APSoluteVision 3 80 00 RN

APSolute Vision
Release Notes
Version 3.80.00 Rev. 1
February 2017
TABLE OF CONTENTS
CONTENT ..................................................................................................................................................... 6
RELEASE SUMMARY .................................................................................................................................. 6
SUPPORTED PLATFORMS ........................................................................................................................ 6
ODS VL SPECIFICATION ........................................................................................................................... 7
OVA-DEPLOYMENT................................................................................................................................... 7
BROWSER AND OS SPECIFICATIONS FOR W EB BASED MANAGEMENT .......................................................... 8
CAPACITY SPECIFICATIONS ....................................................................................................................... 9
System Capacity .............................................................................................................................. 9
APM Performance Notes ............................................................................................................... 11
SUPPORTED DEVICES AND VERSIONS ................................................................................................ 12
SUPPORTED ALTEON VERSIONS .............................................................................................................. 12
SUPPORTED APPW ALL VERSIONS ........................................................................................................... 12
SUPPORTED LINKPROOF NG VERSIONS .................................................................................................. 13
SUPPORTED DEFENSEPRO VERSIONS ..................................................................................................... 13
SUPPORTED DEFENSEFLOW VERSIONS ................................................................................................... 14
SUPPORTED DEFENSEPIPE VERSIONS ..................................................................................................... 14
OBTAINING AND INSTALLING THE SOFTWARE................................................................................... 15
OBTAINING THE SOFTWARE ..................................................................................................................... 15
INSTALLING THE SOFTWARE .................................................................................................................... 15
UPGRADING THE SOFTWARE ................................................................................................................ 15
WHAT’S NEW IN 3.80.00 ........................................................................................................................... 16
RIGHT TO USE LICENSE MANAGEMENT .................................................................................................... 16
LOGICAL GROUPS OF DEVICES ................................................................................................................ 20
OPERATOR TOOLBOX DASHBOARD ENHANCEMENTS................................................................................. 16
SNMP ALERT REPORTING ...................................................................................................................... 22
NEW MULTI-DEVICE SERVICE STATUS DASHBOARD.................................................................................. 22
APSOLUTE VISION DEPLOYMENT ON MICROSOFT HYPER-V VIRTUAL MACHINE ......................................... 24
SUPPORT DEFENSEPRO MR PLATFORM .................................................................................................. 24
QUERY LIMITATION ON ONGOING ATTACKS TABLE AND ALERTS TABLE ...................................................... 24
AUTOMATION—REST API ...................................................................................................................... 24
MAINTENANCE FIXES .............................................................................................................................. 24
FIXED IN VERSION 3.80.00 (BUILD XXX) .................................................................................................. 25
APSolute Vision—General ............................................................................................................. 25
ADC Management.......................................................................................................................... 27
Security Management .................................................................................................................... 27
Release Notes: APSolute Vision Version 3.80.00, Rev. 1, February 2017 Page 2
FIXED IN VERSION 3.70.01 (BUILD 894) ................................................................................................... 29
FIXED IN VERSION 3.70.00 (BUILD 862) ................................................................................................... 30
ADC Management.......................................................................................................................... 33
FIXED IN VERSION 3.60 (BUILD 1139) ...................................................................................................... 39
ADC Management.......................................................................................................................... 40
ADC Management.......................................................................................................................... 43
ADC Management.......................................................................................................................... 48
FIXED IN VERSION 3.20 (BUILD 1360) AND VERSION 3.30 ......................................................................... 50
FIXED IN VERSION 3.20 GA (BUILD 1334 AND BUILD 1360) ...................................................................... 51
ADC Management.......................................................................................................................... 51
FIXED IN VERSION 3.20 EA (BUILD 49) AND GA (BUILD 1334) .................................................................. 53
ADC Management.......................................................................................................................... 53
