and whitelist conflicts is optimized.
(2) Rate limiting is added as a new action for HTTP keyword checking rules.
(3) Rate limiting is added as a new action for DNS keyword checking rules.
(4) Rate limiting is added as a new access control option for regular expression rules.
(5) Rate limiting is added as a new access control option for pattern matching rules.
(6) UDP regular expression protection policies can be configured for group protection.
(7) Reflection protection policies can be configured for group protection.
(8) Traffic statistics are previously collected every 30 seconds. The new version makes them more accurate by adding the 5-second collection interval.
(9) Use of verification code for user authentication is now allowed.
(10) The priority of some ACL rules can be changed on the web-based manager.
(11) The upgrade notes can still be viewed after the device is restarted to complete an upgrade.
(12) HTTPS application-layer protection is added for some device models.
(13) Multiple manual packet capture tasks can be performed simultaneously.
(14) Multiple automatic packet capture tasks can be performed simultaneously.
(15) For packet capture configuration, new fields are added, including the protocol ID, source IP segment, and TCP/UDP port.
(16) tcpdump is added as a new method for network diagnosis.
(17) The following problem is fixed: System interfaces are displayed in disorder when one interface fails to work properly.
(18) On the Manual Diversion page, pagination is supported and query conditions can be set.
(19) A mechanism is added for handling injection packet fragments that are longer than the MTU.
(20) Domain names are supported for ESPC/ESPP configuration.
(21) A vulnerability related to the Linux kernel is fixed.

2. Functions inherited from R89F03.sp03
(1) The management interface status log is added.
(2) Email configuration is optimized by adding the function of sending test mails.

发布时间:2018-11-05 16:37:50