GMS 2.9.4 Release Notes

Transcription

SonicWALL, Inc.
Software Release: September 21, 2005
Document Version: September 21, 2005
CONTENTS
PLATFORM COMPATIBILITY
SONICWALL SECURITY APPLIANCE COMPATIBILITY
NEW FEATURES IN THE GMS 2.9.4 RELEASE
ENHANCEMENTS
KNOWN ISSUES
RESOLVED KNOWN ISSUES
INSTALLATION PROCEDURES
RELATED TECHNICAL DOCUMENTATION
PLATFORM COMPATIBILITY
The SonicWALL GMS 2.9.4 release supports the following operating systems:
Windows 2000 Server (SP4)
Windows 2000 Professional (SP4)
Windows XP Professional (SP1)
Windows 2003 Server
Solaris 8 (SPARC)
SonicWALL GMS 2.9.4 supports MS SQL Server 2000 (SP3) on Windows platforms. It also supports
Oracle 9.2.0.1 Standard and Enterprise Editions on Windows and Solaris 8. SonicWALL GMS has been
tested on and with English operating systems and databases.
SonicWALL GMS 2.9.4 services now use JRE 1.4.2_05. However, GMS 2.9.4 automatically downloads
the Java Plug-in 1.5 when accessing GMS. SonicWALL GMS 2.9.4 also uses Tomcat 4.1.29 and installs
Sprinta™ 2000 JDBC driver version 6.03 (applies to SQL Server installations only).
SONICWALL SECURITY APPLIANCE COMPATIBILITY
SonicWALL GMS 2.9.4 supports the following SonicWALL security appliances:
TELE2
TELE3
TELE3 TZ
TELE3 TZX
TELE3 SP/SPi
SOHO2
SOHO3
SOHO TZW
TZ 150
TZ 170
TZ 170 Wireless
TZ 170SP
TZ 170 SP Wireless
XPRS
XPRS2
PRO
PRO-VX
PRO 100
PRO 200
PRO 230
PRO 300
PRO 330
CSM 2100 CF
PRO 1260
PRO 2040
PRO 3060
PRO 4060
PRO 4100
PRO 5060
GX250
GX650
SonicWALL GMS requires firmware version 6.1.2.0 or higher and SonicOS 1.0 or higher to be running on
the SonicWALL security appliances.
Page 1 of 25
© 2005 SonicWALL, Inc. SonicWALL is a registered trademark of SonicWALL, Inc. Other product and company names mentioned herein may be trademarks and/or registered
trademarks of their respective companies.
P/N 232-000055-12
Rev A 9/05
gms294
MONITORING FEATURES
•
Comprehensive SNMP Monitoring Support on Net Monitor—The SonicWALL GMS Net
Monitor now supports a wide variety of SNMP monitoring, including CPU, memory and hard drive
usage. A sample Monitoring Information screen using SNMP as a monitoring type is shown
below. Users can define thresholds for alert notifications.
•
Easy Location of Monitored Unit By Net Monitor—Net Monitor can now easily locate a
specified monitored unit when there are many items monitored.
Page 2 of 25
P/N 232-000055-12
Rev A 9/05
gms294
MANAGEMENT FEATURES
•
Task Scheduling at Time of Task Creation—When creating tasks in GMS Policies Panel, the
user has the ability to schedule the task right when creating a configuration task, instead of
needing to go to the Console panel to re-schedule the already created tasks. Data pushed to the
unit level now always arrives at the unit level. Previously, in some instances when the user
clicked too quickly from the group level to the unit level and pushed information to it, the data
would arrive at the group level because the screen did not refresh quickly enough.
•
Task Creation Protection in TreeControl Node—When a user clicks on a node in TreeControl,
and creates a configuration task in the right-hand Contents Screen quickly, without waiting for
that screen to load completely, tasks could get created for a node other than that selected in the
TreeControl.
•
Per Address Object Deletion—The GMS user interface now allows deletion of single address
objects.
•
Administrator Access to PPPoE Passwords—GMS administrators can now access the PPPoE
address passwords of remote SonicWALL security appliances.
•
Embedded Login Support—GMS administrators can allow users to be automatically
authenticated on the GMS from a Web link using embedded credentials.
•
Improved Navigation for Managing Large Numbers of VPNs—The VPN Summary Screen on
the GMS user interface is now divided into multiple pages that administrators can navigate. This
reduces the amount of time it takes for the VPN Summary Screen to load in environments with a
large number of VPNs.
•
SonicPoint WLAN Scheduling—Profiles for SonicPoint wireless access points now provide
schedule options for wireless LAN (WLAN) standards, IEEE 802.11a and 802.11g.
•
SonicPoint G Support—The GMS now supports SonicWALL SonicPoint G wireless access
points.
Page 3 of 25
P/N 232-000055-12
Rev A 9/05
gms294
•
Improved License and Subscription Search Capabilities—The GMS now offers administrators
a single search function for conducting a wide range of searches for licenses and subscriptions,
such as lists of users with no subscriptions or expiring subscriptions. Such searches provide a
great resource for pinpointing users who would be interested in purchasing new licenses and
