Description:
[Version No.]
V4.5R90F06
[Source Version]
V4.5R90F05, V4.5R90F05.sp01, V4.5R90F05.sp02, or V4.5R90F05.sp03
[Target Version]
V4.5R90F06
[Matching Versions of Collaborative Devices]
NTA: V4.5R90F02 to V4.5R90F06
ADS M: V4.5R90F06
ADBOS: V4.5R90F06
[Function Changes]
1. The SSD firmware version can be displayed via CLI.
2. The IP of protection groups supported by the ADS NX5-HD8500 model is increased to 524,287.
3. A BGP neighbor can be configured to work in active (Passive Mode set to No) or passive (Passive Mode set to Yes) mode.
4. Allowed access IP addresses can be configured for SNMP agents.
5. The Server Name Indication parameter is added for a SSL/TLS keyword checking rule.
6. For a DNS protection policy, two CNAME protection algorithms (5-DNS_CNAME and 6-DNS_NS&CNAME) are added, and the original 3-DNS_CNAME is renamed to 3-DNS_NS.
7. The HTTPS fingerprint protection policy is added for protection groups.
8. Carpet bombing protection is moved from Anti-DDoS > Protection Groups and Access Control to become an independent element under Anti-DDoS.
9. Both the global and group-specific DNS subdomain allowlists support auto-learning.
10. Custom information can be added to syslog logs.
11. The built-in bypass function can be controlled via web APIs in the in-path mode.
12. The PCAP files obtained from an attack-triggered packet capture task can be directly uploaded to ADS M.
13. The policy configured for a protection group can be saved as a group policy template.
14. When an IP address included in a new protection group is in use by another protection group, it can be automatically added to the exception IP list of that group.
15. The SSD/CF card status is now displayed on the web-based manager.
16. The web-based manager is easier to use.
[Fixed Bugs]
ADS-52605 [ADS_manual diversion] A manual diversion rule dispatched by ADS for specific IP addresses in a subnet contains neither the network address nor broadcast address when viewed on the router.
ADS-54768 [SNMP] HA logs are sent via SNMP traps at the specified frequency, regardless of no new log.
ADS-55245 [SNMP trap] Power value shown in SNMP traps is incorrect.
ADS-54847 [ak4] On the interface card of 4 x 1000M electrical port + 4 x 1000M optical port, the optical ports are incorrectly displayed as electrical ports.
ADS-55439 [Blocklist] Failed to add, query, or delete an IP address starting with 0, with an error indicating incorrect format.
ADS-56474 [Protection group] Failed to delete a protection group that has been created before the engine starts.
ADS-56503 [Protection group-specific ACL] Failed to create ACL rules in the case that only the default protection group exists, with an error indicating the IP address is in use by another protection group.
ADS-57401 [Cluster synchronization] The injection routes repeatedly synchronize in a cluster.
ADS-57661 [Protection group] If the total number of IP addresses in protection groups is large, adding or deleting IP addresses takes a longer time than expected.
[Web API Interface Change Description]
1. The parameters for load, add, setup, and sync actions under the defenderGroup interface are modified.
2. The parameters for load, add, setup, and sync actions under the defenderGroupTemplate interface are modified.
3. The parameters for load_on_attack_events and edit_on_attack_events actions under the autocapture interface are modified.
[Important Notes]
If carpet bombing protection is enabled and effective for groups, but disabled for a specific group before the upgrade, the default carpet bombing protection rule is disabled after the upgrade. In this case, new carpet bombing protection rules should be configured as required.
- END -
|