Académique Documents
Professionnel Documents
Culture Documents
RELEASE NOTES
Version 30.0.15.0
October 22, 2018
TABLE OF CONTENTS
CONTENT ..................................................................................................................................................... 5
RELEASE SUMMARY .................................................................................................................................. 5
SUPPORTED PLATFORMS AND MODULES ............................................................................................ 5
UPGRADE PATH ......................................................................................................................................... 5
Before Upgrade ...................................................................................................................................... 6
Image Upload Procedure ........................................................................................................................ 6
Upgrade Considerations ......................................................................................................................... 7
General Considerations ................................................................................................................... 7
Upgrading from a Version Earlier than version 30.0.5.0 .................................................................. 8
ADC VX Upgrade Considerations .................................................................................................... 8
Alteon VA Installation/Upgrade Considerations ............................................................................... 8
After Upgrade ......................................................................................................................................... 9
Downgrade ............................................................................................................................................. 9
WHAT’S NEW ............................................................................................................................................. 10
New in Version 30.0.6.0 ....................................................................................................................... 10
OpenSSL Upgrade to 1.0.1q .......................................................................................................... 10
OpenSSL Upgrade to 1.0.1 ............................................................................................................ 10
Enhanced NTLMv2 Authentication for HTTPS Health Checks ...................................................... 10
New in Version 30.0.4.0 ....................................................................................................................... 10
APM Beacons via the Alteon Management Port ............................................................................ 10
Recommended APM Connectivity of APSolute Vision/APM with Alteon 30.0.4 ............................ 11
New in Version 30.0.2.0 ....................................................................................................................... 12
Alteon 8420 Platform Support ........................................................................................................ 12
New in Version 30.0.1.0 ....................................................................................................................... 13
Alteon 5208 Platform Supported in Version 30.x ........................................................................... 13
Alteon 5208 Extreme XL ................................................................................................................ 13
Layer 4 Filter Classification Based on the User Data Persistency Table ...................................... 13
New in Version 30.0.0.0 ....................................................................................................................... 14
Integrated Web Performance Optimization (FastView) ................................................................. 14
Integrated Web Application Firewall (AppWall) ............................................................................. 15
Integrated Authentication Gateway ................................................................................................ 17
On-device Dashboard .................................................................................................................... 18
Service Status View ....................................................................................................................... 18
RELEASE SUMMARY
Release Date: October 23, 2018
Objective: Maintenance software release that solves a number of issues.
UPGRADE PATH
You can upgrade to this AlteonOS from AlteonOS versions 26.x, 27.0.x, 28.x, 29.x and 30.x.
General upgrade instructions are found in the Alteon Installation and Maintenance Guide.
Upgrade Considerations
General Considerations
Upgrade from a version prior to 27.0.0.0:
Radware recommends upgrading using the recovery procedure (see the Radware
Alteon Installation and Maintenance Guide) with the AlteonOS 30.0 recovery file to
ensure that the hard disk, which was not used before version 27.0.0.0, is formatted.
Once you have upgraded from a version earlier than version 27.0.0.0, rollback
(downgrade) is possible only to version 26.3.0 or later.
Alteon 5224 requires at least 6GB RAM to run this version properly.
Alteon 4408 and 4416 requires at least 4GB RAM to run this version properly.
In Virtualization environment, Alteon 5224 requires 12GB RAM to run this version properly. If
your device only has 6GB RAM, upgrade to 12GB is required before installing this software
version.
Read Upgrade Limitations before upgrading.
After Upgrade
After upgrade, Radware recommends the following procedure to ensure that the configuration
was correctly applied:
If you are using WEB UI, perform CTRL+F5 (it performs deep refresh including force cache
purge for the page). This is required in order to get the most updated screen of the new version.
Perform Apply.
Do one of the following:
a. If the Apply is successful (including a No Apply needed result), perform Save.
b. If the Apply fails (in some rare cases due to enhancements meant to improve
configuration validation, after the upgrade it is possible that some of the configuration is
not accepted), do the following:
Perform the configuration changes required, according to the Apply result.
After the Apply is successful, perform Save.
Note: In very rare cases due to changes in the configuration file structure to support new
features and update current ones, after the upgrade there may appear to be differences
between the saved and running configuration (that is, the diff flash is not empty). To empty
the diff flash, perform any configuration change (for example, cfg/sys/idle X), and then
perform Apply and Save.
