AlteonOS-30 0 15 0-RN

AlteonOS
RELEASE NOTES
Version 30.0.15.0
October 22, 2018
TABLE OF CONTENTS
CONTENT ..................................................................................................................................................... 5
RELEASE SUMMARY .................................................................................................................................. 5
SUPPORTED PLATFORMS AND MODULES ............................................................................................ 5
UPGRADE PATH ......................................................................................................................................... 5
Before Upgrade ...................................................................................................................................... 6
Image Upload Procedure ........................................................................................................................ 6
Upgrade Considerations ......................................................................................................................... 7
General Considerations ................................................................................................................... 7
Upgrading from a Version Earlier than version 30.0.5.0 .................................................................. 8
ADC VX Upgrade Considerations .................................................................................................... 8
Alteon VA Installation/Upgrade Considerations ............................................................................... 8
After Upgrade ......................................................................................................................................... 9
Downgrade ............................................................................................................................................. 9
WHAT’S NEW ............................................................................................................................................. 10
New in Version 30.0.6.0 ....................................................................................................................... 10
OpenSSL Upgrade to 1.0.1q .......................................................................................................... 10
OpenSSL Upgrade to 1.0.1 ............................................................................................................ 10
Enhanced NTLMv2 Authentication for HTTPS Health Checks ...................................................... 10
New in Version 30.0.4.0 ....................................................................................................................... 10
APM Beacons via the Alteon Management Port ............................................................................ 10
Recommended APM Connectivity of APSolute Vision/APM with Alteon 30.0.4 ............................ 11
New in Version 30.0.2.0 ....................................................................................................................... 12
Alteon 8420 Platform Support ........................................................................................................ 12
New in Version 30.0.1.0 ....................................................................................................................... 13
Alteon 5208 Platform Supported in Version 30.x ........................................................................... 13
Alteon 5208 Extreme XL ................................................................................................................ 13
Layer 4 Filter Classification Based on the User Data Persistency Table ...................................... 13
New in Version 30.0.0.0 ....................................................................................................................... 14
Integrated Web Performance Optimization (FastView) ................................................................. 14
Integrated Web Application Firewall (AppWall) ............................................................................. 15
Integrated Authentication Gateway ................................................................................................ 17
On-device Dashboard .................................................................................................................... 18
Service Status View ....................................................................................................................... 18
Release Notes: AlteonOS version 30.0.15.0, October 22, 2018 Page 2

WHAT’S CHANGED AND/OR MODIFIED ................................................................................................. 19
Changed Features in Version 30.0.8.0 ................................................................................................. 19
Quality and Troubleshooting .......................................................................................................... 19
Application Engine Timeout Made Configurable ............................................................................ 19
Changed Features in Version 30.0.5.100 ............................................................................................. 19
Default Maximum Connections on a Real Server .......................................................................... 19
Configuration Export to Support User-Defined Filename and Path ............................................... 20
Event and Error Counters Command for all Class of Service (COS) Users .................................. 20
Gateway for Health Checks ........................................................................................................... 20
Cookie Insert Mechanism............................................................................................................... 20
Hardware Enhancements............................................................................................................... 21
OCSP Deviation ............................................................................................................................. 21
Cookie Rewrite Persistency via AppShape++ ............................................................................... 21
Enhanced VRRP Syslog Messages Deprecation .......................................................................... 21
SNMP Traps for Cookie Persistency Table ................................................................................... 21
SSL-Related Changes ................................................................................................................... 22
VRRP Same address for PIP and VSR ......................................................................................... 22
Updated OpenSSL version ............................................................................................................ 22
Trap/syslog on VRRP init state ...................................................................................................... 22
VA Minimum Memory Requirement ............................................................................................... 22
GNU Bash ShellShock Vulnerability Fix ........................................................................................ 22
Updated SSL Version..................................................................................................................... 23
Encryption of Passwords and Secrets in Alteon Techdata Files ................................................... 23
Fan Alerts – Critical and Non-critical .............................................................................................. 23
Audit Log Enhancement ................................................................................................................. 23
Enlarge Internal Log Messages ..................................................................................................... 24
Packet Capture File Size................................................................................................................ 24
Changed Features in version 30.0.0.0 ................................................................................................. 24
Default Values Change .................................................................................................................. 24
Cloud Adapted High Availability ..................................................................................................... 25

AppShape++ Enhancements ......................................................................................................... 26
APM Configuration ......................................................................................................................... 26
Throughput License on Alteon 5224 .............................................................................................. 27
Configuration File ........................................................................................................................... 27
vADC Density ................................................................................................................................. 27
GSLB DNS Persistency Enhancements ........................................................................................ 28
SSL-Related Changes ................................................................................................................... 28
Configuration File Name ................................................................................................................ 28
Maintenance Fixes................................................................................................................................ 29
Fixed in 30.0.15.0 ................................................................................................................................. 29
Fixed in 30.0.14.0 ................................................................................................................................. 29
Fixed in 30.0.13.0 ................................................................................................................................. 29
Fixed in 30.0.12.0 ................................................................................................................................. 30
Fixed in 30.0.11.0 ................................................................................................................................. 30
Fixed in 30.0.10.0 ................................................................................................................................. 31
Fixed in 30.0.9.0 ................................................................................................................................... 32
Fixed in 30.0.8.0 ................................................................................................................................... 33
Fixed in 30.0.7.0 ................................................................................................................................... 35
Fixed in 30.0.6.0 ................................................................................................................................... 40
Fixed in 30.0.5.100 ............................................................................................................................... 49
Fixed in 30.0.5.0 ................................................................................................................................... 56
Fixed in 30.0.4.0 ................................................................................................................................... 72
Fixed in 30.0.3.0 ................................................................................................................................... 79
Fixed in 30.0.2.0 ................................................................................................................................... 82
Fixed in 30.0.1.0 ................................................................................................................................... 87
Fixed in 30.0.0.0 ................................................................................................................................... 91
KNOWN LIMITATIONS .............................................................................................................................. 98
Upgrade Limitations .............................................................................................................................. 98
AppWall Limitations .............................................................................................................................. 99
vADC and ADC-VX Limitations ............................................................................................................ 99
Alteon VA Limitations ......................................................................................................................... 100
WBM and APSolute Vision Limitations ............................................................................................... 100
General Limitations ............................................................................................................................. 104
RELATED DOCUMENTATION ................................................................................................................ 110

CONTENT
Radware announces the release of AlteonOS version 30.0.15.0. These release notes describe
the new and changed features introduced in this version. This version is based on version
30.0.14.0.
RELEASE SUMMARY
Release Date: October 23, 2018
Objective: Maintenance software release that solves a number of issues.
SUPPORTED PLATFORMS AND MODULES

This version is supported by the following platforms:
 4408, 4408 XL
 4416
 5208, 5208 XL, 5208 Extreme
 5224, 5224 XL,
 5412, 5412 XL
 6420, 6420 XL, 6420 Extreme
 6420p, 6420p XL, 6420p Extreme
 8420, 8420XL, 8420 Extreme
 Alteon VA running on VMware ESX 5.1 and ESX5.5, KVM, OpenXen and HyperV
For more information on platform specifications, refer to the Radware Alteon Installation and
Maintenance Guide.
This version is supported by APSolute Vision version 3.0 and later.
UPGRADE PATH
You can upgrade to this AlteonOS from AlteonOS versions 26.x, 27.0.x, 28.x, 29.x and 30.x.
General upgrade instructions are found in the Alteon Installation and Maintenance Guide.

Before Upgrade
Important! Before performing an upgrade, back up your current configuration.
When upgrading from a version earlier than 29.0.0.0:
For an ADC-VX environment, due to stricter validation implemented for some scenarios,
Radware recommends performing the following configuration changes before upgrade to
prevent issues that may occur after the upgrade:
a. Alteon version 29.0.x does not allow a mixture of shared and non-shared VLANs on the
same port. Before upgrading, ensure that VLANs added to a port are either all shared or
all non-shared. A mixture of shared and non-shared VLANs on the same port may result
in unapplied configuration settings.
b. Check that the sum of the SSL CPS limits allocated to all vADCs does not exceed the
SSL CPS license. In version 28.1, there was no enforcement of the allocated SSL (CPS)
limit compared to the license. This enforcement was added in Alteon version 29.0.
Therefore, after upgrade to version 29.0 and later, if more than the total allowed SSL
(CPS) is allocated. Alteon disables some of the vADCs to enforce the total amount of
allowed SSL CPS.
For 5412 XL or 5224 XL platforms, due to changes in the default SSL license, identify what SSL
license string is installed before upgrading (using the info/swkey CLI command, or
System > Licensing in BBI).
If the SSL license string is reported as Default, perform the following procedure before
updating the software version:
a. Connect to the Hardware License Generator on the Radware Web site.
b. Generate SSL licenses for the relevant platforms.
c. Install the SSL licenses on the relevant platforms. Do one of the following:
o In standalone mode, install the license on the platform and then proceed with the
software version upgrade.
o In virtualization mode, install the SSL license after the upgrade.
Note: If the overall number of SSLs assigned to the vADCs exceeds the SSL default
license in the upgraded version, some vADCs might be disabled during the upgrade.
If this occurs, you must manually enable the disabled vADC after the SSL license is
installed.
Image Upload Procedure

The AlteonOS 30.0.x image is much larger than its predecessors. To avoid any possible issues
because of this, Radware recommends using one of the following options for upgrading from
versions earlier than 30.0.x:
 Option 1 ─ Upgrade to 30.0.x using the recovery process
 Option 2 ─ One of the following procedures based on the platform environment:

 ADC-VX environments:
o Upload the 30.0.x ADC-VX image.
o Upload the 30.0.x vADC image.
o In rare cases, this upload can fail due to lack of free space on the compact flash. If
this occurs, do the following:
o Boot the ADC-VX with the new image.
o Use the boot/rmimg command to remove inactive versions and free up space
on the compact flash
o Upload the 30.0.x vADC image.
 Standalone devices
o Upload the 30.0.x ADC-VX image.
o Upload 30.0.x vADC image
In rare cases this upload can fail due to lack of free space on the compact flash. If
this occurs, do the following:
o Upgrade to one of the following versions: 28.1.13, 29.0.3, 29.4.4, 29.5.1,30.0.0
o Use the boot/rmimg command to remove inactive versions and free up space on the
compact flash.
o Upload the 30.0 vADC image.
Note: Starting with version Alteon 30.0.4, the combined image is available and it can be used to
upgrade from one of the following versions or later: 28.1.12.10, 29.0.2.10, 29.4.3.10, 29.5.0.10,
30.0.
Upgrade Considerations
General Considerations
 Upgrade from a version prior to 27.0.0.0:
 Radware recommends upgrading using the recovery procedure (see the Radware
Alteon Installation and Maintenance Guide) with the AlteonOS 30.0 recovery file to
ensure that the hard disk, which was not used before version 27.0.0.0, is formatted.
 Once you have upgraded from a version earlier than version 27.0.0.0, rollback
(downgrade) is possible only to version 26.3.0 or later.
 Alteon 5224 requires at least 6GB RAM to run this version properly.
 Alteon 4408 and 4416 requires at least 4GB RAM to run this version properly.
 In Virtualization environment, Alteon 5224 requires 12GB RAM to run this version properly. If
your device only has 6GB RAM, upgrade to 12GB is required before installing this software
version.
 Read Upgrade Limitations before upgrading.

Upgrading from a Version Earlier than version 30.0.5.0
In this version, the health check gateway has been changed to the default gateway (that is,
gateway ID 1 through 4). Because of this, health checks may fail if there is no default gateway.
In a configuration with only VLAN gateways configured, Radware recommends changing one of
the VLAN gateway IDs to 1 through 4 to avoid health check failures.
ADC VX Upgrade Considerations

 When upgrading from versions earlier than 30 installation of ADC-VX 30.0.x requires
upgrading internal components. This process can take up to 15 minutes. Do not interrupt the
process until its completion.
 Hypervisors (ADC-VX) running a particular version (for example, 30.0) only support vADCs
running the same version or later.
Alteon VA Installation/Upgrade Considerations

 The minimum amount of memory required to run Alteon VA has been increased in version
30.0.1.0 to 3 GB RAM. Before upgrading to version 30.0.1.0 or higher, increase the memory
allocation to 3 GB RAM for the virtual machine running Alteon VA. All other requirements
remain unchanged: 4.5 GB hard disk, 1 vCPU, 1 virtual network interface for management,
and 1 virtual network interface for data.
Note: This process is not required if the full deployment package is used (the full installation,
not upgrade).
 Alteon VA with the integrated FastView installation requires a minimum of 2 vCPUs, 6 GB
memory, and 50 GB disk space.
 Upgrade from version 30.0.0.0 to 30.0.x.0 can be performed using the upgrade image.
 Upgrade from a version earlier than 30.0.0.0 requires full VA installation.
 To perform full VA installation:
a. Save the configuration before installing Alteon VA version 30.0.0.0 and upload it after
installation.
b. Follow the Recovery and License Migration procedure detailed in the Radware Alteon
Installation and Maintenance Guide.
 The default configuration has changed starting with Alteon version 29.0.0.0, where VLAN 2
is the default PVID for port 2. This change avoids a loop caused by both ports having
VLAN 1 as the default PVID.
When upgrading from a version earlier than 29.0.0.0, if port 2 used the default PVID 1
before the upgrade, manually set port 2 to use PVID 1 after the upgrade. You may also
need to move some IP interfaces from VLAN 1 to VLAN 2.

 Alteon VA installation on KVM requires that the vhost-net driver is installed. If the KVM host
does not have this driver configured, modifying the configuration with the following
command: /etc/default/qemu-kvm: VHOST_NET_ENABLED=0 to
VHOST_NET_ENABLED=1
After Upgrade
After upgrade, Radware recommends the following procedure to ensure that the configuration
was correctly applied:
If you are using WEB UI, perform CTRL+F5 (it performs deep refresh including force cache
purge for the page). This is required in order to get the most updated screen of the new version.
Perform Apply.
Do one of the following:
a. If the Apply is successful (including a No Apply needed result), perform Save.
b. If the Apply fails (in some rare cases due to enhancements meant to improve
configuration validation, after the upgrade it is possible that some of the configuration is
not accepted), do the following:
Perform the configuration changes required, according to the Apply result.
After the Apply is successful, perform Save.
Note: In very rare cases due to changes in the configuration file structure to support new
features and update current ones, after the upgrade there may appear to be differences
between the saved and running configuration (that is, the diff flash is not empty). To empty
the diff flash, perform any configuration change (for example, cfg/sys/idle X), and then
perform Apply and Save.
When upgrading vADCs from version 28.1, if your configuration includes filters and the
Reverse Session parameter (cfg/slb/filter X/adv/reverse) was left at its default
value (disable), after upgrade due to changes to default values you must manually change
the parameter value to disable.
Downgrade
Configuration rollback (downgrade) is not supported. The configuration should be saved before
upgrading to a newer version. If you perform version rollback, after downgrade upload the saved
configuration.

WHAT’S NEW
This section describes the new features and components introduced in this version on top of
Alteon version 30.0.0.0.
For more details on all features described here, see the Alteon Application Switch Operating
System Application Guide and the Alteon Application Switch Operating System Command
Reference for AlteonOS version 30.0.15.0.
New in Version 30.0.6.0

Starting with Alteon Version 30.0.6.0, note that the software version name also contains the
release build number. For example: AlteonOS-30.0.6.0-5208_rls_10.img instead of AlteonOS-
30.0.6.0-5208.img.
OpenSSL Upgrade to 1.0.1q

OpenSSL on data interfaces was updated to OpenSSL1.0.1q.New in Version 30.0.5.10
OpenSSL Upgrade to 1.0.1

OpenSSL on data and management interfaces was updated to OpenSSL1.0.1p.
Enhanced NTLMv2 Authentication for HTTPS Health Checks

The NTLMv2 authentication with HTTPS health checks on Alteon has been enhanced to also
support NTLMSSP for additional security. When enabled on the real server, the following NTLM
settings now pass the health checks:
 Require NTLMv2 session security
 Require 128-bit encryption
The NTLMSSP option has been added as part of the configuration for the HTTPS health check
authentication: none/basic/ntlm2/ntlmssp

APM Beacons via the Alteon Management Port
Alteon version 30.0.4 route the APM beacons via the Alteon management port. (and not from
the data port as done in previous releases).
This simplifies the topology so that only a single IP routing connectivity is required between
Alteon and APSolute Vision with APM server.
After upgrading from previous Alteon versions to version 30.0.4 with APM configured:

 The APM real server and group that were automatically created are removed from the
configuration as they are no longer needed.
 It is important that you review the network connectivity between Alteon and APSolute Vision,
to make sure that there is a route between the Alteon management port and the APM ports
on APSolute Vision. This depends on the APSolute Vision version, as stated in following
notes:
Notes:
 Starting with version 30.0.4, APM can monitor virtual services with a real server port (rport)
other than 0 or 80.
 APSolute Vision version 3.20 can receive the APM beacons on G1, G2, or G4, depending
on the connectivity. The default is G2.
 APSolute Vision 3.20 support:
 The new APM topology connectivity ─Alteon sends beacons via the Alteon
management port to any APSolute Vision port with an APM server, usually G2 port.
 The previous APM topology connectivity ─Alteon sends beacons to the APM G4 port
via the Alteon data port.
 APSolute Vision 3.0 can receive the APM beacons only on G4 (also, starting with APSolute
Vision 3.0, G1/G4 ports can be defined on the same subnets).
 Refer to APSolute Vision 3.20 Release Notes regarding the new APM support available in
this version.
Recommended APM Connectivity of APSolute Vision/APM with Alteon 30.0.4

Using APSolute Vision/APM version 3.20, routing occurs from the Alteon MNG to the
APSolute Vision G2 port. There is physical isolation between the Alteon MNG port and
APSolute Vision G1 port.
APM Data IP: Vision G2 IP Interface
APM Management IP: Vision G2 IP Interface

Using APSolute Vision/APM 3.00, routing is required from the Alteon MNG to APSolute
Vision G2 and G4 ports. (Note: This deployment is applicable both using Vision 3.00 and
3.20 therefore it supports vision upgrade path without additional rewiring)
APM Data IP: Vision G4 IP Interface
APM Management IP: Vision G2 IP Interface
Alteon 8420 Platform Support

8420 is Radware’s next-generation, carrier-grade application delivery controller (ADC),
providing superior performance coupled with advanced capabilities such as ADC virtualization,
integrated application acceleration, and on-demand scalability needed to effectively meet mobile
carrier and large enterprise data center and network needs.
Featuring a high-speed Layer 4 through 7 proxy, Alteon 8420 provides up to 160 Gbps of
application delivery capacity in a slim 2U form factor. With up to 100 virtual ADC (vADC)
instances and a load of 40GE and 10GE ports, it delivers unparalleled scalability, availability,
agility and performance.

Alteon 8420 supports AppWall and FastView capabilities in its VX mode.
Note: Web Application Security (AppWall and/or Authentication) can be enabled on up to three
(3) vADCs.
Alteon 5208 Platform Supported in Version 30.x

The Alteon 5208 platform was first introduced in version 29.0.3.0.
Starting with version 30.0.1.0, the Alteon 5208 platform is also supported.
Alteon 5208 support AppWall and FastView capabilities in its VX mode.
Note: Web Application Security (AppWall and/or Authentication) can be enabled on up to three
(3) vADCs
Alteon 5208 Extreme XL

The Alteon 5208 XL platform now includes an option to upgrade SSL and compression
performance using an enhanced SSL hardware accelerator (factory installed).
For more information on the performance boost achieved by this upgrade, refer to Alteon data
sheet on the Radware customer portal (www.radware.com).
Layer 4 Filter Classification Based on the User Data Persistency Table

Alteon can now filter traffic based on a new classification value named Class of Service (CoS).
CoS classification is performed by using a direct filter lookup of the user data persistency table.
Example
Assume the following user data table:
IP MSISDN Class of Service AVP 1 AVP 2
1.2.3.4 +4455512345 Silver Pre-paid Youth
2.4.6.8 +4455512345 Gold Post-paid Adult
3.5.7.9 +4455566666 Default_Cos

In this example, you can set the filter to seek a match based on the CoS string values Silver,
Gold, or Default_Cos.
To perform the operations 1) Redirect Gold users, 2) Filter all other known users by NAT, or 3)
Block all other traffic, define the following configuration:
 Set the redirect filter to the CoS value Gold.
 Set the NAT filter to the CoS value Any.
 Set the block filter to all other traffic.
For more information about the new CoS classification and user data table, refer to the Alteon
Application Switch Operating System Application Guide.
Integrated Web Performance Optimization (FastView)

Radware's FastView is a WPO solution that accelerates Web sites and customer-facing Web
applications by up to 40% (with the FastView configuration optimized by Radware Technical
Support services). It transforms front-end optimization (FEO) from a lengthy and complex
process to an automated function performed in real-time, accelerating Web application
response time for any browser, client, or end-user device. FastView is a simple-to-deploy
solution, based on an asymmetrical architecture that does not require any integration into Web
application servers or any client installation on the end user device.
FastView is part of the standard Alteon NG offering, available now as an integrated module with
Alteon 30.0.0.0, complementing and enhancing its ability to offer SLA assurance for Web
applications.
FastView uses various acceleration techniques, such as:
 Browser-specific acceleration
 Resource consolidation
 Landing page optimization
 Granular suite of deferral features
 Auto-learning flow acceleration
 Mobile specific acceleration
As part of the Alteon NG offering, you are entitled to a one-year FastView license for Classic
acceleration. Use the customer license generator to generate your license.
FastView is designed to provide even more acceleration then is available with the Classic
license. However, to fully use this feature's capabilities, Web Performance Optimization (WPO)
expertise is required (setup fee required).
FastView is available for the following form factors:
 Alteon ADC VX, available for Alteon platforms 5412, 5224, 6420, and 6420p (and 5208 from
30.0.1 and 8420 from 30.0.2).

