Sun Secure Application Switch
Contents
1. Sun Secure Application Switch Online 819 7596 HTML Within the Help V4 0 application Sun Secure Application Switch 819 7595 PDF Online Configuration and Implementation Guide You can also order at no cost a Documentation CD part number X3797A that includes these documents Go to http www sun com products networking switches for information How to Obtain Updates From Sun You can obtain updates and patches from your Sun authorized sales representative service provider or by downloading them from the SunSolve Online Web site at the following URL http sunsolve sun com For patch information instructions see the README file that accompanies each patch For downloads of released software visit the Sun Download Center at the following URL http www sun com downloads 2 Sun Secure Application Switch Release Notes for V4 0 Software November 2006 Contacting Sun Technical Support If you have technical questions about this product that are not answered in this document go to http www sun com service contacting Sun Welcomes Your Comments Sun is interested in improving its documentation and welcomes your comments and suggestions You can submit your comments by going to http www sun com hwdocs feedback Please include the title and part number of your document with your feedback Sun Secure Application Switch Release Notes for V4 0 Software part number 819 7244 New Feature2. Application Switch Online Help V4 0 for more information about the Web interface 10 Sun Secure Application Switch Release Notes for V4 0 Software November 2006 SNMP The Simple Network Management Protocol SNMP enables you to communicate with the SNMP agent on the Sun Secure Application Switch system from a remote management station This enables you to retrieve information about managed objects on the system as well as change configuration settings The Sun Secure Application Switch supports the following SNMP versions a SNMPv1 a SNMPv2c a SNMPv3 The Sun Secure Application Switch supports the standard SNMP commands GET GETNEXT GETBULK SET It does not however support any of the INFORM commands Supported Operating Systems and Web Browsers The following operating systems and Web browsers have been tested and work with the Sun Secure Application Switch for version 4 0 software Operating Systems and Web Browsers m Microsoft Windows 98 2000 XP Internet Explorer 5 5 and 6 x Netscape 6 2 7 x Mozilla 1 x a Firefox 1 x Opera 6 x and 7 x m Macintosh OSX v10 1 Internet Explorer 5 2 a Netscape 7 x a Mozilla 1 x a Firefox 1 x Sun Secure Application Switch Release Notes for V4 0 Software 11 Red Hat Linux a Netscape 7 1 a Mozilla 1 x a Opera 6 x m Solaris 9 and 10 a Mozilla 1 4 and 1 7 a Firefox 1 x Flash Software Plug In The minimum Macromedia Flash version require
3. com patents et un ou les brevets suppl mentaires ou les applications de brevet en attente aux Etats Unis et dans les autres pays Cette distribution peut comprendre des composants d velopp s par des tierces parties Des parties de ce produit pourront tre d riv es des syst mes Berkeley BSD licenci s par l Universit de Californie UNIX est une marque d pos e aux Etats Unis et dans d autres pays et licenci e exclusivement par X Open Company Ltd Sun Sun Microsystems et le logo Sun sont des marques de fabrique ou des marques d pos es de Sun Microsystems Inc aux Etats Unis et dans d autres pays Les produits qui font l objet de ce manuel d entretien et les informations qu il contient sont regis par la legislation americaine en matiere de controle des exportations et peuvent etre soumis au droit d autres pays dans le domaine des exportations et importations Les utilisations finales ou utilisateurs finaux pour des armes nucleaires des missiles des armes biologiques et chimiques ou du nucleaire maritime directement ou indirectement sont strictement interdites Les exportations ou reexportations vers des pays sous embargo des Etats Unis ou vers des entites figurant sur les listes d exclusion d exportation americaines y compris mais de maniere non exclusive la liste de personnes qui font objet d un ordre de ne pas participer d une facon directe ou indirecte aux exportations des produits ou des services qui sont regi par la legisl
