EdgeIPS 1.1.7 公開のお知らせ：サポート情報 : トレンドマイクロ＠累積修正と新機能の追加って感じかな。

EdgeIPS 1.1.7 公開のお知らせ：サポート情報 : トレンドマイクロ

EdgeIPS 1.1.7 を以下の通り公開いたしました。
■公開開始日
2020年09月04日 (金)
■新機能
EdgeIPS 1.1.7 の新機能等につきましては Release Note（英語）をご覧ください。
■入手方法
Download Center からファームウェア更新用パッケージをダウンロードすることができます。
■導入手順
導入手順につきましては Online Help Center からダウンロードできる管理者ガイド（英語）をご参照ください。
■製品サポート
製品に関してご不明な点がございましたら、製品をご購入された販売代理店までお問合せください。
サポート情報 : トレンドマイクロ

A. Support Features

[New Feature] - Active Query supported in “Visibility Page > Asset View”.

[New Feature] - IPS Profile (Rule Editing) supported in “Object Profiles > IPS Profiles”.

[New Feature] - New OT protocols and options below are supported in “Object Profiles > Protocol Filter Profiles.”

Added OT protocols support (Basic Settings) - SECS/GEM and IEC61850-MMS

Added OT protocols support (Advanced Settings) - CIP, Siemens S7COMM,Siemens S7COMM PLUS, SLMP, MELSOFT, and TOYOPUC.

Added “Drop Malformed” for strictly packet format checking.

The maximum profile number increases from 16 to 32.

[New Feature] - New options below added in “Security > Policy Enhancement”

New object types support - IPS profile (New) and protocol filter profiles (New OTProtocols).

Added VLAN support (Up to 5 VLAN ID).

The maximum rule number increases from 64 to 512.

B. Improvement

[Enhancement] - New design of web console.

[Enhancement] - OT protocol monitoring available in offline mode.

[Enhancement] - The maximum capacity concurrent session increases from 10,000 to30,000.

[Enhancement] - Firmware downgrade feature supported.

[Enhancement] - LEEF log format supported.

[Enhancement] - New log information supported.

Cyber Security Logs: Interface, Attacker and VLAN ID

Policy Enforcement Logs: VLAN ID

Protocol Filter Logs: VLAN ID and Interface

[Enhancement] – Configuration interface of date and time is optimized in “Administration > System Time”.

C. Bug Fix

[TXN-1763] - [CPU high utilization] After IPS connected to ODC, IPS CPU utilization spikes.

[TXN-1769] - asset_store has fd leakage

D. Known Issues

[TXN-1743] - Show maintenance page in short time after upgrade from 1.0.8 to 1.1.5.

[TXN-1760] - ODC 1.0.x can apply config to IPS devices w/ new 1.1.x FW.

[TXN-1767] - Command/function category of the OT protocols will get wrong mapping when IPS 1.1 uses the previous pattern of which the version < 200723_15.

E. Software Limitation

Policy enforcement cannot block ICMP rules based on the reversed direction.

EdgeIPS doesn’t support VLAN QinQ traffic.

Active Query of assets in inline mode

The subnets of MGMT and data MUST be the same.

Service ports are fixed for detection: MODBUS (TCP: 502), CIP (TCP: 44818),FINS (TCP: 9600) and SMB (TCP: 445).

The queried asset MUST be a server and can send back expected responses to EdgeIPS according to our query commands.