subscriptions. A sample screen appears below.
•
Improved Management of Multiple-GMS Deployments—The GMS now offers improved
Redundant Console Mode designed to improve the performance of deployments using multiple
GMS consoles. Redundant Console Mode designates a single console that performs daily
updates (checking for new firmware, signature downloads, status alert emails, etc.).
•
Group-Level Push of Inherited Tasks—The GMS now enables administrators to simultaneously
provision groups of SonicWALL security appliances with one click. Administrators assign devices
that share the same settings associated with a group, and the administrator then “pushes” the
inheritable settings (access rules, services, tunnels, etc.) to the entire group with one click.
•
PortShield Support for the SonicWALL PRO 1260 Enhanced Security Appliance—The GMS
now supports PortShield access to the SonicWALL PRO 1260 security appliance running
SonicOS Enhanced.
•
Increased Net Monitor License—The number of nodes that Net Monitor can monitor has been
increased to four times the number of licensed nodes. Also, when adding SonicWALL Managed
Security Services Partner (MSSP) devices to the network, Net Monitor dynamically increases the
number of licensed nodes, which then increases the number of monitored nodes.
•
Graphical User Interface Patch Update Process—The GMS now provides an easy-to-use
graphical user interface screen for applying patches. Previously, you could only install patches
from the CLI.
•
HTTP and HTTPS Timeout Customized—You can now customize the HTTPS timeout so that
an HTTPS session can display for more than three minutes before timing out and displaying the
Web timeout screen.
•
Activation of IPS Bundles — Previously, when the IPS bundle key is activated through GMS,
GMS would show that only the IPS subscription service is activated. GMS now indicates that the
GAV and Anti-Spyware services are also activated in addition to the IPS service.
•
Manual Signature Upload from GMS—The GMS can now manually upload signatures to
remote SonicWALL security appliances. This is useful for SonicWALL security appliances that do
Page 4 of 25
P/N 232-000055-12
Rev A 9/05
gms294
not have direct Internet connectivity (such as those deployed in high-security environments). In
this situations, the GMS retrieves the new signatures and then uploads them to the SonicWALL
security appliance.
•
Heartbeat Settings on the Enhanced Log Settings Page—The Enhanced Log Settings page
now includes heartbeat settings at both the unit and group levels.
•
Deterministic Binding of Services in a Multi-NIC Environment—In an environment that has
multiple NICs, GMS now detects and allows users to choose which NIC IP address GMS services
should bind to. Previously, GMS randomly chose one NIC IP address in a multi-NIC environment
to which it would bind a service.
•
Matrix View is the Default View on the Firewall Policy Screen
•
Multiple Activation Codes in Policies/Service Licenses—Users can now input multiple
activation codes in the Policies/Service Licenses Window to perform license upgrades and
renewals.
•
Ability to Configure Larger Thresholds than Standard Size for Email Alerts—GMS users can
now configure a threshold above the standard SQL server database Threshold Logs size value
for sending Email alerts. This occurs in the E-Mail Alert Frequencies and Thresholds section of
the Console > Management > Alert Settings screen. The Transaction Log Size Threshold for
Alert Notification field has a default value of 2000 (2 GBytes), although you can select a larger
value. Previously, GMS users could not configure a threshold value for sending Email alerts that
was above 2 GBytes.
Page 5 of 25
P/N 232-000055-12
Rev A 9/05
gms294
REPORTING FEATURES
•
Granular Control in Scheduled Email Reports—Filters can now be applied to each Email
schedule in Report Settings, providing greater flexibility in generating reports to meet customer
needs.
•
Report Navigation—The Reporting output pages now have navigation aids including Next,
Previous, and specific page number (i.e., 1, 2, 3…) hot links to aid in express navigation to
specific pages of output, reducing clutter in the specific page, and improving overall reporting
performance.
•
Enhanced Attack Reports—GMS now displays details for both source and destination
addresses for Virus Attacks, Anti-Spyware, and Intrusion Prevention (Application Filters for CSM)
in the same report.
•
Attack Reports linked to SonicAlert Site—GMS reports of attacks now include a link to
information on the threat to the SonicWALL SonicAlert Website.
•
