TippingPoint Threat Protection Sysytem (TPS) Version 5.3.1 å…¬é–‹ã®ãŠçŸ¥ã‚‰ã›ï¼šã‚µãƒãƒ¼ãƒˆæƒ…å ± : ãƒˆãƒ¬ãƒ³ãƒ‰ãƒžã‚¤ã‚¯ãƒï¼ ç´¯ç©ä¿®æ£å¯¾å¿œã‹ãªã€‚

TippingPoint Threat Protection Sysytem (TPS) Version 5.3.1 å…¬é–‹ã®ãŠçŸ¥ã‚‰ã›ï¼šã‚µãƒãƒ¼ãƒˆæƒ…å ± : ãƒˆãƒ¬ãƒ³ãƒ‰ãƒžã‚¤ã‚¯ãƒ

TippingPoint Threat Protection Sysytem (TPS) version 5.3.1 ãŒä»¥ä¸‹ã®é€šã‚Šå…¬é–‹ã•ã‚Œã¾ã—ãŸã€‚

â– å…¬é–‹é–‹å§‹æ—¥
2020å¹´8æœˆ25æ—¥ (ç«)
è©³ç´°ã«ã¤ãã¾ã—ã¦ã¯ä»¥ä¸‹ã® Release Notes(è‹±èªž)ã‚’ã”è¦§ãã ã•ã„ã€‚
Threat Protection System Release Notes Version 5.3.1 release Notes
â– å…¥æ‰‹æ–¹æ³•
Trend Micro TippingPoint Threat Management Center(TMC)ã‹ã‚‰ã‚¢ãƒƒãƒ—ã‚°ãƒ¬ãƒ¼ãƒ‰ç”¨ã®ãƒ¢ã‚¸ãƒ¥ãƒ¼ãƒ«ã‚„ãƒ‰ã‚ãƒ¥ãƒ¡ãƒ³ãƒˆã‚’ãƒ€ã‚¦ãƒ³ãƒãƒ¼ãƒ‰
ã™ã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚
â€»ãƒã‚°ã‚¤ãƒ³ã«ã¯ TMC ã‚¢ã‚«ã‚¦ãƒ³ãƒˆãŒå¿…è¦ã§ã™ã€‚
â– å°Žå…¥æ‰‹é †
å°Žå…¥æ‰‹é †ã«ã¤ãã¾ã—ã¦ã¯Online Help Centerã‹ã‚‰ãƒ€ã‚¦ãƒ³ãƒãƒ¼ãƒ‰ã§ãã‚‹ã‚¤ãƒ³ã‚¹ãƒˆãƒ¼ãƒ«ã‚¬ã‚¤ãƒ‰ã‚„ãƒ¦ãƒ¼ã‚¶ãƒ¼ã‚¬ã‚¤ãƒ‰ã‚’ã”å‚ç…§ãã ã•ã„ã€‚
â€»ãƒ‰ã‚ãƒ¥ãƒ¡ãƒ³ãƒˆã¯å…¨ã¦è‹±èªžã§ã™ã€‚
â– è£½å“ã‚µãƒãƒ¼ãƒˆ
ã”ä¸æ˜Žãªç‚¹ãŒã”ã–ã„ã¾ã—ãŸã‚‰ã€å¼Šç¤¾ã‚µãƒãƒ¼ãƒˆã‚»ãƒ³ã‚¿ãƒ¼ã¾ã§ãŠå•åˆã›ãã ã•ã„ã€‚
ãŠå•åˆã›æ–¹æ³•ã«ã¤ã„ã¦ã¯ã€ ã“ã¡ã‚‰ã‚’ã”ç¢ºèªãã ã•ã„ã€‚
サポート情報 : トレンドマイクロ

Release Contents

Description Reference

This release addresses a critical issue where SSL Inspection caused the device to enter Layer 2 Fallback. TIP-46878
TIP-46877
TIP-46899
TIP-49714
TIP-49735

Rare conditions could prevent users from logging back in after a system crash without entering recovery mode. TIP-50225

This release repairs an FPGA issue that failed to scrub abandoned network connections, which caused the FPGA connection table to become congested. The performance of 8200TX and 8400TX devices became degraded, and a reboot was required to recover from the condition. TIP-47474

A condition that caused system clock adjustments to display invalid debug np tier-stats values has been resolved. SEG-48804

The Tier 2 stats (Ratio to next tier) now correctly display the Tier 1 stats. TIP-52853

When SSL operations reach a specific memory consumption threshold, SSL connections can now temporarily bypass the SSL proxy (and SSL inspection) until more memory is available. TIP-51811

