Примечания к выпуску для Cisco Cisco ASA 5555-X Adaptive Security Appliance - No Payload Encryption
5
Release Notes for Cisco ASDM, Version 6.2(x)
OL-18973-03
New Features
Enabling Call Set up
Between H.323
Endpoints
Between H.323
Endpoints
You can enable call setup between H.323 endpoints when the Gatekeeper is inside the network. The
adaptive security appliance includes options to open pinholes for calls based on the
RegistrationRequest/RegistrationConfirm (RRQ/RCF) messages.
adaptive security appliance includes options to open pinholes for calls based on the
RegistrationRequest/RegistrationConfirm (RRQ/RCF) messages.
Because these RRQ/RCF messages are sent to and from the Gatekeeper, the calling endpoint IP
address is unknown and the adaptive security appliance opens a pinhole through source IP
address/port 0/0. By default, this option is disabled.
address is unknown and the adaptive security appliance opens a pinhole through source IP
address/port 0/0. By default, this option is disabled.
The following screen was modified: Configuration > Firewall > Objects > Inspect Maps > H.323 >
Details > State Checking.
Details > State Checking.
Also available in Version 8.0(5).
Unified Communication Features
Mobility Proxy
application no longer
requires Unified
Communications Proxy
license
application no longer
requires Unified
Communications Proxy
license
The Mobility Proxy no longer requires the UC Proxy license.
Interface Features
In multiple context
mode, auto-generated
MAC addresses now use
a user-configurable
prefix, and other
enhancements
mode, auto-generated
MAC addresses now use
a user-configurable
prefix, and other
enhancements
The MAC address format was changed to allow use of a prefix, to use a fixed starting value (A2),
and to use a different scheme for the primary and secondary unit MAC addresses in a failover pair.
and to use a different scheme for the primary and secondary unit MAC addresses in a failover pair.
The MAC addresess are also now persistent accross reloads.
The command parser now checks if auto-generation is enabled; if you want to also manually assign
a MAC address, you cannot start the manual MAC address with A2.
a MAC address, you cannot start the manual MAC address with A2.
The following screen was modified: Configuration > Context Management > Security Contexts.
Also available in Version 8.0(5).
Support for Pause
Frames for Flow Control
on the ASA 5580 10
Gigabit Ethernet
Interfaces
Frames for Flow Control
on the ASA 5580 10
Gigabit Ethernet
Interfaces
You can now enable pause (XOFF) frames for flow control.
The following screens were modified:
(Single Mode) Configuration > Device Setup > Interfaces > Add/Edit Interface > General
(Multiple Mode, System) Configuration > Interfaces > Add/Edit Interface
(Multiple Mode, System) Configuration > Interfaces > Add/Edit Interface
Firewall Features
Botnet Traffic Filter
Enhancements
Enhancements
The Botnet Traffic Filter now supports automatic blocking of blacklisted traffic based on the threat
level. You can also view the category and threat level of malware sites in statistics and reports.
Reporting was enhanced to show infected hosts. The 1 hour timeout for reports for top hosts was
removed; there is now no timeout.
level. You can also view the category and threat level of malware sites in statistics and reports.
Reporting was enhanced to show infected hosts. The 1 hour timeout for reports for top hosts was
removed; there is now no timeout.
The following screens were introduced or modified:
Configuration > Firewall > Botnet Traffic Filter > Traffic Settings
Monitoring > Botnet Traffic Filter > Infected Hosts
Monitoring > Botnet Traffic Filter > Infected Hosts
Connection timeouts for
all protocols
all protocols
The idle timeout was changed to apply to all protocols, not just TCP.
The following screen was modified: Configuration > Firewall > Service Policies > Rule Actions >
Connection Settings.
Connection Settings.
Routing Features
Table 2
New Features for ASA Version 8.2(2)/ASDM Version 6.2(5) (continued)
Feature
Description