4. regularExpression name COOKIE2_expression pattern space COOKIE2 space space parsedVariable name COOKIE2 parsedList COOKIE regularExpression COOKIE2_expression regularExpression name COOKIE3_expression pattern space COOKIE3 space space parsedVariable name COOKIE3 parsedList COOKIE regularExpression COOKIE3_expression derivedVariable name PICK1_COOKIE type integer expression COOKIE1 present crc32 COOKIE1 COOKIE2 present crc32 COOKIE2 COOKIE3 present crc32 COOKIE3 crce32 nil Once this variable is created it can be used in the fieldPrefix field of the requestPolicy when the persistType is set to fieldHash Sun Secure Application Switch Release Notes for V4 0 Software 5 Outgoing DNAT IP Address Is the Same As Virtual Service IP Address DNAT entry can have same IP address of a virtual service Stateful Flow SNAT When stateful flow SNAT is enabled a client on the Internet will not be able to go through an SNAT address The default setting for this feature is enabled To disable this feature type the syntax below config vswitch backend loadBalance outboundNat static stateful disabled Supported Hardware The V4 0 software is only supported on the N1000 Series of the Sun Secure Application Switch product family which consists of two models the N1400 and the N1216 m The N1400 provides 4 Gigabit Ethernet copper or fiber ports and a ful
5. that is not autonegotiating and fixed at 100 full or 100 half 1211 6351866 Auto negotiation does not work using the NS 83820 Fiber NIC and the Finisar SFF optical GBIC part number FTRJ 8519 3 The SFF optical GBIC PicoLight part numbers PL XPL 00 513 05 amp PL XPL 523 28 will auto negotiate with the NS 83820 Fiber NIC 5682 6351875 Jumbo frames directed to the switch IP address are dropped 1665 6351881 Spanning Tree Protocol BPDUs are not counted in VLAN interface statistics 1055 6351882 RealService If you attempt to disable a RealService that is used by a Virtual service VS with the longRxTimer value set longer than the default 64 seconds an error message will be displayed To disable the RealService you must remove it from the service group then disable it 7328 Routing If a static ARP entry is deleted the switch does not send an ARP request for the given host To resolve this issue ping the host from the switch and the ARP will be sent 7124 6427618 IP interface vRouters do not report ICMP TTL expiration As a result the traceroute may not properly function in certain situations 7147 6427480 Directed broadcasts are not forwarded across IP interfaces 2059 6351885 The on board traceroute command fails in an on board IP interface The ICMP ping command can be used 5092 6351887 The switch does not always respond to ICMP Address Mask requests properly 3946 6351890 OSPF type 2 AS extern
6. EC61000 4 5 1 kV AC Line Line and Outdoor Signal Lines 2 kV AC Line Gnd 0 5 kV DC Power Lines IEC61000 4 6 3 V IEC61000 4 8 1 A m IEC61000 4 11 Pass Safety This equipment complies with the following requirements of the Low Voltage Directive 73 23 EEC EC Type Examination Certificates EN60950 2001 1st Edition TUV Rheinland Certificate No 72051919 EN60950 2001 1st Edition CB Scheme Certificate No US TUVR 2479 Evaluated to all CB Countries UL 60950 1st Edition 2001 CSA C22 2 No 60950 01 03 File CO 72051920 01 Supplementary Information This product was tested and complies with all the requirements for the CE Mark S S Dennis P Symanski DATE Donald Cameron DATE Manager Compliance Engineering Program Manager Quality Systems Sun Microsystems Inc Sun Microsystems Scotland Limited 4150 Network Circle MPK15 102 Blackness Road Phase I Main Bldg Santa Clara CA 95054 USA Springfield EH49 7LR Tel 650 786 3255 Scotland United Kingdom Fax 650 786 3723 Tel 44 1 506 672 539 Fax 44 1 506 670 011 vi Sun Secure Application Switch Release Notes for V4 0 Software November 2006 Contents Product Web Page 1 Related Documentation 2 How to Obtain Updates From Sun 2 Contacting Sun Technical Support 3 Sun Welcomes Your Comments 3 New Features in This Release 3 Configuration Synchronization 4 Behavior Change Show runningConfig saveToFile Command 4 Stateful Firewall Support 4 Behavior Change Default vRouter fo
7. F Online Configuration and Implementation Guide You can also order at no cost a Documentation CD part number X3797A that includes these documents Go to http www sun com products networking switches for information Sun Secure Application Switch Release Notes for V4 0 Software 19 20 Sun Secure Application Switch Release Notes for V4 0 Software November 2006
