［製品情報］ TippingPoint Security Management System 5.5.0 / TippingPoint Threat Protection System 5.5.0 公開のお知らせ：サポート情報 : トレンドマイクロ＠累積修正のアップグレード版がリリース

[製品情報] TippingPoint Security Management System 5.5.0 / TippingPoint Threat Protection System 5.5.0 公開のお知らせ：サポート情報 : トレンドマイクロ

TippingPoint Security Management System 5.5.0 / TippingPoint Threat Protection System 5.5.0 が以下の通り公開されました。

■公開開始日
2021年8月16日 (月)
機能等の詳細につきましては以下のRelease Notes(英語)をご覧ください。

TippingPoint Security Management System 5.5.0 Release Note

TippingPoint Threat Protection System 5.5.0 Release Note

■入手方法
Trend Micro TippingPoint Threat Management Center(TMC)からアップグレード用のモジュールやドキュメントをダウンロード
することができます。
※ログインには TMC アカウントが必要です。
■導入手順
導入手順につきましてはOnline Help Centerからダウンロードできるインストールガイドやユーザーガイドをご参照ください。
※ドキュメントは全て英語です。
サポート情報 : トレンドマイクロ

Important notes

This release is supported on vTPS, 440T, 2200T, 1100TX, 5500TX, 8200TX, and 8400TX devices.

If you are upgrading from an earlier, nonsequential TOS, refer to the release notes of any interim releases for additional enhancements.

All TPS devices must be running a minimum of v5.4.0 before installing this version. Learn more.

Use SMS v5.5 and later to manage a TPS device with this release. SMS v5.5 upgrades are only supported from an SMS installed with SMS v5.3.0. Attempts to upgrade from an older release will return an error. If the error message is blank, check the SMS system log for the complete message.

https://docs.trendmicro.com/all/tip/tps/v5.5.0/en-us/TPS_55_Release_Notes.pdf

Release Contents

Description Reference

The network performance of SMB and TLS (non-decrypted) traffic has been improved.
Contact support prior to removing manual traffic bypass actions to ensure that ongoing performance needs are met. TIP-50715

You can now configure your device to send notifications when it crosses a performance threshold so you can proactively monitor usage and address issues before they impact users.You can monitor the current throughput utilization, the maximum values of the current throughput usage, and the actual licensed throughput with this new command:
show np throughput-utilization
You can clear the maximum values of the current throughput usage with this new command:
clear np throughput-utilization-max
Learn more about these commands in the Command Line Interface Reference. TIP-56177

The TPT-NPSTATS-MIB has been updated to include five new objects for throughput usage information, including:
・Current throughput
・Current percentage of licensed throughput
・Licensed throughput
・Highest throughput level reach since the last clear or reboot
・Maximum seen percentage of the licensed throughput since the last clear or reboot
Learn more in the Threat Protection System MIBs Guide. TIP-35469

An issue in which interprocess communications related to health statistics resulted in errors in some rare cases has been fixed in this release. TIP-49034

Browser support for the LSM no longer includes Netscape. Users who are using Internet Explorer should transition to Microsoft Edge before Internet Explorer is retired on June 15, 2022. SEG113378

An OpenSSL vulnerability (CVE-2021-3449) that caused TPS appliances to enter Layer-2 Fallback (L2FB) mode and stop inspecting network traffic has been repaired in this release.
To learn more, refer to the security bulletin. TIP-64383

An issue affecting 8x00TX platforms has been corrected in which application filters were not completely evaluated. This caused the defined action to not be taken or notifications to not be sent. TIP-62730

A group of debug np commands are now available as corresponding show commands
(described below) to allow a device user with operator privileges to execute these commands
(debug commands require superuser privileges).
show np congestion Show congestion breakdown
show np diagx Show low level network processor counters
detail Show more detail drops Show more detail including per-port drops
show np stats show
fqStats Flow queue statistics
dpk Data plane statistics
npTcpReas dpk TCP reassembly statistics
show np regex-stats Show regular expression statistics
show np regex show
count Maximum number of entries to show (default 10)
maximum Sort by maximum time (default)
average Sort by average time
evaluations Maximum number of entries to show (default 10)
matches Sort by number of matches
total Sort by total time TIP-57260

