Known Problems with this Release
3
■
A new logging category - Denied LAN IP - has been
added to the Log Settings page. When enabled, all
access attempts to the Firewall LAN IP address
which are not allowed by the firewall configuration
are logged.
■
A log message for fragmented packets dropped
has been added.
■
TCP FIN, XMAS and NULL scans are now logged.
■
A new menu selection allows users to select either
WebTrends or Default formats on the Log Settings
page. The default Syslog data now contains port
information in addition to standard WebTrends
formatted data.
■
Services can now be defined using ranges of ports.
■
Multiple subnets can now be accessed through
VPN tunnels.
■
Individual rules can now be edited and disabled.
Rules can also be enforced by time of day.
■
A restart is no longer required after adding,
deleting or changing rules.
■
Fragmented IPSEC and PPTP packets can now pass
through the Firewall.
■
WINS server addresses can now be assigned to
LAN clients by the Firewall DHCP Server.
■
Hyperlinks displayed in the log now provide
definitions of attacks.
■
A PPPoE inactivity time-out has been added.
■
The date can now be displayed in an International
format (DD/MM/YYYY).
■
The Syslog Individual Event Rate feature enables
control over the time period between similar
events being reported to the Syslog.
■
Napster is now a pre-defined service.
■
The current status of DHCP leases are now shown
on the DHCP/Status page.
Known Problems with this Release
VPN Operation
■
You may need to reconfigure VPN clients to use
the new GroupVPN feature. The GroupVPN
security association must be used for multiple VPN
clients.
■
When configuring a VPN security association, the
encryption method must be specified. The
“AH-MD5” encryption method does not function
correctly when interoperating with version 5.0.7 of
SuperStack 3 Firewall or version 5.0.8 of
OfficeConnect Firewall.
■
Note the following if you have configured the
Firewall to be a PPPoE client and wish to establish a
VPN tunnel through the firewall using PPTP
protocol. When using Microsoft Dial up
Networking V1.3 on Windows 95/98, the client PC
must have the IP packet size set to “medium” in
Dial up Networking.
Windows 2000 is not affected as it automatically
adjusts the packet size.
DNA1611-0AAA01.fm Page 3 Tuesday, September 4, 2001 10:10 AM
