[Version No.]
V4.5R90F05.sp02

[Source Version]
V4.5R90F05,V4.5R90F05.sp01

[Target Version]
V4.5R90F05.sp02

[Matching Versions of Collaborative Devices]
NTA: V4.5R90F02 to V4.5R90F05SP01
ADS M: V4.5R90F05.sp03

[Function Changes]
1. The global and group-specific DNS subdomain allowlists are added.
2. The DNS CNAME algorithm is improved.
3. The NPAI interface is upgraded.
4. The primary and secondary NTP servers can be configured.
5. The NTP clock synchronization interval can be configured.
6. The primary and secondary RADIUS servers can be configured.

Function changes in V4.5R90F05SP01:
1. The group-specific allowlist is added, and the global allowlist supports more operations.
2. SSL/TLS keyword checking rules are added.
3. The user name admin can be renamed.
4. The NTI module is subject to a separate license.
5. The NTI database provides a special DDoS threat intelligence package.

[Fixed Bugs]
ADS-55413 [Syslog] The syslog logs still show Beijing time after a new time zone is used. The log time is inconsistent with the system time.
ADS-55412 [SNMP] An error occurred during import of an MIB library file to the CentOS system.
ADS-55242 [IP address configuration] No IP address is added to the loopback interface after the correct IP address is configured and ADS is restarted, causing MBGP connection failure.
ADS-55241 [System user] The user name admin should also meet the requirements of Min User Name Length specified in login security settings.
ADS-55240 [Collaboration] Failed to divert traffic after a diversion notification is received from NTA.
ADS-55093 [Pattern matching rules] The IP identification field in an IPv4 header can be configured up to 65536. Matched packets are not dropped.
ADS-55079 [Web] The URL to obtain an NTI update file is always https://update.nsfocus.com/, which points to a Chinese web page instead of an English page.
ADS-55078 [Web] The URL from which the system update file can be obtained should vary with models.
ADS-55077 [Web] An incorrect message is given on the NTI page when the license does not contain the TI module. The message should be deleted.
ADS-55072 [Protection group auto-learning] During the auto-learning of a protection group, when the system is changed to one year ago, the traffic_ctl process is down.

Fixed bugs in V4.5R90F05SP01:
ADS-54072 After Password Strength Check is enabled, the system is stuck on the Change Initial Password page when the new password fails the length check.
ADS-54087 [ADS_lacp] After LACP is configured between ADS and a Juniper device, the first port of ADS in the port channel cannot be aggregated.
ADS-54098 [System upgrade] After the upgrade package is uploaded and before the Start Upgrade button is clicked, the System Upgrade page exits and the upgrade cannot be saved.
ADS-54126 [WEB] Access control rules are incorrectly filtered by destination IP or source IP address.
ADS-54369 [Manual diversion] Failed to divert traffic for an IPv6 address upon successful establishment of a BGP neighbor and an effective injection route.
ADS-54735 [ADS_cfeapp] Particular IPv6 packets with a next header field cause cfeapp exception and restart.
ADS-54746 [Attack logs] An error indicating incorrect date format occurs in the course of downloading attack logs.
ADS-54747 [web] Failed to download logs of a specific month, with an error indicating incorrect date format.
ADS-54824 [Link status logs] Only the logs of the current page are downloaded when multiple pages of logs exist.

[Web API Interface Change Description]
1. The parameters for load, add, setup, and sync actions under the defenderGroup interface are modified.
2. The parameters for load, add, setup, and sync actions under the defenderGroupTemplate interface are modified.
3. The dnsAllowList interface is added.

Web API interface change description in V4.5R90F05SP01:
1. The parameters for load, add, setup, and sync actions under the defenderGroup interface are modified.
2. The parameters for load, add, setup, and sync actions under the defenderGroupTemplate interface are modified.
3. Parameters for all actions under the whitelist interface are modified. This interface now supports add, delete, import_progress, and download_import_result actions.
4. The TlsFilter interface is added.

[Important Notes]
None.