When upgrading vADCs from version 28.1, if your configuration includes filters and the
Reverse Session parameter (cfg/slb/filter X/adv/reverse) was left at its default
value (disable), after upgrade due to changes to default values you must manually change
the parameter value to disable.
Downgrade
Configuration rollback (downgrade) is not supported. The configuration should be saved before
upgrading to a newer version. If you perform version rollback, after downgrade upload the saved
configuration.
Configuration Notes
FastView is an integral part of the ADC configuration, just like SSL or compression.
Make sure the FastView global configuration flag is enabled.
FastView configuration elements: FastView Web applications and FastView treatment sets
are now available for configuration from the Alteon WBM.
FastView Web applications can be associated to a virtual service serving HTTP or HTTPS,
or, for granular configuration, to a content rule in an HTTP or HTTPS service.
The FastView configuration is not available from the Alteon CLI. The FastView configuration
is saved in a separate file in XML format. When using Alteon configuration export or import,
a zip file is generated including both the Alteon and FastView configuration files.
On-device Dashboard
The new on-device dashboard provides a graphical view of the platform real-time status,
statistics, and capacity usage, including:
System dashboard – This displays the real time status of system components such as fans
and temperature, CPU and license capacity utilization, and memory usage.
vADC dashboard – This displays the CPU and license utilization of the selected vADCs.
The dashboard can be accessed from both the Configuration and Monitoring views via the
Overview menu, opening in new browser pane.
Event and Error Counters Command for all Class of Service (COS) Users
The /stats/counters command is available for all COS users for both Telnet and SSH.
OCSP Deviation
When Alteon was configured with /cfg/slb/ssl/authpol/validity/timedev 3600, the
maximum value, Alteon expected the time of the OCSP response to be maximum one hour
different from Alteon time.
So it was decided to change to following:
1. To enlarge OCSP Max deviation to 2678400 seconds (31 days).
2. 0 would mean that the deviation is not checked at all. (the current behavior, where the client
certificate rejected on any OCSP response deviation from current time on device).
BUG ID: prod00230682
APM Configuration
APM configuration can now be performed using Alteon WBM and CLI directly on the platform
(previously, APM could only be configured using APSolute Vision).
The APM configuration on the platform includes:
Configuration of the APM server
Activation of APM for the desired virtual services
From WBM, you can now access the APM server to view the application performance analysis.
Configuration File
The configuration file downloaded from the platform is now a tar file that includes a number of
files:
Alteon configuration text file
FastView configuration XML file
AppWall and Authentication Gateway configuration files
The configuration file that is uploaded can be tar file, including all of the above, or a txt file
including the Alteon configuration.
Note: The configuration dump displays the Alteon configuration without the FastView and
AppWall/Authentication services detailed configuration.
vADC Density
Features introduced in previous versions have increased memory usage per vADC. To ensure
that vADCs have the necessary amount of memory to support all capabilities in version
30.0.0.0, the maximum number of supported vADCs has been reduced on platform
configurations with low memory capacity:
Alteon 5224 with 12GB RAM now supports up to 6 vADCs (previously was 10)
Alteon 6420 with 32 GB RAM now supports up to 20 vADCs (previously was 24)
Alteon 6420p with 64 GB RAM now supports up to 40 vADCs (previously was 48)
SSL-Related Changes
OpenSSL updated to version 1.0.0m.
Removed “RC4-SHA” and “RC4-MD5” from the back-end SSL “Low” cipher suite (as they
are considered as Medium).
Note: In case the backend servers use RC4 ciphers, change the backed cipher in the SSL
policy to ‘Medium’
Added “EDH-RSA-DES-CBC-SHA” and ADH-DES-CBC-SHA to the back-end SSL “Low”
cipher suite.
Fixed in 30.0.15.0
This section lists the bugs fixed in version 30.0.15.0
Item Description Bug ID
1. In an SSL environment with a certificate that will expire after prod00264534
100 years, the certificate displayed as expired.
2. In an SLB environment where filter processing was enabled, prod00264073
because the VMAed traffic source MAC learning did not
occur, the traffic flooded on all the ports of this VLAN,
causing higher throughput utilization.
3. On an Alteon VA with system notice configuration, after the prod00263806
Revert Apply operation, the notice configuration displayed in
the diff flash output.