 Alteon VA for VMware.
FastView Module Activation – ADC-VX

To activate the FastView module in and ADC-VX environment:
Upgrade Alteon ADC-VX. ADC-VX must support version 30.0.0.0 or later to allow FastView
licensing and FastView CU allocation in the admin (GA) context.
Add a vADC image version 30.0 or later to the vADC repository.
Make sure the platform is licensed for FastView.
Assign a FastView limit and FastView CUs to the relevant vADC. Most of the FastView
processing is performed within the Traffic Processing (SP) CUs. FastView CUs are used for
FastView offline processing. The minimum number of CUs for a vADC that uses FastView is
2 offline CUs, and the maximum is 8.
FastView Module Activation – Alteon VA

Install the Alteon VA image that includes FastView, and set the FastView license on the
platform.
Configuration Notes
FastView is an integral part of the ADC configuration, just like SSL or compression.
Make sure the FastView global configuration flag is enabled.
FastView configuration elements: FastView Web applications and FastView treatment sets
are now available for configuration from the Alteon WBM.
FastView Web applications can be associated to a virtual service serving HTTP or HTTPS,
or, for granular configuration, to a content rule in an HTTP or HTTPS service.
The FastView configuration is not available from the Alteon CLI. The FastView configuration
is saved in a separate file in XML format. When using Alteon configuration export or import,
a zip file is generated including both the Alteon and FastView configuration files.
Integrated Web Application Firewall (AppWall)

The integrated AppWall solution secures Web applications and enables PCI compliance through
mitigation of Web application security threats and vulnerabilities. It prevents data theft,
manipulation of sensitive corporate data, and protects customer information.
The integrated AppWall provides complete Web Application protection, including:
 ICSA Certified Web Application Firewall
 Full coverage out-of-the-box of OWASP top-10 threats, including injections, cross-site
scripting (XSS), cross-site request forgery (CSRF), broken authentication, and session
management and security misconfiguration.
 Data leak prevention, identifying and blocking sensitive information transmission such as
credit card numbers (CCN) and social security numbers (SSN).

 Zero-day attacks prevention, including positive security profiles limiting the user input only to
the level required by the application to properly function, thus blocking zero day attacks. The
positive security profiles are a proven protection against zero-day attacks.
 Protocol validation – AppWall enables HTTP standards compliance to prevent evasion
techniques and protocol exploits.
 XML and Web services protection – Alteon WAF offers a rich set of XML and Web services
security protections, including XML validity check Web services method restrictions, XML
structure validation to enforce legitimate SOAP messages, and XML payloads.
 Web application vulnerabilities – Signature protection offers the most accurate detection and
blocking technology of Web application vulnerability exploits. The negative security profiles
offer comprehensive attack protection.
The AppWall feature is available in ADC-VX mode only and on the following platforms:
 Alteon 5224 and 5224 XL
 Alteon 6420p and 6420p XL
 Alteon 5208 flavors starting with version 30.0.1
 Alteon 8420 flavors starting with version 30.0.2
Notes:
 On Alteon 5224, and Alteon 6420 and 6420p, Web Application Security (AppWall and/or
Authentication) can be enabled on up to 3 vADCs (also on Alteon 5208 starting with version
30.0.1, and Alteon 8420 starting with 30.0.2). On Alteon 5412 it can be enabled on a single
vADC.
 The following capabilities are not supported in the integrated Web Application Firewall (but
are supported in standalone AppWall):
 Cluster
 ICAP protocol in SafeReply Security Filter
 AppWall monitor mode (Out-of-Path)
 Redundancy for LDAP or Radius
 SNMP traps
 AppWall signaling with DefensePro
 APSolute Vision 2.40 server can be used for AppWall Security Reporting.
Activating AppWall in a vADC

Install the AppWall License on the device (hypervisor).

Allocate the AppWall throughput limit and dedicated capacity units (CUs) for the vADC. The
minimum number of CUs required for Web Application Security (AppWall and/or
Authentication) on any vADC is 2.
Notes:
 The VX hypervisor must run version 30.0 (or higher).
 For Web Application Security, you can allocate two (2), four (4), or multiples of four (4)
CUs.
Enable the AppWall module on the vADC.
Activating AppWall on an HTTP or HTTPS Virtual Service

To activate AppWall on an HTTP or HTTPS virtual service (after AppWall is enabled on the
vADC:
Create a Secure Web Application object. Enable the Web Application and enable the
AppWall feature.
Attach the Secure Web Application to the required virtual service.
After Apply, you can edit the AppWall Security Policies for that Web Application.
Note: This step is available via Alteon WBM only.
Integrated Authentication Gateway

An integrated Authentication Gateway module can be utilized independent of, and in conjunction
with, the AppWall module to create role-based policies.
The Authentication module reduces operational costs by providing centralized and simplified
identity and access to the management infrastructure and offloading of the user authentication
process.
The Authentication Gateway feature is available in ADC-VX mode, only and on the following
platforms:
 Alteon 6420p and 6420p XL
 Alteon 5208 flavors, starting with version 30.0.1
 Alteon 8420 flavors, starting with version 30.0.2
Note: On Alteon 5224, and Alteon 6420 and 6420p, Web Application Security (AppWall and/or
Authentication) can be enabled on up to 3 vADCs (also on Alteon 5208 starting with version
30.0.1, and Alteon 8420 starting with 30.0.2). On Alteon 5412 it can be enabled on a single
vADC.

Activating the Authentication Gateway in a vADC
The Authentication Gateway license for 500 users is available by default. A license for a
greater number of users can be purchased.
Allocate the Authentication Gateway PgPS limit and dedicated capacity units (CUs) for the
vADC. The minimum number of CUs required for Web Application Security (AppWall and/or
Authentication) on any vADC is 2.
Notes:
 The ADC-VX hypervisor must run version 30.0.0.0 or later.
 For Web Application Security, you can allocate two (2), four (4), or multiples of four (4)
CUs.
Enable the Authentication Gateway module on the vADC.
Activating Authentication Gateway on an HTTP or HTTPS Virtual Service

To activate the Authentication Gateway on an HTTP or HTTPS virtual service (after the
Authentication Gateway is enabled on the vADC):
1. Create a Secure Web Application object. Enable the Web Application and enable the
Authentication Gateway feature.
2. Attach the Secure Web Application to the required virtual service.
3. After Apply, you can edit the authentication Security Policies for that Web Application.
Note: This step is available via Alteon WBM only.
On-device Dashboard
The new on-device dashboard provides a graphical view of the platform real-time status,
statistics, and capacity usage, including:
 System dashboard – This displays the real time status of system components such as fans
and temperature, CPU and license capacity utilization, and memory usage.
 vADC dashboard – This displays the CPU and license utilization of the selected vADCs.
The dashboard can be accessed from both the Configuration and Monitoring views via the
Overview menu, opening in new browser pane.
Service Status View

The Service Status view enables monitoring the statuses of all services and drill-downs to real
server statuses, using WBM.
The Service Status can be accessed from both the Configuration and Monitoring views via the
Overview menu.

WHAT’S CHANGED AND/OR MODIFIED
This section describes the changes to existing features and components introduced in version
30.0.0.0 on top of Alteon version 29.5.0.0.
For more details on all described features, refer to the Alteon Application Switch Operating
System Application Guide and the Alteon Application Switch Operating System Command
Reference for AlteonOS version 30.0.14.0.
Changed Features in Version 30.0.8.0
Quality and Troubleshooting

 Console Logging ─ All console output is saved to disk and is exported as part of the
techdata file.
 Configuration Audit log:
 The default value was changed to disable. By default, the configuration audit logs are
not sent to the syslog.
 Configuration audit logs are saved to disk regardless of the configuration audit settings.
The audit log file is exportable as part of the techdata file .
Application Engine Timeout Made Configurable

The Application Engine timed out internally after 90 minutes, causing sessions to disappear. A
new parameter was added to make the Application Engine timeout configurable
(/cfg/slb/adv/proxyage), with a configurable range of 1 second to 24 hours so it can be
considered to continue sessions in a delayed binding forceproxy environment.
Note: The setting is available only through the CLI.
ER ID: prod00239078
Default Maximum Connections on a Real Server

The default value for maximum number of connections that can be supported simultaneously on
a real server (maxcon) has been extended from 200K to unlimited (limited by system capacity).
Note: Before upgrade, if the configured value for maxcon was default of 200K, after the
upgrade, it is changed to 0 (unlimited).
ER ID: US12966

Configuration Export to Support User-Defined Filename and Path

Exporting the configuration from Alteon with a user-defined filename (with the .tgz extension)
and path with the /cfg/ptcfg command has been restored. If you do not include the filename
in the command, an automatic filename is used.
Event and Error Counters Command for all Class of Service (COS) Users
The /stats/counters command is available for all COS users for both Telnet and SSH.
Gateway for Health Checks

In an environment with a default gateway and VLAN gateways configured, if a VLAN gateway is
used to run health checks, MP-generated packets destined for an unknown network (an indirect
static route) use the VLAN gateway as the default route where the preferred method is that they
use only default gateways 1 through 4.
Note: If there are no gateways 1 through 4 defined, the packets are dropped.
Recommendation: In an environment without any default gateway configured, Radware
recommends changing one of the VLAN gateway IDs to 1 through 4.
BUG ID: prod00232653
Cookie Insert Mechanism

The cookie insert mechanism now records each cookie it generates as a persistency entry (p-
entry) in the session table.
Note: The cookie value that appears in the session table is base64 encoded. To retrieve the
actual inserted cookie value for troubleshooting purposes, decode the p-entry value (using a
base64 utility or online tool) and remove the last two characters

Hardware Enhancements
On the 5224, 5208, 6420 and 8420 platforms, the FAN RPM is adjusted based on the CPU
load.
OCSP Deviation
When Alteon was configured with /cfg/slb/ssl/authpol/validity/timedev 3600, the
maximum value, Alteon expected the time of the OCSP response to be maximum one hour
different from Alteon time.
So it was decided to change to following:
1. To enlarge OCSP Max deviation to 2678400 seconds (31 days).
2. 0 would mean that the deviation is not checked at all. (the current behavior, where the client
certificate rejected on any OCSP response deviation from current time on device).
Cookie Rewrite Persistency via AppShape++

When the end-user configured cookie rewrite persistency via AppShape++, the cookie server
response time value was not rewritten, but rather a new one inserted.
The timeout parameter to persistent cookie rewrite/insert/passive was added and the default
expiry was changed to 10 minutes when the expiry was not configured.
Enhanced VRRP Syslog Messages Deprecation

VRRP type 15 (f) is used for VRRP advertisements for enhanced VRRP (VSRs with VRID >
255). If these packets had an invalid length, syslog messages were generated after the packets
were dropped. These syslog messages are no longer generated.
received errored advertisement from <v4 peer>
received error vrrp6 advertisement from <v6 peer>
SNMP Traps for Cookie Persistency Table

In an SLB environment using passive cookie persistency using AppShape++ and content rules,
Alteon terminated new sessions for the virtual service without any notification or trap indicating
the persistency table was full. Three new traps were added to alert the end-user when the
persistency table is at high capacity, full capacity, and normal capacity:
 dataTableCriticalCapacity(1.3.6.1.4.1.1872.2.5.7.0.174)
 dataTableFullCapacity(1.3.6.1.4.1.1872.2.5.7.0.175)
 dataTableNormalCapacity(1.3.6.1.4.1.1872.2.5.7.0.176)

SSL-Related Changes
“RC4-SHA” and “RC4-MD5” are now available for back-end SSL in both “Low” and “Medium”
cipher suite (in pre-30.0 they were available in the Low suite, in 30.0 they were moved to the
Medium and due to field issues from 30.0.4 they are available in both low and medium ).
VRRP Same address for PIP and VSR

From Alteon 30.0.4, the L3/L4 VSR MAC address will not be used for back-end connections.
This is done to solve the following problem: When proxy IP address is configured as VSR
Address, Alteon used L3/L4 VSR MAC address in backend connections to server. As the same
L3/L4 VSR MAC address was used for all VSRs, it leaded to a switch learning the same MAC
address from different ports when two Alteons connected to a switch and one PIP/VSR active in
one Alteon and other PIP/VSR active in other Alteon.
ER: prod00229541
Updated OpenSSL version

OpenSSL was updated in the SP to 1.0.0o and in the MP to 0.9.8.zc to fix the POODLE
(Padding Oracle On Downgrade Legacy Encryption) SSLv3 and TLS vulnerability reported with
CVE: CVE-2014-3566.
For more information, refer to the Security Advisory for this issue.
Trap/syslog on VRRP init state

Alteon will send a trap and syslog for VRRP init state
VA Minimum Memory Requirement

The minimum amount of memory required to run Alteon VA has been increased in version
30.0.1.0 to 3 GB RAM. Before upgrading to version 30.0.1.0, increase the memory allocation to
3 GB RAM for the virtual machine running Alteon VA. All other requirements remain unchanged:
4.5 GB hard disk, 1 vCPU, 1 virtual network interface for management, and 1 virtual network
interface for data.
Note: This process is not required if the full deployment package is used (the full installation, not
upgrade).
GNU Bash ShellShock Vulnerability Fix

The Bash version was updated to fix the GNU ShellShock Bash vulnerability reported with
CVEs CVE-2014-6271 and CVE-2014-7169.
Note: Only Alteon VA was vulnerable and not any other platforms.

The bash version was updated for all Alteon platforms for development maintenance reasons.
For more information, refer to the Security Advisory issued for this issue.
Updated SSL Version

The MP OpenSSL version was updated to 0.9.8za, which includes the fix for CVE-2014-0224.
For more information, refer to June Vulnerabilities Security Advisory.
Encryption of Passwords and Secrets in Alteon Techdata Files

From Alteon 30.0.1.0, all passwords and secrets will now appear encrypted in the techdata
configuration file output.
NFR ID: prod00214470
Fan Alerts – Critical and Non-critical

Fans on Alteon are now identified as either critical or non-critical now supported on all platforms
including 6420. Traps and syslog messages for fan alerts were updated to be sent only on
critical fans:
 When a critical fan fails, a trap and syslog message of Critical severity is sent. When you
receive such a message, you must contact Radware Technical Support immediately.
 When a non-critical fan fails, no trap and syslog message is sent.
The /info/sys/fan command now displays a table with all fans, marked critical or non-
critical along with each fan’s status as operational or failed.
In this case, a non-critical fan is marked as failed, and no action needs to be taken as Alteon
can continue working as expected without its non-critical fans.
Note: The fan LED on the platform turns red even for a non-critical fan failure. Before contacting
Radware Technical Support, Radware recommends inspecting the fan information output to
identify if a critical fan.
Audit Log Enhancement

The audit log messages display has been improved:
 The module name audit has been introduced so that audit messages can be differentiated
from other syslog messages
 Username and (CoS) class of service were added to every audit message, identifying the
user who applied the changes.
 Audit messages have been improved to differentiate between additions, modifications, and
deletion of objects.
 The modify audit message has been improved to also include the from and to parameters
with values.
NFR ID: prod00192716

Enlarge Internal Log Messages
The number of syslog messages displayed to users was increased from 64 to 500 messages.
The logs are cyclically stored on the platform hard disk and are kept after reset.
The /info/sys/log command displays the latest 500 syslog messages. These messages
remain even after a reboot.
 The /info/sys/dump command displays the latest 200 syslog messages.
 Clearing the log (/oper/clrlog) clears all the log messages stored on the platform.
 The WBM and SNMP MIB OID agSyslogMessage (1.3.6.1.4.1.1872.2.5.1.1.5.11.1.2) have
been changed and display 200 syslog messages.
 In the CLI, the /info/sys/slog command has been removed as syslog messages no
longer need to be saved on the platform.
 For internal use, techdata now includes a file with the latest 10,000 syslog messages.
Packet Capture File Size

The Packet Capture file size was increased to 1GB on all platforms beside VA. The file will be
filled in a cyclic way.
Changed Features in version 30.0.0.0
Default Values Change

The default value for a number of parameters was found to be inconsistent with most popular
scenarios, and have been changed in this version to simplify initial device configuration,
including the following:
 The default for the following parameters was changed to enabled:
 SLB (cfg/slb)
 Direct Access Mode (cfg/slb/adv/direct)
 Source MAC substitution (cfg/slb/adv/submac)
 Virtual service statistics (cfg/slb/adv/vstat)
 SSL (cfg/slb/ssl)
 Caching (cfg/slb/accel/caching)
 Compression (cfg/slb/accel/compress)
 Port client processing, server processing and proxy processing (cfg/slb/port
N/client; cfg/slb/port N/server; cfg/slb/port N/proxy)
 GSLB Host match enabled by default (cfg/slb/gslb/hostlk)

 Management port default settings on a physical platform have been changed to allow quick
connection to a new platform (either standalone and or ADC-VX environments):
 The management port is enabled
 The management port speed is set to any
 The management port duplex mode is set to any
 The management port auto-negotiation is set to on
 The management port address/mask is set to 192.168.1.1/255.255.255.0
 The management port default gateway is set to 192.168.1.1
 HTTPS is enabled
 For increased security, SSH v2 is enabled
Notes:
 For vADCs, the management port address, mask, and gateway are configured upon
creation and port physical settings are inherited from the relevant ADC-VX.
 For Alteon VA, the management port address, mask, and gateway are allocated via
DHCP.
 The interval for pre-defined health checks has been updated to 5 seconds.
After upgrade, the previous value of these parameters is preserved (except for the pre-defined
health checks interval).
The configuration of all these parameters whose default was changed will always appear in
configuration file, whether or not it has a default value.
Cloud Adapted High Availability

In cloud environment, two redundant entities (Alteon VAs and/or vADCs) are usually not located
in the same Layer 2 domain.
The Alteon high availability mechanism uses VRRP, which is based on multicast communication
that is not propagated beyond the Layer 2 domain. The session and persistent data mirroring
are based on broadcast communication and require a direct Layer 2 link (ISL).
Such issues (that is, two redundant platform not in the same Layer 2 domain) exist in other
environments (carriers, for example), but they are mostly prevalent in cloud environments.
Alteon version 30.0.0.0 introduces the ability to transfer VRRP advertisements and/or mirroring
data using the unicast protocol.
To support unicast communication, the ability to configure per IP interface the IP address used
by its peer on the same interface (that is, the peer IP address) was added. The peer IP address
must be defined for all interfaces that participate in the high availability configuration and/or
mirroring communication.
The configuration of IP interfaces that have peer IP addresses defined can be synchronized to
the peer devices.

AppShape++ Enhancements
In Alteon version 30.0.0.0, new commands and events have been introduced to allow access to
SSL certificate parameters, including X509 encoded, and enable:
 Certificate Validation policies
 Content load balancing based on certificate fields
 Customized header enrichment
Additionally, a number of commands and operators were introduced:
Commands
 SSL::cert  X509::not_valid_after  X509::version
 SSL::cipher  X509::not_valid_before  X509::whole
 SSL::mode  X509::serial_number  IP::addr
 SSL::sessionid  X509::signature_algorithm  LB::status
 SSL::verify_result  X509::subject  LB::reselect
 SSL::reject  X509::subject_public_key  info
 X509::extensions  X509::subject_public_key_type  b64encode
 X509::hash  X509::subject_public_key_RSA_bits  b64decode
 X509::issuer  X509::verify_cert_error_string  TCP::close - twoway
Operators
 equals
 starts_with
 ends_with
 contains (from 30.0.1)
Events
 CLIENTSSL_CLIENTCERT
For more details on AppShape++, see the Alteon Application Switch AppShape++ Reference
Guide.
APM Configuration
APM configuration can now be performed using Alteon WBM and CLI directly on the platform
(previously, APM could only be configured using APSolute Vision).
The APM configuration on the platform includes:
 Configuration of the APM server
 Activation of APM for the desired virtual services
From WBM, you can now access the APM server to view the application performance analysis.

Notes:
 After upgrading to version 30.0.0.0, the APM license and configuration are removed and
must be re-installed and/or reconfigured.
 The old APM license must be replaced by the new license string that enforces the yearly
subscription. The new license string is available using the Hardware License Generator
on the Radware Web site for users that have a valid APM yearly subscription.
 The APM server must be configured on the platform and APM re-activated on the
desired services.
 When Alteon is managed using APSolute Vision, the APM server must be configured both
per platform (system/APM server), and in Asset Management.
 Note: The APM server is embedded in APSolute Vision, and provided as a single
deployment: APSolute Vision Server with APM Server VA. Until the release of APSolute
Vision 3.0, the Alteon APM capability can work together with APSolute Vision 2.40 Server
with APM Server VA. However, the APSolute Vision 2.40 client cannot be used to configure
Alteon 30.0 platforms.
Throughput License on Alteon 5224

A 10 Gbps throughput license was added to the Alteon 5224 platform.
Configuration File
The configuration file downloaded from the platform is now a tar file that includes a number of
files:
 Alteon configuration text file
 FastView configuration XML file
 AppWall and Authentication Gateway configuration files
The configuration file that is uploaded can be tar file, including all of the above, or a txt file
including the Alteon configuration.
Note: The configuration dump displays the Alteon configuration without the FastView and
AppWall/Authentication services detailed configuration.
vADC Density
Features introduced in previous versions have increased memory usage per vADC. To ensure
that vADCs have the necessary amount of memory to support all capabilities in version
30.0.0.0, the maximum number of supported vADCs has been reduced on platform
configurations with low memory capacity:
 Alteon 5224 with 12GB RAM now supports up to 6 vADCs (previously was 10)
 Alteon 6420 with 32 GB RAM now supports up to 20 vADCs (previously was 24)
 Alteon 6420p with 64 GB RAM now supports up to 40 vADCs (previously was 48)

After upgrade to version 30.0.0.0, if the number of active vADCs exceeds the maximum number
supported in version 30.0.0.0, the excess vADCs will be disabled.
GSLB DNS Persistency Enhancements

The following GSLB enhancements were first introduced in Alteon version 29.4.x and now are
included in version 30.0.0.0 to ensure persistency for DNS resolution in multi-site environments
under all failure scenarios:
 New GSLB metric – Persistent Hash ensures DNS persistency in cases where multiple
Alteons located in different data centers perform DNS redirection, even when a data center
fails and returns online. This metric provides a combination of hash-based selection and
persistence cache for alternate selections.
 Persistency Mask per domain name – To minimize the number of cache entries, Alteon
provides persistency based on source subnet, and not source IP address per domain (GSLB
Rule).
 Synchronization of persistence cache between Alteons located in different data centers
ensures DNS persistency, even when selecting a data center based on the load metric, not
only the hash metric.
 Synchronization of persistence cache between Alteons.
Note: The peer Alteon must be configured as a remote site with the HA Peer Device
parameter.
SSL-Related Changes
 OpenSSL updated to version 1.0.0m.
 Removed “RC4-SHA” and “RC4-MD5” from the back-end SSL “Low” cipher suite (as they
are considered as Medium).
Note: In case the backend servers use RC4 ciphers, change the backed cipher in the SSL
policy to ‘Medium’
 Added “EDH-RSA-DES-CBC-SHA” and ADH-DES-CBC-SHA to the back-end SSL “Low”
cipher suite.
Configuration File Name

Starting from Alteon 30.0, due to the integration of FastView and AppWall, the Alteon
configuration file was change from a text file to a tgz file.
In addition, the file name putcfg is now automatically generated and will have the following
format:
Configuration_<Time>_<Date>.tgz. Example: Configuration_15-55-06_Wed-
Mar-25-2015.tgz

Maintenance Fixes
Fixed in 30.0.15.0
This section lists the bugs fixed in version 30.0.15.0
Item Description Bug ID
1. In an SSL environment with a certificate that will expire after prod00264534
100 years, the certificate displayed as expired.
2. In an SLB environment where filter processing was enabled, prod00264073
because the VMAed traffic source MAC learning did not
occur, the traffic flooded on all the ports of this VLAN,
causing higher throughput utilization.
3. On an Alteon VA with system notice configuration, after the prod00263806
Revert Apply operation, the notice configuration displayed in
the diff flash output.
Fixed in 30.0.14.0
1. In an SLB environment with session mirroring enabled for prod00258334
virtual services, the session statistics were incorrect on the
backup device compared to the primary device.
2. In an SLB environment with persistent binding to cookie prod00245812
insert, requests with a valid cookie were sent to two different
real servers, breaking the persistency.
Fixed in 30.0.13.0
1. After modifying the SSH port and using a data port, Alteon prod00258124
did not delete the service listening on the old SSH port. As a
result, the user could still establish a connection to the old
SSH port via the data port.
2. In an SLB environment, the passive cookie persistent entries prod00257424
never were aged out or cleared.
3. In an SLB environment, when performing an Apply with any prod00256318
SLB- or VRRP-related configuration, all the current sessions
were cleared out.

