TippingPoint Security Management System 5.5.0 / TippingPoint Threat Protection System 5.5.0 が以下の通り公開されました。
■公開開始日
2021年8月16日 (月)機能等の詳細につきましては以下のRelease Notes(英語)をご覧ください。
- TippingPoint Security Management System 5.5.0 Release Note
- TippingPoint Threat Protection System 5.5.0 Release Note
■入手方法
Trend Micro TippingPoint Threat Management Center(TMC)からアップグレード用のモジュールやドキュメントをダウンロード
することができます。
※ログインには TMC アカウントが必要です。■導入手順
サポート情報 : トレンドマイクロ
導入手順につきましてはOnline Help Centerからダウンロードできるインストールガイドやユーザーガイドをご参照ください。
※ドキュメントは全て英語です。
https://docs.trendmicro.com/all/tip/tps/v5.5.0/en-us/TPS_55_Release_Notes.pdfImportant notes
This release is supported on vTPS, 440T, 2200T, 1100TX, 5500TX, 8200TX, and 8400TX devices.
- If you are upgrading from an earlier, nonsequential TOS, refer to the release notes of any interim releases for additional enhancements.
- All TPS devices must be running a minimum of v5.4.0 before installing this version. Learn more.
- Use SMS v5.5 and later to manage a TPS device with this release. SMS v5.5 upgrades are only supported from an SMS installed with SMS v5.3.0. Attempts to upgrade from an older release will return an error. If the error message is blank, check the SMS system log for the complete message.
https://docs.trendmicro.com/all/tip/tps/v5.5.0/en-us/TPS_55_Release_Notes.pdfRelease Contents
Description Reference The network performance of SMB and TLS (non-decrypted) traffic has been improved.
Contact support prior to removing manual traffic bypass actions to ensure that ongoing performance needs are met.TIP-50715 You can now configure your device to send notifications when it crosses a performance threshold so you can proactively monitor usage and address issues before they impact users.You can monitor the current throughput utilization, the maximum values of the current throughput usage, and the actual licensed throughput with this new command:
show np throughput-utilization
You can clear the maximum values of the current throughput usage with this new command:
clear np throughput-utilization-max
Learn more about these commands in the Command Line Interface Reference.TIP-56177 The TPT-NPSTATS-MIB has been updated to include five new objects for throughput usage information, including:
・Current throughput
・Current percentage of licensed throughput
・Licensed throughput
・Highest throughput level reach since the last clear or reboot
・Maximum seen percentage of the licensed throughput since the last clear or reboot
Learn more in the Threat Protection System MIBs Guide.TIP-35469 An issue in which interprocess communications related to health statistics resulted in errors in some rare cases has been fixed in this release. TIP-49034 Browser support for the LSM no longer includes Netscape. Users who are using Internet Explorer should transition to Microsoft Edge before Internet Explorer is retired on June 15, 2022. SEG113378 An OpenSSL vulnerability (CVE-2021-3449) that caused TPS appliances to enter Layer-2 Fallback (L2FB) mode and stop inspecting network traffic has been repaired in this release.
To learn more, refer to the security bulletin.TIP-64383 An issue affecting 8x00TX platforms has been corrected in which application filters were not completely evaluated. This caused the defined action to not be taken or notifications to not be sent. TIP-62730 A group of debug np commands are now available as corresponding show commands
(described below) to allow a device user with operator privileges to execute these commands
(debug commands require superuser privileges).
show np congestion Show congestion breakdown
show np diagx Show low level network processor counters
detail Show more detail drops Show more detail including per-port drops
show np stats show
fqStats Flow queue statistics
dpk Data plane statistics
npTcpReas dpk TCP reassembly statistics
show np regex-stats Show regular expression statistics
show np regex show
count Maximum number of entries to show (default 10)
maximum Sort by maximum time (default)
average Sort by average time
evaluations Maximum number of entries to show (default 10)
matches Sort by number of matches
total Sort by total timeTIP-57260
To ensure that you have the latest versions of product documentation, visit the Online Help Center.
https://docs.trendmicro.com/all/tip/sms/v5.5.0/en-us/SMS_55_Release_Notes.pdf
- If you are upgrading from an earlier version, refer to the release notes of any interim releases for additional enhancements.