Fixed in 30.0.14.0
This section lists the bugs fixed in version 30.0.14.0
Item Description Bug ID
1. In an SLB environment with session mirroring enabled for prod00258334
virtual services, the session statistics were incorrect on the
backup device compared to the primary device.
2. In an SLB environment with persistent binding to cookie prod00245812
insert, requests with a valid cookie were sent to two different
real servers, breaking the persistency.
Fixed in 30.0.13.0
This section lists the bugs fixed in version 30.0.13.0
Item Description Bug ID
1. After modifying the SSH port and using a data port, Alteon prod00258124
did not delete the service listening on the old SSH port. As a
result, the user could still establish a connection to the old
SSH port via the data port.
2. In an SLB environment, the passive cookie persistent entries prod00257424
never were aged out or cleared.
3. In an SLB environment, when performing an Apply with any prod00256318
SLB- or VRRP-related configuration, all the current sessions
were cleared out.
Fixed in 30.0.11.0
This section lists the bugs fixed in version 30.0.11.0
Item Description Bug ID
1. In an SLB environment with OSPF configured, even though prod00253871
the virtual servers were down or disabled, Alteon sent LS
updates of the hosts to the OSPF peer.
2. In an SSL environment, Alteon limited the SSL Certificate prod00253157
size to 5000 bytes and returned an error for larger sized
certificates.
3. In a virtualization environment, as theWatcher was killing an prod00249123
unresponsive MP during the creation of an AppWall process,
the vADC became inaccessible.
Fixed in 30.0.9.0
This section lists the bugs fixed in version 30.0.9.0
Item Description Bug ID
1. On platforms with more than 13 switch processors (SPs) and prod00247715
with a long list of referenced SPs, when accessing the WBM
pane Monitor > Network > Layer2 > FDB, a panic occurred.
2. In version 30.x, in an SLB monitoring environment, when a prod00247268
group was not associated with any virtual service, the group
information (/info/slb/group) did not display its real
server status, but it did in older versions.
Fixed in 30.0.8.0
This section lists the bugs fixed in version 30.0.8.0
Item Description Bug ID
1. In a VRRP IPv6 hot-standby environment on a standalone prod00246419
platform, after rebooting the platform, Alteon failed to process
the incoming frame and Alteon's interface was not
accessible.
2. When a session log was sent to the syslog server and the prod00246168
session log data reached the maximum buffer size, a panic
occurred.
3. In an SLB environment, the persistent sessions created for prod00246015
FTP traffic with pbind enabled on a filter were not aged out,
even after the regular sessions aged out from the session
table.
4. In a global SLB environment, when multiple server ports prod00246013
(rports) were configured on real servers with a pbind client IP
address, the persistent entries created with the remote site
did not age out over a period of time, causing vitual server
traffic to loop between sites.
Fixed in 30.0.7.0
Version 30.0.7.0 is based on version 30.0.6.0, and includes the relevant fixes available in
versions 29.0.8.0 and 29.5.7.0.
This section lists the bugs fixed in version 30.0.7.0
Item Description Bug ID
1. In an SLB environment with forceproxy enabled, when there prod00244523
was an HTTP response from the server and the AX parsed
the response due to pointers and a buffer issue, a panic
occurred.
2. In a VRRP hot-standby environment on a standalone prod00244374
platform, after the backup platform rebooted, a network loop
occurred for a few seconds.
3. Using WBM, non-admin users could reboot the platform prod00244316
when they should not have allowed to.
Fixed in 30.0.6.0
Version 30.0.6.0 is based on version 30.0.5.100, and includes the fixes available in versions
29.0.7.0 and 29.5.6.0.
This section lists the bugs fixed in version 30.0.6.0
Item Description Bug ID
1. In an SLB environment with proxy configured as a virtual prod00241942
server associated with a real server, client traffic destined for
the virtual server (VIP) was received with the destination
MAC set to the proxy MAC, but Alteon forwarded responses
to the client with the source MAC as Alteon's base MAC
address.
2. After running the /info/link command, the incorrect port prod00241704
status displayed, even though physically ports were UP (the
LEDs were UP) and processing the traffic.
Fixed in 30.0.5.0
Version 30.0.5.0 is based on version 30.0.4.0, and includes the fixes available in versions
29.0.6.0 and 29.5.5.0.