8. al routes always use a metric of 1 regardless of the configured metric 5693 6351891 The switch will erroneously add a host route to the route table based on a received RIP update when the switch has already received a RIP update containing a route with a short mask for the same gateway This compliance problem should have no negative network impact 2457 6351892 Sun Secure Application Switch Release Notes for V4 0 Software 15 security CKM fails when trying to import a certificate or chain of certificates larger than 8 Kbytes 6540 6427451 VLAN The Show VLAN Statistics command does not include transmitted or received spanning tree BPDUs 1055 Web Interface Most browsers exhibit a security issue regarding the way basic authentication is implemented by continuing to send the old credentials after an error message is received To avoid this issue you must close the browser window used to connect to the switch to maintain security and prevent unauthorized access Mozilla is the only browser that does not exhibit this issue 1199 6351852 Displaying statistics using line graphs will preserve all history of graphed data which will continuously consume memory on your PC if left unattended 2299 6351855 Using the Web Interface the dashboard has a slow memory leak which is also present after the session times out due to inactivity If the Web Interface is left open for long periods of time such as overnight this may c
9. are 9 System Management Administrators can use multiple management tools to support the Sun Secure Application Switch in a network These tools include Command Line Interface CLI m Web interface a SNMP applications Command line Interface CLI The command line interface CLI uses an industry standard design that enables you to configure and manage the Sun Secure Application Switch by typing keyboard commands You access the CLI over a direct console connection to the RS 232 port on the front of the system or over a Telnet or SSH connection A connection to the CLI is indicated by the sun gt prompt on your screen The CLI uses a hierarchical design that enables you to move deeper into the command hierarchy as you build the configuration The CLI uses the command prompt to display your current location within the hierarchy Simple commands enable you to navigate to the appropriate context See the Sun Secure Application Switch Command Reference for information about the CLI and the Sun Secure Application Switch commands Web Interface The Sun Secure Application Switch Manager Web interface is a graphical user interface GUI that enables you to configure and manage the Sun Secure Application Switch using a browser The Web interface supports all management capabilities provided by the CLI Instead of entering information on a command line you navigate menus and supply information in data entry fields See the Sun Secure
10. ation americaine en matiere de controle des exportations et la liste de ressortissants specifiquement designes sont rigoureusement interdites LA DOCUMENTATION EST FOURNIE EN L ETAT ET TOUTES AUTRES CONDITIONS DECLARATIONS ET GARANTIES EXPRESSES OU TACITES SONT FORMELLEMENT EXCLUES DANS LA MESURE AUTORISEE PAR LA LOI APPLICABLE Y COMPRIS NOTAMMENT TOUTE GARANTIE IMPLICITE RELATIVE A LA QUALITE MARCHANDE A L APTITUDE A UNE UTILISATION PARTICULIERE OU A L ABSENCE DE CONTREFACON SE Ca Adobe PostScript Regulatory Compliance Statements Your Sun product is marked to indicate its compliance class Federal Communications Commission FCC USA Industry Canada Equipment Standard for Digital Equipment ICES 003 Canada Voluntary Control Council for Interference VCCI Japan e Bureau of Standards Metrology and Inspection BSMI Taiwan Please read the appropriate section that corresponds to the marking on your Sun product before attempting to install the product FCC Class A Notice This device complies with Part 15 of the FCC Rules Operation is subject to the following two conditions 1 This device may not cause harmful interference 2 This device must accept any interference received including interference that may cause undesired operation Note This equipment has been tested and found to comply with the limits for a Class A digital device pursuant to Part 15 of the FCC Rules These limits are designed to pr
