Cisco SSL Appliance 2000 Guide De Montage
Version 3.6
Sourcefire SSL Appliance Release Notes
3
Issues Resolved
•
Cache layer2 information per direction for the purpose of building ACK
packets and plaintext packets
•
Hide some of the debug counters
•
Added more debug counters to NFP
•
Option to configure a second remote syslog server
•
Enhanced login dialog, including version checking
•
Updated external CA list
•
Monitor platform, then log warnings when certain sensors/values go
above/below preset limits
•
Ability to trigger memtest from grub
•
Option to enable automatic recovery from HA failure
•
SNMP configuration, including editable fields
•
Switched to using latest Geryon BIOS/BMC/Config
•
Support for TACACS+/ACS remote authentication and accounting
•
Support for large CN and IP lists
•
Added audit entry for CA export
•
Added paging to all lists
•
Mechanism to clear statistics and counters
•
System log entry for sessions rejected because of client certificates
•
Filtering on in-memory SSL session log
•
Support for SSL in fragmented TCP
•
Save management network configuration when installing a system update
•
Display BIOS and BMC versions on user interface
Issues Resolved
The following issues were resolved in Version 3.6.3:
•
Fixed mechanism that applies policy to IP fragments.
•
Fixed case sensitivity of CN-list matching.
•
Fixed bug in packet header cloning, which would have affected ACK
generation.
•
Fixed bug in passive mode reassembly logic, which caused “stalls” on
sessions with large certificates.
•
Only cache SSL sessions with useful information (i.e. do not cache non-
inspected session if certificate is not valid).
•
Fixed potential segfault in IP fragment handler.
•
Fixed TCP stalls for cut-through rules in inline modes.
•
Capture generated ACKs in debug PCAPs.
•
Added dropbox.com to list of unsupported sites.
•
Fixed potential segfault in platform status API.