Fixed in 30.0.12.0
1. In an SLB environment with AppXcel (where delayed binding prod00255723
(dbind) set to forceproxy mode), the expected behavior of
sending a client's ICMP error packets to the server without
any source NAT caused a client MAC flapping issue on an
adjacent Layer 2 device.
2. In FTP Active mode, due to an endian issue when performing prod00255537
TCP sequence adjustments for retransmitted PORT
command packets, clients experienced FTP communication
failures.
3. When the SNMP community string contained the @ symbol prod00255239
followed by any three (3) characters, the SNMP query failed,
causing APSolute Vision to not add an Alteon device.
4. Due to null pointers in an SSH connection, a panic occurred. prod00255068
5. When attempting to log in through a TACACS server, after a prod00254752
few unsuccessful login attempts Alteon rebooted.
Fixed in 30.0.11.0
1. In an SLB environment with OSPF configured, even though prod00253871
the virtual servers were down or disabled, Alteon sent LS
updates of the hosts to the OSPF peer.
2. In an SSL environment, Alteon limited the SSL Certificate prod00253157
size to 5000 bytes and returned an error for larger sized
certificates.
3. In a virtualization environment, as theWatcher was killing an prod00249123
unresponsive MP during the creation of an AppWall process,
the vADC became inaccessible.

Fixed in 30.0.10.0
1. In an SLB environment, Alteon deleted the session entry prod00252646
when the client sent an Encrypted Alert and FIN packet, even
though the server did not send the data packets and FIN
packet, causing clients to sometimes get connection errors
on the virtual service (443/TCP).
2. In SLB environment with filters and reverse enabled, the prod00252168
session table did not display the "R" flag for the reverse filter
option.
3. In an SLB environment with filters, and return to source and prod00251952
reverse enabled on the filter, the ICMP response traffic did
not follow the path set by the reverse session and as a result
did not reach the client.
4. In an SLB environment with Layer 7 lookup filters configured, prod00251751
the action set to redirect, and delayed binding set as
forceproxy, the filter did not perform HTTP-redirect.
Note: The fix is to block such a configuration during Apply.
5. In an SLB environment with the back-end SSL version prod00251404
configured, even though TLS 1.0 was disabled, the actual
SSL version used by Alteon was TLS 1.0, causing the
application to fail.
6. When performing a vulnerability scan on the Alteon virtual prod00251364
servers, Alteon negotiated ciphers even though they were
removed in the SSL policy, causing the scan to mark Alteon
as vulnerable.
7. In a virtualization environment on an ADC-VX, the values for prod00251308
Max SSL (CPS) (the SSL CPS license defined in
/stats/vadc/limit) displayed incorrectly.
Note: The fix is that this display has been removed from
/stats/vadc/limit, and that you should use
info/swkey to see the required information.
8. In an SSL environment, when loading a configuration with too prod00251239
many virtual services, certificates, or certificate groups due to
a shortage of key memory, Alteon stopped processing traffic
9. In a Global SLB standalone environment, when gmetric was prod00250653
configured to hash, Alteon did not respond to DNS queries.

10. In an SLB forceproxy environment, when the server prod00250546
responded with HTTP 204 (No Content) with body, the body
was not forwarded to the client by Alteon.
11. Using AppShape++ scripts, the "HTTP::method" prod00250539
AppShape++ command did not identify the "OPTIONS"
method, and identified "PUT" method as "POST".
12. In an SLB environment, by design and by default, a virtual prod00250501
service was associated with Group 1 even though this group
was not configured. In such a configuration, when Alteon sent
an XML report to DPM, and this group did not exist, DPM
rejected the report.
13. When ports were disabled, the default gateway did not work prod00250062
as expected.
14. In a BGP environment, when the peers were shut down and prod00249821
then brought back up, the VIP advertisement was not sent to
its re-established peers.
15. Using CLI, when enabling filter processing on a port and the prod00249585
session timed out, a panic occurred.
16. In an SLB environment with multiple rports, when a new real prod00249552
server was created with addports, Alteon forwarded client
requests to the server on the service port rather than on the
real server's service port (rport = addport of the realserver).
17. Using WBM, you could not configure the OSPFv3 "Area ID". prod00249088
18. In an SLB environment, when a real server group worked prod00248651
with a weighted phash metric, some client requests failed.
Fixed in 30.0.9.0
1. On platforms with more than 13 switch processors (SPs) and prod00247715
with a long list of referenced SPs, when accessing the WBM
pane Monitor > Network > Layer2 > FDB, a panic occurred.
2. In version 30.x, in an SLB monitoring environment, when a prod00247268
group was not associated with any virtual service, the group
information (/info/slb/group) did not display its real
server status, but it did in older versions.

3. When the configuration was restored by /cfg/gtcfg or prod00246970
through upgrade, an invalid management port configuration
displayed in the configuration dump even though the
management configuration (/c/sys/mmgmt) was globally
disabled.
4. In an SSL environment with more than 256 certificates prod00246784
configured, accessing certificate groups through the WBM
(Configuration > Application Delivery > SSL > Certificate
Groups) or SNMP caused a panic.
5. When trying to restore the configuration without a prod00246600
management port configuration (/cfg/sys/mmgmt) to a
platform where the management port was globally disabled, a
panic occurred
6. In a VRRP and SLB environment, when proxy IP sync was prod00246383
disabled and a sync (/oper/slb/sync) was performed,
because the index number of the virtual server was different
for the master and backup, the sync failed between the
master and backup.
Fixed in 30.0.8.0
1. In a VRRP IPv6 hot-standby environment on a standalone prod00246419
platform, after rebooting the platform, Alteon failed to process
the incoming frame and Alteon's interface was not
accessible.
2. When a session log was sent to the syslog server and the prod00246168
session log data reached the maximum buffer size, a panic
occurred.
3. In an SLB environment, the persistent sessions created for prod00246015
FTP traffic with pbind enabled on a filter were not aged out,
even after the regular sessions aged out from the session
table.
4. In a global SLB environment, when multiple server ports prod00246013
(rports) were configured on real servers with a pbind client IP
address, the persistent entries created with the remote site
did not age out over a period of time, causing vitual server
traffic to loop between sites.

5. After running the command /c/slb/virt x/service y/clsrst, and a prod00245990
idle timeout occurred without the input for this command, a
panic occurred.
6. On a 6024 and a 8420 platform, when two Alteon devices prod00245745
were connected to each other in a simple STG topology, all
the ports remained in the Forwarding state and a loop
occurred.
7. On a 4408 platform, statistics for port 7 could not be prod00245724
retrieved, and an error message displayed.
8. In a virtualization environment with a vADC with an uptime of prod00245707
several weeks, due to an allocation failure of sessions, an
interruption with some or most services occurred.
9. After upgrading in an SLB with forceproxy environment, prod00245599
HTTP POST requests did not work as expected, and the
server replied with an error.
10. In a GSLB monitoring environment, the counter statistics for prod00245453
DNS directs incorrectly incremented, causing the incorrect
display of the counter.
11. In an SLB environment with both IPv6/IPv4 IP addresses, prod00245446
when the virtual server IP address ended with 0:0, IPv6-to-
IPv4 SLB failed.
12. Using WBM in a virtualization environment, on an ADC-VX prod00245417
platform, when trying to access the vADC pane, a panic
occurred on the ADC-VX platform.
13. Using WBM, Alteon displayed incorrect information about the prod00245373
IP Forwarding status of some ports.
14. After rebooting, even though the link was actually UP, the prod00245326
/info/link command displayed the link as DOWN.
15. In an SLB environment, after changing the default gateway prod00244955
metric from round robin to strict, the behavior continued to be
round robin.
16. Using WBM in a virtualization environment on an ADC-VX prod00244921
platform with an unlimited SSL license, the SSL license limit
for a vADC could not be edited, while it could be edited using
the CLI.
17. In a switch-based VRRP environment with proxy IP prod00244877
configured, mirrored sessions aged faster on the backup and
cleared.

18. The Script Binary UDP health checks did not work as prod00244776
expected.
19. When trying to access Alteon via SSH using brute force on a prod00244698
management port, a panic occurred.
20. In a VRRP environment, when a port in an LACP trunk link prod00244633
went down, an unexpected VRRP failover occurred.
21. Using WBM in a virtualization environment, the vADCs could prod00244600
not be enabled, but they could be enabled using the CLI.
22. In WBM, when configuring management access control from prod00244544
Configuration > System > Management Access > Access
Control > Allowed Protocol per Network, different
protocols were selected in the CLI, causing a
misconfiguration through WBM.
23. In a standalone environment when severity and facility were prod00244336
set as the default on a syslog server, after reboot
AppShape++ logs were not sent to the syslog server.
24. After associating the default compression policy to a service, prod00242885
a warning message was not displayed when the default
policy was not really associated on Apply.
Fixed in 30.0.7.0
Version 30.0.7.0 is based on version 30.0.6.0, and includes the relevant fixes available in
versions 29.0.8.0 and 29.5.7.0.
1. In an SLB environment with forceproxy enabled, when there prod00244523
was an HTTP response from the server and the AX parsed
the response due to pointers and a buffer issue, a panic
occurred.
2. In a VRRP hot-standby environment on a standalone prod00244374
platform, after the backup platform rebooted, a network loop
occurred for a few seconds.
3. Using WBM, non-admin users could reboot the platform prod00244316
when they should not have allowed to.

4. In an SLB environment with AppShape++ prod00244223
HTTP::bypass_proxy scripts, Alteon occasionally retried
DNS queries in very short intervals (a few milliseconds),
which caused errors to appear in the log as responses
return for both the initial query and the retry.
5. With HTTP::bypass proxy in an AppShape++ script, when prod00243820
the client sent a proxy request, it did not necessarily use
same case sensitivity in the host header and in the URI,
causing Alteon to fail to perform bypass_proxy and failing the
transaction.
6. Sometimes the UDP packets sent from the server and prod00243814
arriving at the Alteon platform were dropped, causing some
application transaction failures.
7. In an SLB environment using AppShape++ scripts, for the prod00243784
AS++ command "SIP::header <name> [<index>]", if a
header did not exist, a junk value was returned.
8. In a BWM environment, the DNS responder VIP intermittently prod00243684
was not responsive and applied an incorrect contract (not the
default contract), causing the DNS responses to be dropped.
9. In an SLB monitoring environment with all the eight services prod00243423
configured on a virtual server, the SNMP walk for OID
.1.3.6.1.4.1.1872.2.5.4.3.18.1.1
(slbEnhVirtServicesInfoVirtServIndex) did not return all
values.
10. In an SLB environment with a service IP and remote/local prod00243399
real servers, when the local server was down and GSLB
redirect was enabled, the HTTP application did not work for
the service IP.
11. Due to a leak in Cavium, even though the traffic flowing prod00243368
through the platform was less than 80% usage, the switch
processor (SP) memory spiked and received 80% usage of
its maximum memory limit and session drop messages.
12. In an SLB monitoring environment, real server statistics prod00243321
(Total Usage of Resources per Real Server, bandwidth) were
incorrectly displayed on Alteon when compared to the DPM
report in APSolute Vision.

13. In an SLB environment, when delayed binding (dbind) was prod00243314
enabled, and SYN attack was set to ON
(/cfg/slb/adv/synatk/on), when the setting was
changed to OFF, the sync attack state information
(/info/slb/synatk) incorrectly displayed as OFF
irrespective of the actual state.
14. The SMTP e-mail body messages generated by Alteon did prod00243278
not follow the RFC 822 standard, resulting in the messages
being stripped off by Microsoft Exchange sever and the e-
mails being sent with empty body messages.
15. In a virtualization environment with /cfg/vadc prod00243219
x/sys/idle/lock set and delegate enabled on a ADC-VX,
when this configuration was delegated to a vADC with audit
enabled, after the configuration import with /cfg/sys/idle
audit, a syslog message displayed even though this setting
was not modified.
16. In an HA environment, for NAT addresses configured in the prod00243189
attach snat AppShare++ command, upon HA failover Alteon
did not send gratuitous ARPs for NAT addresses.
17. Using WBM, when importing anything to the certificate prod00243120
repository (such as key, cert), the ID limit was 20 only
characters instead of 32 characters.
18. In a virtualization environment, when prod00243053
RADIUS/SMTP/TACACS settings on a vADC were changed
on an ADC-VX to default and delegated, the delegate of
these settings did not work as expected.
19. In a virtualization environment, when prod00243050
RADIUS/SMTP/TACACS settings on a vADC were changed
on an ADC-VX to default and delegated, the delegate of
these settings did not work as expected.
20. In an SLB environment integrated with AppWall, a virtual prod00242834
server with two services (HTTP and HTTPS), and Web
security applications (secwa) in OOP mode associated to
both of them, when traffic was sent (mostly from mobile
devices) to these services, there was a huge delay and very
high response time.
21. In a maintenance environment to clear old logs, clearing the prod00242822
application services trace log with
maint/applog/clearlog did not clear the all the logs.

22. In an SLB environment when both content classes and HTTP prod00242819
modifications were configured, the HTTP modifications
command was incorrectly added into the configuration dump,
causing the configuration synchronization to incorrectly sync
on the peer device.
23. Using WBM, when importing SSLkeys without a passphrase, prod00242709
the import operation failed with an invalid passphrase error.
24. With AppShape++ scripts with attach snat or attach group prod00242673
statements, or both, when executing the current command
/cfg/slb/appshape/script XYZ/cur, the display of
the first attach statement had an unnecessary white space
before it.
25. In a VRRP environment, when automatic synchronization prod00242663
was enabled and configuration sync apply and configuration
apply were performed at almost the same time, abnormal
behavior in the setup occurred and failover traffic was not
processed by the backup device.
26. In a virtualization environment with HTTPS access on the prod00242623
ADC-VX disabled and enabled on a vADC, when the
configuration was changed on the ADC-VX to enabled, the
vADC displayed unexpected configuration changes. Also,
after the upgrade, the vADC's HTTPS access was lost.
27. The /info/slb/cookie command could be used for prod00242537
passive cookies even though it has been removed from
versions 29.5.1.0 and 30.x.
28. Using APSolute Vision, although an apply/save could be prod00242479
performed, after every apply and save, a 405 Not Allowed
Error message displayed.
29. For TACACS authenticated users, the username information prod00242405
in the audit logs that was generated while applying the
configuration was incorrect. Also, the who command
displayed inconsistent information when TACACS was
enabled or disabled.
30. In an SLB environment with delayed binding as forceproxy prod00242383
and many .png files or any HTTP requests were pipelined via
Alteon to the server, the files were not completely received
on the server.

31. In the CLI, when none was entered to reset the value for the prod00242348
TACACS secret (/cfg/sys/tacacs/secret2), the
configuration was not removed.
32. In an SLB environment with service IP and proxy IP prod00242344
configured on a virtual server, a proxy entry was not added to
the network classifier table and packets were dropped.
33. The AppShape++ log command generated syslogs without a prod00242326
timestamp and the device name/IP address.
34. In an SLB environment, when a service was configured with prod00242295
a PIP subnet, Alteon sent packets with the incorrect source
MAC address (GateWay MAC) from the PIP to the real
server.
35. In an SLB environment with filter processing enabled for prod00242267
traffic, when continuous traffic was pumped to the MP, the
MP CPU reached high capacity (100%).
36. In an outbound link load-balancing environment with filter prod00242167,
action outbound-llb set and delayed binding enabled, Alteon prod00242164
sent different source MAC addresses with the ARP table for
the proxy IP, causing the firewall to mistakenly identify the
traffic as a MAC attack and to drop the packet from Alteon.
Note: This issue is also fixed for RTSP, IPv4/v6 SLB for
filters with action nat, redir, linklb etc, RADIUS snooping, and
Layer 7 load balancing.
37. In an SLB environment with two virtual servers configured prod00242148
with the same virtual IP address and IP service, and using
the source network (srcnet) for one of the virtual servers, per
service virtual server statistics were incorrectly incremented
and displayed.
38. When the number of characters of the request ID is 32, when prod00242146
trying to export the CERT/CSR/KEY in either text or file
format, WBM issued the following error: Error: Unable to find
a Certificate Request index
39. In a setup with two Alteon platforms connected via a port prod00242075
trunk (tagged ports, STP off), and both Alteons connected to
a Layer 2 device via ports (untagged, STP on) belonging to a
VLAN, when the trunk ports were added to this VLAN and
heavy traffic went through the MP, a loop occurred in both
the Alteons and Layer 2 devices.

40. In a VRRP environment, when a VRRP group was enabled, prod00242067
the virtual router's state changed directly from INIT to
MASTER even when a HOLDOFF was configured.
41. In a GSLB monitoring environment, the counter statistics for prod00242004
DNS directs was incorrectly incremented, causing the
incorrect display of the counter.
42. On a 5208 virtualization platform, session capacity prod00241947
(/stats/slb/maint and /stats/slb/sp <x>/maint)
was incorrectly displayed.
43. In VRRP hot-standby environment with a teaming port, when prod00241612
one of the team ports was down on the backup device, the
teamed port was not operationally disabled when it should
have been.
44. The advance health check setting was not displayed in ASCII prod00241525
order after executing a configuration dump (/cfg/dump).
45. In a virtualized VRRP environment, a backup vADC flap prod00241346
occurred when an image upgrade was performed on a
master ADC-VX. This was caused by the master vADC
performing file operations in parallel to the image upgrade.
46. Using WBM, you coulf not submit the virtual router group prod00241155
configuration using Configuration > Network > Layer 3 >
High Availability > Virtual Router Groups.
Fixed in 30.0.6.0
Version 30.0.6.0 is based on version 30.0.5.100, and includes the fixes available in versions
29.0.7.0 and 29.5.6.0.
1. In an SLB environment with proxy configured as a virtual prod00241942
server associated with a real server, client traffic destined for
the virtual server (VIP) was received with the destination
MAC set to the proxy MAC, but Alteon forwarded responses
to the client with the source MAC as Alteon's base MAC
address.
2. After running the /info/link command, the incorrect port prod00241704
status displayed, even though physically ports were UP (the
LEDs were UP) and processing the traffic.

3. In an SLB environment, when an IP service configured with prod00241636
the source net and protocol set to both, client traffic from the
configured source network did not match the virtual server
that it was expected to match.
4. When Alteon was configured with a 40100 basic SLB virtual prod00241635
service, Alteon ignored the TCP/UDP traffic related to the
respective virtual service.
This issue occurred for 4000 to 4000+(number of SPs*50).
For example, for an Alteon running with six SPs, this issue
occurred for 4000 to 4300 [4000+(6*50)].
5. In admin mode, when no external user was created and only prod00241607
when the default password of an existing user was changed,
a login attempt to Alteon succeeded with an invalid username
and a valid admin password.
6. Using WBM, all the configured data class entries did not prod00241597
display due to an indexing issue in SNMP.
7. In a virtualization environment, when the user abruptly closed prod00241561
the Telnet connection that was opened to another host from
SSH/Telnet window, the ADC-VX panicked.
8. In the CLI, the real server group information displayed the prod00241553
configuration incorrectly with many line breaks.
9. In an SLB environment with an HTTP service, after the prod00241482
response was passed to the client, the HTTP session state
was waiting for request, and the body of the POST arrived
with the next request, the client did not respond to this next
request and caused applications (Microsoft Outlook) to fail
intermittently.
10. In an SLB environment, an ARP entry for a virtual server IP prod00241395
address existed even after deleting that virtual server IP
address through a configuration sync.
11. The SP memory statistics MIB values displayed incorrectly prod00241382
and used the old implementation. These MIBs have now
been made obsolete.

12. In a filter SLB environment with an action NAT destination prod00241376
and reverse enabled, the returning traffic was not translated
back to the original session.
In the reverse traffic, only the IP address is converted (that is,
conversion from a translated NAT IP address to the original
IP address), and the port is not converted.
13. The status code * (signifying the best route) was not clear for prod00241368
default routes (1-259) in CLI route dumps.
Background: All the default routes (1-259) are added to the
same chain irrespective of the configured VLANs. The one
that gets added latest to the chain was shown as the best
route.
All internal packets (that is, generated MPs) always used
GWs from 1-4. In strict mode, the first indexed GW was used,
and if it was not available, the second one was used, and so
on.
External packets preferred the VLAN gateway route if there
was one for the ingress VLAN, otherwise it would use the
default GW 1-4. Because you can configure only one
gateway per VLAN, and for GW 1-4 Alteon always chooses
the first indexed GW, * (best) had no role to play in deciding
the GW.
Fix: With this fix, regarding default routes, only the lowest
index default gateway route is marked with the status code *
(best). Routes created for VLAN gateways are now not
marked best even when there is no default gateway (1-4).
14. When there was a memory copy issue, Alteon panicked and prod00241364
rebooted with a boot reason power cycle.
15. Alteon transmitted mirrored traffic to monitored ports even if prod00241357
the monitored ports were down or disabled, resulting in an
ND buffer exhaustion and traffic loss.
16. Using WBM, it was not possible to generate a new certificate. prod00241351
Also, after generating a new CSR/CERT from the CLI, WBM
displayed just the certificate without the keys.
17. Using WBM, you could not remove the header from an HTTP prod00241329
Modification Policy without entering the header value and
making it mandatory.

