| Description:
[License Type]
NX5-HD3500
[Source Version]
V4.5R01M01SP11C621
[Target Version]
V4.5R90F06
[Matching Versions of Collaborative Devices]
ADS: V4.5R90F06
ADSM: V4.5R90F06
TAT: V2.0.0
MF: V4.5R90F01SP08,V4.5R90F01SP09,V4.5R90F01SP10
[Function Description]
1. Functions of NTA-DFI and NTA-DPI are incorporated into one device.
2. NTA can be switched between NTA-DFI and NTA-DPI modes.
3. NTA-DPI does not display any router-related information.
4. Remote assistance is optimized.
5. License expiration warnings are added.
6. Threat intelligence can be uploaded.
7. Description is added to the interface list.
8. Interfaces can be marked as favorites.
9. The web-based manager shows the power supply status.
10. A URL for upgrading NTI outside of China is provided.
11. Expired licenses cannot be imported.
12. IP-specific statistics configuration is ported to the console and CLI.
13. Exception IP addresses can be configured for IP groups.
14. LDAP authentication can work for Windows.
15. User-defined SNMP locations are supported.
16. Contact information is updated on English web pages..
17. Normalization of traffic statistics.
18. The HTTP slow attack detection is added for regions and IP groups in the DPI mode.
19. The IP segment attack detection is added for regions and IP groups.
20. The sampling ratio of packet capture is configurable in the DPI mode.
21. A mail reminder is provided when the license is about to expire.
22. A system user now can be authenticated by password + email.
23. The device security is improved.
24. The online help is now available.
25. The user name of admin can be changed.
26. Touchpoint specifications are updated to include after-sales implementation specifications, new indicative information on the System Upgrade page, and introduction to functional modules not covered by the license.
27. TI time can be independently controlled.
28. The system will not automatically restart upon a license update.
29. The alert allowlist supports custom periods of time.
30. A secondary NTP server is allowed.
31. The DDoS attack report provides information about allowed IP addresses.
32. A secondary RADIUS server is allowed.
33. The lockout time can be set in minutes for accounts locked due to too many failed login attempts.
34. Alert logs sent via syslog provide information about peak values of traffic.
35. Support for network segment-based DDoS attack detection for regions, IP groups, and the global scope.
36. Support for netmask/prefix length customization for network segment-specific diversion.
37. Support for sending of power status information via SNMP traps.
38. The NSFOCUS logo is added on the login page.
39. Third-party interfaces are optimized.
40. The A interface is upgraded.
41. Known bugs are fixed.
(1)NTA-12536 [DPI] When HTTP flood traffic initiated by xddos exceeds the SYN flood threshold and triggers a related alert, no HTTP flood alert is reported.
(2)NTA-12488 [A device produced in the production center cannot have port 50022 opened for SSH access] Port 50022 cannot be used for SSH access on the web-based manager.
(3)NTA-11666 [HTTP slow attack] A link to NTI is provided (not removed as expected) in the source IP information of HTTP slow attack alerts.
(4)NTA-12539: After password strength checking is enabled, the password error message displayed for an invalid password does not provide complete information of special characters.
(5)NTA-12537: Resetting access control settings does not work after the settings are configured and saved.
(6)NTA-11906 [Cloud-side authentication] After manual selection of cloud-side authentication and the authorization status changes from unauthorized to authorized, a message is displayed, providing information different from what has actually happened.
(7)NTA-11655 [Logo] The product logo is missing in the upper-left corner of pages of the web-based manager.
(8)NTA-13117: When configuring BGP FlowSpec settings, users can set passwords although the Encryption check box is cleared.
[Important Notes]
1. The web-based manager is inaccessible during system updating.
2. All engines are stopped during system updating.
3. After updating is complete, users need to refresh the web page as prompted.
4. During the upgrade, it is normal that the web-based manager displays an error message "502 Bad Gateway" or directly denies your access request.
Please refresh the web-based manager 5 minutes later, and then check Product Version in About. If the version is V4.5R90F06, the upgrade succeeds.
|