Manualsbrain.com
  1. Manuels
  2. Marques
  3. Cisco
  4. SSL Appliance 2000
  5. Guide De Montage

Cisco SSL Appliance 2000 Guide De Montage

Télécharger
Page de 12
Version 3.6
Sourcefire SSL Appliance Release Notes
 10
Web Browser Compatibility
PKI objects (certificates or keys) can be removed even if they are still 
referenced by the active policy. The SSL engine does not fail if the policy is 
invalid, but all rules using invalid or missing PKI objects are ignored.
If more than one administrator is making changes to the SSL appliance 
configuration, they will have to log out and log in again before changes 
made by the other person are reflected in the user interface. 
A segment configured to use any of the Active-Inline (AI) modes rejects, 
under load, some of the SSL sessions because of packet feedback 
timeouts. This means that decrypted packets sent to the attached device 
(such as IPS) do not return in time to complete the feedback loop required 
to trigger a re-encrypt of the original packets.
A TCP FIN/FIN-ACK/ACK sequence is generated at the end of each 
decrypted SSL session. The three packets in this sequence may arrive at 
the attached device (e.g. IDS) out of sequence. This should not pose 
problems for TCP reassembly devices.
Updates to the system log are only reflected on the last page, and only after 
pressing the 
Last 
button.
Internal CA certificates are not automatically checked for expiration. As a 
workaround, periodically check the certificates on the user interface.
Only network interfaces used by active segments will change color on the 
user interface dashboard, based on the status of the interface. 
SSL session logs may capture false positives, which are flows that look like 
SSL but are not SSL. Each session log entry also contains a flag that 
indicates whether the session has been confirmed as valid SSL, specifically 
whether the policy decision has been applied to the session. This flag does 
not appear on the user interface, but SSL session log post-processing tools 
can use this flag to filter out all false positives.
When the SSL appliance recovers from an overload condition it may flag 
some SSL sessions with the 
Invalid cryptographic response
 error 
code. 
Web Browser Compatibility
Version 3.6.3 of the web interface for the SSL appliance is compatible with the 
following browsers:
Firefox 11.x
Chrome 18.x
Microsoft Internet Explorer 8.x and 9.x