10 | Patch Release Note |
PCR: 02036 | Module: SWITCH | Network affecting: No |
A new command allows the Layer 3 aging timer to be changed:
SET SWITCH L3AGEINGTIMER=<seconds>
where seconds can be 30 - 43200. After each cycle of the ageing timer, all existing Layer 3 entries with the hit bit set will have the hit bit reset to zero, and all existing Layer 3 entries with the hit bit set to zero will be deleted.
The SHOW SWITCH command output now displays the Layer 3 ageing timer value.
PCR 02138 | Module: SWI | Network affecting: No |
The built in Self Test Code for all Rapiers, except G6, has been improved to enhance the detection of faults in switch chip external packet memory.
PCR: 02158 | Module: FIREWALL | Network affecting: No |
When a TCP RST/ACK was received by a firewall interface, the packet that was passed to the other side of the firewall lost the ACK flag, and had an incorrect ACK number. This issue has been resolved.
PCR: 02185 | Module: VRRP | Network affecting: No |
The SHOW CONFIG DYNAMIC=VRRP command was not showing port monitoring and step values correctly. This issue has been resolved.
PCR: 02229 | Module: IPG | Network affecting: No |
The PURGE IP command now resets the IP route cache counters to zero.
PCR: 02240 | Module: SWI | Network affecting: No |
The SENDCOS filter action did not operate correctly across switch instances. This was because the stacklink port on the Rapier 48 did not correctly compensate for the stack tag on frames received via the filter. This issue has been resolved.
PCR: 02241 | Module: FIREWALL | Network affecting: No |
Firewall subnet NAT rules were not working correctly from the private to the public side of the firewall. Traffic from the public to private side (destined for subnet NAT) was discarded. These issues have been resolved. ICMP traffic no longer causes a RADIUS lookup for access authentication, but is now checked by ICMP handlers for attacks and eligibility. If the ICMP traffic matches a NAT rule, NAT will occur on inbound and outbound traffic. HTTP 1.0 requests sometimes caused the firewall HTTP proxy to close prematurely. Cached TCP sessions were sometimes not hit correctly. These issues have been resolved.
PCR: 02242 | Module: IPG | Network affecting: No |
On a Rapier 24, adding an IP interface over a FR interface caused an
ASSERT debug fatal error. This issue has been resolved.
PCR: 02250 | Module: FIREWALL | Network affecting: No |
Sometimes the Firewall erroneously used NAT. This issue has been resolved.
Patch