18. During CPU-intensive maintenance operations, such as prod00241224
running /maint/techdata, Alteon suspended health checks to
real servers.
Note: After the fix, the health check continues to be
suspended not after immediately issuing the command, but
only when required.
19. In virtualization environment, a vADC rebooted with a reason prod00241120
power cycle. Even though no changes related to HTTPS
were performed, the Web server restarted with a first apply
after vADC came up.
20. In a link load balancing environment, when a client performed prod00241111
a DNS query, the round robin metric did not work as
expected and always returned the same servers.
21. If an unauthorized user accessed WBM, a panic occurred prod00241108
and the configuration was erased.
22. When the synchronization of certificates was enabled and prod00241076
then expired, the configuration sync failed between VADCs
23. When upgrading from version 29.0.3.10 to version 30.0.5.0 prod00241023
on a standalone device, the software upgrade failed.
This occurred if you first performed a downgrade that
included a BIOS upgrade; for example, if you downgraded
between versions 30.2 and 29.0.
24. In an FTP SLB environment, even though non-relevant active prod00240970
FTP traffic from the real server matched the filter criteria, real
server 1 was not chosen for load balancing.
25. In a GSLB environment, when the gmetric for a rule was prod00240959
configured as persistence or phash, and dsync was
enabled to sync DNS entries on a site in which the rule did
not exist on the other site, a panic occurred on the site
without the rule during sync.
26. A configuration with delayed binding (dbind) forceproxy prod00240933
enabled on a service IP address that was synchronized from
the primary device to one of its peer devices, did not work as
expected.
27. In an SLB environment, when a PIP network was different prod00240923
than the configured interfaces on the device, the virtual
server stopped responding, resulting in packet drops.

28. In an SLB environment, when a PIP network was different prod00240863
than the configured interfaces on the device, the virtual
server stopped responding, resulting in packet drops.
29. In an SLB environment, for a virtual server with an IP service prod00240774
and NoNat and Layer 3 enabled, a panic occurred.
30. When audit (/c/sys/syslog/audit ena) was enabled on prod00240725
a vADC and the configuration was imported to the vADC from
the ADC-VX, a panic occurred.
31. On an Alteon VA platform using the CLI, the default VLAN prod00240715
could be removed when this action should have been
blocked.
32. A WBM user with USER privileges was unable to prod00240636
operationally disable real servers.
33. In a SIP load balancing environment, sometimes server traffic prod00240611
was forwarded to the client without translating the real server
address with a virtual server address, causing SIP calls to
fail.
34. In an SLB environment, when a real server that belongs to prod00240542
multiple services either goes down or up, the real server
health check-based syslog messages contained the string
affected virt x.x.x.x only for one service, and was
not generated for all relevant virtual servers.
35. Using the CLI, using the /cfg/slb/ssl/certs/ prod00240478
command, when entering the letter "s" and then pressing
<Tab> for autocomplete, a panic occurred.
36. The pending and current changes did not display on prod00240445
configuration changes for the following commands:
/cfg/slb/filt <y>/group <x>
/cfg/slb/virt <n>/service 80/cntrules
<x>/group <xyz>
/cfg/slb/virt <n>/service 80/group <xyz>
/cfg/slb/linklb/group <xyz>
37. Using WBM, you could not log in with a RADIUS/TACACS prod00240443
username with more than nine characters. In the CLI you
could log in with these same credentials.
38. When Alteon was connected between two Nexus devices, it prod00240402
did not forward BPDU tagged frames.

39. In a BGP environment, although the BGP neighbor/peer sent prod00240400
the default route, Alteon ignored it and used the local
gateway instead.
40. Using WBM, when configuring SSL certificates management, prod00240374
when the configuration sync to the platform failed and tried to
access the certificate table, a panic occurred.
41. When APM/compression was enabled on either a 5208 or prod00240245
5420 platform, it did not load properly because the Nitrox 3
driver was not up-to-date on these platforms.
42. When an SNMP trap packet was prepared to be sent out by prod00240204
the IP routine destined for one of its own interfaces, the
routing table was corrupted and on execution of a techdata or
tsdump, the packet tried to access the corrupted routing
table, causing the platform to panic.
43. The Alteon DNS client stopped working as expected (cache prod00240179
entries exceeded 2K), even though the DNS server did
respond correctly.
44. Using WBM, importing a new Alteon configuration did not prod00240151
work, while uploading the same configuration file through CLI
and FTP worked.
45. In WBM, in Configuration > Application Delivery > Virtual prod00240132
Services > Virtual Servers, when changing Delayed
Binding from Disable to either Enable or Force Proxy on a
service, the Submit button changed to Close, not allowing
the user to submit the changes.
46. When managing Alteon, when running the traceroute prod00240090
command and then clicking Ctrl-C after the request was sent
to close the SSH session, and the traceroute (ICMP)
response was not yet received, and a panic occurred.
47. When Alteon received a request larger than 4k that included prod00240036
a big URI and a cookie, in rare instances a panic occurred
and Alteon did not forward traffic after the panic reboot,
causing applications to stop working.
48. In SNMP management, the OID sent for prod00240012
slbCurCfgEnhRealServerName in the real server related
traps was incorrect.

49. In an SLB environment with a backup group configuration, prod00239929
when the primary server came up, the Backup server session
table entry was cleared.
50. Using WBM, in the health check configuration, the field Base prod00239915
Distinguish Name supported only 32 characters. In the CLI, it
supported 256 characters.
Now both the CLI and WBM support 255 characters.
51. The CLI command /cfg/ptcfg (configuration export) did prod00239883
not prompt for the file name in non-interactive CLI mode.
52. After configuring the SNMP target transport address with the prod00239855
/c/sys/ssnmp/snmpv3/taddr <x>/addr command,
after the configured idle timeout, a panic occurred.
53. In an SLB environment with the SIP service configured, the prod00239817
source MAC address was corrupt due to an issue with SIP
traffic forwarded to the server.
54. In an SLB environment with real servers all associated to prod00239809
groups using ICMP health checks, the ICMP health checks
failed during the Apply and caused a momentary flapping of
some real servers.
55. In SLB environment with a real server that was not prod00239789
associated with a virtual server or a filter and a LOGEXP
health check, each time when the configuration was applied
the health check failed and the real server was incorrectly set
to Down.
56. A series of configuration steps including an erroneous invalid prod00239768
cipher data inputted by the user, led to an invalid user-
defined cipher in the configuration, causing applications to
stop working.
57. In a filter configuration, the rtsport (/cfg/slb/filt prod00239563
x/adv/rtsport d) could not be disabled without a reboot.
58. Using the CLI in an SLB environment, when a service IP prod00239540
address was configured, statistics did not display for that
virtual server.
59. After reboot, an unrelated warning syslog message appeared prod00239512
with the first configuration apply.

60. Using WBM, in an SLB environment with the virtual server prod00239420
rport set as 0 and an addport in real server, the session
statistics did not display, even though the current sessions
displayed in the CLI.
61. In a VRRP environment, when a PIP (sharing IP with a VR) prod00239347
was configured for a real server/virtual service, Alteon failed
to identify the virtual router as the Virtual Proxy Router (VPR)
and did not display as Proxy with the /info/l3/vrrp
command.
62. Creating applogs failed in some rare instances. prod00239263
After the fix, instead of aborting after the first attempt, the
applog creation is retried several times before aborting.
63. In a SIP SLB environment, when both SIP and AppShape++ prod00239016
were configured with the port number 5060, Alteon did not
forward the server reply to the client for SIP (port 5060)
traffic.
The following validations have been added to disallow such a
configuration:
 A warning message displays during configuration sync,
resulting in the sync being applied after disabling the SIP
service on the virtual server.
 A warning message displays when upgrading from older
builds to the current version, resulting in the upgrade
being applied after disabling the SIP service on the virtual
server.
 If a user tries to configure both AppShape++ and SIP at
same time, an error message displays.
During configuration import with AppShape++ and SIP
enabled, an error message displays and unapplied
configurations are reflected in the diff .
64. After upgrading from version 30.1.x to 30.2.x, the maximum prod00238993
Manual Entries per Data Class changed from 1024 to 100,
causing some data class configurations to be lost.
With the fix, the maximum number of data classes per CU is
limited to 1k instead of 50x50xCU (entries per data class is
set to 50x1KxCU), 2500 entries per CU (2500xCU) and 16K
over all (the lowest between them).

65. After rebooting, even though the link was actually UP, the prod00238861
/info/link command displays the link as down.
66. When a client was working with SSL session re-use, Alteon prod00238621
did not send SSL info in the headers.
67. The agSyncNeeded parameter was missing from the Web prod00238434
API monitor scalar table, causing an error message to display
in APSolute Vision when adding network elements.
68. In SLB environment with delayed binding set as forceproxy, prod00236224
some of the HTTP requests failed and the end user
sometimes failed to access services.
In addition, Alteon displayed the following prompt: The
maximum concurrent established connection (CEC) of Alteon
Application Service engine has been reached in SP 4.
Session loss may be encounter in proxied connections.
69. When caching is used, and the user upgraded Alteon version DE13095
29.0.x to Alteon 30.x, caching was erroneously disabled. In
addition, when a configuration file generated with Alteon
version 29.0 was uploaded to a device running 30.x, caching
was erroneously disabled. This is now fixed.
70. On a 5208 platform, at times some power supply fluctuation prod00242536
syslog messages were seen.

Fixed in 30.0.5.100
Version 30.0.5.100 is based on version 30.0.5.0, and includes the relevant fixes available in
versions 29.0.6.100 and 29.5.5.10.
1. The AES-GCM cipher included in TLS 1.2 uses an prod00240587
initialization vector (IV) split into a four-byte implicit and eight-
byte explicit IV. The implicit IV is derived in the TLS
handshake. The explicit IV is chosen by the sender and must
be distinct for every invocation of the GCM encryption
function (reference RFC 5288).
 An attacker with access to the communication data may
identify repetitions of clear text in the session, but not
decipher the text.
 An attacker with access to the communication data and
partial control of the client browser could gain access to
sensitive client data.
Due to above bugs in third-party code, the first two SSL
encrypted data records now use a fixed explicit IV. The third
SSL encrypted data record and onwards uses a fixed
randomized IV.
2. When traffic was sent from the device to an IP that also prod00240050
belonged to the device, for which VR was configured, for
example: DSR health check to a VIP, ping from the device to
another VR IP, a panic occurred.
3. In an SLB VRRP environment with an AppShape++ script prod00239252
and a client authentication policy, software auto reboots
occurred with a software panic.
4. In an Alteon FTP SLB environment, the FTP control sessions prod00239210
remained with age 0/10 and the EU flag, even though all the
sessions were closed completely, causing increased FTP
sessions.
5. In the new HA mode, an incorrect source MAC address was prod00239191
used in SLB response packets from a virtual server IP
address and in DNS response packets from a Floating IP
address.
6. In a GSLB network environment with a real server that was prod00239160
disabled, the error messages displayed an incorrect real
server index during configuration apply.

7. An SNMP request to one of the Alteon's interfaces failed. prod00239157
Alteon replied with default gateway's corresponding interface
IP instead of the interface IP to which the SNMP request was
received.
8. In an SLB environment with VRRP, when delayed binding prod00239150
(dbind) was disabled, and the proxy IP (PIP) was a virtual
router (VR) and the destination was a virtual proxy router
(VPR), the SYN-ACK from the server was not forwarded to
the client.
9. When delayed binding (dbind) was set to enable or prod00239139
forceproxy, in WBM its status was incorrectly displayed as
disabled.
10. In a global SLB environment, the DNS persistency cache was prod00239099
not synchronized with the remote sites even though the
configuration indicated to do so.
11. Sometimes a period (.) was allowed for component ID when prod00239093
importing a certificate and key
12. The MIBs, slbVirtServicesInfoVport (OID: prod00239057
.1.3.6.1.4.1.1872.2.5.4.3.4.1.4) and
slbEnhVirtServicesInfoVport (OID:
.1.3.6.1.4.1.1872.2.5.4.3.18.1.4) returned incorrect vport
information.
13. In a GSLB environment, although the buddy server was down prod00238987
and health checks failed, the real server IP address was
returned in DNS queries.
14. When the TACACS server was configured and the incoming prod00238954
connections were aborted, command authorization for the
SSH connection/console would hang the console/SSH
connection.
15. While the TACACS+ authentication servers were not prod00238951
available, authentication requests (ACK or PSH, ACK
packets) were rejected with a TCP reset. When initiating
multiple SSH connections to the management IP address
and attempting to login, a panic occasionally occurred.
16. In an SLB environment, Alteon reset HTTP downloads after a prod00238933
random amount of time with errors from one session affecting
other sessions.

17. Using WBM, the "0" character in the Hostname field of an prod00238924
HTTP health check configuration was not allowed.
18. Using WBM, you could not export a certificate from the prod00238921
certificate repository.
19. Using WBM in a vADC environment, even though it was prod00238916
licensed, the APM limit of 100 could not be set and an error
was returned.
20. When TACACS command logging was enabled, when prod00238908
attempting to configure any object and the CLI quit command
was executed, a panic occurred.
21. When the cipher user-defined attribute was configured as prod00238882
NULL, a malformed XML value was generated and Alteon
stopped processing traffic to the virtual server IP address.
22. In a hot-standby VRRP environment, When all VLANs or prod00238865
ports were disabled, the VRRP state became Master on the
backup platform.
23. In a hot-standby VRRP environment, even after hot-standby prod00238841
ports were connected back and the link was up on these
ports, Alteon remained in the INIT state.
24. In an SLB environment with SSL and TLS 1.1 or 1.2, SSLID prod00238826
persistency was not maintained, causing Alteon to act
according to the group metric (round robin) instead of
maintaining server persistency.
25. Using APSolute Vision, for an Alteon VA platform, the default prod00238819
VLAN could be removed while it should have been blocked.
26. In an SLB environment with delayed binding (dbind) enabled prod00238814
and cookie insert configured, the NAT filter fired
unexpectedly for server responses and failed to access the
HTTP virtual service.
27. In an SLB environment, when PIP synchronization was prod00238713
disabled and the virtual server containing a service PIP in
the configuration was deleted from the master device, and
synchronization of the configuration to the peer switch was
performed, the deleted virtual server still displayed in the
configuration dump.
28. In a VRRP active-standby configuration, if an ARP entry did prod00238689
not exist, the ICMP echo request destined for a virtual router
with sharing disabled was dropped by the backup device.

29. In the CLI, the prompt was not displayed with the command prod00238643
/cfg/slb/real x.
30. In a standalone environment, when the TACACS server was prod00238635
up and the administrator tried to log in via SSH with an
incorrect username, a panic occurred on the platform.
31. In an SLB environment with acceleration, when compression prod00238505
rules were configured with content-type but the server replied
without content-type in the header, a panic sometimes
occurred.
32. In a GSLB environment, although HTTP redirection was prod00238485
disabled for a service, Alteon sent a 302 redirect error
message for that service.
33. Using WBM, In an SLB environment, real servers associated prod00238414
to a group were not displayed in the group table
(Configuration > Application Delivery > Virtual Services >
Server Groups).
34. In a VRRP environment, when two Alteons with Spanning prod00238404
Tree Group (STG) set to off were connected via tagged ports
with a Cisco switch (with STG on), the BPDU packets were
not tagged while leaving (egress) Alteon's tagged port,
causing a Layer 2 loop.
In addition, a Layer 2 loop occurred when filter was enabled
on any of the Alteon's ports connected to the STG enabled
switch.
35. On a 5208 XL platform, the SSL card Nitrox3 compression prod00238279
driver did not work.
36. Using WBM, the port type for copper ports was incorrectly prod00238273
displayed as 10G Fiber.
37. Using WBM, when connecting as a user that has the class of prod00238254
service as slbadmin, the Sync button was grayed out even
though this user is allowed such an operation.
38. In a SIP load-balancing environment and SDP-NAT enabled, prod00238251
Alteon passed only 256 bytes of the SDP part, resulting in the
originated call failing.
39. In a GSLB environment with a redundant topology, when prod00238250
there were multiple real server failures on the backup device
of a remote (secondary) site, the DNS queries did not
respond with the proper server.

40. Using the CLI, when attempting to add or replace server prod00238175
certificates as text, the action failed many times and required
multiple attempts to add the certificate.
41. In an SLB environment with an HTTPS service, when request prod00238168
parsing was finished after the response for this request was
received (POST case), the session state incorrectly switched
to RESPONSE while it should have been REQUEST,
causing the next request to be ignored.
42. Using WBM, in an ADC-VX environment, in Configuration > prod00238164
Network > Physical Ports > Port Settings, the shared
status for the Port ID displayed incorrectly as enabled when
it actually was disabled.
43. In an SLB environment, when attempting to enable a filter prod00238155
with a remove proxy script, if this filter received non-HTTP
traffic, a panic occurred.
44. In an SLB environment, due to corruption in the prod00238067
fragmentation entry, UDP fragmented packets were
reflecting/looping.
45. In a VRRP environment, after a panic, the platform hung for prod00237926
five (5) minutes, causing a network loop.
46. In a GSLB environment, one of the site updates that was sent prod00237915
was not processed by the receiving site.
47. When importing the configuration with some certificates in the prod00237892
repository and with the audit log enabled, a panic occurred.
48. Configuration updates ceased to be sent to the Acceleration prod00237822
Engine.
49. In a basic SLB environment, when the health check prod00237810
configuration was modified and applied, although the service
was down, the virtual server ARP entry was not removed
from the ARP table.
50. When attempting to route a packet with more than one hop to prod00237788
reach the destination, the Management Processor (MP)
crashed.

51. In a virtualized environment, when the default image was prod00237773
incompatible with ADC-VX, and a vADC was created, a panic
occurred.
With this fix, Alteon no longer notifies the user about an
incompatibility between the default vADC and ADC-VX
images with the following syslog message:
As the default vADC image set is incompatible with VX, the
VX shall use upgraded compatible image for the vADC <ID>
52. When a reassembled IP fragmented packet arrived, due to a prod00237745
fragment counters miscalculation, Alteon treated it as multi-
packet and not a single packet, causing a panic.
53. After running the /stats/slb/group command, the statistics for prod00237720
Highest Sessions displayed incorrectly.
54. In an HTTP SLB cookie load-balancing environment, when prod00237574
the client cookie was present in the Header instead of the
URL, and the URI was enabled in the configuration, the load
balancing failed.
The Alteon Application Guide does not specifically say that
the "URI enabled" option is required to search in the URL in
addition to the Header. This needs to be updated.
55. In a virtual server, the MSTP configured each port state prod00237492
incorrectly because of the race condition between STP and
LACP initialization during bootup time.
In a virtualization environment, when MSTP was configured,
all the STG ports were in the DISC-DSB state after a reboot.
56. In an SLB environment with IPv6 real servers with a minimum prod00237485
32 character IP address, using the command /oper/slb/en x
to enable the real server caused a panic reboot.
57. Using WBM, when a virtual server associated with a GSLB prod00237480
network was deleted, a REST API failed error message
displayed
58. In a VRRP environment with link load balancing, when a prod00237395
virtual router (VR) address was configured as a proxy IP
address (PIP) under a real server, the backup platform
responded to the ARP request and the health check failed.
59. Using WBM, Configuration > Application Delivery > Virtual prod00237346
Service > Content Switching > Content Class did not respond
when clicking on a content class with the name redirect.

60. When an Apply was performed without any SLB configuration prod00237309
changes, sometimes due to a discrepancy between the
service-specific internal port mapping data held in the
Acceleration Engine and SPs, SPs holding invalid data
caused issues in traffic processing and traffic drops.
61. When APM was enabled, an APM script was inserted in the prod00237225
incorrect location.
62. The SDP mapping addresses in a Layer 7 configuration did prod00237214
not get synced from the master to peer device.
63. In an SLB environment with delayed binding (dbind) enabled, prod00237169
when SP current memory units
(/stats/slb/layer7/maint) reached zero, the client's
SYN packets sent to the virtual servers were dropped.
64. In an SLB environment with DSR, when the virtual server prod00237156
address was not local to the configured interfaces, the health
checks failed.
65. Using the CLI, in a GSLB environment, even though a DSSP prod00237154
update was received for a remote real server, the remote real
server under one of the rules in /info/slb/gslb/rule
<x> displayed as not updated.
66. In an SLB environment, the SLB statistics clear command prod00237128
/stat/slb/clear cleared the concurrent connections
number and also decremented the number, resulting in a
sub-zero value. This caused connection multiplexing to not
work as expected.
67. In an FTP SLB environment with DSR enabled, Layer 4 DSR prod00237093
was not supported with FTPP enabled, because the FTPP
feature expects that return traffic should be traversed via
Alteon for creating an FTP DATA session based on FTP
PORT/PASV commands.
Support has been added to disable DAM locally for FTP and
FTP data service to support Layer 4 DSR.
Alteon now the forwards FTP PORT command to the server
as is without altering the FTP client data port to pport in the
PORT command, and the server returns traffic required to
pass through Alteon.
When FTPP is enabled, Global and Local DAM should be
enabled. A validation has been added to display a
configuration error when Global or Local DAM is disabled

with FTPP.
In addition, validation has also been added to display a
configuration error with Apply, when local DAM is enabled
and FTPP is disabled.
For FTP parsing (ftpp ena), Global and Local DAM must
be enabled.
Support has also been added for Layer 7 DSR with FTPP
parsing enabled. When DSR is enabled with FTTP parsing,
Alteon should inspect server return traffic. As a result, this
scenario has been treated as Layer 7 NONAT.
68. Using WBM, new user accounts displayed a limited prod00236783
configuration menu although the user was entitled to
configure more menus.
69. Connection management/multiplexing did not work as prod00236010
expected for an application after it matched the content rule.
The same number of sessions on a real server as a front-end
session displayed. This caused the server to overload its
session limit and hang.
70. An ADC-VX forwarded non-unicast tagged packets to a prod00235583
vADC, even though it should not have.
Support has been added for limiting broadcasts to only
enabled VLANs when more than one vADC is set to a shared
VLAN and is set to tag enabled.
Fixed in 30.0.5.0
29.0.6.0 and 29.5.5.0.
1. In a VRRP active-standby environment with one port down on prod00237341
the LACP trunk, if the interface for multiple virtual routers
(VRs) was part of the active LACP trunk and one of the ports
on the LACP trunk connected to backup platform was
operationally enabled or disabled, when a reboot was issued
on the backup platform, it was inconsistent and a loop
occurred.

