Features in 86231-10 – Allied Telesis AR800 Series User Manual

2

Patch Release Note

Patch 86231-10 for Software Release 2.3.1

C613-10328-00 REV J

Some of the issues addressed in this Release Note include a level number. This
number reflects the importance of the issue that has been resolved. The levels
are:

Features in 86231-10

Patch 86231-10 includes all issues resolved and enhancements released in
previous patches for Software Release 2.3.1, and the following enhancements:

When a TCP RST/ACK was received by a firewall interface, the packet that
was passed to the other side of the firewall lost the ACK flag, and had an
incorrect ACK number. This issue has been resolved.

Locally generated ICMP packets, such as unreachable messages, were not
passed out through public interfaces when the packet that caused the
message was not recorded by the firewall. This may occur, for example, if
the packet passed between two public interfaces. This issue has been
resolved.

Previously the SET FIREWALL POLICY RULE command permitted the use
of the GBLIP and GBLPORT parameters in ways that were not permitted by
the ADD FIREWALL POLICY RULE command. This caused problems
when a configuration file was generated because some of the illegal
parameters from the SET command were put into the ADD command. This
resulted in a configuration that contained illegal parameter combinations.
The restrictions placed on the GBLIP and GBLPORT parameters in the ADD
command have now been implemented in the SET command so that these
problems do not occur.

When the system time was set to a time that was before or significantly after
the current time, Firewall sessions were prematurely deleted. This issue has
been resolved.

The Trace utility has been modified. Previously, Trace sent a group of
packets at once and waited for multiple responses in order to assess the
minimum, maximum and average time to cover a certain "hop distance"
towards the target host. Now Trace sends each packet in each group
individually, and waits either for a response or a time-out before sending
the next packet in the group.

Level 1

This issue will cause significant interruption to network services, and
there is no work-around.

Level 2

This issue will cause interruption to network service, however there
is a work-around.

Level 3

This issue will seldom appear, and will cause minor inconvenience.

Level 4

This issue represents a cosmetic change and does not affect network
operation.

PCR: 02158

Module: FIREWALL

Network affecting: No

PCR: 02166

Module: FIREWALL

Network affecting: No

PCR: 02356

Module: FIREWALL

Network affecting: No

PCR: 02371

Module: FIREWALL

Network affecting: No

PCR: 02399

Module: TRACE

Network affecting: No