11. ause workstation performance to deteriorate until the browser window is closed 5927 6351858 Online Help requires that JavaScript is enabled on your Web browser 2104 1351860 16 Sun Secure Application Switch Release Notes for V4 0 Software November 2006 Configuration Scaling Management System vSwitch One management vRouter Four shared vRouters 100 user accounts used for login access to the switch 10 concurrent CLI sessions 10 concurrent HTTP management sessions Virtualization User defined vSwitches One user defined vSwitch for the N1216 Ten user defined vSwitches with the optional virtualization key on the N1400 and N1216 L2 to L3 Scale Ports per LAG 16 LAGs 22 Ports or LAGs 44 per VLAN VLANs 512 per vSwitch 4095 total ARP entries 3000 per vRouter ACL lists 4 per vRouter ACL rules 256 per ACL list IP interfaces 128 per vRouter Static routes 200 per vRouter MAC entries 16 000 total Sun Secure Application Switch Release Notes for V4 0 Software 17 18 Load Balance Configuration Maximum number of virtual services 1024 per vSwitch 2048 total Service groups 512 per vSwitch 4096 total Hosts 1024 per vSwitch Real services 1024 per vSwitch 8192 total Maximum number of real services in a service group 1024 Request policies 1024 per vSwitch 4096 total Response policies 1024 per vSwitch Request transforms 1024 per vSwitch Response transforms 1024 per vSw
12. create the VLAN interface when importing a running configuration from a text file you must manually create the VLAN using the CLI After the VLAN interface has been manually created import the running configuration There is no impact pertaining to the VLAN interface if the running configuration is imported using the cdb file 7170 6427489 Firewall Load Balancing When defining firewall real services create a static route on the switch for each of the firewalls In the case where the firewall is the default gateway a default route for each firewall should be defined If a firewall real service is disabled or deleted the associated route for the firewall must be deleted as well 7250 6483927 Remove the Client Source IP Range and value from any configuration files being imported onto the Sun Secure Application Switch running V4 0 7207 6462212 Firewall load balancing is not supported in a redundant configuration using VSRP VRRP 6868 6427456 FTP The FTP client on the switch is not accessible through the Web interface The FTP client must be used within the CLI 3778 6351865 Sun Secure Application Switch Release Notes for V4 0 Software 13 Load Balancing UDP Virtual services are not allowed to share the same Real Services Prior to V4 0 this check was enforced Unique UDP Real Services must be created for each UDP Virtual Service 7361 6484593 When LIST Server Health Check SHC is configured in a service group made u
13. d is version 6 0 65 0 Newer versions of Flash such as 7 x and 8 x also work Known Issues With This Release This section describes the known problems restrictions and limitations in version 4 0 V4_ORO software on the Sun Secure Application Switch For tracking purposes an internal Sun reference number is included at the end of each item in this section ACLs ACLs will not block traffic that is generated internally within the Sun Secure Application Switch such as RIP advertisements outgoing Spanning Tree BPDUs etc 2225 6351897 The number of ACLs that can be applied to interfaces across the switch will vary with the complexity of the rules that are applied If the internal table limits are exceeded an error will be generated and reported through the syslog facility 4226 156609 Routed traffic on a single vRouter only hits either the ingress inbound or the egress outbound when it should hit both rules The first rule loaded either ingress or egress will match the incoming packet flow 6614 6351901 12 Sun Secure Application Switch Release Notes for V4 0 Software November 2006 ARP ARP responses with multicast MAC addresses are not automatically installed To resolve this issue manually enter the static ARP For example firewall clusters can be configured to send multicast ARPs 7274 Configuration When importing the running configuration from a text file the VLAN interface might not be created To