2. REST API commands bypassed Alteon configuration prod00237031
validation and an attribute was missing in the GSLB network
for the "virt" addition under GslbNewCfgEnhNetworkTable.
Note: GslbNewCfgEnhNetAlphaNumVirtPrefTable should be
used for setting the "preference" parameter.
3. In an OSPF environment, when OSPF was in the FULL state, prod00236817
the OSPF default route was updated in the LSDB but not in
the routing table.
4. In a BGP environment, only the first access list was processed prod00236809
instead of processing all available access list/network filters.
5. In a virtualization environment, the configuration prod00236543
synchronization did not work between ADC-VX peers as
expected.
6. In a virtualized environment, in a vADC the command prod00236532
/cfg/sys/hprompt ena required a reboot to take effect,
while in the ADC-VX an Apply was sufficient.
7. In a NAT filters environment, dynamic NAT filters could not be prod00236495
configured with the network class as the source or destination
IP.
Note: Only Static NAT filters cannot be configured with the
network class as the source or destination IP.
8. When the SSL health check failed, the client lost WBM prod00236490
connectivity.
9. The CLI commands to display syslog messages prod00236477
(/info/sys/log and /info/sys/dump) did not display the
latest logs.
10. In an SLB environment with the SSH service, the TCP prod00236397
connections opened for health checks were not closed as the
server continued to send data, causing stale TCP sessions.
Note: This issue was specific to protocols that initiate data
after the three-way handshake. It was not observed for other
protocols, such as HTTP.
11. On a 6420 XL platform using WBM, you could not allocate prod00236361
more than 28 capacity units (CUs) to a vADC.
12. HTTPs health checks incorrectly used SSLv2 ciphers in prod00236343
handshakes, as SSLv2 and SSLv3 are no longer supported.
Note: sslv2 and sslv3 are blocked in https/ldaps health checks

13. In an SLB environment with multi-rport, when the AE prod00236299
rebounded HTTP requests to a server based on the rport, but
there were no rports configured for the real servers, the current
session stats of the real servers continued to iterate until the
200K max sessions. The vADC had to be rebooted for the
server to return to service
14. In a VRRP environment, when 64 virtual routers were prod00236246
configured in a virtual router group without tracking virtual
router for a group (trackvr) enabled, the Apply operation failed.
15. Alteon reset the gateway retries whenever the gratuitous ARP prod00236244
was received for the gateway. This resulted in the default
gateway remaining up even if it was not reachable/pingable.
16. When OCSP validation was enabled in the client prod00236226
authentication policy and the time zone was not set, due to an
internal time zone calculation difference, the client was
redirected to failurl, even though the server sent the certificate
status as 'good'.
17. You could not configure an SSL policy for the SIP service. To prod00236212
configure SIP over TLS with AppShape++ scripts for SIP
header manipulation, you were forced to configure a service of
type basic_slb.
18. On a 5412 platform, when executing /info/swkey during prod00236207
SSH to the platform, a panic caused an auto reboot.
19. In an SLB environment with preemption disabled for real prod00236192
servers and operationally disabled, if the primary server was
operationally enabled and then became active when any SLB
related configuration changes were applied, abnormal
behavior resulted on a configured backup real server.
20. In an OSPFv3 environment, OSPFv3 neighbor relationships prod00236191
could not be established with exchangeStart status.
21. When syslog severity is configured as 7 and the facility as 0, prod00236152
the syslog server did not receive any messages related to
session logging, even when the sesslog was turned on
globally and on service.

22. When configuring USM under SNMPv3, setting authentication prod00236078
and privacy to MD5 and DES respectively the Web UI and CLI
behaved differently. Web UI did not ask for admin password
while applying, while CLI asked for admin password.
Post the fix, CLI shall not ask for a password
23. Using WBM, when logged in as a user with admin privileges, prod00236076
you could not create users.
24. Using WBM, an HTTP health check with the special character prod00236072
"-" in the hostname could not be configured.
25. In an VRRP environment, Alteon does not support using virtual prod00235991
routers as part of PIP ranges. The error message that was
issued when PIP (service based) included ranges (addresses
or nwclasses) was unclear.
The error message is now corrected to the following:
PIP supports discrete mask only, where as the
Virtual server X PIP v4 address matches
address of virtual router Y
26. In an SLB environment with Return To Sender (RTS) prod00235975
processing and RTS VLAN enabled, an RTS session was not
created for the client traffic and the return traffic from server
was redirected to a different sender.
27. When the management port was disabled or down, the proxy prod00235970
mechanism stopped working.
28. The severity of a syslog message was classified as Critical prod00235965
even if the MP CPU utilization fell below the threshold level.
29. Using WBM, unencrypted SSL key import required a prod00235793
passphrase when it should not have. Unencrypted key import
does not require a passphrase, and encrypted key import
requires passphrase.
30. Using WBM, changing the Intermediate Certificate option from prod00235713
group to none caused a corruption in the Application Engine
(AE) configuration, and SSL traffic was not handled.
31. Through Alteon web UI, changing Intermediate Certificate prod00235711
option from group to none caused a corruption in Application
Engine (AE) configuration and SSL traffic was not handled.

32. During configuration synchronization with the SSL prod00235710
configuration, the user-defined SSL cipher string did not sync
to the peer switch, while the rest of the SSL configuration was
synced.
33. In an SLB environment with an HTTPS service, if the response prod00235690
on a POST was sent before the sending POST was
completed, the body of the POST and the next request were
not sent to the back-end server, causing applications to fail
intermittently.
34. Using WBM, while an Apply was in progress and a REST prod00235590
script was running at the same time, Alteon became stuck.
35. In an SLB environment with the service IP configured and prod00235496
delayed binding (dbind) force proxy enabled, when a request
was sent to this virtual server with the service IP, Alteon
panicked.
In this version, the dbind ena/dbind forceproxy configuration is
blocked when the service is IP. The following Apply error
message displays for an IP service with dbind ena/forceproxy:
Dbind ena/forceproxy is not supported for
virtual IP service <x>
36. In the CLI command /cfg/sys/access, the Management prod00235447
Network Access (mgmt) menu was missing.
37. During the audit log in an ADC-VX environment, the syslog prod00235415
message for a configuration change on a vADC showed that
username invalid-unknown modified the configuration when an
Apply or Save was performed from the ADC-VX.
38. In an SLB environment, when a real health check with prod00235408
LOGEXP was associated with an IP service, the Apply
operation failed with an error.
39. When attempting to upload files (for example, 20) on an FTP prod00235376
server with active FTP sessions, disconnections occurred and
files did not get uploaded.

40. In a Layer 7 load balancing environment with HTTP redirection prod00235299
conversion (sslpol/convert) enabled in an SSL policy,
even if the protocol in a redirect URI was HTTPS, Alteon
modified the server response and removed the port number,
even though the configuration did not have a modification rule.
Note: Alteon does modify the redirection location URL
appearing in the HTTP header from HTTP:// to HTTPS://"
when sslpol/convert is enabled.
41. In an SLB environment with the APM server configured and prod00235288
up, it was not possible to activate APM on the configured
virtual services.
42. In a virtualization environment on ADC-VX and vADC, Port prod00235250
'Per Second' IF stats displayed incorrect values in CLI and
SNMP. Also, the MIB object portStatsTotalOutOctetsPerSec
was missing.
43. The ping and traceroute commands output were affected by prod00235191
the verbose 1 command, and did not display the output of
these commands.
44. In a Layer 7 load balancing environment with content classes prod00235173
and HTTP modifications and session drop (sessdrop) enabled
for SSL offloading, during peak traffic Alteon sent an RST to
the client and transmitted the data, causing applications to
hang and other problems.
45. From the WBM on a 5208 platform, you could allocate up to 28 prod00235162
capacity units (CUs), even the though the available CUs was
24.
46. In an SLB environment with delayed binding( dbind ena ) prod00235103
enabled and SSL offloading in a production network after
/cfg/slb/adv/synatk is set to off, a communication failure
occurred on virtual servers.
47. In an SLB environment, when the HTTP service was prod00235093
configured with the action as redirect and HTTP modification
on the body, when it tried to access the virtual server to view
the sessions, a panic occurred.
48. When Alteon AppWall was configured with SSO prod00235051
authentication, it did not work for the SharePoint server.
49. In a VRRP environment with virtualization, after ADC-VX prod00234969
recovers from a panic, the VRRP state stayed as NONE.

50. If any OSPF configuration, informational or statistics menus prod00234838
were not executed previously, Layer 3 dump/tsdump/techdata
did not contain OSPF/OSPFv3 information.
51. When daylight savings ended, the time did not change. prod00234792
52. In an SLB environment, the real server proxy state was prod00234759
overlooked. As a result, Alteon sent a client request to the
server with the switch proxy address, even though proxy mode
was disabled for the real server.
53. WBM allowed the TAB character as a valid input for the server prod00234687
certificate name in the certificate repository when it should not
have been allowed.
54. When the management port was disabled, Alteon did not listen prod00234658
on the DPM port even though reporting (/cfg/sys/report) was
set to ON.
55. In an Alteon SLB environment with VIP and APM enabled on prod00234651
the service, a body was added to the response for a HEAD
request and stopped the Outlook Address Book download.
56. When TACACS+ logging is enabled, in some cases from the prod00234633
CLI, when performing an Apply after making some
configuration changes with the TAB character, before pressing
Enter, Alteon panicked.
57. In an SLB environment with virtual service statistics (vstat) prod00234619
enabled, WBM displayed the incorrect statistics counter for per
service statistics.
58. In a virtualization environment on a ADC-VX, when trying to prod00234583
send a syslog trap of type 22 (altSwSlbRealServerDown: The
real server is down and out of service), a panic occurred.
59. When a PIP was configured in a VLAN, a virtual router (VR) prod00234486
was created for the PIP and in the virtual service, PIP mode
was set to egress, the server packets were dropped and the
application did not work.

60. User-defined cipher suites with more than 255 characters prod00234480
could not be configured.
With the fix, the character limit has been changed from 255 to
1024 in CLI and WBM, and the MIBs
slbNewSslCfgSSLPolCipherUserdef and
slbCurSslCfgSSLPolCipherUserdef have been updated. The
type of these MIBs was changed from DisplayString to OCTET
STRING, as DisplayString supports a maximum of 255
characters.
61. In an FTP load balancing environment in passive mode, FTP prod00234479
client requests periodically were dropped, resulting in Alteon to
stop responding to some client IP address requests to the
virtual server.
62. While command logging in through TACACS, a rare panic prod00234440
occurred.
63. When an SSL-enabled health check was configured, if it failed prod00234288
due to an SSL handshake, the WBM froze in the loading state.
64. In an ADC-VX environment, when upgrading the vADC from prod00234283
Alteon version 29.5.x to 30.0.x by keeping the ADC-VX at
version 29.5.x, although the vADC upgraded successfully,
once the ADC-VX was rebooted, the vADC went back to
version 29.5.x and the 30.0.x version was marked as
incompatible. The issue did not occur when the vADC was
rebooted without rebooting the ADC-VX.
65. In an SLB environment with VRRP and session mirroring prod00234280
enabled, maximum connections (maxcon) was applied
prematurely on the real server, causing current session
statistics to incorrectly decrement current session statistics
during session mirroring. As a result, after VRRP failover, the
new Master sent an RST or HTTP 503 (Service Unavailable)
to the requests, even though the relevant real servers were
UP.
66. Due to an unexpected network loop and FDB corruption, when prod00234039
troubleshooting, the FDB recovery mechanism did not work as
expected, even though FDB recovery
(/cfg/l2/fdb/recover) was enabled.

67. In a VRRP environment with high traffic, during the prod00234008
Master/Backup transition, ARP gateway health checks were
sent with the source MAC address of the VSR instead of
interface MAC.
68. In VRRP environment, after disabling backdoor access by the prod00234006
"/maint/sys/devaccess", an unexpected VRRP transition
was seen.
69. In an SLB environment with multiple services configured for a prod00233999
virtual server, when the primary backup server failed, the real
servers from the secondary backup group did not go UP.
70. There was a discrepancy for the header value input through prod00233996
validations under /cfg/slb/layer7/httpmod <x>/rule
<y> header action insert between WBM and CLI. WBM was
corrected.
71. IPv4 and IPv6 PIP statistics (/stats/slb/pip and prod00233930
/stats/slb/pip6) were not included in the tech support
configuration dump (tsdump).
72. In the CLI, when the command to quit (q - to stop displaying prod00233923
the configuration) was used with /cfg/slb/cur after 17 spaces
and did not stop displaying the data. Data continuously
displayed even after entering q three more times.
73. In the CLI, /maint/sys displayed empty fields. prod00233922
In this version, the /maint/sys command is now hidden from
customers, except in tech support mode (God Mode).
74. In a VRRP environment, when exporting a file via WBM, the prod00233918
application created a local compressed tar file with a blocked
mode, causing the application to not send the VRRP
advertisement messages to the backup. This, in turn, caused a
VRRP flip flop.
75. In a basic SLB environment, when retrieving the virtual server prod00233873
services runtime information via SNMP, a failed real server
state in a group was incorrectly returned.
76. In an ADC-VX environment, when setting the name to a vADC prod00233862
with a length less than 32 bytes, a panic occurred on the
vADC.
77. Using WBM, During the tech data download involving a packet prod00233789
capture, Alteon panicked.

78. In an SLB environment with 'client connection reset for invalid prod00233772
VPORT' (creset) enabled for a virtual server, Alteon sent
unusual or invalid RST packets with the ACK number set but
no ACK flag set, causing clients or the firewall to drop those
packets.
79. In the CLI, the command /c/slb/layer7/slb/cur prod00233740
incorrectly removed a space when displaying the current
content class configuration.
80. In an SLB filter environment, with IPv6 filters and vmadip prod00233733
enabled, when IPv6 traffic was received, Alteon panicked.
81. With FDB recovery enabled, when a save was performed, prod00233713
Alteon panicked.
82. In WBM, the active image bank was not displayed when prod00233695
uploading the image to the platform.
83. In an SLB environment during session mirroring, as the real prod00233635
server current session statistics were incorrectly decremented,
the maximum connections (maxcon) metric would take effect
prematurely causing Alteon to stop taking connections.
84. In an SLB environment with preemption disabled for real prod00233577
servers, operationally disabled primary server became active
when any SLB related configuration changes were applied,
causing abnormal behavior for a configured backup real
server.
85. When an HTTPS service was configured with passinfo and prod00233566
contained the "failurl" authentication policy, the client always
was redirected to "failurl" even though the client certificate was
sent and was valid. As a result, client authentication failed.
86. When an HTTPS service was configured with APM and prod00233565
contained the "failurl" authentication policy, the client always
was redirected to "failurl" even though the client certificate was
sent and was valid. As a result, client authentication failed.
87. In an SLB environment with AppWall enabled, Alteon stopped prod00233490
processing traffic for the virtual server. Also, when the tunnels
were set to transparent or even bypass, traffic was not
processed on the virtual server.
88. Using WBM In a ADC-VX environment, switching from prod00233463
Monitoring > System > Capacity > System to Monitoring >
System > General Information and back did not work.

89. In an ADC-VX environment, a Telnet session to the vADCs prod00233434
from the ADC-VX was not responded to, because the user
input text on the Telnet session was not identified. This issue
was specific only to a Telnet client on ADC-VX.
90. Using WBM in an ADC-VX environment, the label names for prod00233433
the CUs displayed in Monitoring > System > General
Information > Current Capacity Units were misleading. In this
version, the field name is now named Current Available
Capacity Units.
91. In an SLB environment with PIP configured as the VIP for an prod00233428
FTP service, passive FTP mode did not work as expected,
with FTP data being dropped after proxy processing.
92. When a new certificate smaller than the previous certificate prod00233413
was applied, the output of a certificate with configuration dump
(/cfg/dump) displayed corrupted data.
93. Using WBM, in the SSL Authentication Policy configuration prod00233325
pane, you could not configure the OCSP Response Time
Deviation with a value higher than 3600, even though the valid
range is 0-2678400.
94. In WBM, when upgrading the Alteon software image in the prod00233323,
Version Management pane, the version password field was prod00233322
missing.
95. The output of /stat/mp/mem is not MP process memory, rather prod00233300
it is system memory information.
In this version, the free memory display was added under
/stats/mp/mem as an addition to 'free+cached+buffers" and
updated description for following OIDs:
 mpMemStatsTotal (.1.3.6.1.4.1.1872.2.5.1.2.8.1): Total
RAM (system memory) information.
mpMemStatsFree (.1.3.6.1.4.1.1872.2.5.1.2.8.3) : Free RAM
(system memory) information.
96. In WBM, when Layer7 content rules were configured first for prod00233289
service 443, and then for service 80, the content rule for
service 80 did not display.
97. At initial configuration via REST API, unicast session mirroring prod00233252
did not work as expected.

98. When syslog messages were configured with specific severity prod00233162
to be sent through e-mail, all the syslog messages were sent
without considering the severity, even though this was
configured.
99. In a SIP SLB environment, SIP persistent sessions (p- prod00233118
sessions) created on SIP REFER during outbound traffic did
not age out, causing stale sessions in the session table.
100. In an SLB environment with cookie insert configured on a prod00233048
virtual server, Alteon did not inject the APM Java script.
101. In Alteon SLB environment, APM monitoring was not working prod00233002
on a virtual service configured with content rules.
102. In an SLB environment with multiple rports, when updating the prod00232972
real server rports to the SP from the MP failed, this resulted in
the client requests binding to a virtual port (vport) instead of a
real port (rport - addport of the real server).
103. On a 5208 platform, the management port is by default prod00232863
enabled. When the management boot (/boot/mgmt) was set to
disabled, and the platform was then rebooted with the factory
default configuration, the management port incorrectly
remained disabled.
104. In an SLB environment with persistent binding as clientIP, the prod00232651
persistent entry (P-entry) in the session table displayed the
protocol type as UDP when the session's protocol type was
actually TCP.
105. Using APSolute Vision version 3.0 with Alteon version 30.0, prod00232627
FastView panes did not display correctly. This included the
FastView Web Application Edit pane, and the Treatment Sets
configuration panes.
106. Using WBM, in an SLB environment, when proxy IP was prod00232592
configured without a mask, all real servers failed.
107. When the Alteon CLI command /cfg/slb/virt prod00232563
x/services y/protocol was left without input, and the
Telnet session expired, Alteon panicked.
A similar panic also occurred for following commands:
/cfg/slb/virt 1/service http/pbind insert
/cfg/slb/virt 1/service http/http/clntprox
/cfg/slb/ssl/authpol/trustca

/cfg/slb/appshape/script/export
/cfg/slb/ssl/authpol/passinfo
-version
-serial
-algo
-issuer
-nbefore
-nafter
-subject
-keytype
-md5
-cert
108. UDP packets destined for port 2090 were dropped by Alteon prod00232558
and not forwarded from the server to the client.
109. In an SLB environment, when a real health check with prod00232533
LOGEXP was associated with an IP service, the Apply
operation failed with an error.
110. In a GSLB environment, when displaying the GSLB prod00232515
persistence cache entries (/info/slb/gslb/pers), rule
domain-based entries were not displayed, while virt domain-
based entries were displayed.
111. When monitoring Alteon through SNMP, SNMPWalk stopped prod00232485
at the slbNewCfgEnhRealServerCopy, ipRouteDest, and
fdbTable table objects. Also, the data type declared for the
MIB object switchCapASFltsCurr was INTEGER, while the
actual value returned is STRING
112. When AppWall was configured, the configuration sync failed prod00232429
between two vADCs.
113. In an SLB environment, when a script health check was prod00232368
associated to the server group, internal ports were displayed
while executing the information command (/info/slb/real
x), and the information display confused users on ports that
did not display in the configuration, as these were internal
ports.
In this version, internal ports are displayed with additional
information, so it is clear about the internal ports.

For example:
 rport 12(internal port for runtime SCRIPT health check
when script is not inherited), 1500 ms, UP
 rport 0(internal port for runtime ARP health check), 0 ms,
UP
 rport 0(internal port for runtime ICMP health check), 0 ms,
UP
rport 0(internal port for runtime ICMP health check), 0 ms, UP
114. When SMTP enabled on a management port, syslog prod00232284
messages were sent through e-mail over SMTP using
incorrect management IP addresses.
115. In the CLI, there was a discrepancy in the SSL certificate prod00232272
name configuration input when compared to interactive mode.
Interactive mode seemed to accept any name (including
special characters) when it should not have.
116. In an SLB environment, whenever the SLB configuration prod00232209,
changes were applied when traffic was running, the client prod00232372,
request was served by Alteon instead of the real server. prod00232211
117. In an SLB filter environment with network binding enabled on prod00232002
one of the filters, if the real server state associated with the
filter changed, Alteon failed to clear the SLB session, causing
an incorrect filter to run.
118. In an SLB environment, when an IP service was configured prod00231986
with 'nonat enabled', during client processing Alteon panicked.
119. In an SLB environment, when two or more virtual servers were prod00231935
configured with same service and associated with same real
server, the real server's real port (rport) status that was
reported for some services was incorrect.
120. Using WBM, when configuring a new virtual service, the prod00231914
service type was incorrectly set to SMTP instead of Basic-SLB.
121. During configuration synchronization, the protocol settings prod00231857
under NTP or IP service was not synchronized to the peer
device.
122. When monitoring Alteon through SNMP, when performing prod00231747,
SNMP GET on MIB table elements prod00232441
slbRealServerRportInfoTable/slbEnhRealServerRportInfoTable
with an invalid second index, Alteon panicked.

123. In the WBM, invalid or unexpected inputs caused memory prod00231698
corruption, which sometimes led to a panic.
124. In an SLB forceproxy environment, due to an internal prod00231629
Acceleration Engine timer set to a maximum of 20 minutes of
idle timeout, the sessions in the session table were deleted,
and on the server side the old sessions were kept in the
ESTABLISHED state, causing Alteon to start new sessions
using a different source port.
125. Using WBM, the configuration file could not be exported and prod00231607
generated the following error: Error: Configuration
import/export via HTTP is already running.
126. When the action was REDIRECT and AppShape++ script was prod00231348
attached, SLB failed.
In this version, in general when the action is REDIRECT, SLB
is not expected, however if an AppShape++ script is attached
to a service, SLB is performed.
127. In a port mirroring monitoring environment, there was a prod00231339
statistics mismatch between the 'mirroring' port and the
monitored ('mirrored to') port, even though packets were sent
correctly to the 'mirrored to' port.
128. Using CLI in an ADC-VX environment, when an empty value is prod00231322
entered for /info/l2/fdb/port, Alteon panicked.
129. Using WBM, incorrect values displayed for the current usage prod00231299
of compression statistics in the License table.
130. In an ADC-VX environment in a vADC, even though the prod00231144
configuration file size was small and free disk space was less
than approximately 13MB, when trying to perform a save, the
following error message incorrectly displayed: ERROR cli:
Error writing active config to FLASH! No space left on the
device.