This section lists the bugs fixed in version 30.0.5.0
Item Description Bug ID
1. In a VRRP active-standby environment with one port down on prod00237341
the LACP trunk, if the interface for multiple virtual routers
(VRs) was part of the active LACP trunk and one of the ports
on the LACP trunk connected to backup platform was
operationally enabled or disabled, when a reboot was issued
on the backup platform, it was inconsistent and a loop
occurred.
Fixed in 30.0.3.0
Version 30.0.3.0 is based on version 30.0.2.0, and includes the fixes available in versions
29.0.4.0 and 29.5.2.0.
This section lists the bugs fixed in version 30.0.3.0
Item Description Bug ID
1. In version 30.x, when a new VLAN was created with shared prod00227666
disabled and the port to the new VLAN also was associated to
a VLAN with share enabled, the Apply failed and Alteon
panicked.
2. Via the WEB UI, Real Servers Statistics were always empty. prod00225991
3. In a VRRP hot-standby virtualization environment, when a prod00227604
VLAN was disabled or enabled from ADC-VX in a backup
vADC, the backup vADC did not initialize the hot-standby ports
to the Blocked state, resulting in Layer 2 looping.
4. When interacting with other vendor switches with Spanning prod00227180
Tree Protocol (STP) enabled, when STG was disabled, Alteon
did not forward the STP packets correctly and a loop occurred
in the network.
Fixed in 30.0.2.0
Version 30.0.2.0 is based on version 30.0.1.0, and includes some of the fixes available in
versions 29.0.4.0 and 29.5.2.0.
This section lists the bugs fixed in version 30.0.2.0
Item Description Bug ID
1. In SLB environment, maximum Layer 4 sessions support prod00226503
depends on RAM size and the device platform. But system
capacity information (/info/sys/capacity) and SLB
Maintenance statistics (/stats/slb/maint) displayed
incorrect values for 4408 (4GB), 4416 (4Gb) and 5224 (6GB)
platforms.
Note: From Alteon version 29.5.0.0 onwards, maximum
sessions supported on 4408, 4416 and 5224 are as follows:
4408/4416 with 4GB RAM - 3M
Fixed in 30.0.1.0
Version 30.0.1.0 is based on version 30.0.0.0, and includes fixes available in versions 29.0.3.10
and 29.5.1.10.
This section lists the bugs fixed in version 30.0.1.0
Item Description Bug ID
1. In a GSLB environment with delayed binding enabled and a prod00221565
virtual service configured as HTTPS, if the local servers were
down, Alteon did not route the traffic to the GSLB remote
servers.
2. AppShape++ scripts with X509::extensions, such as X509v3 prod00222599
Basic Constraints, X509v3 Subject Key Identifier, and X509v3
Authority Key Identifier, only retrieved the extension field name
without its value.
Fixed in 30.0.0.0
Version 30.0.0.0 is based on version 29.5.0.0, and includes fixes available in versions 29.0.3.0
and 29.5.1.0.
The following bugs were fixed in 30.0.0.0 and were merged from other sustenance versions,
including 29.0.3.10 and 29.5.1.10
Item Description Bug ID
1. In a DNS SLB environment using TCP IPv6 and with dbind prod00219129
disabled, a real server IP (RIP) leakage occurred because the
session entry aged out immediately after the response from
the server.
Upgrade Limitations
Item Description Bug ID
1. After an upgrade or Form Factor change, the WBM window is N/A
not updated to reflect the new mode/settings.
Solution: Click CTRL+F5 (it performs a deep refresh,
including forcing cache purge for the window). This is required
to get the most updated window for the new version.
2. After upgrading a vADC from version 29.4.x to 30.0.0.0, when prod00216887
HTTPS is disabled, connecting via Telnet takes up to four (4)
minutes.
3. In non AlteonByName versions, link health checks work if the prod00219303
real server ID is same as the port to which it is connected. If
the same configuration is upgraded to AlteonByName-
supported versions, it may not work as the hash indexes may
vary.
In AlteonByName-versions, for the link health check or IDS
SLB with link health to work, you must configure the idsvlan
(the real server corresponding VLAN) and idsport(to which
port the real server is connected to) in real servers
menu(/c/sl/real <id>/ids).
4. Direct upgrade from 29.3 to 30.0 is not supported. prod00215387
To upgrade from version 29.3.0 to 30.0 and later, do one of
the following:
Perform platform recovery with version 30.0.
