TippingPoint Threat Protection System 5.3.2 公開のお知らせ：サポート情報 : トレンドマイクロ＠累積修正っぽいのかなぁ

TippingPoint Threat Protection System 5.3.2 公開のお知らせ：サポート情報 : トレンドマイクロ

TippingPoint Threat Protection System 5.3.2 が以下の通り公開されました。

■公開開始日
2020年11月10日 (火)
機能等の詳細につきましては以下のRelease Notes(英語)をご覧ください。
Threat Protection System 5.3.2 Release Notes
■入手方法
Trend Micro TippingPoint Threat Management Center(TMC)からアップグレード用のモジュールやドキュメントをダウンロード
することができます。
※ログインには TMC アカウントが必要です。
■導入手順
導入手順につきましてはOnline Help Centerからダウンロードできるインストールガイドやユーザーガイドをご参照ください。
※ドキュメントは全て英語です。
サポート情報 : トレンドマイクロ

Important notes

This release is supported on vTPS, 440T, 2200T, 1100TX, 5500TX, 8200TX, and 8400TX devices.

If you are upgrading from an earlier, nonsequential TOS, refer to the release notes of any interim releases for additional enhancements.

All TPS devices must be running a minimum of v5.3.0 before installing this version. Learn more.

Use SMS v5.3.0 and later to manage a TPS device with this release.

TippingPoint recommends any users requiring SSL Inspection to upgrade to this release.

https://docs.trendmicro.com/all/tip/tps/v5.3.2/en-us/TPS_532_Release_Notes.pdf

Release Contents

Description Reference

This release repairs an SMB flow issue in which Trust actions were slow to complete on 8200TX and 8400TX devices. TIP-56512

Attempts to contact the peer device during TRHA no longer cause the system to freeze. TIP-56762

Statistics from the following commands are now included in TSRs to help diagnose SSL issues:
• show ssl-inspection congestion – includes the average number of SSL
connections per second, the number of current SSL connections (and the device limit), and whether SSL sessions that exceed the device limit are not inspected or blocked.
• show system statistics fast-path TIP-56125

SSL connections that were not closed properly and did not give any notification would persist indefinitely. With this release, the connection will be dropped after a specified interval (60 seconds is the default). To configure this interval, contact TippingPoint product support. TIP-56189

A stability issue in HTTP Response Processing has been repaired. TIP-56954

Idle SSL connections can now be identified, reported and cleared out. This prevents increasing concurrent connections that are not really being used. If an SSL Inspection reached Critical threshold message is displayed in the system log, and users cannot modify their topology or application to close connections more reliably, they can contact TippingPoint product support to enable this SSL proxy idle timeout feature, which is disabled by default. TIP-56250

https://docs.trendmicro.com/all/tip/tps/v5.3.2/en-us/TPS_532_Release_Notes.pdf

Description	Reference
This release repairs an SMB flow issue in which Trust actions were slow to complete on 8200TX and 8400TX devices.	TIP-56512
Attempts to contact the peer device during TRHA no longer cause the system to freeze.	TIP-56762
Statistics from the following commands are now included in TSRs to help diagnose SSL issues: • show ssl-inspection congestion – includes the average number of SSL connections per second, the number of current SSL connections (and the device limit), and whether SSL sessions that exceed the device limit are not inspected or blocked. • show system statistics fast-path	TIP-56125
SSL connections that were not closed properly and did not give any notification would persist indefinitely. With this release, the connection will be dropped after a specified interval (60 seconds is the default). To configure this interval, contact TippingPoint product support.	TIP-56189
A stability issue in HTTP Response Processing has been repaired.	TIP-56954
Idle SSL connections can now be identified, reported and cleared out. This prevents increasing concurrent connections that are not really being used. If an SSL Inspection reached Critical threshold message is displayed in the system log, and users cannot modify their topology or application to close connections more reliably, they can contact TippingPoint product support to enable this SSL proxy idle timeout feature, which is disabled by default.	TIP-56250

Known issues

Description Reference

Because congestion visibility is enabled by default, if you had it disabled in v5.3.1, you must manually disable it again after an upgrade to v5.3.2. TIP-56634

In some rare cases, link-down synchronization can cause both sides of a segment to remain down or cause a port to be up when it should be down. You can rectify these situations by restarting the device and the ports. TIP-57408

https://docs.trendmicro.com/all/tip/tps/v5.3.2/en-us/TPS_532_Release_Notes.pdf

Description	Reference
Because congestion visibility is enabled by default, if you had it disabled in v5.3.1, you must manually disable it again after an upgrade to v5.3.2.	TIP-56634
In some rare cases, link-down synchronization can cause both sides of a segment to remain down or cause a port to be up when it should be down. You can rectify these situations by restarting the device and the ports.	TIP-57408