https://docs.trendmicro.com/all/tip/tps/v5.5.0/en-us/TPS_55_Release_Notes.pdf

Description	Reference
The network performance of SMB and TLS (non-decrypted) traffic has been improved. Contact support prior to removing manual traffic bypass actions to ensure that ongoing performance needs are met.	TIP-50715
You can now configure your device to send notifications when it crosses a performance threshold so you can proactively monitor usage and address issues before they impact users.You can monitor the current throughput utilization, the maximum values of the current throughput usage, and the actual licensed throughput with this new command: show np throughput-utilization You can clear the maximum values of the current throughput usage with this new command: clear np throughput-utilization-max Learn more about these commands in the Command Line Interface Reference.	TIP-56177
The TPT-NPSTATS-MIB has been updated to include five new objects for throughput usage information, including: ・Current throughput ・Current percentage of licensed throughput ・Licensed throughput ・Highest throughput level reach since the last clear or reboot ・Maximum seen percentage of the licensed throughput since the last clear or reboot Learn more in the Threat Protection System MIBs Guide.	TIP-35469
An issue in which interprocess communications related to health statistics resulted in errors in some rare cases has been fixed in this release.	TIP-49034
Browser support for the LSM no longer includes Netscape. Users who are using Internet Explorer should transition to Microsoft Edge before Internet Explorer is retired on June 15, 2022.	SEG113378
An OpenSSL vulnerability (CVE-2021-3449) that caused TPS appliances to enter Layer-2 Fallback (L2FB) mode and stop inspecting network traffic has been repaired in this release. To learn more, refer to the security bulletin.	TIP-64383
An issue affecting 8x00TX platforms has been corrected in which application filters were not completely evaluated. This caused the defined action to not be taken or notifications to not be sent.	TIP-62730
A group of debug np commands are now available as corresponding show commands (described below) to allow a device user with operator privileges to execute these commands (debug commands require superuser privileges). show np congestion Show congestion breakdown show np diagx Show low level network processor counters detail Show more detail drops Show more detail including per-port drops show np stats show fqStats Flow queue statistics dpk Data plane statistics npTcpReas dpk TCP reassembly statistics show np regex-stats Show regular expression statistics show np regex show count Maximum number of entries to show (default 10) maximum Sort by maximum time (default) average Sort by average time evaluations Maximum number of entries to show (default 10) matches Sort by number of matches total Sort by total time	TIP-57260

To ensure that you have the latest versions of product documentation, visit the Online Help Center.

If you are upgrading from an earlier version, refer to the release notes of any interim releases for additional enhancements.

If your SMS system is operating in High Availability (HA) mode, you must break HA and upgradeeach SMS independently before re-establishing your SMS HA cluster.

SMS v5.5 upgrades are only supported from an SMS installed with SMS v5.3.0 or later. Attempts to upgrade from an older release will return an error.

The time required to upgrade will vary based on the version from which you are upgrading and the quantity of data to migrate. Learn more.

https://docs.trendmicro.com/all/tip/sms/v5.5.0/en-us/SMS_55_Release_Notes.pdf

Release contents

Description Reference

The network performance of SMB and TLS (non-decrypted) traffic has been improved.
Contact support prior to removing manual traffic bypass actions to ensure that ongoing
performance needs are met. TIP-50715

Integrate your SMS server with Vision One to get the most security value out of your SMS deployment. This integration leverages Vision One’s superior threat detection technology to help protect your network from suspicious objects, including known malicious or potentially malicious domains, IP addresses, or URLs. Learn more about integrating with Vision One in the SMS User Guide. TIP-63828

Using the SMS web management console, you can use RESTful APIs to access SMS functionality (Help > Tools and Resources > SMS REST API Online Help).
Using new APIs in this release, you can now export all enabled and disabled filters and corresponding CVEs for a profile to audit and assess if appropriate security controls are in place.
Using new APIs in this release, you can now retrieve all user defined reputation entries. TIP-64097
TIP-62723
TIP-52354

SMS administrators can now assign segments to groups when adding a new device, and add descriptions to segments and segment groups to capture the network configuration or describe the segments within the group. They can also provide extended descriptions up to 2048 characters for profiles to capture and audit profile changes. TIP-59314
TIP-56393
TIP-56394
TIP-57257

When using nested device groups, SMS administrators now have full path visibility for a device and can use the left hand navigation tree to locate a device. TIP-55001

SMS now sends a notification when a device has not been associated with a license.
You can also navigate to the Devices tab to identify those devices without a license, and view the current utilization of licensed devices to determine those nearing the limit. TIP-46736
TIP-35469

A user with operator role capabilities can now view:
- secondary NTP server settings on the Device summary page
- read-only device configurable settings TIP-56395
TIP-27659

A banner message is now displayed on an SMS that is configured for HA and is passive,indicating that console access is disabled. TIP-63714
TIP-31346

Additional SMBv3 support was added for exporting SMS backups, profiles, and reports. Reports now can be successfully exported to an SMB share containing subdirectories. TIP-62429
TIP-54956

Disk partition sizes are now properly increased when the disk is dynamically expanded on a vSMS. TIP-54547

An issue affecting 8x00TX platforms has been corrected in which application filters were not completely evaluated. This caused the defined action to not be taken or notifications to not be sent. TIP-62730

The maximum number of active sessions for AD, RADIUS, and TACACS are now enforced. If you reach the maximum number of active sessions, your login will fail. TIP-56667