Description	Reference
This release addresses a critical issue where SSL Inspection caused the device to enter Layer 2 Fallback.	TIP-46878 TIP-46877 TIP-46899 TIP-49714 TIP-49735
Rare conditions could prevent users from logging back in after a system crash without entering recovery mode.	TIP-50225
This release repairs an FPGA issue that failed to scrub abandoned network connections, which caused the FPGA connection table to become congested. The performance of 8200TX and 8400TX devices became degraded, and a reboot was required to recover from the condition.	TIP-47474
A condition that caused system clock adjustments to display invalid debug np tier-stats values has been resolved.	SEG-48804
The Tier 2 stats (Ratio to next tier) now correctly display the Tier 1 stats.	TIP-52853
When SSL operations reach a specific memory consumption threshold, SSL connections can now temporarily bypass the SSL proxy (and SSL inspection) until more memory is available.	TIP-51811

Known issues

Description Reference

When you insert a 40 Gbps bypass module (BIOM) into a TX-Series TPS device that has not been upgraded to at least TOS v5.2.0, the module health status LED indicates that the module has experienced a fault (solid amber). To recover from this state:
1. Upgrade the device to TOS v5.2.0 or later.
2. After the upgrade, perform a full reboot of the device.
3. Disable bypass on all BIOMs by selecting the normal option:
â€¢ SMS: From the Device menu, click the device and select Device
Configuration -> HA (High Availability) -> Zero Power HA.
â€¢ LSM: Select System -> High Availability -> Zero-Power HA.
â€¢ CLI: high-availability zero-power (bypassï½œnormal)(slot ï½œall) TIP-33655

Performing any kind of inspection, including SSL inspection, on VXLAN packets with a vlan tag in the outer (tunnel) header is not supported on 8200TX and 8400TX devices. TIP-45595
TIP-45678

Threat Protection System Release Notes 3 For optimal performance of URL filtering and other memory intensive features running on a vTPS in Normal mode, configure 16 GB of RAM. TIP-33876

When you create a snapshot using the LSM, the browser sometimes times out even though the snapshot creation eventually succeeds. TIP-37112

System logs do not indicate when the state of a transceiver changes. TIP-39167

SSL inspection no longer supports compression within TLS/SSL, nor periodic rekeying. TIP-32066

Because of an issue with HTTP Response Processing, do not change the default setting for encoded HTTP responses. From the LSM, select Policy > Settings and ensure that Accelerated inspection of encoded HTTP responses is selected. TIP-49369

Under rare conditions, the following error can occur during DNS Reputation filtering:
Error TOSPORT NP: DNS Decoder: Parse of generated NXDOMAIN PDU
failed; disposition is npDispositionEthTypeUnknown
The error indicates merely that the NXDOMAIN response packet was not sent back to the DNS requester. You can safely ignore the error message. TIP-39422

Description	Reference
When you insert a 40 Gbps bypass module (BIOM) into a TX-Series TPS device that has not been upgraded to at least TOS v5.2.0, the module health status LED indicates that the module has experienced a fault (solid amber). To recover from this state: 1. Upgrade the device to TOS v5.2.0 or later. 2. After the upgrade, perform a full reboot of the device. 3. Disable bypass on all BIOMs by selecting the normal option: â€¢ SMS: From the Device menu, click the device and select Device Configuration -> HA (High Availability) -> Zero Power HA. â€¢ LSM: Select System -> High Availability -> Zero-Power HA. â€¢ CLI: high-availability zero-power (bypassï½œnormal)(slot ï½œall)	TIP-33655
Performing any kind of inspection, including SSL inspection, on VXLAN packets with a vlan tag in the outer (tunnel) header is not supported on 8200TX and 8400TX devices.	TIP-45595 TIP-45678
Threat Protection System Release Notes 3 For optimal performance of URL filtering and other memory intensive features running on a vTPS in Normal mode, configure 16 GB of RAM.	TIP-33876
When you create a snapshot using the LSM, the browser sometimes times out even though the snapshot creation eventually succeeds.	TIP-37112
System logs do not indicate when the state of a transceiver changes.	TIP-39167
SSL inspection no longer supports compression within TLS/SSL, nor periodic rekeying.	TIP-32066
Because of an issue with HTTP Response Processing, do not change the default setting for encoded HTTP responses. From the LSM, select Policy > Settings and ensure that Accelerated inspection of encoded HTTP responses is selected.	TIP-49369
Under rare conditions, the following error can occur during DNS Reputation filtering: Error TOSPORT NP: DNS Decoder: Parse of generated NXDOMAIN PDU failed; disposition is npDispositionEthTypeUnknown The error indicates merely that the NXDOMAIN response packet was not sent back to the DNS requester. You can safely ignore the error message.	TIP-39422