Display Hot-Linked Source and Destination IP Addresses—GMS attack reports, including
Virus Attacks, Anti-Spyware, and Intrusion Prevention (Application Filters for CSM) now display
source and destination IP addresses with the addresses appearing as a hyperlink. The following
screen shows an IP Address link. You can configure the location that the hotlinked address points
to in C:\sgmsConfig.xml.
By clicking on a hotlinked IP address, GMS displays the IP address owner detail screen as shown
here.
Page 6 of 25
P/N 232-000055-12
Rev A 9/05
gms294
•
Improved Navigation of Scheduled Reports—The Schedule Reports screen on the GMS
Console Panel now includes links to navigate back to the Scheduled Reports configuration
screen so that administrators can quickly and easily modify reports.
•
Granular Control of Multiple Summarizers in Distributed GMS Deployments—In
deployments using multiple summarizers, the next scheduled run for each summarizer can be
controlled without interfering with each other schedule.
•
Common Look and Feel for Report Data—Reports now appear in a uniform fashion across
categories.
Page 7 of 25
P/N 232-000055-12
Rev A 9/05
gms294
•
Report Data Status Enhancement—Report data status messages have been enhanced to
indicate if the report has been disabled for summarization.
•
Support for SonicWALL Anti-Spyware—Analyzes inbound connections for the most common
method of spyware delivery, ActiveX-based component installations. It also examines inbound
setup executables and cabinet files crossing the gateway, and resets the connections that are
streaming spyware setup files to the LAN. If spyware was installed on a LAN workstation prior to
SonicWALL Anti-Spyware activation, the service examines outbound traffic for streams
originating at spyware infected clients and resets those connections. The SonicWALL AntiSpyware Service provides the following protection:
o Blocks spyware delivered through auto-installed ActiveX components, the most common
vehicle for distributing malicious spyware programs.
o Scans and logs spyware threats that are transmitted through the network and alerts
administrators when new spyware is detected and/or blocked.
o Stops existing spyware programs from communicating in the background with servers on
the Internet, preventing the transfer of confidential information.
o Provides granular control over networked applications by enabling administrators to
selectively permit or deny the installation of spyware programs.
o Prevents e-mailed spyware threats by scanning and then blocking infected e-mails
transmitted either through SMTP, IMAP or Web-based e-mail.
o Works with other anti-spyware programs, such as applications that remove existing
spyware applications from hosts, to provide an added measure of defense against
spyware.
Support for SonicWALL Anti-Spyware Reporting—Provides reporting of Spyware attempt
summaries by category, priority, source address, and date ranges to provide the following GMS
customizable reports:
o Reports > Anti-Spyware > Summary
o Reports > Anti-Spyware > By Category
o Reports > Anti-Spyware > By Source
o Reports > Anti-Spyware > Over Time
o Reports > Anti-Spyware > By Category Over Time
o Reports > Anti-Spyware > By Source Over Time
At the group level, only Anti-Spyware > Summary and Anti-Spyware > Over Time reports are
currently available.
Note: The GMS management and reporting pages for Anti-Spyware is supported only on
SonicWALL security appliances running SonicOS Standard 3.1 or SonicOS Enhanced 3.1 and
higher releases (SonicOS 3.1 is the initial firmware release supporting the SonicWALL AntiSpyware security service).
Page 8 of 25
P/N 232-000055-12
Rev A 9/05
gms294
Support for SonicWALL Anti-Spyware Policy Management—Provides full centralized
management support of SonicWALL security appliances for the SonicWALL Anti-Spyware
security service as illustrated in Figure 1.
Figure 1: GMS Policies Panel > Anti-Spyware
o
o
o
o
o
Edit SonicWALL Anti-Spyware configuration settings at both the group and unit level.
Use GMS to configure High, Medium, and Low danger levels for Spyware.
Reset Anti-Spyware configuration settings and policies.
Manage unit and group level Anti-Spyware exclusion lists.
Plus utilize GMS centralized management of Anti-Spyware protection on network zones
for SonicOS Enhanced running systems.
Page 9 of 25
P/N 232-000055-12
Rev A 9/05
gms294
•
Support for Quality of Service (QoS)— Adds the ability to recognize, map, modify and generate
the industry-standard 802.1p and Differentiated Services Code Points (DSCP) Class of Service
(CoS) designators. When used in combination with a Quality of Service (QoS) capable network