131. In an SLB environment with an HTTPS service or HTTP prod00231104
service with delayed binding set to forceproxy, there was a
delay of 0.2 seconds when refreshing the Web page. This
occurred because HYBLA was being used and when the TCP
connection was idle for more than one round trip, Alteon
reduced the initial sending window to a single packet. For
clients with delayed ACKs, this introduced an unnecessary
delay in the transmission because the client was waiting for
another data packet, while Alteon was waiting for an ACK from
the client.
132. In an SLB environment with delayed binding set as forceproxy prod00231103
on a service, server selection always happened using the
leastconns metric, even though svcleast was configured for the
server group.
133. While configuring or importing a server certificate on Alteon prod00231070
and performing apply or save, when the PEM string was added
after the key ID, the certificate information was not sent to the
AppAccel (AX), and AX errors displayed.
134. In an SLB environment with primary and backup real servers, prod00230909
the backup server session entry was deleted when the primary
server was operationally enabled when it should not have
been.
135. On a 4408 platform, the port speed configuration (/cfg/port prod00230902
#/gig/speed) showed "10000"/"40000" as the configuration
option, even though this platform does not support such a
speed.
136. While export/import via SCP on Alteon when the SCP prod00228671
operation was timed out, due to thread synchronization issue,
socket file descriptors were not freed which caused a SFD
leak.
137. A RADIUS-authenticated user was allowed to change the prod00226875
admin password when he should not have been.
138. When a packet's destination IP address was a PIP with an prod00211580,
address other than the first one within the PIP subnet range for prod00232041
the service, Alteon forwarded the packets when there was no
corresponding session, causing a routing loop.
139. In an SLB environment, APM monitoring did not work on a prod00232887
virtual service configured with Cookie insert.

Fixed in 30.0.4.0
29.0.5.0 and 29.5.3.0.
1. Alteon (AppWall) login to Outlook Web App (OWA) 2010 prod00231279
occurred automatically without stopping. The login action
continued every second. Also, OWA 2010 SSO did not work
even through the authentication was successful.
2. The AppWall Management application did not work with Java prod00225118
version 8 update 25.
3. During boot up on a 4408 XL platform with Alteon version prod00230980
30.0.x.0, an error message regarding SSL chip was displayed.
4. In a virtualization environment, when Alteon was upgraded prod00230899
from 29.4.x to 30.x, vADCs booted with the factory
configuration instead of the saved configuration.
5. In SLB monitoring environment, when action redirection was prod00230847
configured for virtual service and client request did not have
Host: header, Alteon sent incorrect location header.
6. In an ADC-VX environment, after exporting all of the prod00230785
configurations and booting with the factory default
configuration, when importing the configuration with the 'all'
option on the ADC-VX, the vADC configuration was not
applied properly.
7. In an ADC-VX environment, a VLAN configuration update was prod00230742
sent to all vADCs from the ADC-VX even if the VLAN did not
correspond to the vADC.
8. In a virtualization environment, when rebooting a vADC in a prod00230702
VRRP hot-standby environment, a network loop briefly
occurred.
9. Using WBM, it was not possible to create an SNMPv3 user prod00230656
with the name monitoring.
10. Using WBM, after creating an SSL policy, an added or prod00230654
associated intermediate certificate would not display in the
policy in Edit mode.
11. When configuring SLB, when the end-user defined a virtual prod00230639
service using AppShape++, the diff command did not display
a virtual service ID.

12. In a DSR environment with an IPv6 DNS health check prod00230605
configured, Alteon initiated DNS-based health check queries to
the real server address rather than to the virtual server
address.
13. Alteon considered any client certificate validated by OCSP as prod00230601
a failure if the valid certificate did not include the signer
certificate.
14. Alteon cannot have both VLAN and port PIPs configured at the prod00230594
same time, but the configuration dump displayed both while
only the active PIP type should have been displayed in the
configuration.
15. Using the WBM dashboard in an SLB monitoring environment, prod00230556
when a primary group using real servers was down, a virtual
service would display as down even if the backup group or
servers were up and active for the service.
16. In an SLB environment using By Name mode, the value from prod00230554
a pre-alphanumeric MIB was incorrectly polled using an index
number. The old slbStatRServerTable MIB is not supported in
By Name mode.
17. Using WBM to add a host while configuring content prod00230506
modification rules, you could not use a period (.) or hyphen (-)
even though the CLI allowed using them.
18. After a configuration change of the virtual server service type prod00230496
(for example, http to basic-slb) the Acceleration Engine was
not correctly updated and resulted in traffic failure.
19. Using WBM, when configuring an SSL virtual service, SSL prod00230491
Offloading lost Web content but worked when the same
service was configured in the CLI.
20. Using WBM, you could not clear all SLB statistics using the prod00230488
Monitoring > Application Delivery > Virtual Service pane.
21. When global management was disabled, the MNG SNMP prod00230476
listener was created and failed with an error message.
22. Using WBM, when configuring an HTTP health check, you prod00230459
could not use hyphens (-) or underscores (_) in the hostname
field.
23. During an SNMP walk, in Alteon By Name mode, the SNMP prod00230355
OID .1.3.6.1.4.1.1872.2.5.4.2.23.2.7.1.6 corresponding to
stats/slb/accel/compress/virt x caused an error.

24. In an SLB environment with content rules configured, if prod00230353
content-rewrite was configured on request, an applog error
appeared on each request.
25. In an SLB environment using filters, server processing prod00230269
bypassed health responses from the server and matched the
configured filter criteria. As a result, the filtered health check
responses did not match the health check configuration,
causing health check failures.
26. When one temperature sensor reached the temperature prod00230224
threshold and other sensors did not, Alteon generated both a
critical syslog message regarding high temperatures and a
notice that temperatures were okay. The messages conflicted,
causing the end-user not to understand the actual temperature
status.
27. In an SLB environment, after rebooting Alteon, the dynamic prod00230184
weight based on the SNMP health check response did not
work.
28. In an SLB environment with SSL, the ciphers and protocol that prod00230158
were sent to the real server did not match when configuring an
SSL policy with the cipher suite set to Low.
RC4-MD5 and RC4-SHA have been added back to Low
Ciphers.
29. In an SLB environment with health checks of real servers, prod00230157
when invert to a health check was enabled, even though the
HTTP health check response string (403 or 501) did not match
the expected response (200), the real servers were not
marked as up.
30. When trying to connect to Alteon via SSH, the connection prod00230099
failed even when there were no other SSH connections.
31. Using WBM, when creating users with WBM admin privileges, prod00230086
the created users mistakenly were defined with restricted
access.
32. In a VRRP configuration, when tracking the virtual router for a prod00230074
group (trackvr) was used for the VR group, while performing
configuration changes, a configuration that used a non-existing
(deleted) VR for tracking resulted in an error in configuration
sync. This caused the trackvr to be removed from the
secondary vADC, and both vADCs were assigned the VRRP
master status.

33. Alteon accepted an incorrect certificate and key during import prod00230065
and failed to validate after a reboot. The incorrect configuration
displayed when using the diff command.
34. On an Alteon 5208 platform, when working with a Cisco 4948 prod00230005
in trunk mode configured on the platform's port, Alteon
crashed.
35. In an SLB environment with delayed binding enabled, when an prod00229997
internal timer was used for the SYN attack protection
mechanism, if it wrapped around after 497 days, causing the
SYN cookie validation to fail. The client connections were reset
and were not able to reconnect to specific virtual servers.
36. In an SLB environment with health checks of a real server that prod00229977
was not used in a virtual server group, a misleading runtime
status displayed for health checks.
37. In a virtualization environment, when trying to import a prod00229973
configuration using the vADC creation menu, an incompatible
configuration file error displayed.
38. When configuring an HTTP virtual server with delayed binding prod00229893
as forceproxy using lowercase in the redirect field, the
redirection did not work due to case sensitivity.
39. In an ADC-VX environment, during upgrade to version prod00229788
30.0.x.0, because ADC-VX takes a long time to write an image
into a file system, Alteon did not send keep alive packets to the
watcher, causing Alteon to panic.
40. An ICMP delay displayed receiving a continuous ping to a prod00229782
virtual server IP or physical IP address. The delay (latency)
started after 8 to 9 packets were received.
41. Due to a timer issue in the hibernation feature, a panic prod00229775
occurred when the SLB environment was configured with
Application Acceleration.
42. Using WBM, users with a privilege level set to Oper did not prod00229762
have access to multiple screens and an error message
displayed when the user tried to access them.
43. In an ADC-VX environment, the NTP configuration enabled, prod00229701
when the configuration was imported and a revert apply was
performed for a vADC, the GMT offset of some of the vADCs
was different than for ADC-VX.

44. When upgrading from Alteon version 29.0.2.10 to 29.0.3.10 in prod00229680
an OSPF environment, the OSPF routes did not display in the
route table (/info/l3/route0), even though they
displayed in an OSPF dump (/info/l3/opsf/dump).
45. In an SLB environment, when a service having content rules prod00229627
associated to it was deleted, the Application Acceleration
Engine did not delete both the content rules and the service,
leading to an issue with configuration synchronization. The
Acceleration Engine displayed the error Saved config is
not proper. Modify configuration or Reset vadc
with factory config.
46. In an SLB monitoring environment with delayed binding as prod00229552
foreceproxy, when the HTTP service was configured with an
action redirect, the redirect session statistics under the Virtual
Stats menu were not incremented.
47. When an end-user configured an advanced health check, prod00229534
irrelevant warning messages relating to downtime displayed.
48. When a new AppShape++ script ran on Alteon, SP CPU prod00229512
usage jumped to 100%.
49. After importing a certificate with an expiry period beyond prod00229466
January 19, 2038, Alteon displayed the wrong expiry date and
time.
50. In an ADC-VX environment, outputting techdata resulted in an prod00229423
LACP flip-flop.
51. Using WBM, when creating a real server with ID x, when prod00229419
reverting it later, other real server IDs x+n that had been
created were removed.
52. In an ADC-VX environment, a panic occurred when prod00229353
provisioning a vADC via vDirect.
53. Using WBM, a regex pattern using a space for the HTTP prod00229312
content class was allowed, but not in CLI.
54. In an SLB environment with an HTTP virtual service prod00229229
associated to a compression policy and an SSL policy, even
though HTTP content modifications on response with body
were included, the response was not modified and the next
requested page on the same session did not display.

55. In an SLB filter environment with non-TCP/UDP/ICMP traffic prod00229123
and RTS enabled, RTS session lookup failed for server
responses, causing the server-returned traffic to be forwarded
to a different server instead of sending it to the server from
where the request was received.
56. In an SLB environment with Layer 7 content classes of type prod00229048
filename, when a regex matched against a URL that had a
path with a dot (.) and no filename filetype in the URL, a panic
occurred.
57. When real-time traffic arrived from multiple IP addresses with prod00229030
the same source port, the SP CPU reached 100%.
58. When Web certificates were re-generated with different prod00228985
parameters, when an apply and then a revert apply was
performed, the Web private keys displayed in diff flash.
59. Alteon did not switch to a secondary RADIUS server if the prod00228935
primary server was down when attempting to access Alteon
based on RADIUS authentication.
60. Using WBM, when more than 50 entries existed in the prod00228908
certificate repository, entries 51 and higher did not display.
61. In an ADC-VX environment during a configuration sync, when prod00228846
the range was not configured on the transferring platform, all
vADCs were deleted from the ADC-VX environment on the
receiving platform.
62. When using WBM to monitor Alteon, incorrect virtual server prod00228798,
highest session statistics displayed on the Monitoring > prod00231464
Application Delivery > Virtual Server pane.
63. In an ADC-VX environment, when lock was enabled and prod00228689
SNMP access was changed from read-write to read-only on a
vADC, Alteon failed to send an error message.
64. In an SLB environment, when operationally disabling a server prod00228684
within a group, the virtual server went down and the backup
real server did not take over if it was not part of the server
group.
65. In an SLB environment with persistency binding performed by prod00228591
a cookie, if the client request contained multiple cookies
separated by a comma (,), Alteon did not perform cookie
persistency as expected.

66. In an ADC-VX environment, when HTTPS access to a vADC prod00228395
was disabled, the vADC failed to apply the configuration, and
the configuration became stuck in diff.
67. In an SLB environment using persistence binding to cookie prod00228388
and the cookie mode set to insert, persistent entries were
stuck and would cause a long delay.
68. On an Alteon 10000 platform, when a user logged into a vADC prod00227639
for the first time after the vADC rebooted, the Linux time was
incremented +1 or -1 hours during TACACS authentication.
69. In a virtualized VRRP hot-standby environment, when a VLAN prod00227604
was disabled or enabled on the backup vADC, the backup
vADC did not initialize the hot-standby ports to the Blocked
state, resulting in a Layer 2 loop.
70. When a content rule was configured with a dot (.) in the path prod00227577
(for example, mycore.core-cloed.net/index.php/settings/users)
that could be matched and discarded, the match did not occur
and the packet was sent to the servers.
71. On an Alteon 6420 platform, default values for throughput, prod00227478
SSL, and compression were incorrect.
72. On a standalone platform, the maximum OCSP cache entry prod00227401
details did not display when using the switch capacity
information command.
73. There was a spelling error in the CLI /c/sys/radius prod00227379
command.
74. In version 30.0, the FastView capacity values for XL and non- prod00227338
XL platforms were incorrectly updated.
75. Using CLI in an ADC-VX environment, during configuration prod00227261
import, passphrase reconfirmation was requested. However,
passphrase reconfirmation is not required when importing a
configuration – it is needed only for configuration export.
76. In an SLB environment, when a secured Web application was prod00227176
configured for a virtual service, delayed binding was
automatically set to forceproxy without any validation when
secwa was enabled, causing a difference in flash during boot
and in dbind forceproxy using diff flash.
77. In an SLB monitoring environment, the real server health prod00227133
check statistics (/stat/slb/realhc) were not cleared by
using the SLB statistics /stat/slb/clear command.

78. An ICMP delay displayed receiving a continuous ping to a prod00226110
virtual server IP or physical IP address. The delay (latency)
started after 8 to 9 packets were received.
79. In Alteon, a timezone change was required after Moscow prod00225849
changed its time offset from UTC+4 to UTC+3.
80. Time based licenses such as FastView and APM now cannot prod00223683
be removed once installed.
81. Using WBM to configure an HTTP modification rule, the entry prod00211598
"VALUE=$Client_IP" could not be used, but the CLI could
accept this entry.
82. In a VRRP environment, when LACP was configured using prod00196951
Cisco as the Layer 2 switch, Alteon pre-empted VRRP failover,
even though pre-emption was disabled.
The command /cfg/l3/vrrp/lacphold <ena|dis> was
added to start the VRRP timer once the LACP ports becomes
available.
Fixed in 30.0.3.0
29.0.4.0 and 29.5.2.0.
1. In version 30.x, when a new VLAN was created with shared prod00227666
disabled and the port to the new VLAN also was associated to
a VLAN with share enabled, the Apply failed and Alteon
panicked.
2. Via the WEB UI, Real Servers Statistics were always empty. prod00225991
3. In a VRRP hot-standby virtualization environment, when a prod00227604
VLAN was disabled or enabled from ADC-VX in a backup
vADC, the backup vADC did not initialize the hot-standby ports
to the Blocked state, resulting in Layer 2 looping.
4. When interacting with other vendor switches with Spanning prod00227180
Tree Protocol (STP) enabled, when STG was disabled, Alteon
did not forward the STP packets correctly and a loop occurred
in the network.

5. In an SLB environment, when the real server mode was prod00227136
configured as physical but with dynamic weight (based on the
SNMP health check response), the least connections metric
did not consider static weight when load balancing, while the
round robin metric did consider static weight, causing the
weight based on the SNMP health check response to not work
as expected.
6. In an Alteon virtualization environment using CLI, after issuing prod00227055
the tsdmp (tech support configuration dump) command in a
vADC, file system usage for other vADCs incorrectly
displayed.
7. When an SSH connection to Alteon via a data port was active prod00226970
and SSH was disabled at the console, Alteon panicked.
8. In an SLB environment with buddy servers, an ICMP health prod00226762
check was used for the buddy server health check regardless
of the configured service port.
9. In an SLB environment using a SAP application, attempting to prod00226660
access the application running a huge report produced a 404
error.
10. In an SLB environment with delayed binding set as forceproxy, prod00226526
when a redirect was configured for a virtual server using:
$HOST/$PATH?$QUERY, when a request came to this virtual
server without the query, Alteon appended a "?" during
redirection.
11. In a VRRP environment, when a switch-based group was prod00226115
enabled and all interfaces has the status DOWN, the VR state
changed from INIT to Master.
12. In an ADC-VX and vADC environment, the SNMPwalk for prod00225519
stopped at the get-next-request for agNewCfgTputThreshold.
13. Any Alteon by Name object ID was truncated for real servers, prod00225502
server groups, and virtual servers if the object ID contained the
substring EBF
14. When throughput threshold reached 90% of the throughput prod00225015
limit, an alert did not display.
15. When attempting to import a configuration containing a content prod00224910
class string index greater than 32 characters using Restful API
commands or SNMP, the configuration save failed and diff
displayed garbage values.

16. The number of free ports displayed for auxiliary session table prod00224355
stats (/stats/slb/aux) and PIP stats (/stats/slb/pip) did not
match each other.
17. When attempting to delete a Layer 3 interface, it could not be prod00223826
deleted and displayed as disabled.
18. In an SLB accelerated environment, stale objects were not prod00223561
served from cache even though they were cached on Alteon.
19. When any configuration changes were performed on Alteon, prod00226495
HTTPS (SSL offload) failed and Alteon returned a 503 error
code.
20. In SLB environment on Alteon, when multiple service ports prod00226429
were configured and one of the service port health check
failed, Client request failed to connect to the Virtual server
even though other services were available.
21. For advance health checks like HTTP and RTSP health check, prod00226304
when response code was set to "none", health check always
failed.
22. In SLB environment with redirection filters, egress PIP prod00225921
configured on filter, the PIP selection was not made from PIP
associated to egress port but rather PIP from ingressport
causing redirection filters not to work as expected.
23. The SSL chip detection message was shown on VADC syslog prod00225903
messages while there should not have been.
24. If a VLAN is removed from vADC, after reboot the VLAN prod00225660,
should not be restored in the config. prod00227556
25. When HTTP request came with fragmentation, and the redirect prod00225430
response was prepared by Alteon, fragment bit was wrongly
set.
26. When syslog via email (SMTP) was enabled and whenever the prod00224966
email sending failed either due to TCP failing to open a
connection or the DNS resolve failed, a panic or memory leak
occurred on platform.
27. When executed the command through CLI's techsupport dump prod00224964
- /maint/debug/tbuf (through tsdmp), a panic occurred on the
platform.

28. In SLB environment with content rules associated to virtual prod00224959
service, When a virtual server was disabled or enabled by
configuration, the update regarding which content rule is
associated to which virtual service was not sent to Application
Accelerator (AX) causing content based HTTP redirect to fail.
29. The IP Address and Mask usage strings for BGP peers and prod00224111
aggregations configuration settings displayed incorrect values
including IPv6 values while IPv6 BGP is unsupported on
Alteon.
30. In a virtualization environment, when a capacity unit was 1 and prod00222364
limitcu was enabled, and there was high CPU utilization
resulting in VRRP flapping, dual MASTER, broadcast storm,
and health check failures occurred when SNMPWalk was
performed for the following OIDs: slbCurAdvhcSnmpTable,
slbNewAdvhcSnmpTable, slbCurAdvhcScriptTable,
slbNewAdvhcScriptTable, slbCurAdvhcLogexpTable and
slbNewAdvhcLogexpTable.
31. In BGP environment, Alteon did not remove a withdrawn route prod00223091
sent by the BGP peer. Only after the interface status change
was done, or clear the routing table, the routing table was
corrected.
32. A memory leak and potential (low probability) memory prod00222024,
corruption was seen when large packets sent to Alteon. prod00222023
Fixed in 30.0.2.0
Version 30.0.2.0 is based on version 30.0.1.0, and includes some of the fixes available in
versions 29.0.4.0 and 29.5.2.0.
1. In SLB environment, maximum Layer 4 sessions support prod00226503
depends on RAM size and the device platform. But system
capacity information (/info/sys/capacity) and SLB
Maintenance statistics (/stats/slb/maint) displayed
incorrect values for 4408 (4GB), 4416 (4Gb) and 5224 (6GB)
platforms.
Note: From Alteon version 29.5.0.0 onwards, maximum
sessions supported on 4408, 4416 and 5224 are as follows:
 4408/4416 with 4GB RAM - 3M

 4408/4416 with 6GB / 8 GB / 12 GB - 6M
 5224 with 6GB - 3M
5224 with 12GB /24 GB- 12M
2. In basic SLB environment, by Alteon design when advanced prod00226492
SLB parameters are configured (persistence/layer 7 SLB/dbind
'e/f'), SLB session binding changes and hence all the existing
sessions get deleted. But an informative message was
missing.
Informative Warning message has been added during apply to
indicate about change in slb session binding - Warning: The
SLB session binding has changed. The existing
sessions are being deleted.
3. Using SSH, a user could not log in to Alteon because packet prod00226222
buffers were leaking with UDP traffic destined for UDP ports
that were reserved.
4. In an SLB environment with a virtual service configured as IP prod00226150
SEC (CISCO VPN) and Direct Access Mode (DAM) enabled,
Alteon failed to forward the server response to the client.
Workaround: Configure basic-slb with service port set to 500.
5. In an ADC-VX environment, when upgrading from version prod00226071
28.1.13.0 to later versions such as 29.0.3.0, 29.5.1.0, or
30.0.0.0, Alteon crashed and the upgrade failed.
6. In SLB environment, when Direct Access Mode (DAM) was prod00226067
disabled and a real server was associated with multiple
services, validation error was shown even though the services
were mapped to different real ports (rports).
7. In an SLB environment, when a health check associated with a prod00226040
filter with the real port set to 0 was restarted during an apply,
Alteon issued a real server operational syslog which was not
associated with any service.
8. Using WBM, when trying to import a server certificate, the prod00225910
import failed with the error 406 Not Acceptable.
srvrcert <n> already exists.
9. After upgrading version 30.0.1.0 with a configuration prod00225846
containing passwords, Alteon rebooted with an unsaved
configuration.

10. In LACP environment, when LACPDUs received on a port prod00225683
which has Port VLAN ID (PVID) set to disabled VLAN,
LACPDUs were dropped by Alteon and LACP did not work. As
a fix, Untagged LACPPDUs received are forwarded on tagged
port to MP.
11. After defining a user-defined cipher with lowercase characters prod00225504
for an SSL policy, the cipher was rejected and Alteon issued
the following error: Error: sslv1 cipher string is
not supported.
12. When executing the command /cfg/sys/access/https/generate prod00224825
to generate certificate via Alteon CLI, there was a spelling
mistake with the word 'successfully'.
13. In an SLB environment using the svcleast metric, when two prod00224432
virtual servers were configured with same IP address, an a
network class was configured for one virtual server, the
svcleast metric did not work as expected and only one of the
servers received all of the sessions.
14. In a virtualization environment, the tech support dump (tsdmp) prod00224337
of both the ADC-VX and vADCs did not include capacity
information (/info/sys/capacity).
15. When the health check for servers in a backup group was set prod00224216
to ICMP, when the primary group was down, the servers in the
backup group displayed as failed when they were actually
functional.
16. Alteon modified the DSCP field of a fragmented routed (not prod00224185
load balanced) packet and reduced the TTL value by 1
correctly, but calculated the IP packet checksum incorrectly.
17. In an SLB environment, when a server group uses the WTS prod00224115
advance health check, Radware recommends setting the
individual real server's timeout to be greater than 10 seconds,
but this informational message displayed even if the health
check interval for advance health checks was already set as
more than 10.
18. When two services were configured with the same virtual prod00224080
server IP address and server group ID but with a different
source net, when the proxy mode of a virtual service was
changed from address to disable and then back to address,
the client requests were dropped.