14. ication switch that provides advanced Layer 3 to Layer 7 L3 to L7 load balancing and advanced Secure Sockets Layer SSL acceleration with reencryption The switch provides these services on a flexible virtualized basis within the convenience of a single enclosure and with industry leading speed security and availability The V4 0 software is only supported on the N1000 Series of the Sun Secure Application Switch product family consisting of the N1400 and the N1216 When it is necessary to differentiate between the two switches the model numbers are used in this document Product Web Page You can access updated product information updated documentation MIB information and other relevant information about the Sun Secure Application Switch at the URL below Periodically you should check this URL to verify that you have the most recent version of this document http www sun com products networking switches Related Documentation The Sun Secure Application Switch documentation listed here is available online at http www sun com products networking switches TABLE P 1 Related Documentation Title Part Number Format Location Sun Secure Application Switch Getting 819 3042 Printed Ship Kit Started Guide PDF Online Sun Secure Application Switch Release 819 7244 Printed Ship Kit Notes for V4 0 This document PDF Online Sun Secure Application Switch Command 819 7594 HTML Online Reference for V4 0
15. itch Object rules 1000 per vSwitch Configurable health checks 512 per vSwitch Active health checks 1024 per vSwitch Keep alives 1 probe or 1 list of up to 5 HTTP probes 1 per vSwitch 1024 bit certificates 512 per vSwitch Note The scaling numbers outlined above are individually achievable but maximum configurations combining all of the scale factors are not achievable Sun Secure Application Switch Release Notes for V4 0 Software November 2006 Documentation Updates Please refer to the following Sun Web site for the most recent versions of the documentation for this product http www sun com products networking switches Getting Started Guide Table P 2 in the translated versions of the Getting Started Guide 819 3966 12 819 3967 12 819 3968 12 819 3969 12 819 3970 12 819 3971 12 and 819 3972 12 contains incorrect references to related documentation The correct references to related documents are shown below TABLE P 2 Related Documentation Title Part Number Format Location Sun Secure Application Switch Getting 819 3042 Printed Ship Kit Started Guide PDF Online Sun Secure Application Switch Release 819 7244 Printed Ship Kit Notes for V4 0 This document PDF Online Sun Secure Application Switch Command 819 7594 HTML Online Reference for V4 0 Sun Secure Application Switch Online 819 7596 HTML Within the Help V4 0 application Sun Secure Application Switch 819 7595 PD
16. ived Session If long lived session is enabled up to 20 000 of a media module network processor s 500 000 active flow sessions can be reserved for long lived usage As new flows are required the oldest inactive sessions are purged first Long lived sessions apply to L4SLB and L3SLB The default setting for long lived sessions is disabled When the feature is disabled flow sessions will exist for 90 seconds SNAT Active Standby Behavior In Redundant Configuration In redundant configuration applications the back up switch now puts SNAT in standby mode so IPs are not duplicated 4 Sun Secure Application Switch Release Notes for V4 0 Software November 2006 Specifying Which Cookies Are Used for Persistence The switch administrator can specify which cookies are to be used for persistence You can choose multiple cookies to cause persistence in a single requestPolicy Each cookie that is examined is checked in precedence order This process is accomplished through a derivedVariable that uses predicates to look for each cookie value Each cookie value that is examined is generated through a parsedVariable that is parsed from the COOKIE parsedList The first cookie that is found is then changed to an integer value by generating a CRC32 of its string value regularExpression name COOKIE1 expression pattern space COOKIE1 space space parsedVariable name COOKIE1 parsedList COOKIE regularExpression COOKIE1_expression
17. l complement of system and port status LEDs m The N1216 provides two pluggable Gigabit Ethernet copper or fiber ports sixteen 10 100 Mbps ports and a full complement of system and port status LEDs Both models are rackmountable and operate on standard AC voltages 115 or 230 VAC in either redundant or non redundant power configurations For a review of the Sun Secure Application Switch hardware refer to the Sun Secure Application Switch Getting Started Guide 6 Sun Secure Application Switch Release Notes for V4 0 Software November 2006 Transceivers Sun has tested the ports on the front of the system with the following transceivers which are listed by type vendor vendor part number and Sun X Option number Fiber a FINSAR FTRJ 8519P1 BNL X2001A a FINSAR FTLF 8519P2BCL X2001AZ a FIBERXON FTM 8012C SLG X2001AZ Copper a FINSAR FCMJ 8521 3 X2002A a FINSAR FCLF8521 3 X2002AZ You can use other transceivers but only the ones listed above have been fully tested by Sun for compatibility with the switch If required you can purchase these transceivers from Sun or directly from approved vendors Software Information The V4 0 software release V4_ORO works with both models in the N1000 Series m If you currently have V3 x y software on your switch you can download the V4 0 software from the Sun Download Center at the following URL http www sun com downloads When migrating from software ve
