Novell Home

BorderManager 3.7 Post Support Pack 3

Novell Cool Solutions: Feature

Digg This - Slashdot This

Posted: 29 Jul 2004
 

Novell BorderManager 3.7 Post Support Pack 3 is available for download. This article describes the fixes made with this Support Pack. It also spells out the known problems and limitations with this support pack, along with some suggestions for working around them. For the full details, including download and installation notes, see TID 2969318.

Fixes, New in This Release

Proxy Fixes:

  • FTP proxy logs now show uploads.
  • SSL authentication now points to the correct IP address.
  • The infinite loop, that caused a CPU hog abend in csatpxy, has been removed.
  • The case change has been addressed, when SkipHttpReplyHeaderCaseChange=1.
  • Mail proxy no longer abends from a buffer overflow.
  • The proxy memory leak has been fixed.

Access Control Fix:

  • ACLcheck no longer abends with certain https requests.

Firewall and NAT Fix:

  • Stateful filters are no longer failing with the latest ipflt31 module.
Known problems and limitations

1. NBM 3.7 filters may not get configured through the NBM 3.7 SP2 iManager plug-in. To configure the filters, you need to upgrade all NBM 3.7 servers to SP2 or later. Until then, you can use NBM 3.7 plug-in to administer NBM 3.7 filters, and the NBM 3.7 SP2 or later plug-in to administer NBM 3.7 SP3 filters.

2. Stateful ping filter allows ping from one side of the firewall at a time. It does not allow simultaneous ping between a pair of hosts across the firewall. To make ping work simultaneously, create a static ICMP filter and disable the filters immediately after use. This is for security reasons.

3. A firewall with logging enabled may not work properly after it has been stressed for a long time.

4. Authentication during the NBM 3.7 SP3 install requires the Full Distinguished Name of the admin user (e.g., .admin.novell). If this is not done, schext.nlm will fail with an error code -601. However, if you do not specify the Full Distinguished Name at install you can:

  • Run schext.nlm manually after installation.
  • Unload filtsrv.nlm.
  • Run the command.
  • Unload filtsrv.nlm.
  • Reboot the server or load filtsrv.

5. The process of unloading and reloading filtsrv during installation may open the system for 10-15 seconds. If you feel the system becomes vulnerable because of this hole, do not expose the system during install.

6. Authentication may fail during NBM 3.7 installation if the password contains special characters.


Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com

© 2014 Novell