infrastructure, SonicOS QoS features provide predictability that is vital for certain types of
applications, such as Voice over IP (VoIP), multimedia content, or business-critical applications
such as credit-card processing. To centrally manage the 802.1p--DSCP Mappings Table, this
release includes support for a new GMS configuration page: Policies > Firewalls > QoS Mapping
as illustrated in Figure 2.
Figure 2: GMS Policies Panel > Firewall > QoS Mapping > 802.1p to DSCP conversion
Page 10 of 25
P/N 232-000055-12
Rev A 9/05
gms294
The QoS Mapping feature is also configurable from the Firewall > Access Rules page as
illustrated in Figure 3.
Figure 3: GMS Policies Panel > Firewall > Access Rules > QoS Mapping
Page 11 of 25
P/N 232-000055-12
Rev A 9/05
gms294
•
GMS Capacity Planning—Check out the new “Capacity Planning” page that provides
performance metrics for your network administrator to plan, design and expand your GMS server
deployment. This page is located at Console Panel > Diagnostics > Capacity Planning and
includes information on Syslog Collector metrics and Summarizer metrics as illustrated in
Figure 4.
Figure 4: GMS Console Panel > Diagnostics > Capacity Planning
Note: The Summarizer metrics are available only for GMS deployments that have Distributed
Summarizer enabled.
Analyzing Syslog Collector and Summarizer Metrics for Capacity Planning
Metrics can be used to identify network problems, either in the GMS deployment itself, or in the
networks that are being managed by this GMS. For example, a sudden increase in the average
number of syslogs collected per minute may indicate a remote network that is infected with
malware application. A steep decrease in the average number of syslogs summarized per minute
may indicate database issues (such as indexes not being maintained at regular intervals) or
malware consuming resources on the Summarizer system unnecessarily.
Page 12 of 25
P/N 232-000055-12
Rev A 9/05
gms294
The metrics are available for the past 24 hours, past 7 days and past 30 days. These metrics are
reset (to zero) every 24 hours for daily metrics, every 7 days for weekly metrics, and every 30
days for monthly metrics. Weekly metrics are not shown unless the data collection for weekly
metrics started earlier than the daily metrics. Similarly, monthly metrics are not shown unless data
collection for monthly metrics started earlier than that for daily and weekly metrics. The Capacity
Planning page will not display metrics for a component if the daily statistics collection started
more than 26 hours back, which generally indicates that the component is not active.
Syslog Collector and Summarizer Metrics
How do I interpret the metrical data? Use the following algorithm to approximate the number of
SonicWALL security appliances (firewalls) a single agent can handle. This model only applies to
generation 2 or distributed summarizers, where n equals the number of hours that the
summarizer can run per day.
(number of syslogs summarized per minute) x (n / 24)
(number of syslogs per firewall per minute)
For example, the average number of syslogs summarized per minute on the 192.168.253.12
system is 22,098, as illustrated in Figure 4. The average number of syslogs received on that
system is 115 per firewall, per minute. The administrator does not want to summarize for more
than 8 hours a day
22,098 x (8 / 24) = 64
115
Therefore, this summarizer system can process a maximum of 64 SonicWALL security
appliances. This is assuming that the current set of SonicWALL security appliances under
management from this GMS server is a homogenous sample of the additional units that will be
brought under the management of this GMS server.
Page 13 of 25
P/N 232-000055-12
Rev A 9/05
gms294
•
Full URL Reporting—Provided the ability to enable and disable Full URL Reporting on the
Summarizer > Summarizer Settings page as illustrated in Figure 5.
Figure 5: GMS Console Panel > Reports > Summarizer
Page 14 of 25
P/N 232-000055-12
Rev A 9/05
gms294
•
Site Access Detail Reporting—Provides the time along with a full listing of the actual URLs
accessed in a new GMS report to display total count of hits to a site sorted by user and the time
of day. This feature is supported on the Web Filter and Web Usage reports as illustrated in
Figure 6.
Figure 6: GMS Reports Panel > Web Usage > By User > Access Time Details
•
Online Certificate Status Protocol (OCSP) Support—Allows SonicWALL security appliances to
use the newer, real-time scheme for maintaining digital certificate status. The OCSP standard
supersedes Certificate Revocation List (CRL).
•