Upgrade version 29.3 to version 29.5.1.0. Once the platform is
running version 29.5.1.0, you can upgrade to version 30.0.
5. When upgrading from version 26.8, the vADC license is lost. prod00205413
6. Using an SNI configuration with a default certificate in the prod00220033
certificate group, after upgrade to version 30.0, the
configurations move to diff if the default certificate is not
added as part of the certificate group.
Workaround: Before the upgrade to version 30.0, set the
default certificate to be part of the certificate group.
AppWall Limitations
Item Description Bug ID
1. Authentication requires an AppWall license and setting an N/A
AppWall limit (Mbps).
This is fixed in version 30.1
2. In Alteon SLB environment with AppShape++ scripts, when prod00230357
there is no AppWall license installed on Alteon platform, APM
related license too will not be recognized and Alteon stops
JavaScript injection.
3. The AppWall management applet does not work when the prod00216858
management user is authenticated via TACACS or RADIUS
(only local users are supported).
4. When launching the AppWall management module from the prod00220680
Alteon WBM, Java authentication and security warning
messages display
5. APSolute Vision Reporter cannot be opened from the AppWall prod00220676
applet. Instead, it should be opened directly from APSolute
Vision
Alteon VA Limitations
Item Description Bug ID
1. On an Alteon VA, after executing the command prod00233190
/maint/debug/mp/thr, a panic might occur
2. Alteon VA MP CPU utilization is 12% in idle mode (no prod00217990
configuration or traffic).
3. Alteon VA KVM does not support RHELL 7. prod00216649
4. On an Alteon VA platform, when accessing the platform over prod00206162
Telnet or SSH using an IPv4 interface, the log message
incorrectly shows access via an IPv6 interface.
Release Notes: AlteonOS version 30.0.15.0, October 22, 2018 Page 100
Item Description Bug ID
3. When assigning a user the allowed network "SNMP" protocol prod00230808
only via WBM, the access control interface does not set the
correct network protocols.
However, as soon as one enables all protocols, the appliance
replies to SNMP requests.
4. Using Server 2010 r2 and Microsoft Windows 8, you cannot prod00226573
use an XML configuration over HTTPS.
5. When XML API is operational, WBM is unreachable as both prod00229099
HTTPS and XML must use the same port, and XML uses SSL
as the transport layer.
Workaround: Disable XML API to access WBM.
6. Using APSolute Vision 3.0, the virtual service status view does prod00226000
not work with Alteon 30.0.3.
Workaround: Access Alteon directly (not via APSolute Vision)
to view the Virtual Service Status view.
7. Using WBM, you cannot import server certificates with an prod00213833
existing ID (replace existing certificate).
Workaround: Delete the existing certificate and apply, then
import the new certificate using the same ID.
8. WBM does not support the Safari browser in the MacOS. N/A
Instead, you should use Chrome, or FireFox.
9. In the Monitoring perspective, Application Delivery > Virtual prod00216713
Service > Server Groups pane, when a real server
participates in multiple groups, the statistics displayed in the
Real Server per Group table displays incorrect values. It
currently displays the total real server statistics, and not per
group.
10. In the Monitoring perspective, Application Delivery > Virtual prod00220681,
Service > Server Groups pane, when a real server prod00222016
participates in multiple groups, incorrect real server state may
display.
Workaround: Use the Service Status view to display the
correct real server statistics.
11. In the STG monitoring pane, not all values are updated. prod00214839
12. Using large configurations, generating a TechData file may prod00212041
cause the MP to reach 100% and WBM disconnects.
Release Notes: AlteonOS version 30.0.15.0, October 22, 2018 Page 101
Item Description Bug ID
13. Using the Service Status view, when the primary real server is prod00211854
down but its backup is up, the backup real server does not
display.
14. Using the Service Status view, a real server in blocking mode prod00216149
displays with as Up instead of as Warning.
15. The Traffic Contract for Non-IP Traffic field is not available prod00211136
in the VLAN configuration pane.
16. Using WBM, on an Alteon VA platform, in the VRRP prod00216395
Configuration pane, the Advertisement source MAC address
mode field is missing.
17. WBM has partial support for monitoring and statistics. For full N/A
support, use CLI.
18. You cannot renew a server Certificate with the new Validation prod00218841
Period.
19. Using WBM, You cannot configure GSLB Site Selection prod00205023
metrics in site selection rules.
