| Description:
[SHA256SUM]
77e04a12dad5dd63ffe2f97f6d7f65eccf4156afdf20821454e5811971a9dfe4
[Software Package Version No.]
V4.5R90F03
[Source Version]
V4.5R90F02,V4.5R90F02.sp01,V4.5R90F02.sp01.C236,V4.5R90F02.sp01.C236.HD,V4.5R90F02.sp02,V4.5R90F02.sp03,V4.5R90F02.sp04,V4.5R90F02.sp05,V4.5R90F02.sp06,V4.5R90F02.sp07,V4.5R90F02.sp04.HD8500,V4.5R90F02.sp04.12000,V4.5R90F02.sp04.12000v2
[Target Version]
V4.5R90F03
[Matching Versions of Collaborative Devices]
NTA: V4.5R90F02,V4.5R90F02.sp01,V4.5R90F02.sp02,V4.5R90F02.sp03,V4.5R90F02.sp04,V4.5R90F02.sp05,V4.5R90F02.sp06,V4.5R90F02.sp07,V4.5R90F03
ADSM: V4.5R90F03
[Function Changes]
1. HTTP2 protection is added.
2. TCP reflection protection is added.
3. DNS response protection is added.
4. Malformed HTTP packets can be blocked.
5. The transmission rate of fragments can be restricted.
6. The SYN retransmission time sequence algorithms support custom time sequences.
7. Blacklists specific to protection groups can be added.
8. The default protection group module replaces the default anti-DDoS policy module.
9. The VLAN-preferred diversion and injection function is added.
10. BGP routes accept custom router IDs.
11. The contact information is updated.
12. Configuration files cannot be imported to devices across models, versions, or running modes.
13. The Congo GMT+1 time zone is added.
14. The number of protection groups subject to auto-learning is increased to 15.
15. Fragment specific to protection groups can be added.
[Fixed Bugs]
ADS-49282 [blacklist]: For a newly produced device, if the blacklist function is enabled on a command-line interface, the web-based manager shows that both the blacklist and proxy monitoring are enabled. Actually, only the blacklist is enabled and proxy monitoring is still disabled.
ADS-49264 [system user management] After a user enables the CLI user account, routerman, clicks Save, and restarts the device, the user cannot log in to the system remotely via this account.
ADS-49262 [cloud authentication]: The system cannot monitor the A interface process when NSFOCUS cloud is disabled.
ADS-48625 [manual traffic diversion]: When there are 50 route daemons, the Cancel and OK buttons cannot be properly displayed.
ADS-25715 [BGP] When BGP configurations are modified, ADS does not dispatch the peer router the diversion route for the IP address involved in ongoing diversion. As a result, on the peer router, there is no BGP route for the IP address in question.
ADS-25697 [statistics of events triggered by protection policies ] If tens of thousands of events are generated, it takes about 10 seconds to open the Protection Event Statistics page under Logs > Protection Logs.
ADS-25696 [ICMP protection policy]: Once ICMP packets are sent at a constant rate to cause ICMP flood attacks, a few packets are found to pass through the ADS device when ICMP protection is triggered.
ADS-25682 [configuration import]: Importing configuration files may cause the system to fail due to the lack of version check on the files.
ADS-25512 [working interface] When the user runs the ifconfig command after the device is started, the command returns information of some interfaces, instead of all interfaces.
ADS-25399 [advanced functions for injection]: After injection route redundancy is enabled, ADS does not revoke the diversion route dispatched by NTA when detecting that the injection route is unreachable.
ADS-48441 [URL-ACL rules]: For attack packets matching URL-ACL rules with the action of Monitor+blacklist, their source IP addresses cannot be added to the blacklist.
ADS-49414 [protection group]: When the HTTP JavaScript algorithm is configured, the device hangs when receiving 1514-byte HTTP GET packets.
ADS-49603: [injection route] For an ADS cluster, the master device still regularly synchronizes injection route configurations to the standby devices even if no changes are made to such configurations.
ADS-48337 [management interface access control]: Frequent rule additions, changes, or deletions may lead to duplicate rules in iptables.
ADS-48429 [management port access control]: When the default management interface access control rule is configured to block all IP addresses, ADS needs to resolve the domain names (including the domain name of the SNMP server) specified on the UI into IP addresses and adds these addresses to the whitelist. However, the management interface access rule that forbids all IPv6 addresses fails to be dispatched to the system.
ADS-50017 [HTTP protection policy]: Something wrong with auto-updating the Verification code of HTTP JavaScript algorithm.
[Important Notes]
If the update fails, check whether the protection group named default_protection_group exists. If yes, change the protection group name or delete the group before updating the system again.
|