TippingPoint Security Management System 5.5.2 / TippingPoint Threat Protection System 5.5.2 が以下の通り公開されました。
- TippingPoint Security Management System 5.5.2 Release Note：サポート情報 : トレンドマイクロ
- TippingPoint Threat Protection System 5.5.2 Release Note：サポート情報 : トレンドマイクロ
Trend Micro TippingPoint Threat Management Center(TMC)からアップグレード用のモジュールやドキュメントをダウンロード
※ログインには TMC アカウントが必要です。
導入手順につきましてはOnline Help Centerからダウンロードできるインストールガイドやユーザーガイドをご参照ください。
■製品サポートサポート情報 : トレンドマイクロ
Security Management System Release Notes Version 5.5.2
Description Reference When a traffic management filter that includes both IPv4 and IPv6 addresses fails, the resulting error message now effectively communicates the reason for the failure. TIP-63627
An issue preventing the SMS from closing SMB connections properly caused the SMB server to run out of connections so that the SMS could not connect to it. This issue has been fixed. TIP-65904
When you use the SMS to configure SSL client or server inspection, adding ports to one of the decryption services (such as HTTP, IMAP, and POP3) sometimes resulted in the decryption service incorrectly being set to “other”. This issue has been fixed. TIP-69425 An issue that caused SMS nightly backups to inflate to a problematic size has been resolved. TIP-63629 The SMS can now reorder reputation filters that have inherited configurations with inconsistent ordering. TIP-70147
This release resolves an issue with the DNS lookup of the hostname on the SMS server. TIP-69313
When you import a profile that uses security filters with inconsistent DV toolkit mapping, an Unable to return filters error no longer occurs. TIP-70099
An issue with DNS name validation prevented some items from being imported during a reputation user entry import. TIP-68168 SEG-107926 The SMS no longer hinders attempts to add new entries to the Host IP Filters table. TIP-68049
You can now configure the thresholds that trigger a throughput alert. To configure the values, click the device and select Device Configuration > License Utilization Threshold Settings. TIP-39430https://docs.trendmicro.com/all/tip/sms/v5.5.2/en-us/SMS_552_Release_Notes.pdf
Description Reference 1G fiber module does not support auto-negotiation. SMS will currently report auto-negotiation as enabled; however, any changes from SMS, LSM, or CLI will not take effect. TIP-66924 Attempts to upgrade from a release earlier than v5.3.0 result in an error message. If the error message is blank, check the SMS system log for the entire error message. TIP-47930 Performing a backup and restore of the SMS database will not preserve Filter Performance Correlation data. TIP-42709 SSL inspection cannot occur when web mode is enabled. By default, web mode is disabled. TIP-64243 The Edit Bulk action does not remove tag categories from user-provided Reputation entries.To remove tag categories from an entry, go to Profiles > Reputation Database > Search Entries, search for an entry, select entries in the search results, and click Edit. The search results display the first 10,000 entries. If you are modifying more than 10,000 entries, you must repeat this procedure. When searching for URL entries, the search results table will not automatically refresh. Click Search to refresh the table. TIP-37913 Certain naming configurations could trigger a condition that causes profile distributions to fail. To prevent failures, make sure that the names of your profiles, segments, virtual segments, and certificates are less than 55 characters. TIP-45073
The SMS web management console shows the incorrect time zone only when set to GMT +/-00:30 time zones. For the correct time, refer to the SMS Client console. TIP-33377 The SMS does not activate a Digital Vaccine package when it contains a significant number of malware tags for a filter. TIP-33378 When you attempt to distribute too many TLS/SSL certificates to a device, the resulting error message incorrectly specifies CA certificates as the problem. TIP-44753 When you remove a CA certificate used for authentication from the SMS Authentication CA certificate list—for example, when you delete the authentication configuration from the SMS—the CA certificate is also deleted from the device. If this same CA certificate was distributed to a device as part of the SSL server certificate chain, the device would have an SSL server with a missing CA certificate in its SSL certificate chain. TIP-44645
