Cisco SSL Appliance 2000 Guide De Montage

Version 3.6

Sourcefire SSL Appliance Release Notes

 3

Issues Resolved

•

Cache layer2 information per direction for the purpose of building ACK 

packets and plaintext packets

•

Hide some of the debug counters 

•

Added more debug counters to NFP

•

Option to configure a second remote syslog server 

•

Enhanced login dialog, including version checking 

•

Updated external CA list

•

Monitor platform, then log warnings when certain sensors/values go 

above/below preset limits

•

Ability to trigger memtest from grub

•

Option to enable automatic recovery from HA failure

•

SNMP configuration, including editable fields 

•

Switched to using latest Geryon BIOS/BMC/Config 

•

Support for TACACS+/ACS remote authentication and accounting 

•

Support for large CN and IP lists

•

Added audit entry for CA export 

•

Added paging to all lists

•

Mechanism to clear statistics and counters 

•

System log entry for sessions rejected because of client certificates 

•

Filtering on in-memory SSL session log 

•

Support for SSL in fragmented TCP 

•

Save management network configuration when installing a system update

•

Display BIOS and BMC versions on user interface

Issues Resolved

The following issues were resolved in Version 3.6.3:

•

Fixed mechanism that applies policy to IP fragments.

•

Fixed case sensitivity of CN-list matching.

•

Fixed bug in packet header cloning, which would have affected ACK 

generation.

•

Fixed bug in passive mode reassembly logic, which caused “stalls” on 

sessions with large certificates.

•

Only cache SSL sessions with useful information (i.e. do not cache non-

inspected session if certificate is not valid).

•

Fixed potential segfault in IP fragment handler.

•

Fixed TCP stalls for cut-through rules in inline modes.

•

Capture generated ACKs in debug PCAPs.

•

Added dropbox.com to list of unsupported sites.

•

Fixed potential segfault in platform status API.