Deletion of Old Preference Files—Specify on a per-firewall basis (in the ‘System’ > ‘Settings’
page) at any level in the View, as to how many most recent preferences files you want to maintain
in the database. By default, older files do not get deleted. Also when preference files are backed
up, the SonicOS firmware version is also displayed to minimize problems with duplicates.
•
Default Firmware Upgrade from Local Hard Disk—Default for firmware upgrade is now
through the local hard drive.
•
Scheduled Backup Saving of Preferences File when Unit Down—Includes the GMS
Preference File Backup feature to check against the TASKS table before creating a new
preference file backup for down or unresponsive units. This feature ensures that there is not an
identical task pending to eliminate redundant tasks.
Page 15 of 25
P/N 232-000055-12
Rev A 9/05
gms294
•
Detect Infections from Syslog Files Received from SonicWALL Security Appliances—
Includes a Summarizer Enhancement to identify systems with infected files behind the
SonicWALL security appliance by looking at the volume of data sent in the syslog file. The
Summarizer now detects messages and bypasses time-consuming reports to improve
performance.
Infected files will be marked with the .imf file extension, and a log entry is entered into the
StdVPSummarizerX.log file to inform the administrator of the infected file.
This feature can be configured by the administrator by setting values in the GMS_CONFIG table
for the following parameters (if not, the defaults will be used):
o
o
o
o
o
disableInspection: Enable/Disable Inspection (default: ENABLED).
fileIntervalInMinutes: The duration of the messages in a syslog file (default: 90).
uniqueDstHostsInPercent: The percentage of unique destination host IP addresses to be
present in the file (default: 55).
messageCountThreshold: The number of messages to be present in a file to trigger an
inspection (default: 10000).
bypassReports: The list1 of reports to bypass when an infection is identified (default: Web
Usage - Top Sites, By User, By Category2)
1
2
The delimiter for the list of report names is ':' [colon]
The Web Usage By Category is in the list only for versions after GMS 2.9.
Infected files will also be automatically archived (as per the archive interval specified) under the
“archivedSyslogs” folder with the following zip file name:
RawSyslogs_Infected_AgentId_yyyymmdd__X.zip.
Page 16 of 25
P/N 232-000055-12
Rev A 9/05
gms294
ENHANCEMENTS
•
Matrix View is the Default View on the Firewall Policy Screen
•
35814: Previously emails originating from GMS did not include information on the origin of the
email. With this release, GMS generated emails (whether in HTML format or in Plain Text format)
now contain version information and associated serial number if applicable.
•
Support for Cut-and-Paste for Adding Units in GMS Applets—Added an error dialog
message window when you attempt to cut/copy/paste text in the GMS Add Unit dialog box as
illustrated in Figure 7. This message window includes instructions to edit the java.policy file for
your JRE to support the ability to cut, copy, or paste text. This is supported in Internet Explorer
6.0 or higher.
Figure 7: Editing the java.policy File for Cut/Copy/Paste Support
Page 17 of 25
P/N 232-000055-12
Rev A 9/05
gms294
KNOWN ISSUES
General
•
36275: When adding a new route policy to any unit running SonicOS 3.1.03E that does not
support Advanced Routing Services (ARS), the operation fails, displaying the following error
message:
Too Many Network Objects
•
Invalid characters for GMS Password - Using SonicWALL GMS, you cannot add the following
characters in the GMS user password: “# + , % &.” Blank spaces are not allowed.
•
No special characters for the SonicWALL GMS database password can be used, such as “%”
and “@.”
•
In the main Net Monitor page, the text at the top of the page that indicates how many Net Monitor
devices you are allowed to monitor may reflect an incorrect amount of licenses.
QoS
•
36689: Symptom: After applying a group-level change, the QoS Mapping Table mapping moves
the entry to the bottom of the table. Condition: At the group level, click the ‘Configure’ icon at a
row entry in the QoS Mapping Table. The selected entry is moved to the bottom of the table. This
is a display issue only.
Services
•
36783: Tasks created for signature updates at the group level execute properly on the firewall
appliance, but the status is not displayed properly at the unit level on GMS, creating a
synchronization mismatch.
•
33815: Service Inheritance using HTTP Management and HTTPS Management on SonicWALL