18. ovember 2006 Declaration of Conformity Compliance Model Number N1400 Product Name N1000 N1400 N1400V N1216 N1216V Sun Secure Application Switch EMC USA FCC Class A This equipment complies with Part 15 of the FCC Rules Operation is subject to the following two conditions 1 This equipment may not cause harmful interference 2 This equipment must accept any interference that may cause undesired operation European Union This equipment complies with the following requirements of the EMC Directive 89 336 EEC As Telecommunication Network Equipment TNE in both Telecom Centers and Other Than Telecom Centers per as applicable EN300 386 V 1 3 2 2003 2005 Required Limits EN55022 1994 A1 1995 A2 1997 Class A EN61000 3 2 2000 Pass EN61000 3 3 1995 A1 2000 Pass IEC61000 4 2 6 kV Direct 8 kV Air IEC61000 4 3 3 V m 80 1000 MHz 10 V m 800 960 MHz and 1400 2000 MHz IEC61000 4 4 1 kV AC and DC Power Lines 0 5 kV Signal Lines IEC61000 4 5 2 kV AC Line Gnd 1 kV AC Line Line and Outdoor Signal Lines 0 5 kV Indoor Signal Lines gt 10m IEC61000 4 6 3 V IEC61000 4 11 Pass As Information Technology Equipment ITE Class A per as applicable EN55022 1994 A1 1995 A2 1997 Class A ENG6100 3 2 2000 Pass ENG61000 3 3 1995 A1 2000 Pass EN55024 1998 A1 Required Limits 2001 A2 2003 IEC61000 4 2 4 kV Direct 8 kV Air IEC61000 4 3 3 V m IEC61000 4 4 1 kV AC Power Lines 0 5 kV Signal and DC Power Lines T
19. ovide reasonable protection against harmful interference when the equipment is operated in a commercial environment This equipment generates uses and can radiate radio frequency energy and if it is not installed and used in accordance with the instruction manual it may cause harmful interference to radio communications Operation of this equipment in a residential area is likely to cause harmful interference in which case the user will be required to correct the interference at his own expense Modifications Any modifications made to this device that are not approved by Sun Microsystems Inc may void the authority granted to the user by the FCC to operate this equipment ICES 003 Class A Notice Avis NMB 003 Classe A This Class A digital apparatus complies with Canadian ICES 003 Cet appareil num rique de la classe A est conforme la norme NMB 003 du Canada VCCI DT DIAANCCI DT IFA AVCCIORRMNHSI YAF VY a BRUTT Ya AA DOA ATER WEC THSOMMICIL FAO ZML ET DEUX ERUERA TEKME H ERMA VCC OEE PDA ARR ICT COR CAE CENTS CRS ES EE LT TEM HOT COMA ICME AAS SHIR ET SKID BORANSTCEMBOVET BSMI Class A Notice The following statement is applicable to products shipped to Taiwan and marked as Class A on the product compliance label EREHE jee AN Sateean SEA eee i ERER TIR gt TE PF SHE SRERRIRE ER GOST R Certification Mark gi iv Sun Secure Application Switch Release Notes for V4 0 Software N
20. p of 26 or more real services SHC will not be sent If you have 26 real services in a service group do not use LIST SHC use another type of health check instead 7014 6428861 Request Transform has a field header indicating which advanced HTTP header should be removed The headers are not updated automatically however you can remove them manually To access the field click vSwitch click loadBalance then click requestTransform 7159 6427487 Opera Web browsers continue to request TCP data even when receiving a TCP RST This can cause the browser to appear hung 2844 6351904 UDP load balancing including RADIUS and DNS does not support frames with IP options 4469 6351907 Object Rules The predicate variable HTTP_VERSION has been removed and replaced in version 3 x You can now use REQUEST_VERSION in predicates with requestPolicies or use RESPONSE_VERSION in predicates with responsePolicies 6841 6351913 The predicate variables REFERER ACCEPT ACCEPT_LANGUAGE UPGRADE and SERVER behaved differently in the V3 0 software than in previous releases With the V3 1 release the predicate variables were reverted to work as they did in the V2 0 release For additional information or assistance contact Sun Technical Support 6837 14 Sun Secure Application Switch Release Notes for V4 0 Software November 2006 Ports The Ethernet management port will come up as 10 half if set to autonegotiate and connected to an endstation