20. Using WBM, the SNMPv3 configuration has the following prod00204831
limitations:
When creating or updating SNMPv3 USM users, the admin
password validation is skipped.
When creating SNMPv3 vacmAccess, the security level might
not be set properly
21. In WBM in the AppShape++ Monitoring pane, the Aborts prod00204783
value is not updated and may display an incorrect value.
22. In CLI, there is a new display for SP Dynamic Memory usage. prod00204612
In WBM, this display is not available and instead incorrectly
shows the old display.
23. In WBM, DNSSEC has the following limitations: prod00204527
The DNSSEC responder VIP table may display irrelevant
columns such as service and protocol, which can be
ignored
In the DNS responder VIP Configuration pane, you must
select the virtual Server ID that has DNS TCP and DNS
UDP as services. You cannot pre-select the server.
The Virtual Server pane incorrectly does not display the DNS
responder VIP.
Release Notes: AlteonOS version 30.0.15.0, October 22, 2018 Page 102
Item Description Bug ID
24. In WBM, in the filter configuration, two-way VPN load prod00204182
balancing is missing.
25. In WBM, the VRRP Virtual Router state displays either Init, prod00201915
Master, or Backup. To obtain a detailed status, Radware
recommends using the CLI.
26. In WBM, on a vADC platform, you cannot turn off/on IP prod00205717
Forwarding on a port. You can only perform this using the
/cfg/l3/port command in the CLI.
27. In WBM, in ADC-VX mode, after enabling RADIUS prod00206275
authentication, logging in might not work.
Workaround: In the browser, clear the cache and retry logging
in.
28. In WBM, panes in which virtual servers are associated and prod00206278
panes that have virtual server dual lists or select boxes might
display DNS responders VIP addresses that are irrelevant.
Workaround: Ignore or skip these irrelevant VIP addresses.
29. In WBM, after deleting an object, if the object is associated to prod00206486
other entities, these associations are not automatically
removed. You must remove these associations manually so
that Apply does not fail.
30. In WBM, the HTTPS body health check configuration can prod00206608
accept only 512 characters, while 1024 characters are
allowed.
31. Enabling or disabling a real server per group is not available prod00206965
using WBM.
32. Using WBM, when attempting to delete a configuration object prod00201414
and then adding a new object of the same type using the same
ID, the Apply command must be run between the two
operations for the addition to be successful.
33. Using WBM, converting a standalone configuration to a vADC prod00216210
configuration does not work.
Release Notes: AlteonOS version 30.0.15.0, October 22, 2018 Page 103
General Limitations
Item Description Bug ID
1. When you perform SNMP Get on the OID to the vADC N/A
interface for memory statistics, the returned value is not
for vMP memory statistics but for system memory
statistics.
2. In a VRRP hot-standby environment, after making a prod00256761
change to the configuration and the Apply fails, when
performing Revert Apply on both Alteon devices
(master and backup), a MAC flap and network loop
occurs on the adjacent switch.
3. Using WBM, when the TACACS server is down, a user prod00241458
with privilege levels l3oper, wsadmin, wsowner, wsview
is not able to log in.
4. On a 5208 platform, the number of maximum session prod00241947
entries displayed is incorrect, and the display per SP is
different than for other platforms.
5. Using WBM, when downloading a release, WBM can prod00235098
become unavailable for several minutes until the image
extraction starts.
Workaround: Use CLI for image download.
6. In an FTP SLB environment with DSR enabled, there is prod00237093
no support to disable DAM locally for FTP, and the FTP
data service does not support Layer 4 DSR.
7. A TACACS-authenticated user can change the admin prod00236967
password when he should not be able to.
8. In SIP SLB environment during SIP outbound traffic, prod00232733
when a REFER method(or Call forwarding) comes from
the server, persistent sessions created on Alteon remain
in session table and do not age out.
Recommendation: Perform session table clear via
/oper/slb/clear.
9. In some cases when the trap and syslog servers are prod00224620,
configured on the data port, VRRP INIT and HOLDOFF prod00224619,
trap/syslog are not sent if the VRRP change state was prod00224616,prod00224613
performed due to the port being down
Release Notes: AlteonOS version 30.0.15.0, October 22, 2018 Page 104
Item Description Bug ID
10. On the Alteon 6420 and 8420 platforms, the license for prod00226812
the number of vADCs is not verified according to system
resources limits (RAM), and instead a number higher
than is supported is allowed.