firmware on Gen-3 platform. If the management ports on the SonicWALL security appliance are
modified from the defaults (port 80 for HTTP and port 443 for HTTPS), Service Inheritance fails
for HTTP Management and HTTPS Management.
•
34117: Symptom: The IPS settings task at the group level appears to be scheduled for units that
do not have IPS licenses. Condition: Occurs on GMS-managed group-level and at GMSmanaged unit-level IPS services. The tasks on non-IPS enabled SonicWALL security appliances
are not attempted and are deleted at execution time.
•
35515: Symptom: The Currently Licensed Nodes is not being updated when the exclusion list is
updated. Condition: When adding a licensed node to an exclusion list in the Policies panel, the
node is displayed under Currently Licensed Nodes as well as the exclusion list. If you request
Licensed Nodes information again from the SonicWALL security appliance, the currently Licensed
Node information is displayed correctly.
Network
•
33883: GMS 2.9.4 does not support management of MAC Address Objects for creating a MAC
Filter List. This is specific to SonicWALL security appliances running SonicOS Enhanced 2.5 or
higher. Support for managing MAC Address Objects will be added in the next major release of
GMS.
Page 18 of 25
P/N 232-000055-12
Rev A 9/05
gms294
•
32070: When creating a NAT policy and creating a “reflexive NAT policy.” Currently, you cannot
create a reflexive policy rule; you need to create two policies.
•
35022: When using MATRIX view style, access rules at the group level for SonicOS Enhanced
units do not display DMZ, WLAN, and MULTICAST.
•
34908: Dynamic DNS account expiration information displays from the SonicOS Enhanced
management interface but does not display in GMS.
•
32575: When changing the service of an existing Policy-based Rule (PBR) at the Global and
Group levels, changing the service of the PBR from NTP to Terminal Service TCP causes the
SonicWALL security appliance to receive a duplicate comment error from GMS.
•
GMS management tunnel fails when using the following manual encryption keys.
1111111111111111
FEFEFEFEFEFEFEFE
1F1F1F1F1F1F1F1F
E0E0E0E0E0E0E0E0
01FE01FE01FE01FE
FE01FE01FE01FE01
1FE01FE01FE01FE0
E01FE01FE01FE01F
01E001E001E001E0
VPN
•
36592: Symptom: Per-VPN SA and GroupVPN support for OCSP management is not found in
the GMS > Policies Panel. Condition: The ‘Enable OCSP’ checkbox and the ‘OCSCP Responder
URL’ text fields are included in the GMS 2.9.3 release, however, OCSP management for per-VPN
SA and GroupVPN is not supported in this release.
•
32616: You cannot use the GMS UI to manage a GroupVPN policy, which requires Multicast and
Global Security Client enforcement.
•
Unit to unit and inheritance of IKE VPN Interconnected Mode policies with 3rd Party Certificates
and ‘Route All Internet Traffic’ fail.
•
SonicWALL GMS does not support 3DES encryption algorithm for the VPN management tunnels.
Log
•
35879: Symptom: SQL Exception error message for Oracle databases returned for Log Search.
Condition: Occurs when you input text enclosed by single quote symbols (‘) into the Log Search
field.
Users
•
33986: User Guest services and User Guest accounts are missing on GMS-managed
SonicWALL security appliances running SonicOS Enhanced 2.5 or higher.
Reporting
•
38481: The syslog collector sometimes fails to start upon rebooting Windows XP. Workaround:
Restart the syslog collector service.
Page 19 of 25
P/N 232-000055-12
Rev A 9/05
gms294
•
38056: An inaccurate status message displays when the scheduled reports process runs before
the summarizer has completed running. The status message is
This report <report_name> for <date> is not available.
•
38663: Duplicate entries sometimes display for Reports > Web Usage > By User OT Report.
•
38688: Duplicate destination entries sometimes display in the Reports > Web Filter > By
Category page
•
37913: Existing custom scheduled reports have to be recreated upon upgrade from a previous
version of GMS because the existing custom reports have not migrated to using the new report
templates. Workaround: Recreate your custom reports using your old params templates.
Page 20 of 25
P/N 232-000055-12
Rev A 9/05
gms294
GMS Installation/SonicOS Firmware Software Management
•
31872: When uninstalling a GMS 2.9.4 release, the uninstall page displays a prior release rather
than the GMS 2.9.4 release. This is a display issue; the uninstallation process for GMS 2.9.4 is
working properly.
•
Upgrading from SonicOS Standard to SonicOS Enhanced firmware is not supported through
GMS. Workaround: Upgrade the SonicWALL security appliance firmware and then add it to
GMS.