21. r Virtual Services 4 Long Lived Session 4 SNAT Active Standby Behavior In Redundant Configuration 4 Specifying Which Cookies Are Used for Persistence 5 Outgoing DNAT IP Address Is the Same As Virtual Service IP Address 6 Stateful Flow SNAT 6 Supported Hardware 6 Transceivers 7 Software Information 7 Migrating From Software Version 3 x to Version 4 0 8 2 Importing a Version 3 x Configuration 8 System Management 10 Command line Interface CLI 10 Web Interface 10 SNMP 11 Supported Operating Systems and Web Browsers 11 Operating Systems and Web Browsers 11 Flash Software Plug In 12 Known Issues With This Release 12 ACLs 12 ARP 13 Configuration 13 Firewall Load Balancing 13 FTP 13 Load Balancing 14 Object Rules 14 Ports 15 RealService 15 Routing 15 Security 16 VLAN 16 Web Interface 16 Configuration Scaling 17 Management 17 Virtualization 17 L2 to L3 Scale 17 Load Balance Configuration 18 Documentation Updates 19 Sun Secure Application Switch Release Notes for V4 0 Software November 2006 Getting Started Guide 19 Contents 3 4 Sun Secure Application Switch Release Notes for V4 0 Software November 2006 Sun Secure Application Switch Release Notes for V4 0 Software The Sun Secure Application Switch Release Notes for V4 0 Software contains the latest information and known issues for the Sun Secure Application Switch version 4 0 software The Sun Secure Application Switch is an intelligent appl
22. rsion V3 0 x to V4 0 you are not required to install software V3 1 as part of the migration process However you should refer to the V3 1 Release Note to become familiar with any software changes that may have been introduced with the V3 1 software You can obtain the Sun Secure Application Switch Release Note for V3 1 at the URL below Note The following URL is one continuous path http www sun com products n solutions hardware docs Network_Connectivity secure_app_switches n1000 index html Sun Secure Application Switch Release Notes for V4 0 Software 7 Migrating From Software Version 3 x to Version 4 0 1 Obtain and install the V4 0 software release from the Sun Download Center You can access the Sun Download Center Web site at the following URL http www sun com downloads After the page loads click Networking and scroll down to Network Connectivity to access the software link 2 Reboot the switch After installing the version 4 0 software the configuration database will automatically be upgraded to the version 4 0 format The cdb file name will remain the same after the upgrade Importing a Version 3 x Configuration If you have installed version 4 0 software onto a switch that was already equipped with version 3 x software the configuration database is automatically upgraded If you want to import a portable version 3 x configuration into a switch running version 4 0 perform the following s
23. s in This Release The version 4 0 release includes the following new software features m Configuration Synchronization m Behavior change show runningConfig saveToFile Command m Stateful Firewall Support m Behavior Change Default vRouter for Virtual Services m Long Lived Sessions a SNAT Active Standby Behavior In Redundant Configuration m Specifying Which Cookies Are Used for Persistence m Outgoing DNAT IP Address Is the Same As Virtual Service IP Address m Stateful Flow SNAT Sun Secure Application Switch Release Notes for V4 0 Software 3 Configuration Synchronization For information about the Configuration Synchronization feature refer to the Sun Secure Application Switch Configuration and Implementation Guide part number 819 7595 Behavior Change Show runningConfig saveToFile Command In version 4 0 the defaultValues and nameValuePairs are included when a show runningConfig saveToFile command is executed In previous versions of software you manually had to set defaultValues and nameValuePairs to true to include this information Stateful Firewall Support If a firewall goes down while the switch is transferring a file the next available firewall in the configuration will maintain the current connection Behavior Change Default vRouter for Virtual Services When creating a virtual service the default vRouter has changed from system shared to the userdefined vRouter that is associated with the host Long L