- If your SMS system is operating in High Availability (HA) mode, you must break HA and upgradeeach SMS independently before re-establishing your SMS HA cluster.
- SMS v5.5 upgrades are only supported from an SMS installed with SMS v5.3.0 or later. Attempts to upgrade from an older release will return an error.
- The time required to upgrade will vary based on the version from which you are upgrading and the quantity of data to migrate. Learn more.
https://docs.trendmicro.com/all/tip/sms/v5.5.0/en-us/SMS_55_Release_Notes.pdfRelease contents
Description Reference The network performance of SMB and TLS (non-decrypted) traffic has been improved.
Contact support prior to removing manual traffic bypass actions to ensure that ongoing
performance needs are met.TIP-50715 Integrate your SMS server with Vision One to get the most security value out of your SMS deployment. This integration leverages Vision One’s superior threat detection technology to help protect your network from suspicious objects, including known malicious or potentially malicious domains, IP addresses, or URLs. Learn more about integrating with Vision One in the SMS User Guide. TIP-63828 Using the SMS web management console, you can use RESTful APIs to access SMS functionality (Help > Tools and Resources > SMS REST API Online Help).
Using new APIs in this release, you can now export all enabled and disabled filters and corresponding CVEs for a profile to audit and assess if appropriate security controls are in place.
Using new APIs in this release, you can now retrieve all user defined reputation entries.TIP-64097
TIP-62723
TIP-52354SMS administrators can now assign segments to groups when adding a new device, and add descriptions to segments and segment groups to capture the network configuration or describe the segments within the group. They can also provide extended descriptions up to 2048 characters for profiles to capture and audit profile changes. TIP-59314
TIP-56393
TIP-56394
TIP-57257When using nested device groups, SMS administrators now have full path visibility for a device and can use the left hand navigation tree to locate a device. TIP-55001 SMS now sends a notification when a device has not been associated with a license.
You can also navigate to the Devices tab to identify those devices without a license, and view the current utilization of licensed devices to determine those nearing the limit.TIP-46736
TIP-35469A user with operator role capabilities can now view:
- secondary NTP server settings on the Device summary page
- read-only device configurable settingsTIP-56395
TIP-27659A banner message is now displayed on an SMS that is configured for HA and is passive,indicating that console access is disabled. TIP-63714
TIP-31346Additional SMBv3 support was added for exporting SMS backups, profiles, and reports. Reports now can be successfully exported to an SMB share containing subdirectories. TIP-62429
TIP-54956Disk partition sizes are now properly increased when the disk is dynamically expanded on a vSMS. TIP-54547 An issue affecting 8x00TX platforms has been corrected in which application filters were not completely evaluated. This caused the defined action to not be taken or notifications to not be sent. TIP-62730 The maximum number of active sessions for AD, RADIUS, and TACACS are now enforced. If you reach the maximum number of active sessions, your login will fail. TIP-56667 An issue in which Filter Taxonomy Criteria was not populating has been corrected. Criteria repopulation requires that you activate the Digital Vaccine and restart the SMS client. TIP-63626 An issue causing filters with special characters to display incorrectly has been corrected. TIP-49259 With v5.5, displaying charts with large amounts of historical data no longer takes several minutes; charts appear within seconds. TIP-49359 Although the limit of 5 concurrent packet traces is enforced, new packet traces can now be started if no more than 4 packet traces are actively running. Previously, under certain conditions, when the total number of packet traces started since the device was booted reached 5, additional packet traces could not start until the device was rebooted, even if no packet traces were actively running. TIP-63585 Intermittent backup failures resulting in a Mysql backup write error message no longer occur. TIP-63031 When you change the Device Port Stats polling interval, SMS now calculates the proper value for the amount of data input or output to a segment. TIP-59429 The SMS now uses Named IP addresses if a match is found when configuring Host IP Filters, SNMP Settings, Remote Syslog, Servers, Time Settings, and sFlow. This does not occur for newly managed devices. TIP-56661 Device hostname is now included among the information that the SMS uploads to the TMC. This enables License Manager to identify devices by name. TIP-65151
SEG-41243