Page 21 of 25
P/N 232-000055-12
Rev A 9/05
gms294
RESOLVED KNOWN ISSUES SINCE THE GMS 2.9.3 RELEASE
•
36897: Symptom: The Distributed Summarizer on the primary agent cannot run after being
restarted. This occurred because of instances where a Summarizer in a distributed environment
overwrote the next summary time because a second Summarizer had to sleep because the first
Summarizer set the next summary time to a future date. Additionally, the performance is slow
when filtering by user, by site, and over time conditions. Condition: The Distributed Summarizer
frequently does not work after the utility has been restarted.
•
37995: Symptom: The report title for custom reports is missing data, including top sites per user.
Also, in some instances, the reports have no titles. After exception reports have been completed,
they only have dates. Condition: Report titles are altered after exception reports have been
generated.
•
37085: Symptom: The user interface for viewing access rules for managed GMS gateways
freezes. Additionally, in some instances, the rules are not displayed. Condition: When logging
into GMS and navigating to Global 2 and viewing GMS > Policies panel > Firewall > Access
rules, the interface will freeze and the rules are not displayed. Workaround: Use FireFox
Mozilla browser.
•
35558: Symptom: If you change the item setting formerly applied to all users, the Number of
Items setting now applies only to a specific user. Condition: This behavior occurs when the
user account has admin privileges and the user has selected ALL for the Number of Items
category.
•
36977: Symptom: When too much data occurs in one report, a Web timeout page displayed.
Condition: This occurs when pulling up a report under view Global 3, and then displaying a Web
session.
•
37189: Symptom: The Enable Group VPN checkbox is always cleared even if checked after
updating the system. Condition: This occurs after checking the checkbox.
•
37391: Symptom: The Service Objects Inheritance filter does not work. Condition: This occurs
when selecting the new Inheritance Filter under Policies Panel > Firewall > Service Objects
and then setting a new Inheritance filter with the Firewall Services Objects utility.
•
37432: Symptom: The Administrator Login Name field in the Administrator Page under Policies
Panel was left blank. The blank field was pushed to the managed SonicWALLs. This resulted in
blocking access to all affected SonicWALLs. Additionally, the user cannot run an HTTPS session
to any of the affected SonicWALLs with blank user names and passwords. Condition: This
problem occurs when the user attempts to change the timeout value in the GlobalView >
Policies Panel > System > Administrator page.
Page 22 of 25
P/N 232-000055-12
Rev A 9/05
gms294
•
35925: Symptom: Mismatching information regarding the status of the DHCP server between the
Status and the Dynamic Ranges view. Condition: The Policies > System > Status page displays
the DHCP server is Disabled. While the Policies > DHCP > Dynamic Ranges page correctly
displays the DHCP server is enabled and the configured ranges.
•
36443: Symptom: The GMS Bandwidth Summary report at the group level returned an HTTP
Status 500 exception message. Condition: Occurs when using the calendar to forward a day
using the advance-the-date arrow icons.
•
35994: Symptom: Attempts to change user password fails with java script error. Condition: At
unit level, attempt to change the password of an existing user fails with a browser error.
•
35638: Symptom: Object screen shows up, instead of the group edit screen. Condition:
Displays the ‘Address Objects’ edit popup instead of the correct edit popup for ‘Address Groups’
that are children of other Address Groups.
•
36018: Symptom: Some of the fields do not show up for editing in ‘Edit Interfaces’ dialog.
Condition: The ‘Egress’ and ‘Ingress’ bandwidth management fields do not show up in the Edit
Interface dialog because the variables used to keep track of firmware versions were not correctly
updated.
•
35836: Symptom: When viewing any firewalls being managed by GMS, no custom routes are
displayed in the GMS console. Condition: Only the Custom Route Policies are displayed in the
Routing screen (SonicOS Enhanced). Default policies are displayed on the ‘Diagnostics’ >
‘Network’ screen after running the "Fetch default route policies" task.
•
35862: Symptom: The Network/DMZ addresses page is missing for Gen 3 firewalls. Condition:
Intranet and DMZ Addresses screens are not showing up for Gen 3 firewalls because of an
incorrect feature id set.
•
35961: Symptom: Group level VPN and VPN Monitor pages do not load when the number of