24. sS R SUN microsystems Sun Secure Application Switch Release Notes for V4 0 Software Sun Microsystems Inc www sun com Part No 819 7244 11 v2 November 2006 Revision A Submit comments about this document at http www sun com hwdocs feedback Copyright 2006 Sun Microsystems Inc 4150 Network Circle Santa Clara California 95054 U S A All rights reserved Sun Microsystems Inc has intellectual property rights relating to technology embodied in the product that is described in this document In partica ar and without limitation these intellectual property rights may include one or more of the U S patents listed at ttp www sun com patents and one or more additional patents or pending patent applications in the U S and in other countries U S Government Rights Commercial software Government users are subject to the Sun Microsystems Inc standard license agreement and applicable provisions of the FAR and its supplements This distribution may include materials developed by third parties Regular expression support is provided by the PCRE library package which is open source software written by Philip Hazel and copyright by the University of Cambridge England ftp ftp csx cam ac uk pub software programming pcre Parts of the e produet may be derived from Berkeley BSD systems licensed from the University of California UNIX is a registered trademark in the U S and in other countries exclusively licensed
25. teps 1 Perform the following manual edits a Remove any advanced settings for non terminated virtualServices L3SLB L4SLB TDLB FWLB In the following example you must remove the virtual service advanced settings Virtual Service configuration loadBalance virtualService vsl L4SLB 1 1 1 1 sg2 loadBalance virtualService vsi Virtual service advanced settings advanced rcvWnd 40000 exit exit 8 Sun Secure Application Switch Release Notes for V4 0 Software November 2006 loadBalance virtualService vs2 TDLB 2 2 2 2 sg2 loadBalance virtualService vs2 Virtual service advanced settings advanced xmtRetryLimit 5 exit exit b Remove the Client Source IP Range and value if they exist in the configuration file being imported onto the switch In the following example you must remove FWLB sgl clientSrcIPRange 1 1 1 1 2 2 2 2 loadBalance virtualService fw FWLB sg1 clientSrcIPRange 1 1 1 1 2 2 2 2 loadBalance virtualService fw exit exit c Save the file after edits are made 2 Verify that the Interactive feature is turned off At the switch prompt type the following text then press the Enter key sun config interactive off 3 Import the running configuration with stopOnError set to false similar to the following sun config import runningConfig FromFile lt myConfig txt gt password lt myPassword gt stopOnError false Sun Secure Application Switch Release Notes for V4 0 Softw
26. through X Open Company Ltd Sun Sun Microsystems and the Sun logo are trademarks or registered trademarks of Sun Microsystems Inc in the U S and other countries Products covered by and information contained in this service manual are controlled by U S Export Control laws and may be subject to the export or import laws in other countries Nuclear missile chemical biological weapons or nuclear maritime end uses or end users whether direct or indirect are strictly prohibited Export or reexport to countries subject to U S embargo or to entities identified on U S export exclusion lists including but not limited to the denied persons and specially designated nationals lists is strictly prohibited DOCUMENTATION IS PROVIDED AS IS AND ALL EXPRESS OR IMPLIED CONDITIONS REPRESENTATIONS AND WARRANTIES INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY FITNESS FOR A PARTICULAR PURPOSE OR NON INFRINGEMENT ARE DISCLAIMED EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID Copyright 2006 Sun Microsystems Inc 4150 Network Circle Santa Clara Californie 95054 Etats Unis Tous droits r serv s Sun Microsystems Inc d tient les droits de propri t intellectuels relatifs la technologie incorpor e dans le produit qui est d crit dans ce document En particulier et ce sans limitation ces droits de propri t intellectuelle peuvent inclure un ou plus des brevets am ricains list s l adresse http www sun
Download Pdf Manuals
Related Search