Threat Protection System Release Notes Version 5.5.2
Description Reference This release fixes an issue that caused an Unable to fetch ips-profile list to validate configuration system log message. TIP-67191
After upgrading to v5.5.0, some customers experienced unexpected packet blocks for filter 7704, which triggered further transmissions. This issue is fixed in this release. TIP-70597
This release fixes a rare task crash that some devices experienced during high traffic load while processing a TLS handshake. TIP-69516
Some devices failed to provide any SNMP interface statistics, and SNMP statistics for 40 GB IOMs were not handling unpopulated interfaces in an IOM slot correctly. This issue is fixed in this release. TIP-65670
This release fixes an issue that caused some customers to report unexplainable license utilization statistics. TIP-70454 The maximum transmission unit (MTU) increased from 9050 to 9234 bytes on the 1100TX,5500TX, 8200TX, and 8400TX models. TIP-70557https://docs.trendmicro.com/all/tip/tps/v5.5.2/en-us/TPS_552_Release_Notes.pdf
Description Reference Performing a system shutdown on a 2200T device using the SMS or the CLI causes the system to reboot instead of keeping the system powered down. SEG-115592 When you insert a 40 Gbps bypass module (BIOM) into a TX-Series TPS device that has not been upgraded to at least TOS v5.2.0, the module health status LED indicates that the module has experienced a fault (solid amber). To recover from this state:
1. Upgrade the device to TOS v5.2.0 or later.
2. After the upgrade, perform a full reboot of the device.
3. Disable bypass on all BIOMs by selecting the normal option:
• SMS: From the Device menu, click the device and select Device
Configuration -> HA (High Availability) -> Zero Power HA.
• LSM: Select System -> High Availability -> Zero-Power HA.
• CLI: high-availability zero-power (bypass｜normal)
TIP-33655 SSL inspection cannot occur when web mode is enabled. By default, web mode is disabled. TIP-64243 1G fiber module does not support auto-negotiation. SMS will currently report auto-negotiation as enabled; however, any changes from SMS, LSM, or CLI will not take effect. TIP-66924 For optimal performance of URL filtering and other memory intensive features running on a vTPS in Normal mode, configure 16 GB of RAM. TIP-33876 In rare occurrences, the TPS does not decrypt sites and the connection will be blocked. If this occurs for sites that must be accessed, navigate to Profiles > Shared Settings > SSL > Client > Decryption Policies > Domains on your SMS and specify those sites in the do-notdecrypt list. TIP-45656
Deploying a vTPS in Performance mode fails when using version 6.7 of the ESXi Hypervisor. Workaround: To successfully complete a deployment in Performance mode using ESXi 6.7,follow these steps:
1. Deploy the vTPS in Normal mode.
2. Shut down the vTPS virtual appliance. If the appliance is managed, you can also shut it down from the SMS client by right-clicking the device on the Devices page and selecting Edit > Device Configuration.
3. Configure the vTPS parameters to 6 vCPUs and 16 GB memory.
4. Reboot the vTPS virtual appliance. The SMS automatically recognizes the resource allocation and changes to Performance mode.
5. Examine the output of the show version command to confirm that the device is now running in Performance mode.
SEG-76770 System logs do not indicate when the state of a transceiver changes. TIP-39167 The TPS presents an untrusted certificate warning for some websites because it cannot verify the certificate chain. Administrators of these websites might not be aware that their sites are not configured with a proper certificate chain, since most browsers have developed ways to automatically work around this issue. Consider the following options for accessing such a website:
• Use mechanisms specific to your browser to bypass the Untrusted certificate warning (for example, add an exception or proceed to the site anyway)
• Have your administrator manually download an intermediate certificate, upload it to your device, and add it the Trust Store on your SMS.
• Consider providing feedback to the website to inform its administrators that their site employs a misconfigured certificate chain.