11. On the 8420 platform, when the management port and prod00225576
next host (SMB/NIC) are configured as 10 HDX/FDX
auto off, the link displays down on Alteon
(info/sys/mgmt), even though the link LED is orange
and activity LED is green.
12. On an 8420 platform, when the system is up, pulling out prod00225314
the fan tray, blocking the fan, and then reinserting the
fan tray, a log message is issued that the fan is plugged
in, but there is no message that the fan failed.
13. On an Alteon 5208 platform with management prod00217388
(/boot/mgmt) port enabled, after rebooting the platform
with the factory configuration, the platform becomes
operational with the management port disabled, when it
should have been enabled by default.
14. On an Alteon 5208 platform, when setting the next boot prod00223651
to load from the factory default configuration without
keeping the management configuration, after reset the
management port is becomes disabled (although by
default it was enabled).
15. When audit is enabled, and an audit message contains prod00223697
more than 1000 characters, the message is truncated
and the audit may not display all configuration change
details in the message.
16. Some audit messages related to enable/disable are prod00223516
confusing (for example, the message might display as
deleted while actually the field was modified).
Example commands /c/sys/access/https/https
d
May appear as if HTTPS was deleted as it was changed
from its default.
17. The AppShape++ script IP::addr command does not prod00221260
work with some nested commands as parameters.
This was fixed in Alteon version 30.1.
Release Notes: AlteonOS version 30.0.15.0, October 22, 2018 Page 105
Item Description Bug ID
18. Using an AppShape++ script, the UDP::response does prod00221228
not work in SERVER_DATA for DNS.
19. Under high traffic load, terminated sessions are not prod00213645
removed from the backup platform mirror table.
20. In Alteon version 30.0, the CPU utilization alert threshold prod00220329
is set to 0% by default instead of 80%.
After upgrading from versions prior to 30.0 with the CPU
alert default setting, this parameter needs to be
manually set to 80%.
21. The IP interface of a VRRP group that includes IPv4 N/A
VRs cannot be configured using IPv6.
22. While retrieving techdata, the MP CPU utilization may prod00212041
reach 100%, causing the inability to access the
management interface.
23. GSLB Proxy Redirection does not work for IPv6 traffic. prod00215426
24. GSLB Client Proximity does not work when HTTP traffic prod00215327
is processed in forceproxy mode.
25. On a standalone platform connected to a Cisco switch, prod00207648
STP Root bridge election does not occur.
26. On an Alteon 5224 platform, 1 GB fiber SFP links are prod00219478
not operational when connected to a Juniper switch.
This is a Juniper-Broadcom interoperability problem.
Workaround: Disable auto-negotiation or use a copper
GBIC.
27. On an Alteon 6420 platform, ports that are connected to prod00217649
a Cisco or Juniper switch are incorrectly reported as up
even when disabled.
28. Statistics of IPv6 virtual servers are incorrect on the prod00217544
backup platform.
29. When activating traffic capture on a platform that is prod00210096
under high load and high SP CPU, failover to the backup
platform may occur.
30. Outbound SIP traffic works only for a standard 5060 prod00217348
port.
31. SSL decryption of an SSL capture is not supported for prod00217115
IPv6 traffic.
Release Notes: AlteonOS version 30.0.15.0, October 22, 2018 Page 106
Item Description Bug ID
32. Using redirect filtering, Layer 7 pattern match does not prod00212657
work when delayed binding is enabled.
33. The OSPF MD5 key is displayed in a config dump as prod00214646
clear text instead of encrypted.
34. In IPv6 filters, when delayed binding is enabled prod00214645
internally, it functions as forceproxy.
35. For a VR group that includes both IPv4 and IPv6 VRs, prod00214159
the advertisements are sent only via IPv6 interfaces
when the method is unicast.
36. No warning message is displayed when APM is enabled prod00213522
on a service with no APM license.
37. When all persistent entries in the Dynamic Data Store prod00212945
(persistence via AppShape++) are purged, sometimes
new persistent entries are not mirrored to the backup
platform. Radware recommends also purging entries
from the backup platform.
38. If the real server has the description configured, the real prod00220874
server description is shown instead of the real IP
address under /info/slb/cookie.
39. When a buddy server does not belong to any service, prod00212727
after Apply it and the real server go down for a short
time.