An issue in which Filter Taxonomy Criteria was not populating has been corrected. Criteria repopulation requires that you activate the Digital Vaccine and restart the SMS client. TIP-63626

An issue causing filters with special characters to display incorrectly has been corrected. TIP-49259

With v5.5, displaying charts with large amounts of historical data no longer takes several minutes; charts appear within seconds. TIP-49359

Although the limit of 5 concurrent packet traces is enforced, new packet traces can now be started if no more than 4 packet traces are actively running. Previously, under certain conditions, when the total number of packet traces started since the device was booted reached 5, additional packet traces could not start until the device was rebooted, even if no packet traces were actively running. TIP-63585

Intermittent backup failures resulting in a Mysql backup write error message no longer occur. TIP-63031

When you change the Device Port Stats polling interval, SMS now calculates the proper value for the amount of data input or output to a segment. TIP-59429

The SMS now uses Named IP addresses if a match is found when configuring Host IP Filters, SNMP Settings, Remote Syslog, Servers, Time Settings, and sFlow. This does not occur for newly managed devices. TIP-56661

Device hostname is now included among the information that the SMS uploads to the TMC. This enables License Manager to identify devices by name. TIP-65151
SEG-41243

https://docs.trendmicro.com/all/tip/sms/v5.5.0/en-us/SMS_55_Release_Notes.pdf

Description	Reference
The network performance of SMB and TLS (non-decrypted) traffic has been improved. Contact support prior to removing manual traffic bypass actions to ensure that ongoing performance needs are met.	TIP-50715
Integrate your SMS server with Vision One to get the most security value out of your SMS deployment. This integration leverages Vision One’s superior threat detection technology to help protect your network from suspicious objects, including known malicious or potentially malicious domains, IP addresses, or URLs. Learn more about integrating with Vision One in the SMS User Guide.	TIP-63828
Using the SMS web management console, you can use RESTful APIs to access SMS functionality (Help > Tools and Resources > SMS REST API Online Help). Using new APIs in this release, you can now export all enabled and disabled filters and corresponding CVEs for a profile to audit and assess if appropriate security controls are in place. Using new APIs in this release, you can now retrieve all user defined reputation entries.	TIP-64097 TIP-62723 TIP-52354
SMS administrators can now assign segments to groups when adding a new device, and add descriptions to segments and segment groups to capture the network configuration or describe the segments within the group. They can also provide extended descriptions up to 2048 characters for profiles to capture and audit profile changes.	TIP-59314 TIP-56393 TIP-56394 TIP-57257
When using nested device groups, SMS administrators now have full path visibility for a device and can use the left hand navigation tree to locate a device.	TIP-55001
SMS now sends a notification when a device has not been associated with a license. You can also navigate to the Devices tab to identify those devices without a license, and view the current utilization of licensed devices to determine those nearing the limit.	TIP-46736 TIP-35469
A user with operator role capabilities can now view: - secondary NTP server settings on the Device summary page - read-only device configurable settings	TIP-56395 TIP-27659
A banner message is now displayed on an SMS that is configured for HA and is passive,indicating that console access is disabled.	TIP-63714 TIP-31346
Additional SMBv3 support was added for exporting SMS backups, profiles, and reports. Reports now can be successfully exported to an SMB share containing subdirectories.	TIP-62429 TIP-54956
Disk partition sizes are now properly increased when the disk is dynamically expanded on a vSMS.	TIP-54547
An issue affecting 8x00TX platforms has been corrected in which application filters were not completely evaluated. This caused the defined action to not be taken or notifications to not be sent.	TIP-62730
The maximum number of active sessions for AD, RADIUS, and TACACS are now enforced. If you reach the maximum number of active sessions, your login will fail.	TIP-56667
An issue in which Filter Taxonomy Criteria was not populating has been corrected. Criteria repopulation requires that you activate the Digital Vaccine and restart the SMS client.	TIP-63626
An issue causing filters with special characters to display incorrectly has been corrected.	TIP-49259
With v5.5, displaying charts with large amounts of historical data no longer takes several minutes; charts appear within seconds.	TIP-49359
Although the limit of 5 concurrent packet traces is enforced, new packet traces can now be started if no more than 4 packet traces are actively running. Previously, under certain conditions, when the total number of packet traces started since the device was booted reached 5, additional packet traces could not start until the device was rebooted, even if no packet traces were actively running.	TIP-63585
Intermittent backup failures resulting in a Mysql backup write error message no longer occur.	TIP-63031
When you change the Device Port Stats polling interval, SMS now calculates the proper value for the amount of data input or output to a segment.	TIP-59429
The SMS now uses Named IP addresses if a match is found when configuring Host IP Filters, SNMP Settings, Remote Syslog, Servers, Time Settings, and sFlow. This does not occur for newly managed devices.	TIP-56661
Device hostname is now included among the information that the SMS uploads to the TMC. This enables License Manager to identify devices by name.	TIP-65151 SEG-41243