Description:
[Version No.]
V4.5R90F06.sp03
[Source Version]
V4.5R90F06, V4.5R90F06.sp01, or V4.5R90F06.sp02
[Target Version]
V4.5R90F06.sp03
[Matching Versions of Collaborative Devices]
NTA: V4.5R90F02 to V4.5R90F06.sp02
ADS M: V4.5R90F06.sp03
ADBOS: V4.5R90F06.sp03
[Function Changes]
1. JA4 and JA4S fingerprint templates are added for SSL/TLS keyword checking.
2. Smart identification is added for carpet bombing protection.
Function changes in V4.5R90F06.sp02:
1. The heartbeat API now also sends hardware status information.
2. The manual traffic diversion rules support one-click operations.
3. The MTU can be configured for a GRE tunnel.
4. The Policy page is easier to use.
5. UDP sessions can be checked.
6. The number of group-specific ACL rules is increased.
7. IP addresses on a manual allowlist will not be subject to pattern matching rules, IP and group rate limiting, or other policies.
8. The botnet & IP behavior control policy provides more granular traffic statistics.
9. Protocols of a port channel can be synchronized.
10. Time sequence check rules can be configured for the 3-SeqCheck SYN protection algorithm.
11. Trust association is added to a UDP protection policy.
12. The Trust Scope can be set to Group.
Function changes in V4.5R90F06.sp01:
1. Attack logs now show proxy IP address and payload data.
2. Restoration of default configurations and deletion of all logs can be done on the console of ADS.
3. The SNMPGET command obtains the device name.
4. The TI database can be updated via a proxy.
[Fixed Bugs]
ADS-57935 [Blocklist] In most cases, concurrent addition of entries to the blocklist through the web API will fail.
ADS-58492 [Collaboration with ADBOS] Sometimes, data reported in short intervals contains errors. Occasionally, an empty archive is sent.
ADS-58499 [ADS_SNMP] Abnormal values are provided in the case of the SNMP agent failing to send memory data in an unsolicited manner.
ADS-58558 [BGP Routing Parameters] When the neighbor parameter passive is set to yes and eBGP Multihop is empty, applying the configuration results in an error.
ADS-58583 [Traffic Statistics] Incorrect TCP traffic statistics reported to ADSM after ACK attack packets are dropped.
Fixed bugs in V4.5R90F06.sp02:
ADS-57881 [ADS_manual diversion] The web-based manager is stuck for a long time when the traffic of /8 IPv4 addresses is manually diverted.
ADS-57893 [SNMP] On a device with hard disks, the disk usage obtained through SNMP is 0, which is inconsistent with the value shown on the Real-Time Monitoring page.
ADS-57944 Disk status is in red by mistake.
ADS-58252 The system memory usage is exhausted by accumulated XML files.
ADS-58300 After successive system upgrades, one rollback, and system restart, a system exception occurs.
ADS-58310 [ADS_blocklist] A global blocklist file imported and saved occasionally fails to load after immediate system restart.
ADS-58315 After a formal license expires, vADS no longer provides protection due to failure to send authentication requests to the cloud.
Fixed bugs in V4.5R90F06.sp01:
ADS-57716 [ADS_injection route] In the case of primary-secondary injection routes, the IP address can be pinged, but the injection route occasionally shows block.
ADS-57827 [ADS] Enabling HTTPS algorithms occasionally crashes SSL and cfeapp.
ADS-57843 [Route] The long-uptime device fails to learn MPLS labels.
[Web API Interface Change Description]
1. For carpet bombing protection, smart_switch is added for load, setup, and add actions.
2. For SSL/TLS keyword checking, more template options are added for load, setup, and add actions, and new parameters check_type, fingerprint_result, and fingerprint_original are added.
Web API interface changes in version V4.5R90F06.sp02:
1. Parameters related to UDP trust association, UDP session check, and time sequence check rules for the 3-SeqCheck SYN protection algorithm are added to the defenderGroup and defenderGroupTemplate interfaces.
2. Parameters are added to the load and sync actions under the flagset interface.
3. Parameters are added to the search action under the trustStatus interface.
Web API interface changes in version V4.5R90F06.sp01:
1. The parameters for the load action under the NTI interface are modified.
[Important Notes]
None.
- END -
|