IBM Proventia Network Security Controller (NSC) - README ===================================================================== Readme file for: IBM Proventia Network Security Controller (NSC) Product/Component Release: update-14 (Firmware 1.0.4000M) Platforms: Proventia NSC Publication date: August 8, 2016 Last Modification date: August 8, 2016 © Copyright IBM Corporation 2016. All rights reserved worldwide. PLEASE READ THIS DOCUMENT IN ITS ENTIRETY. ===================================================================== CONTENTS ===================================================================== - Description - Compatibility - Applying the Update - Known Issues - Files Included - Contacting IBM Support - Information Required for Reporting Product Issues - Copyright and Trademark DESCRIPTION ===================================================================== New fixes added in this update (firmware 1.0.4000): - Updates openssl to 1.0.1t - Updates glibc - Delivers security fixes to date. Please visit to view security bulletins for this product. New fixes added in this update (firmware 1.0.3399M): - Updates openssl to 1.0.1s - Delivers security fixes to date. Please visit to view security bulletins for this product. New fixes added in this update (firmware 1.0.3394M): - Adds a new feature for generating a unique certificate with diffie-hellman algorithm. - LMI Advanced-->Backup/Restore--> Generate Diffie Hellman group - Delivers security fixes to date. Please visit to view security bulletins for this product. - Updates to newer version of OpenSSL 1.0.1p New fixes added in this update (firmware 1.0.3387M): - Updates to newer version of OpenSSL 1.0.1m - Disables RC4 cipher New fixes added in this update (firmware 1.0.3381M): - Delivers a fix in which ssh1 was allowed. Now only ssh2 is allowed when connecting to NSC management port through ssh. New fixes added in this update (firmware 1.0.3379M): - Delivers a fix in which LCD could appear blank New fixes added in this update (firmware 1.0.3376M): - Delivers security fixes to date. Please visit to view security bulletins for this product. - Fixes TACACS cosmetic issue in which entering a password in LMI will stop showing characters after 8 characters have been added. - Fixes issue with LMI TACACS login does not work through LMI, a work around is to be able to log in through ADMIN menu. New fixes added in this update (firmware 1.0.3361M): - Configuration issue which interfered with configuration restoration after upgrade. - Missing features (NTP, Time, TACACS) - Updates to newer version of OpenSSL 1.0.1i New fixes added in this update (firmware 1.0.3352M): - Upgrades to a newer version of OpenSSL. - Corrects an issue that caused duplicate notifications (including SNMP traps and e-mails) to be sent upon state change events. - Corrects an issue that could lead to system instability when using certain TACACS+ server configurations. - Corrected an issue where the 'link mode' heartbeat fail-over delay was longer than normal. Fixes previously included in update 4 (firmware 1.0.3350M): - Adds support for TACACS+ Fixes previously included in update 3 (firmware 1.0.1768): - Addresses an issue with the NSC incorrectly dropping traffic due to a misconfiguration of the MAC learning of the NSC unit. - Addresses an issue where the LCD display of the unit fails to work properly. - Addresses an issue where the LED link lights do not correspond to the correct segments of the unit when cables are plugged into the device. Fixes previously included in update 2 (firmware 1.0.1209): - Corrects an issue where changing the devices connected to the distribution ports on the NSC can cause network impact on the 10 Gb segments. Fixes previously included in update 1 (firmware 1.0.913): - This patch adds the ability to put the Proventia Network Security Controller in Passive Mode (IDS). In this mode the controller will attach to a 10G SPAN port and distribute the traffic load across 8 1G ports on the Controller to a passive mode GX appliance. - This patch adds the ability to set 1000 Mbps Full on the product's monitoring interfaces. - Corrects an issue that would cause the Proventia Network Security Controller Appliance clock to be set to year 2000. - Corrects an issue that prevented the enter key from working on the Login button. - Added link Propagation for In-line mode. - Added 'add user' function in the LMI. - Updated sshd and lighttpd - Implemented a better Trace/logging option MD5 checksum calculation: - c708a3b026737f8e8ac90e4c3394fcf5 COMPATIBILITY ===================================================================== This update is applicable only to the IBM Proventia NSC. This hotfix can be applied on top of any previous hotfixes. APPLYING THE UPDATE ===================================================================== This hotfix must be installed by the 'root' user on your Proventia NSC appliance. If you have not done so previously, please follow these steps to specify a root password and enable this account: 1) Using an SSH tool such as PuTTY, log into your Proventia NSC appliance as "admin". 