40. When two IPv6 interfaces are configured on the same prod00216479
VLAN and they both have VRs configured, only one
interface is in status "up (preferred)", while the other is in
status "up (tentative)". Workaround: Disable and then
enable the interface.
41. The default share value for /cfg/l3/vrrp/group prod00177054
and /cfg/l3/vrrp/vr is disabled in Alteon versions
26.8 and 28.0, and enabled starting with version 28.1.
After upgrading from versions 26.8 or 28.0 to version
28.1 or later, if the share parameter had a default value,
you must disable it manually.
42. The BWM module does not work properly. prod00190470
43. For IPv6 virtual routers (VRs), only VRIDs up to 255 can prod00191837
be used.
44. HTTP Layer 7 processing using legacy delayed binding prod00198986
in enabled mode does not work with fragmented traffic.
Release Notes: AlteonOS version 30.0.15.0, October 22, 2018 Page 107
Item Description Bug ID
45. On an Alteon 5412 platform (XL or non-XL), the 1 GB prod00200279
fiber module does not work with auto-negotiation on.
Note: The port might be displayed as up but it does not
function properly.
Workaround: Set the auto-negotiation to off at both
sides.
46. On an Alteon 5412 platform, an SFP port with the prod00200619
SI8512-X5AT0-3C fiber module should not be used for
ISL. The port speed is reported as 10M, causing VRRP
flaps.
47. SSL ID persistency is not supported in force proxy prod00200668
mode. When upgrading from version 28.1.x to 29.5.0.0,
if there are virtual services configured with SSL ID
persistency and force proxy mode, configuration apply
fails until either SSL ID persistency is disabled or force
proxy mode is deactivated.
Radware recommends performing this before upgrade.
48. A GSLB configuration with cookie-based persistency prod00201333
between sites does not work for IPv6 requests.
49. The incorrect APM license value is reported to APSolute prod00201942
Vision.
50. On an HTTPS service with a non-standard service port prod00202219
and server port 443, in force-proxy mode, real server IP
leakage is observed.
Workaround: Add a proxy IP address or change
delayed binding to enabled mode.
51. When a new configuration is applied, there might be prod00202693
"server up" messages for servers that are not attached
to any VIP.
52. If more than 256 virtual routers (VRs) are configured on prod00202886
the same IP interface, flipping between master and
backup device can occur.
53. Sometimes persistent sessions exist for twice the prod00203494
persistency timeout value.
54. When processing traffic via a redirect or NAT filter, if an prod00203850,
ICMP type 3 code 4 message arrives from the client- prod00203888
side, it is not properly processed.
Release Notes: AlteonOS version 30.0.15.0, October 22, 2018 Page 108
Item Description Bug ID
55. X-Forwarded-For can be enabled for an HTTPS service prod00204113
without SSL offload (requires delayed binding enabled),
even though it cannot be performed.
56. MP Utilization data sent to the Device Performance prod00204922
Monitoring module is sometimes incorrect.
57. Generation of a 4096 key size may take up to 30 prod00204939
seconds. During this time, the CPU utilization may reach
100 %.
58. Trying to upload a very large capture file via FTP/TFTP prod00205038
fails.
59. On an Alteon 4408 platform with 1G copper SFP ports, prod00206900,
the port status is always displayed incorrectly on these prod00115850
ports and does not take effect when operationally
disabled or enabled.
60. Some of the cache statistics are incorrect: prod00207290,
The number of new cached bytes is always reported prod00207297,
as 0. prod00207299
Release Notes: AlteonOS version 30.0.15.0, October 22, 2018 Page 109
RELATED DOCUMENTATION
The following documentation is related to this version:
Alteon Installation and Maintenance Guide
Alteon Application Guide
Alteon Command Reference
Alteon REST API User Guide
Alteon AppShape++ SDK Guide
Alteon Web Based Management Quick Guide
Alteon Troubleshooting Guide
Note: The Alteon Command Reference is no longer provided as a PDF file. It is now an HTML
package. To view it, you download the entire package and open the index.html file.
© 2018 Radware, Ltd. All Rights Reserved. Radware and all other Radware product and service names are registered
trademarks of Radware in the U.S. and other countries. All other trademarks and names are the property of their respective
owners. Printed in the U.S.A.
Release Notes: AlteonOS version 30.0.15.0, October 22, 2018 Page 110