- END -

[Version No.]
V4.5R90F05.sp01

[Source Version]
V4.5R90F05

[Target Version]
V4.5R90F05.sp01

[Matching Versions of Collaborative Devices]
NTA: V4.5R90F05
ADSM: V4.5R90F05.sp01

[Function Changes]
1. The group-specific allowlist is added, and the global allowlist supports more operations.
2. SSL/TLS keyword checking rules are added.
3. The user name admin can be renamed.
4. The NTI module is subject to a separate license.
5. The NTI database provides a special DDoS threat intelligence package.

[Fixed Bugs]
ADS-54072 After Password Strength Check is enabled, the system is stuck on the Change Initial Password page when the new password fails the length check.
ADS-54087 [ADS_lacp] After LACP is configured between ADS and a Juniper device, the first port of ADS in the port channel cannot be aggregated.
ADS-54098 [System upgrade] After the upgrade package is uploaded and before the Start Upgrade button is clicked, the System Upgrade page exits and the upgrade cannot be saved.
ADS-54126 [WEB] Access control rules are incorrectly filtered by destination IP or source IP address.
ADS-54369 [Manual diversion] Failed to divert traffic for an IPv6 address upon successful establishment of a BGP neighbor and an effective injection route.
ADS-54735 [ADS_cfeapp] Particular IPv6 packets with a next header field cause cfeapp exception and restart.
ADS-54746 [Attack logs] An error indicating incorrect date format occurs in the course of downloading attack logs.
ADS-54747 [web] Failed to download logs of a specific month, with an error indicating incorrect date format.
ADS-54824 [Link status logs] Only the logs of the current page are downloaded when multiple pages of logs exist.

[Web API Interface Change Description]
1. The parameters for load, add, setup, and sync actions under the defenderGroup interface are modified.
2. The parameters for load, add, setup, and sync actions under the defenderGroupTemplate interface are modified.
3. Parameters for all actions under the whitelist interface are modified. This interface now supports add, delete, import_progress, and download_import_result actions.
4. The TlsFilter interface is added.

[Important Notes]
None.

- END -

[Version No.]
V4.5R90F05

[Source Version]
V4.5R90F04.sp05,V4.5R90F04.sp06

[Target Version]
V4.5R90F05

[SHA256SUM]
8a45cb62515546cc031754ddd155dd856c86ac88d2397ce5c4274db725fdf83e

[Matching Versions of Collaborative Devices]
NTA: V4.5R90F02 to V4.5R90F05
ADS M: V4.5R90F05

[Function Changes]
1. The protection capability against zombie hosts is improved.
2. ADS now can defend against HTTPS attacks without decrypting HTTPS packets.
3. Programmable rules are added.
4. Carpet bombing can be defended against.
5. The maximum number of connection exhaustion protection rules is increased to 512.
6. [CLI] Destination IP addresses can be prioritized for traffic statistics.
7. The group traffic statistics can be exported to an XML file.
8. The sampling ratio can be set for capturing packets.
9. More parameters can be set for a rate-triggered automatic packet capture task.
10. [CLI] The erase times of the CF card can be read.
11. New model ADS 20000 is supported.
12. An email remainder is sent when the license is about to expire.
13. The fingerprint analysis can be configured for captured files.
14. The main menu of the console-based manager is clearer.
15. The manual traffic diversion is improved.
16. The cluster configuration synchronization is optimized.
17. The cluster protocol synchronization is optimized.

[Fixed Bugs]
ADS-52690 [Cluster synchronization] Failed to synchronize custom user permissions in the ADS cluster.
ADS-52913 [Blocklist] The IP address is not verified in a blocklist query.
ADS-52947 [Web API log] No traffic diversion log is generated after a manual traffic diversion on web API.

[Web API Interface Change Description]
The parameters for load, add, setup, and sync actions under the defenderGroup interface are modified.
2. The parameters for load, add, setup, and sync actions under the defenderGroupTemplate interface are modified.
3. Parameters are added for create and edit actions under the capture interface.
4. Parameters are added for edit_on_attack_events and load_on_attack_events actions under the autocapture interface.
5. The parameters for create and edit actions under the autocapture interface are modified.
6. The PreferredController interface is added.
7. The SegScanController interface is added.
8. The AdversarialRules interface is added.
9. The license information can be obtained through the heart interface.

[Important Notes]
None.

- END –