2) Execute the following command: cli set root_password YOURNEWPASSWORD 3) The root password is now configured. Please log out and proceed with the hotfix installation instructions below. Please perform the following steps to apply this hotfix: 1) Using an SCP tool such as WinSCP, copy the file "" to the "/" folder on your Proventia NSC. 2) Using an SSH tool such as PuTTY, log into your Proventia NSC appliance as "root". 3) Execute the following command: sh 4) The update installation will begin, and may take several minutes to complete. 5) Once the update has completed, please power-cycle the machine by unplugging the power cables from the back of the machine, then reconnecting them. KNOWN ISSUES ===================================================================== There are no known issues with this update. FILES INCLUDED ===================================================================== | |--20160808_Proventia_Network_Security_Controller_update-14_fw1.0.4000M_README.txt | | CONTACTING IBM SUPPORT ===================================================================== To Contact IBM Support Worldwide Phone: Select a local phone number from When prompted for type of support, select option 2 for Software Support You will need to provide your IBM Customer Number (ICN) Electronically: Go to and open a new service request INFORMATION REQUIRED FOR REPORTING PRODUCT ISSUES ===================================================================== If you encounter a problem with this product, please make notes that are as detailed as possible about the following: - Build versions - Sensor and console host configurations - Network deployment - Network traffic rates - Network traffic characteristics - Specific failure symptoms or undesirable behavior This information helps us reproduce the problem and resolve it as quickly as possible. COPYRIGHT AND TRADEMARK ===================================================================== Copyright and trademark information Notices INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THIS PUBLICATION "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Some jurisdictions do not allow disclaimer of express or implied warranties in certain transactions, therefore, this statement may not apply to you. This information could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein; these changes will be incorporated in new editions of the publication. IBM may make improvements and/or changes in the product(s) and/or the program(s) described in this publication at any time without notice. Microsoft, Windows, and Windows Server are trademarks of Microsoft Corporation in the United States, other countries, or both. Intel, Intel logo, Intel Inside, Intel Inside logo, Intel Centrino, Intel Centrino logo, Celeron, Intel Xeon, Intel SpeedStep, Itanium, and Pentium are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries. Linux is the registered trademark of Linus Torvalds in the U.S. and other countries. Other company, product, or service names may be trademarks or service marks of others. *THIRD-PARTY LICENSE TERMS AND CONDITIONS, NOTICES AND INFORMATION* Please see the license agreement for this product for details concerning terms and conditions applicable to third party software code included in this product, and for certain notices and other information IBM must provide to you under its license to certain software code. Notwithstanding the terms and conditions of any other agreement you may have with IBM or any of its related or affiliated entities (collectively "IBM"), the third party software code identified below are "Excluded Components" and are subject to the following terms and conditions: * the Excluded Components are provided on an "AS IS" basis * IBM DISCLAIMS ANY AND ALL EXPRESS AND IMPLIED WARRANTIES AND CONDITIONS WITH RESPECT TO THE EXCLUDED COMPONENTS, INCLUDING, BUT NOT LIMITED TO, THE WARRANTY OF NON-INFRINGEMENT OR INTERFERENCE AND THE IMPLIED WARRANTIES AND CONDITIONS OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * IBM will not be liable to you or indemnify you for any claims related to the Excluded Components * IBM will not be liable for any direct, indirect, incidental, special, exemplary, punitive or consequential damages with respect to the Excluded Components. ===================================================================== =====================================================================