VPN tunnels is in the thousands. Condition: The ‘Policies’ > ‘Monitor’ and ‘Summary’ pages
will load at the unit level but not at the group level. Note: There is no issue with the "VPN
Summary" screen. No Security Associations (SAs) show up at the group level because SAs are
not defined at the Group Level by design.
•
35505: When configuring alerts to log to a file for FWUP and FWDOWN on the ‘Management’ >
‘Alert Settings’ page, no serial number(s) were added for identifying the firewall.
•
35478: User had to rename the firmware image file that is downloaded from mysonicwall.com site
because backend server inserts extra characters in the firmware image file name. Firmware
image files no longer need to be renamed to do a firmware upgrade through GMS.
•
35340: When you click the ‘E-Mail/Archive the selected schedules now’ link on the ‘Reports’ >
‘Scheduled Reports’ page, an error occurs.
•
35150: Gateway Anti-Virus (GAV) and Intrusion Prevention Service (IPS) are enabled on the
unit’s WAN zone by default but the GMS ‘Network’ > ‘Zones’ page does not display the services
as enabled.
•
35424: Database size grew in a non-linear fashion after upgrading to GMS 2.9 until an out-ofmemory error occurred.
•
35019: IPS signatures are not displayed when you select a category view style at the group or
unit level because the count is not reset.
Page 23 of 25
P/N 232-000055-12
Rev A 9/05
gms294
•
33546: Selecting the plot graph type in the ‘Reports Panel’ > ‘Services’ > ‘Summary’ page results
in the graph colors not matching the data legend colors displayed in the table.
•
35214: Improved ease of use for Report Task Scheduling on the ‘Reports’ > ‘Scheduled Reports’
page. ‘Start’ and ‘End’ options added to the ‘Re-send the selected schedules for dates
(mm/dd/yyyy)’ setting when you select ‘All’ from the ‘Schedule Type’ menu.
•
34293: GMS support for SonicOS Enhanced 3.0 auto-added access rules when creating VPN
policies.
•
35439: If there are multiple newer firmware versions, GMS will reports only one new firmware
version, not all versions. The existing firmware build on the SonicWALL security appliance is
displayed as newer than the detected firmware.
•
35501: Moving licensed node to ‘Exclusion List’ completes successfully, but node is not moved.
Once the ‘Policies’ > ‘System’ > ‘Licensed’ Nodes page displays the licensed nodes, clicking the
Exclude edit button for a node under this list adds it to the Exclusion List but the node does not
move.
INSTALLATION PROCEDURES
You can either perform a fresh installation of GMS 2.9.4 using the installer or upgrade a previous
installation of GMS 2.9, patched or unpatched. For details on performing an installation, see the GMS
Installation Guide.
In a distributed environment, make sure you stop all GMS services on all GMS servers before proceeding
to perform an upgrade.
If the GMS Console (Web server) is set up for HTTP management, the upgrade to GMS 2.9.4 will
preserve the HTTPS settings for the GMS Web server.
The upgrade installer checks with the SonicWALL backend to see if the GMS deployment has valid
support. If it does not, then the upgrade discontinues. When the GMS installer detects that the
SonicWALL backend site is not accessible, it prompts the user to enter an Upgrade Key. If the key is
valid, it allows the upgrade to continue. If the key is invalid, the installation fails.
Also note that In an environment that has multiple NICs, GMS now detects and allows users to choose
which NIC IP address should bind to a specific service during installation. Previously, GMS randomly
chose one NIC IP address in a multi-NIC environment to which it would bind a service.
Page 24 of 25
P/N 232-000055-12
Rev A 9/05
gms294
RELATED TECHNICAL DOCUMENTATION
SonicWALL user guide reference documentation is available at the
SonicWALL Technical Documentation Online Library:
http://www.sonicwall.com/support/documentation.html
The SonicWALL GMS 2.9.4 documentation set consists of the following user guides:
Introduction Guide
Installation Guide
Configuration Guide
Reporting Guide
CLI Reference Guide
For basic and advanced deployment examples,
refer to SonicWALL GMS user guides and deployment technotes:
Page 25 of 25
P/N 232-000055-12
Rev A 9/05
gms294

GMS 2.9.4 Release Notes

Transcription

Similar documents

FALL FESTIVAL FLYER1

Monument Ave 10k Brochure

SonicWALL TELE3 SP

SonicWALL TELE3 SP

Phone.com Setup Guide

Check Package Contents Connect the

to our Audio Recording brochure

Quick Start Guide Citrix Xen Hypervisor

DellSW_EC GMS DS US R5.indd

TV STATIONS: 19 WHOI / 31 WMBD / 25 WEEK RADIO STATIONS