19. In a Firewall Load Balancing environment with RTS enabled, prod00223912
session lookup failed for ICMP traffic and the server response
was sent back by the filter session that created the lookup.
20. On a 6420 XL platform, after recovering with version 30.0.1.0 prod00223828
using an USB, the platform type displayed as 6420 instead of
6420 XL.
21. In an active-standby VRRP environment without a switch- prod00223681
based group enabled, vADCs did not the update VRRP status
properly when the last virtual router changed to the INIT state,
resulting in an incorrect status for the HA-state of the ADC-VX
and in the /info/sys/general output.
22. In a VRRP active-standby environment, when stateful failover prod00223640
of persistent sessions was enabled and two synch peers were
configured, all persistent sessions created by the master were
synched to only one peer instead of two configured peers.
23. When the gateway feature was enabled for the SMTP service, prod00223610,
configuration synchronization to the peer device failed. prod00232683
24. When the TACACS server was down, when attempting to log prod00223423
in using SSH, Alteon panicked.
25. When the RADIUS server was configured and backdoor was prod00223223
enabled, using SSH local user authentication failed.
26. When the TACACS server was down and the administrator prod00223173
tried to log in via SSH, a panic occurred.
27. When configuration changes not related to SLB were prod00222887
performed and applied, Alteon stopped responding to ARP
requests for the proxy IP.
28. In a Firewall Load Balancing environment, where there were prod00222807
multiple real servers and/or routers configured, out of which
only a few were directly visible and others were reachable with
the help of static routes through these visible routers, the RTS
session that was created pointed to a failed server (based on
the first match with MAC lookup) without considering the
functional state (UP or DOWN) of such real servers, resulting
in the creation of session entries the update to be incorrect.

29. An HTTP health check with NTLM did not consider the prod00222804
configured response code and always checked for the 200
response code for the health check to succeed. The following
error message was issued:
Error: Health check <ID> - When NTLM is
configured, the response code must be set as
200 (the default)
30. When a customized HTTP health check was configured and a prod00222752
real server was brought down and then functionally up again, it
took about 10 minutes for the real server to be healthy again.
31. In the tech support dump, SP ARP cache information was prod00222717
missing, and an error was issued.
32. In either ADC-VX or vADC environments, syslog session prod00222649
messages were not sent to the syslog server.
33. When a customized content health check was configured and prod00222520
used for a server group to which other content was configured,
a misleading error displayed when the real server health check
failed.
34. When the TACACS service was down after a backdoor login, prod00222210
Alteon accepted TACACS credentials and the login was
successful for a short while and then rejected it. The
credentials should have been rejected because the service
was down.
35. In a vADC, several alerts regarding the throughput limit being prod00221814
reached were issued, but the peak usage incorrectly displayed
the maximum throughput used as almost half of the real
throughput limit.
36. In an SLB configuration, when any group was deleted, another prod00221807
random group name was also deleted. Similar issues also
existed with the real server configuration.
37. When upgrading from version 28.1.11.x to 29.0.x.x with some prod00221692
apply errors in the configuration during upgrade, SNMP polling
did not work.
38. In a GSLB environment with delayed binding enabled, and a prod00221565
virtual service configured as HTTPS, if the local servers were
down, Alteon did not route the traffic to the GSLB remote
servers.

39. When OSPF was not configured, Alteon returned OSPF prod00221562
packets to the sender.
40. The command prompt for /cfg/sys/access/user/admbd prod00221560
displayed accecss instead of access.
41. In an SLB cookie and SSLID persistent environment, prod00221218
persistent sessions (p-session) on a persistent -SP did not age
out in the defined time when it was referred to at more than
one designated SP by the client session, and all of the client
sessions referring to the p-session were aged out. This caused
the persistent session on the P-SP to enter into slow-age
instead of fast-age.
42. In a VRRP environment, when a virtual router was configured prod00220523
with an IP address outside the lower limit of the PIP network
class or subnet defined for a virtual service, the backup Alteon
(not only the master) responded to ARP requests when such a
configuration should have been discarded with an error.
Fix: A new error was introduced: Virtual router <n>'s
IP address falls under PIP network class <x>
defined for virtual server <y> service <z>.
43. In a VRRP hot-standby environment with ISL and server ports prod00216152,
on the same VLAN, after reboot of a vADC and the platform, a prod00216147
network loop occurred.
Fixed in 30.0.1.0
Version 30.0.1.0 is based on version 30.0.0.0, and includes fixes available in versions 29.0.3.10
and 29.5.1.10.
1. In a GSLB environment with delayed binding enabled and a prod00221565
virtual service configured as HTTPS, if the local servers were
down, Alteon did not route the traffic to the GSLB remote
servers.
2. AppShape++ scripts with X509::extensions, such as X509v3 prod00222599
Basic Constraints, X509v3 Subject Key Identifier, and X509v3
Authority Key Identifier, only retrieved the extension field name
without its value.

3. In an Alteon VA environment, when an AppShape++ script prod00221388
with the operator "contains" was configured, on performing an
apply, the platform crashed.
4. When using a VRRP group with tracking, after the group was prod00221196
in the ''init'' state, the /info/l3/vrrp command displayed
the incorrect state for the group.
5. When accessing the Virtual Server Configuration pane via prod00221092
HTTP using wfetch with an invalid virtual server index, Alteon
panicked.
6. In an ADC-VX environment, using the command prod00221068
/cfg/vadc/allow to set an IPv6 network that has 64 zeros or
more in the LSB, the configuration was not accepted.
7. The default gateway with the better route metric did not prod00220927
receive updates to the routing table. In addition, some of the
external routes, although they were in the link state database,
did not get processed by the shortest path algorithm (OSPF).
This resulted in routes missing in the routing table.
8. When accessing the Virtual Server Configuration pane via prod00220870
HTTP/HTTPS with an invalid virtual server index, Alteon
panicked.
9. On an Alteon 6420 platform, IPv6 traffic achieved only 20 prod00220821
Gbps throughput, while IPv4 traffic achieved 60 Gbps
throughput.
10. When a health check script was configured and enabled on a prod00220609
real server where multiple service ports were also configured,
Alteon forwarded client requests to the server on the service
port rather than on the real server's service port (rport).
11. In an OSPF monitoring environment, configured OSPF hosts prod00220514
did not display using the /info/l3/ospf/dump command (Show
OSPF information).
12. In the CLI, Layer3 filters could not be configured due to an prod00220508
irrelevant dependency on advance settings of a redirect filter.
To configure a Layer3 filter, parse all had to be enabled
(/cfg/slb/filt 10/adv/layer7/parseall ena).
13. In a VRRP environment, when a VSR VRID was greater than prod00220398
255, the source MAC address inserted by Alteon in response
to the client request was incorrect.

14. In an OSPF environment, while adding routes after running the prod00220394
/maint/route/clear command, Alteon a panicked.
15. In a VRRP environment with LACP configured on the ports, prod00220231
the MP flooded the VRRP advertisement packets to all ports
on the VLAN while the MP should have flooded the
advertisement packets only after LACP aggregation was
completed for LACP-enabled ports. This resulted in VRRP
advertisements from incorrect ports after the related VLAN
was disabled or enabled.
16. In an SLB environment, when one real server was configured prod00220151
and the group metric was set to leastconn, even though the
real server was configured to support unlimited connections,
the number of sessions for that real server was limited to 2
million. The "No available real server" counter increased
without any real server failure after the maximum connection of
2 million was reached.
17. In the CLI, session entries in a session dump did not display prod00220145
'SSL' for vports when the virtual service was configured as
SSL.
18. In an Alteon VA environment running version 29.5.x, a newly prod00220134
created physical port was not attached to any VLAN, resulting
in an apply failure during boot, and the configuration was stuck
in diff.
19. In an SLB environment, for a HTTPS service with a virtual prod00220038
service port other than 443, content rules configuration was
allowed without mandatory SSL policy configuration.
20. When the link local address was configured with subnets, prod00219989
Alteon internally ignored the subnets according to the RFC but
did not issue a warning about the misconfiguration. In the fix,
the following warning message displays during the apply:
Subnets in the link local address will be
ignored on VLAN x
21. In the CLI, the session table displayed incorrect VLAN and prod00219851
PORT numbers for back-end session. The back-end session
displayed the front-end session's port and VLAN number
instead.

22. In an IPv6 VRRP active-standby environment, when the client prod00219714
was connected to the backup platform, the client traffic
destined for the backup interface MAC incorrectly created a
session instead of forwarding the traffic to the master platform.
23. In an IPv6 VRRP environment, the destination MAC address of prod00219712
the IPv6 VRRP advertisement was not RFC-compliant. As per
RFC 2464, the destination MAC of IPv6 multicasts should
have been mapped to 33:33:xx:xx:xx:xx, but Alteon instead
used 01:00:5e:00:00:12 as the DMAC in IPv6 VRRP
advertisements, which was part of IPv4 VRRP advertisements.
24. In an SLB NAT filter environment, enabling SIP parsing with prod00219709
filters did not work when the protocol was TCP, and did not
replace the IP address in the packets as expected.
25. Using filter redirection, with the session drop (sessdrop) prod00219708
enabled and a real server of the filter's redirection group part
of many other groups, when the real server was disabled from
another group, Alteon reset the client connections and moved
the filter session to fast-age.
26. In an SLB environment with persistent binding set as the client prod00219658,
IP address and the real port (rport) configured differently from prod00227593
the service port, persistent entries did not age out, resulting in
a discrepancy in statistics between the session table and
session counts on the virtual server.
27. The techdata configuration dump contained password fields in prod00219298
clear text when they should have been encrypted. ESecrets
were not encrypted when the configuration was saved, and the
ESecret did not save to the configuration any value after a
forward slash (/) character.
28. Alteon did not send a "close notify" to a client when the MSIE prod00218831
version in the user agent was 10.0.
29. After running the command /maint/panic, the Alteon platform prod00218630
became inaccessible. The platform had to be cold booted.
30. In an SLB environment, traffic to a specific destination was prod00217973
intercepted by the incorrect filter, even though associated
network class elements did not match the incoming traffic's IP
addresses.
31. Configuration sync with different admin passwords on peer prod00216204
Alteons caused SLB configuration to stay in diff on the peer
platform.

32. When the certificate passphrases are not the same between prod00217688,
peer platforms, and when sync was performed, private keys prod00229661
were not saved on the synced platforms and appeared in diff.
Also, user the exact syslog indication about the error for the
sync failure was not displayed. New syslog messages were
added on the receiving peer to indicate the errors.
The following are the syslogs messages added to indicate the
exact error for sync failure:
Jul 27 10:11:53 ERROR cli: Error: Incorrect
passphrase
Jul 27 10:11:53 ERROR cli: Error: Failed to extract key <key
id>
33. Using APSolute Vision, when a virtual service was configured prod00215908
on Alteon for a well-known standard port, the application type
was not associated with the virtual service, resulting in a failed
apply.
34. When a packet's destination IP address was a PIP with an prod00215907
address other than the first one within the PIP subnet range for
corresponding session.
35. The techdata configuration dump contained password fields in prod00215552
clear text when they should have been encrypted.
36. When a packet's destination IP address was a PIP with an prod00211580
address other than the first one within the PIP subnet range for
corresponding session.
Fixed in 30.0.0.0
Version 30.0.0.0 is based on version 29.5.0.0, and includes fixes available in versions 29.0.3.0
and 29.5.1.0.
The following bugs were fixed in 30.0.0.0 and were merged from other sustenance versions,
including 29.0.3.10 and 29.5.1.10
1. In a DNS SLB environment using TCP IPv6 and with dbind prod00219129
disabled, a real server IP (RIP) leakage occurred because the
session entry aged out immediately after the response from
the server.

2. On a 4416 platform, after running the diff command, the port prod00218839
gig configuration changes were not applied.
3. When TCP IPv6 DNS SLB with delayed binding (dbind) prod00218812
enabled was configured, Alteon rejected the configuration, but
dbind forceproxy was accepted. Session mirroring is not
supported for TCP IPv6 with DNS dbind enabled, but because
IPv6 traffic is sent to the Application Accelerator when dbind is
enabled or set to forceproxy, the configuration was
nonetheless allowed.
4. In a DNS SLB environment using TCP IPv6 and with dbind prod00218782
disabled, a real server IP (RIP) leakage occurred because the
session entry aged out immediately after the response from
the server.
5. In a DNS SLB environment, the TCP IPv6 DNS persistent prod00218626
session did not age out. The p-entry count did not decrement
for IPv6 when both TCP and UDP DNS services were
configured.
6. In a load balancing environment sending traffic to a prod00218557
transparent cache server and a filter to bypass the cache
server, and redirecting traffic to a VLAN gateway when it
matched the hostname, the filter stopped redirecting traffic to
the cache servers after applying additional filters for redirection
on content match. Filter redirection using forceproxy failed to
bind to a correct real server.
7. Even though local networks were configured, when Alteon prod00218502
received traffic from outside the network, the SP ARP cache
overflowed.
8. In a VRRP environment with VRRP enabled, any hot-standby prod00218251,
port enabled, or Inter-switch enabled with hot-standby prod00231929
disabled, an irrelevant hot-standby warning message
displayed while performing an apply.
9. In a vADC environment, despite no space in the vADC prod00218117
partition with an error, when a Save configuration was
performed, Alteon responded with a save succeeded message
even though configuration changes were not even saved.
When the vADC instance was rebooted, it came back up with
the factory configuration.

10. When multiple servers in a group were configured with prod00217929
RADIUS account health check in that group, the same
accounting session ID was used for multiple servers,
duplicating the session ID in RADIUS Health Checks.
11. When Alteon was in maintenance mode and performed any prod00217496
configuration changes or issued a save, all the configurations
were lost before the configuration load could complete.
12. In an SLB environment, when the virtual server was the proxy prod00217479
IP and with a NAT filter, Alteon dropped ICMP error packets
(type 3 code 4) addressed to the PIP because of an incorrect
check during PIP processing.
13. After logging out of WBM, TACACS accounting was missing. prod00217310
Note: TACACS accounting is supported only for login and
logout events for WBM. There is no accounting support for
configuration changes through WBM.
14. When Alteon reached its throughput threshold, two different prod00217292
OID's MIB traps were generated, causing confusion.
1.3.6.1.4.1.1872.2.5.7.0.124, the average throughput trap,
should have been generated.
Additionally, the irrelevant MIB trap "virtHighThrupt"
(1.3.6.1.4.1.1872.2.5.7.0.157) should be removed from the
trap MIB, as it was never generated
15. While capturing packets on Alteon via TFTP, the command prod00217247
/maint/pktcap/putcap failed intermittently with some errors. The
next capture also did not succeed and file upload ran into a
loop, stopping the file upload.
16. In Alteon management sessions, when HTTPS session prod00217236
closure was improper (connections closed ungracefully, or
aborted when connections did not close with a RST/FIN), the
sessions were kept idle and consumed all socket descriptors,
causing no new sessions to manage the platform.
17. The MIB OIDs for virtHighSpCpuTrap, prod00216935
virtHighSpCpuClearTrap, virtHighMpCpuTrap, and
virtHighMpCpuClearTrap SNMP trap packets were wrong.
Note: The relevant document needs to be updated with correct
OID.

18. Packets sent from the SP to the MP for ARP resolution were prod00216885
dropped, causing Alteon to not forward ICMP packets destined
for another Alteon.
19. After clearing the Forwarding Data Base (FDB) table on prod00216882
Alteon, there were STP issues causing a loop in the network.
On Alteon VA, when both ports were up, and Alteon received a
BPDU on one port, it forwarded traffic through another port.
20. In an SLB environment, when RTS-IP lookup (rtsiplkup) was prod00216871
enabled and the ports belonging to different VLANs from which
the real server was reachable were disabled and then re-
enabled, Alteon froze and all the connections including the
console were lost.
21. In the SLB filters environment, the configured IP Type-Of- prod00216801
Service (TOS) parameter was incorrectly updated for traffic
matching the filter.
The filter configuration contained the new TOS to be replaced
instead of the applied configuration.
Note: The new TOS configuration is only applicable to the
allow filter.
22. When the same Intermediate CA certificate chain was prod00216602
associated to multiple SSL policies and the first SSL policy
was in the disabled state, Intermediate CA certificate chain
validation was skipped and the apply passed while it should
have failed.
23. Even though local networks were configured, when Alteon prod00216300
received traffic from outside the network, the SP ARP cache
overflowed.
24. In an FTP SLB environment, proxy port (pport) of FTP data prod00216296
sessions did not display in the session dump.
25. After clearing the Forwarding Data Base (FDB) table on prod00216186
Alteon, there were STP issues causing a loop in the network.
26. Alteon VA did not respond to unicast ARP requests. prod00216111
27. When syslog via e-mail (SMTP) was enabled, and whenever prod00215873
the e-mail transmission failed either due to TCP not opening a
connection or the DNS resolve failed, Alteon panicked.

28. When the platform was connected via LACP trunks (LAG), if prod00215658
Return To Sender (RTS) and server processing were enabled
on the ports, Alteon sent all the traffic over a single port in the
LAG instead of distributing it among the available ports in the
trunk
29. When an ICMP error response packet with an invalid IP total prod00215596
length or ICMP payload length arrived at the Alteon platform,
the packet underwent an internal VMA loop and the SP CPU
went up to 50%, causing Alteon to send the same Time-to-live
Exceeded packet in a storm.
30. In an active-standby VRRP environment without a switch- prod00215413
based group and mirroring enabled, when servers were
brought up without running any client traffic, some virtual
routers (VRs) did not become the master even though they
had a higher priority.
Mirroring is supported only for hot-standby and switch-based
active-standby configurations, and so the following error was
generated:
In an active-standby or hot-standby
environment when session mirroring enabled on
virtual server<x>, service <n>, switch based
virtual router group must be enabled too.
Additionally, Alteon has a transit timer to support session
syncing from master to backup which works while mirroring is
enabled. The mirroring configuration is disabled while the
transit timer extends the timer indefinitely. This avoids the
VRRP state transition to master even though it has a higher
priority. In this case, the apply is blocked with the following
error message:
As session sync is in progress, session mirroring cannot be
disabled now. Perform apply after completion of session sync.
31. When applying a configuration containing two virtual servers prod00215412
with the same IP address and service, one with a source
network and proxy enabled, and the other with no source
network and proxy disabled, Alteon returned a configuration
error.
32. When e-mail was enabled to send syslog messages to the prod00215256
SMTP server, TCP connections unexpectedly reached their
maximum threshold (8192), causing health check failures.

33. When accessing Alteon via HTTP or HTTPS, if TACACS was prod00215031
enabled but the TACACS server was not reachable, the
incorrect user privilege levels were set (that is, the admin user
privilege was incorrectly set to user level).
34. When URI persistency was configured with multiple cookies in prod00214949
the URI, and the configured cookie was not the first parameter
in the URI, Alteon did not perform URI persistency properly.
35. Using BBI, it was not possible to import or to modify an prod00214943
AppShape because unsupported characters were appended in
the script and the apply failed.
36. In an SLB environment with RADIUS accounting (UDP) prod00214911
requests, session drop enabled and filter processing enabled
on the client port, sessions that were created aged out very
quickly and client requests matching this aged out session
were dropped.
37. With Layer 7 filters configured and protocol set as 'any', when prod00214852
non TCP/UDP traffic (ICMP traffic) went through the filter
during Layer 7 processing, a panic occurred.
38. In an SLB monitoring environment, when the vstat value prod00214787
toggled between enabled, disabled, and then back to enabled,
the stats entries incremented from their previous values
instead of resetting the counters, resulting in inconsistent
statistics data between /st/slb/maint and /st/slb/virt # session
stats.
39. In a DNS SLB environment with RTS VLAN configured, and prod00214737
with the client's DNS query client session and RTS session
created, upon receiving a DNS response from the server, the
client session moved to fastage but the RTS session moved to
slowage and did not remove the DNS session entries.
40. In an SLB environment, when a real server in a backup or prod00214736
secondary backup group failed, the failed real server was not
deleted from main group. As a result, Alteon forwarded client
traffic to the failed group backup real server.
41. In version 29.0 and later, logical health check objects were not prod00214632
supported for an IP service.
42. Alteon did not allow OpenSSH connections for OpenSSH prod00214631
versions later than 5.9.

43. Gratuitous e-mail messages were sent every two minutes, prod00214620
even when there were no new traps or events. Also, all e-mails
contained the cumulative reports.
44. When a PIP configuration was used with a network class prod00214374
configuration, an apply took a long time and MP CPU usage
went to 100% .
45. With the gateway priority set to high, after some configuration prod00213826
changes, apply/save changed the gateway priority to low and
the configuration moved to diff flash.
46. In an SLB monitoring environment, when Alteon was prod00213825
configured with Direct Server Return (DSR) mode and Virtual
statistics (vstat) enabled, sessions were created with the
special rport value and per service stats were incremented, but
per service stats were fetched with the configured real port
(rport) causing /stats/slb/virt # to display incorrect values or
zero.
47. In Alteon version 29.5.x, DNSSLB configuration is not prod00213467
supported for DNS TCP services in conjunction with an IPv6
virtual server. However, this error also displayed for UDP
services when upgraded from earlier versions.
48. For vADCs, there was no SNMP support for the 32-bit counter prod00213462
for the IN and OUT octets of the physical ports. There was
support for the 64-bit counter.
49. When the gateway health check interval was set to zero (0), prod00213368
replacing the gateway physically with another device stopped
the traffic.
50. In an SLB environment with encrypted traffic between firewalls, prod00212641
when the firewall could not fragment frames and sent an ICMP
type 3 code 4 message back to the server when connected
through the virtual server (VIP) in order to lower the frame
size, the server did not act on the received "ICMP destination
unreachable incomplete" packet and retransmitted the frames
due to a checksum issue.
51. In an IDS SLB environment, when an IDS server was down, prod00212381
packets belonging to a filter session were forwarded to the
same IDS server even though the server was down.

KNOWN LIMITATIONS
This section lists all limitations known in 30.0.15.0 version.
Upgrade Limitations
1. After an upgrade or Form Factor change, the WBM window is N/A
not updated to reflect the new mode/settings.
Solution: Click CTRL+F5 (it performs a deep refresh,
including forcing cache purge for the window). This is required
to get the most updated window for the new version.
2. After upgrading a vADC from version 29.4.x to 30.0.0.0, when prod00216887
HTTPS is disabled, connecting via Telnet takes up to four (4)
minutes.
3. In non AlteonByName versions, link health checks work if the prod00219303
real server ID is same as the port to which it is connected. If
the same configuration is upgraded to AlteonByName-
supported versions, it may not work as the hash indexes may
vary.
In AlteonByName-versions, for the link health check or IDS
SLB with link health to work, you must configure the idsvlan
(the real server corresponding VLAN) and idsport(to which
port the real server is connected to) in real servers
menu(/c/sl/real <id>/ids).
4. Direct upgrade from 29.3 to 30.0 is not supported. prod00215387
To upgrade from version 29.3.0 to 30.0 and later, do one of
the following:
 Perform platform recovery with version 30.0.
Upgrade version 29.3 to version 29.5.1.0. Once the platform is
running version 29.5.1.0, you can upgrade to version 30.0.
5. When upgrading from version 26.8, the vADC license is lost. prod00205413
6. Using an SNI configuration with a default certificate in the prod00220033
certificate group, after upgrade to version 30.0, the
configurations move to diff if the default certificate is not
added as part of the certificate group.
Workaround: Before the upgrade to version 30.0, set the
default certificate to be part of the certificate group.

7. After upgrading from some older versions, HTTPS access may prod00220424
change from disable to enable (enable is the default value for
version 30.0).
8. After downgrading from version 30.0 to 29.0.x, you are prod00219842
prompted for the GSLB license, even though GSLB was set to
off in the configuration.
9. After downgrade of both an ADC-VX and its vADCs from 30.x prod00221726,
to 29.x, and after an additional reset of the GA or the vADC, prod00221727
the vADC loads the configuration from the factory default.
Workaround: After the downgrade, perform any change in
ADC-VX and then apply and save it.
AppWall Limitations
1. Authentication requires an AppWall license and setting an N/A
AppWall limit (Mbps).
This is fixed in version 30.1
2. In Alteon SLB environment with AppShape++ scripts, when prod00230357
there is no AppWall license installed on Alteon platform, APM
related license too will not be recognized and Alteon stops
JavaScript injection.
3. The AppWall management applet does not work when the prod00216858
management user is authenticated via TACACS or RADIUS
(only local users are supported).
4. When launching the AppWall management module from the prod00220680
Alteon WBM, Java authentication and security warning
messages display
5. APSolute Vision Reporter cannot be opened from the AppWall prod00220676
applet. Instead, it should be opened directly from APSolute
Vision
vADC and ADC-VX Limitations

1. After deleting a vADC, if the saved platform configuration that prod00218109
includes the deleted vADC is uploaded via the GA
environment and pushed to all vADCs, the deleted vADC still
exists, but its configuration is cleared.

2. When uploading a vADC configuration using the padc option prod00216519
(configuration from a standalone platform), if when you are
prompted to "Enter vADC Number" you leave a blank and
press Enter, the GA management IP address is overwritten by
the vADC management IP address.
3. From WBM, you cannot change the vADC management IP prod00216388
address from the within the ADC-VX environment
4. Login to a vADC with RADIUS or TACACS authentication fails prod00206201
when MP utilization is at 100%.
5. In a VRRP virtualization environment, an apply command on prod00226468
the VRRP master ADC-VX causes health checks to fail on
vADCs, and to lose connectivity to real servers and failing over
to their VRRP backups.
6. In an ADC-VX environment on Alteon 8420, when Alteon has prod00225998
only with Layer 3, there could be packet loss even with light
traffic.
Alteon VA Limitations
1. On an Alteon VA, after executing the command prod00233190
/maint/debug/mp/thr, a panic might occur
2. Alteon VA MP CPU utilization is 12% in idle mode (no prod00217990
configuration or traffic).
3. Alteon VA KVM does not support RHELL 7. prod00216649
4. On an Alteon VA platform, when accessing the platform over prod00206162
Telnet or SSH using an IPv4 interface, the log message
incorrectly shows access via an IPv6 interface.
WBM and APSolute Vision Limitations

1. Using WBM, a GSLB remote real server cannot be added to a prod00231878
local SLB group.
Workaround: Use CLI, to configure remote real servers.
2. Using APSolute Vision version 3.0, the APM Reporter link prod00231640
does not work when opened from Alteon version 30.0.4 (the
link works when using APSolute Vision version 3.20).
3. When assigning a user the allowed network "SNMP" protocol prod00230808
only via WBM, the access control interface does not set the
correct network protocols.
However, as soon as one enables all protocols, the appliance
replies to SNMP requests.
4. Using Server 2010 r2 and Microsoft Windows 8, you cannot prod00226573
use an XML configuration over HTTPS.
5. When XML API is operational, WBM is unreachable as both prod00229099
HTTPS and XML must use the same port, and XML uses SSL
as the transport layer.
Workaround: Disable XML API to access WBM.
6. Using APSolute Vision 3.0, the virtual service status view does prod00226000
not work with Alteon 30.0.3.
Workaround: Access Alteon directly (not via APSolute Vision)
to view the Virtual Service Status view.
7. Using WBM, you cannot import server certificates with an prod00213833
existing ID (replace existing certificate).
Workaround: Delete the existing certificate and apply, then
import the new certificate using the same ID.
8. WBM does not support the Safari browser in the MacOS. N/A
Instead, you should use Chrome, or FireFox.
9. In the Monitoring perspective, Application Delivery > Virtual prod00216713
Service > Server Groups pane, when a real server
participates in multiple groups, the statistics displayed in the
Real Server per Group table displays incorrect values. It
currently displays the total real server statistics, and not per
group.
10. In the Monitoring perspective, Application Delivery > Virtual prod00220681,
Service > Server Groups pane, when a real server prod00222016
participates in multiple groups, incorrect real server state may
display.
Workaround: Use the Service Status view to display the
correct real server statistics.
11. In the STG monitoring pane, not all values are updated. prod00214839
12. Using large configurations, generating a TechData file may prod00212041
cause the MP to reach 100% and WBM disconnects.
13. Using the Service Status view, when the primary real server is prod00211854
down but its backup is up, the backup real server does not
display.
14. Using the Service Status view, a real server in blocking mode prod00216149
displays with as Up instead of as Warning.
15. The Traffic Contract for Non-IP Traffic field is not available prod00211136
in the VLAN configuration pane.
16. Using WBM, on an Alteon VA platform, in the VRRP prod00216395
Configuration pane, the Advertisement source MAC address
mode field is missing.
17. WBM has partial support for monitoring and statistics. For full N/A
support, use CLI.
18. You cannot renew a server Certificate with the new Validation prod00218841
Period.
19. Using WBM, You cannot configure GSLB Site Selection prod00205023
metrics in site selection rules.
20. Using WBM, the SNMPv3 configuration has the following prod00204831
limitations:
 When creating or updating SNMPv3 USM users, the admin
password validation is skipped.
When creating SNMPv3 vacmAccess, the security level might
not be set properly
21. In WBM in the AppShape++ Monitoring pane, the Aborts prod00204783
value is not updated and may display an incorrect value.
22. In CLI, there is a new display for SP Dynamic Memory usage. prod00204612
In WBM, this display is not available and instead incorrectly
shows the old display.
23. In WBM, DNSSEC has the following limitations: prod00204527
 The DNSSEC responder VIP table may display irrelevant
columns such as service and protocol, which can be
ignored
 In the DNS responder VIP Configuration pane, you must
select the virtual Server ID that has DNS TCP and DNS
UDP as services. You cannot pre-select the server.
The Virtual Server pane incorrectly does not display the DNS
responder VIP.
24. In WBM, in the filter configuration, two-way VPN load prod00204182
balancing is missing.
25. In WBM, the VRRP Virtual Router state displays either Init, prod00201915
Master, or Backup. To obtain a detailed status, Radware
recommends using the CLI.
26. In WBM, on a vADC platform, you cannot turn off/on IP prod00205717
Forwarding on a port. You can only perform this using the
/cfg/l3/port command in the CLI.
27. In WBM, in ADC-VX mode, after enabling RADIUS prod00206275
authentication, logging in might not work.
Workaround: In the browser, clear the cache and retry logging
in.
28. In WBM, panes in which virtual servers are associated and prod00206278
panes that have virtual server dual lists or select boxes might
display DNS responders VIP addresses that are irrelevant.
Workaround: Ignore or skip these irrelevant VIP addresses.
29. In WBM, after deleting an object, if the object is associated to prod00206486
other entities, these associations are not automatically
removed. You must remove these associations manually so
that Apply does not fail.
30. In WBM, the HTTPS body health check configuration can prod00206608
accept only 512 characters, while 1024 characters are
allowed.
31. Enabling or disabling a real server per group is not available prod00206965
using WBM.
32. Using WBM, when attempting to delete a configuration object prod00201414
and then adding a new object of the same type using the same
ID, the Apply command must be run between the two
operations for the addition to be successful.
33. Using WBM, converting a standalone configuration to a vADC prod00216210
configuration does not work.
General Limitations
1. When you perform SNMP Get on the OID to the vADC N/A
interface for memory statistics, the returned value is not
for vMP memory statistics but for system memory
statistics.
2. In a VRRP hot-standby environment, after making a prod00256761
change to the configuration and the Apply fails, when
performing Revert Apply on both Alteon devices
(master and backup), a MAC flap and network loop
occurs on the adjacent switch.
3. Using WBM, when the TACACS server is down, a user prod00241458
with privilege levels l3oper, wsadmin, wsowner, wsview
is not able to log in.
4. On a 5208 platform, the number of maximum session prod00241947
entries displayed is incorrect, and the display per SP is
different than for other platforms.
5. Using WBM, when downloading a release, WBM can prod00235098
become unavailable for several minutes until the image
extraction starts.
Workaround: Use CLI for image download.
6. In an FTP SLB environment with DSR enabled, there is prod00237093
no support to disable DAM locally for FTP, and the FTP
data service does not support Layer 4 DSR.
7. A TACACS-authenticated user can change the admin prod00236967
password when he should not be able to.
8. In SIP SLB environment during SIP outbound traffic, prod00232733
when a REFER method(or Call forwarding) comes from
the server, persistent sessions created on Alteon remain
in session table and do not age out.
Recommendation: Perform session table clear via
/oper/slb/clear.
9. In some cases when the trap and syslog servers are prod00224620,
configured on the data port, VRRP INIT and HOLDOFF prod00224619,
trap/syslog are not sent if the VRRP change state was prod00224616,prod00224613
performed due to the port being down
10. On the Alteon 6420 and 8420 platforms, the license for prod00226812
the number of vADCs is not verified according to system
resources limits (RAM), and instead a number higher
than is supported is allowed.
11. On the 8420 platform, when the management port and prod00225576
next host (SMB/NIC) are configured as 10 HDX/FDX
auto off, the link displays down on Alteon
(info/sys/mgmt), even though the link LED is orange
and activity LED is green.
12. On an 8420 platform, when the system is up, pulling out prod00225314
the fan tray, blocking the fan, and then reinserting the
fan tray, a log message is issued that the fan is plugged
in, but there is no message that the fan failed.
13. On an Alteon 5208 platform with management prod00217388
(/boot/mgmt) port enabled, after rebooting the platform
with the factory configuration, the platform becomes
operational with the management port disabled, when it
should have been enabled by default.
14. On an Alteon 5208 platform, when setting the next boot prod00223651
to load from the factory default configuration without
keeping the management configuration, after reset the
management port is becomes disabled (although by
default it was enabled).
15. When audit is enabled, and an audit message contains prod00223697
more than 1000 characters, the message is truncated
and the audit may not display all configuration change
details in the message.
16. Some audit messages related to enable/disable are prod00223516
confusing (for example, the message might display as
deleted while actually the field was modified).
Example commands /c/sys/access/https/https
d
May appear as if HTTPS was deleted as it was changed
from its default.
17. The AppShape++ script IP::addr command does not prod00221260
work with some nested commands as parameters.
This was fixed in Alteon version 30.1.
18. Using an AppShape++ script, the UDP::response does prod00221228
not work in SERVER_DATA for DNS.
19. Under high traffic load, terminated sessions are not prod00213645
removed from the backup platform mirror table.
20. In Alteon version 30.0, the CPU utilization alert threshold prod00220329
is set to 0% by default instead of 80%.
After upgrading from versions prior to 30.0 with the CPU
alert default setting, this parameter needs to be
manually set to 80%.
21. The IP interface of a VRRP group that includes IPv4 N/A
VRs cannot be configured using IPv6.
22. While retrieving techdata, the MP CPU utilization may prod00212041
reach 100%, causing the inability to access the
management interface.
23. GSLB Proxy Redirection does not work for IPv6 traffic. prod00215426
24. GSLB Client Proximity does not work when HTTP traffic prod00215327
is processed in forceproxy mode.
25. On a standalone platform connected to a Cisco switch, prod00207648
STP Root bridge election does not occur.
26. On an Alteon 5224 platform, 1 GB fiber SFP links are prod00219478
not operational when connected to a Juniper switch.
This is a Juniper-Broadcom interoperability problem.
Workaround: Disable auto-negotiation or use a copper
GBIC.
27. On an Alteon 6420 platform, ports that are connected to prod00217649
a Cisco or Juniper switch are incorrectly reported as up
even when disabled.
28. Statistics of IPv6 virtual servers are incorrect on the prod00217544
backup platform.
29. When activating traffic capture on a platform that is prod00210096
under high load and high SP CPU, failover to the backup
platform may occur.
30. Outbound SIP traffic works only for a standard 5060 prod00217348
port.
31. SSL decryption of an SSL capture is not supported for prod00217115
IPv6 traffic.
32. Using redirect filtering, Layer 7 pattern match does not prod00212657
work when delayed binding is enabled.
33. The OSPF MD5 key is displayed in a config dump as prod00214646
clear text instead of encrypted.
34. In IPv6 filters, when delayed binding is enabled prod00214645
internally, it functions as forceproxy.
35. For a VR group that includes both IPv4 and IPv6 VRs, prod00214159
the advertisements are sent only via IPv6 interfaces
when the method is unicast.
36. No warning message is displayed when APM is enabled prod00213522
on a service with no APM license.
37. When all persistent entries in the Dynamic Data Store prod00212945
(persistence via AppShape++) are purged, sometimes
new persistent entries are not mirrored to the backup
platform. Radware recommends also purging entries
from the backup platform.
38. If the real server has the description configured, the real prod00220874
server description is shown instead of the real IP
address under /info/slb/cookie.
39. When a buddy server does not belong to any service, prod00212727
after Apply it and the real server go down for a short
time.
40. When two IPv6 interfaces are configured on the same prod00216479
VLAN and they both have VRs configured, only one
interface is in status "up (preferred)", while the other is in
status "up (tentative)". Workaround: Disable and then
enable the interface.
41. The default share value for /cfg/l3/vrrp/group prod00177054
and /cfg/l3/vrrp/vr is disabled in Alteon versions
26.8 and 28.0, and enabled starting with version 28.1.
After upgrading from versions 26.8 or 28.0 to version
28.1 or later, if the share parameter had a default value,
you must disable it manually.
42. The BWM module does not work properly. prod00190470
43. For IPv6 virtual routers (VRs), only VRIDs up to 255 can prod00191837
be used.
44. HTTP Layer 7 processing using legacy delayed binding prod00198986
in enabled mode does not work with fragmented traffic.
45. On an Alteon 5412 platform (XL or non-XL), the 1 GB prod00200279
fiber module does not work with auto-negotiation on.
Note: The port might be displayed as up but it does not
function properly.
Workaround: Set the auto-negotiation to off at both
sides.
46. On an Alteon 5412 platform, an SFP port with the prod00200619
SI8512-X5AT0-3C fiber module should not be used for
ISL. The port speed is reported as 10M, causing VRRP
flaps.
47. SSL ID persistency is not supported in force proxy prod00200668
mode. When upgrading from version 28.1.x to 29.5.0.0,
if there are virtual services configured with SSL ID
persistency and force proxy mode, configuration apply
fails until either SSL ID persistency is disabled or force
proxy mode is deactivated.
Radware recommends performing this before upgrade.
48. A GSLB configuration with cookie-based persistency prod00201333
between sites does not work for IPv6 requests.
49. The incorrect APM license value is reported to APSolute prod00201942
Vision.
50. On an HTTPS service with a non-standard service port prod00202219
and server port 443, in force-proxy mode, real server IP
leakage is observed.
Workaround: Add a proxy IP address or change
delayed binding to enabled mode.
51. When a new configuration is applied, there might be prod00202693
"server up" messages for servers that are not attached
to any VIP.
52. If more than 256 virtual routers (VRs) are configured on prod00202886
the same IP interface, flipping between master and
backup device can occur.
53. Sometimes persistent sessions exist for twice the prod00203494
persistency timeout value.
54. When processing traffic via a redirect or NAT filter, if an prod00203850,
ICMP type 3 code 4 message arrives from the client- prod00203888
side, it is not properly processed.
55. X-Forwarded-For can be enabled for an HTTPS service prod00204113
without SSL offload (requires delayed binding enabled),
even though it cannot be performed.
56. MP Utilization data sent to the Device Performance prod00204922
Monitoring module is sometimes incorrect.
57. Generation of a 4096 key size may take up to 30 prod00204939
seconds. During this time, the CPU utilization may reach
100 %.
58. Trying to upload a very large capture file via FTP/TFTP prod00205038
fails.
59. On an Alteon 4408 platform with 1G copper SFP ports, prod00206900,
the port status is always displayed incorrectly on these prod00115850
ports and does not take effect when operationally
disabled or enabled.
60. Some of the cache statistics are incorrect: prod00207290,
 The number of new cached bytes is always reported prod00207297,
as 0. prod00207299
 The new cached bytes rate is incorrect.

The cached objects average size counters are incorrect.
RELATED DOCUMENTATION
The following documentation is related to this version:
 Alteon Installation and Maintenance Guide
 Alteon Application Guide
 Alteon Command Reference
 Alteon REST API User Guide
 Alteon AppShape++ SDK Guide
 Alteon Web Based Management Quick Guide
 Alteon Troubleshooting Guide
Note: The Alteon Command Reference is no longer provided as a PDF file. It is now an HTML
package. To view it, you download the entire package and open the index.html file.
North America International

Radware Inc. Radware Ltd.
575 Corporate Drive 22 Raoul Wallenberg St.
Mahwah, NJ 07430 Tel Aviv 69710, Israel
Tel: +1-888-234-5763 Tel: 972 3 766 8666
© 2018 Radware, Ltd. All Rights Reserved. Radware and all other Radware product and service names are registered
trademarks of Radware in the U.S. and other countries. All other trademarks and names are the property of their respective
owners. Printed in the U.S.A.

AlteonOS-30 0 15 0-RN

Transféré par

Informations du document

Titre original

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

AlteonOS-30 0 15 0-RN

Transféré par

Droits d'auteur :

Formats disponibles

AlteonOS

Release Notes: AlteonOS version 30.0.15.0, October 22, 2018 Page 2

Release Notes: AlteonOS version 30.0.15.0, October 22, 2018 Page 3

Release Notes: AlteonOS version 30.0.15.0, October 22, 2018 Page 4

SUPPORTED PLATFORMS AND MODULES

Release Notes: AlteonOS version 30.0.15.0, October 22, 2018 Page 5

Image Upload Procedure

Release Notes: AlteonOS version 30.0.15.0, October 22, 2018 Page 6

Release Notes: AlteonOS version 30.0.15.0, October 22, 2018 Page 7

ADC VX Upgrade Considerations

Alteon VA Installation/Upgrade Considerations

Release Notes: AlteonOS version 30.0.15.0, October 22, 2018 Page 8

Release Notes: AlteonOS version 30.0.15.0, October 22, 2018 Page 9

New in Version 30.0.6.0

OpenSSL Upgrade to 1.0.1q

OpenSSL Upgrade to 1.0.1

Enhanced NTLMv2 Authentication for HTTPS Health Checks

New in Version 30.0.4.0

Release Notes: AlteonOS version 30.0.15.0, October 22, 2018 Page 10

Recommended APM Connectivity of APSolute Vision/APM with Alteon 30.0.4

Release Notes: AlteonOS version 30.0.15.0, October 22, 2018 Page 11

New in Version 30.0.2.0

Alteon 8420 Platform Support

Release Notes: AlteonOS version 30.0.15.0, October 22, 2018 Page 12

New in Version 30.0.1.0

Alteon 5208 Platform Supported in Version 30.x

Alteon 5208 Extreme XL

Layer 4 Filter Classification Based on the User Data Persistency Table

Release Notes: AlteonOS version 30.0.15.0, October 22, 2018 Page 13

New in Version 30.0.0.0

Integrated Web Performance Optimization (FastView)

Release Notes: AlteonOS version 30.0.15.0, October 22, 2018 Page 14

FastView Module Activation – ADC-VX

FastView Module Activation – Alteon VA

Integrated Web Application Firewall (AppWall)

Release Notes: AlteonOS version 30.0.15.0, October 22, 2018 Page 15

Activating AppWall in a vADC

Release Notes: AlteonOS version 30.0.15.0, October 22, 2018 Page 16

Activating AppWall on an HTTP or HTTPS Virtual Service

Integrated Authentication Gateway

Release Notes: AlteonOS version 30.0.15.0, October 22, 2018 Page 17

Activating Authentication Gateway on an HTTP or HTTPS Virtual Service

Service Status View

Release Notes: AlteonOS version 30.0.15.0, October 22, 2018 Page 18

Changed Features in Version 30.0.8.0

Quality and Troubleshooting

Changed Features in Version 30.0.6.0

Application Engine Timeout Made Configurable

Changed Features in Version 30.0.5.100

Default Maximum Connections on a Real Server

Release Notes: AlteonOS version 30.0.15.0, October 22, 2018 Page 19

Configuration Export to Support User-Defined Filename and Path

Gateway for Health Checks

Changed Features in Version 30.0.4.0

Cookie Insert Mechanism

Release Notes: AlteonOS version 30.0.15.0, October 22, 2018 Page 20

Cookie Rewrite Persistency via AppShape++

Enhanced VRRP Syslog Messages Deprecation

SNMP Traps for Cookie Persistency Table

Release Notes: AlteonOS version 30.0.15.0, October 22, 2018 Page 21

VRRP Same address for PIP and VSR

Changed Features in Version 30.0.3.0

Updated OpenSSL version