FIXED IN VERSION 3.00 GA (2256) .......................................................................................................... 55
APSolute Vision – General ............................................................................................................ 55
ADC Management.......................................................................................................................... 55
FIXED IN VERSION 3.00.00 BUILD EA (128) AND GA (2256)...................................................................... 56
APSolute Vision – General ............................................................................................................ 56
ADC Management.......................................................................................................................... 56
FIXED IN VERSION 2.40.00 ...................................................................................................................... 59
ADC Management.......................................................................................................................... 60
FIXED IN VERSION 2.30.00 ...................................................................................................................... 61
ADC Management.......................................................................................................................... 62
FIXED IN VERSION 2.15.10 ...................................................................................................................... 63
ADC Management.......................................................................................................................... 64
FIXED IN VERSION 2.15.00 BUILD 240 ...................................................................................................... 65
FIXED IN VERSION 2.15.00 BUILDS 195 AND 240...................................................................................... 66
ADC Management.......................................................................................................................... 66
FIXED IN VERSION 2.10.00 BUILD 745 ..................................................................................................... 68
ADC Management.......................................................................................................................... 68
FIXED IN VERSION 2.10.00 BUILD 740 ..................................................................................................... 68
ADC Management.......................................................................................................................... 69
KNOWN LIMITATIONS .............................................................................................................................. 71
APSOLUTE VISION—GENERAL ................................................................................................................ 72
ADC MANAGEMENT ................................................................................................................................ 75
DEVICE PERFORMANCE MONITORING (DPM) ........................................................................................... 77
APPLICATION PERFORMANCE MONITORING (APM) ................................................................................... 79
SECURITY MANAGEMENT......................................................................................................................... 84
APSOLUTE VISION REPORTER (AVR) ...................................................................................................... 90
VDIRECT SERVICE ................................................................................................................................... 92
APSOLUTE VISION REPORTER (AVR)—MAINTENANCE FIXES AND FEATURES ............................ 95
AVR V2.1.1.11 RELEASED ON 19-MAY-2016 .......................................................................................... 95
AVR V2.1.1.10 RELEASED ON 7-APRIL-2016........................................................................................... 96
AVR V2.1.1.9 RELEASED ON 23-DECEMBER-2015 .................................................................................. 96
AVR V2.1.1.8 RELEASED ON 1-DECEMBER-2015 .................................................................................... 96
AVR V2.1.1.7 RELEASED ON 17-NOVEMBER-2015 .................................................................................. 96
AVR V2.1.1.6 RELEASED ON 4-NOVEMBER-2015 .................................................................................... 97
AVR V2.1.1.5 RELEASED ON 1-OCTOBER-2015 ...................................................................................... 97
AVR V2.1.1.1 RELEASED ON 8-JULY-2015 .............................................................................................. 97
AVR V2.1.1.0 RELEASED ON 18-JUNE-2015 ........................................................................................... 98
AVR V2.1.0.6 RELEASED ON 22-MAY-2015 ............................................................................................ 99
AVR V2.1.0.5 RELEASED ON 11-MAY-2015 ............................................................................................ 99
AVR V2.1.0.4 RELEASED ON 14-APRIL-2015......................................................................................... 100
AVR V2.1.0.3 RELEASED ON 10-APRIL-2015......................................................................................... 100
RELATED DOCUMENTATION ................................................................................................................ 102
Content
Radware announces the release of APSolute Vision version 3.80.00. These release notes
describe new features since the last released version of APSolute Vision, 3.70.01. This version
includes all bug fixes from previous versions.
Release Summary
Version 3.80.00 supports new features and bug fixes.
Build Number: 719
Supported Platforms
APSolute Vision version 3.80.00 runs as a physical appliance on the OnDemand Switch (ODS-
VL) platform and as a virtual appliance (VA) running on VMware vSphere ESXi 5.1, 5.5, or 6.0,
Virtual Machine version 8, or on KVM, or on Microsoft Hyper-V 6.3.
Deployment on KVM was tested running host OS Ubuntu 14 (version 14.04.2), RHL6, CentOS 6
and 7.
KVM version details:
 Compiled against library libvirt 1.2.2
 Using library libvirt 1.2.2
 Using API QEMU 1.2.2
 Running hypervisor QEMU 2.0.0
The following table lists the available deployments:

Deployment ODS-VL (Physical Appliance) VMware KVM Hyper-V
APSolute Vision    
Full-scale
APSolute Vision   
with APM Server
APSolute Vision 
Demo-scale
ODS VL Specification
The specifications of the ODS VL are as follows:
 8 GB RAM
 Four CPUs
 450 GB hard drive
 Two NICs
OVA-Deployment
The specifications of the full-size APSolute Vision with APM server VA are as follows:
 24 GB RAM
 12 vCPUs
 600 GB HD
 Four defined virtual NICs
 Maximum supported events-per-second per unit: 1000 (500 via management port)
 Maximum distinct URLs per application: 100
The specifications of the full-size VA are as follows:

 16 GB RAM
 8 vCPUs
 Three defined virtual NICs
Note: For higher scale, you can allocate additional CPU and RAM in your virtual machine
settings.
Caution: Due to new architectural changes in APSolute Vision, the default specifications for a
full-size VA have changed in version 3.80 as per above. Radware recommends verifying the
specifications of your virtual machine before upgrading to version 3.80 or higher. Failing to
comply with the above specifications’ recommendation could result in scale degradation.
The specifications of the demo VA are as follows:

 8 GB RAM
 Four vCPUs
 Three defined virtual NICs
Browser and OS Specifications for Web Based Management
The following operating systems are supported for APSolute Vision Web Based Management:
 Windows Server 2008R2 64-bit—Tested with Internet Explorer 11.0.9600.16438 (excluding
AVR), Chrome (excluding AVR and APM) 56.0.2924.87, Firefox (excluding AVR) 51.0.1
(32-bit) and 56.0.2924.87 (excluding AVR).
 Windows 8.1 64-bit—Tested with Internet Explorer 11.0.9600.18500, Chrome (excluding
AVR) 56.0.2924.87 and Firefox 51.0.1 (32-bit).
 Windows 7 Professional SP1 32-bit and 64-bit—Tested with Internet Explorer 11.0.9600.
18500, Chrome (excluding AVR) 56.0.2924.87 and Firefox 51.0.1 (32-bit).
 Windows Server 2012R2 64-bit—Tested with Internet Explorer 11.0.9600.16438 (excluding
AVR), Chrome (excluding AVR) 56.0.2924.87 and Firefox 51.0.1 (32-bit).
 Linux Ubuntu Desktop 14.04 LTS 64-bit—Tested with Chromium (excluding AVR)
56.0.2924.87 and Firefox 51.0.1 (64-bit).
 Mac OS X—Tested with Firefox (excluding AVR) 51.0.1 (64-bit), Chrome (excluding AVR)
56.0.2924.8716 (64-bit) and Safari (excluding AVR) 10.0 (12602.1.50.0.10).
The following Web browsers are supported for launching the APSolute Vision Web-based
interface, the APSolute Vision Reporter (AVR), the Device Performance Monitor (DPM), and the
APM Web-based interface:
 Mozilla Firefox 51
 Chrome 56
 Internet Explorer 11
 Safari 10
Launching the APSolute Vision Reporter (AVR) requires Java Runtime Environment (JRE)
1.8.0_51-b16 or later.
Capacity Specifications
System Capacity
Interface Topic Capacity Capacity of Capacity of Capacity of

of Full-Scale Full-Scale VA Demo-Scale
Physical VA and VA and VA with VA
Appliance with APM APM Server
Server with with 12 vCPUs
8 vCPUs and and 24 GB
16 GB RAM RAM
User User accounts Unlimited Unlimited Unlimited Unlimited
Management Concurrent 50 50 50 1
users
Device Maximum 1000 1000 1000 2
Management managed Alteon
devices
(Standalone, VA,
ADC-VX, and
vADC)
Maximum 20 20 20 2
managed
AppWall devices
(Standalone,
Cluster
Manager, or
Gateway) or
Alteon devices
with embedded
AppWall module
Maximum 40 40 40 2
managed
DefensePro
devices
Maximum total 1000 1000 1000 2
managed
devices
16 GB RAM RAM
Security Maximum total 200 1500 1500 Not
Monitoring number of supported for
enabled Network production
or Server deployment
Protection
policies on all
managed
DefensePro
devices
Maximum total 680 4200 4200 Not
number of supported for
profiles included production
in enabled deployment
Network or
Server
Protection
policies on all
managed
DefensePro
devices
Attacks stored in 100M 100M 100M Not
APSolute Vision supported for
Reporter production
deployment
Device Maximum total 400 400 400 Not
Performance number of Alteon supported for
Monitoring devices production
(DPM) monitored by deployment
DPM
number of supported for
applications production
(virtual services) deployment
monitored by
DPM
16 GB RAM RAM
number of real supported for
servers production
monitored by deployment
DPM
Application Maximum N/A 1000 1000 N/A
Performance supported
Monitoring events-per-
(APM) second
Maximum N/A 100 100 N/A
distinct URLs per
application
Performance testing for Security Monitoring was done with the maximum supported enabled
Network Protection or Server Protection policies with the maximum supported profiles, under
100 constant concurrent attacks.
The scalability testing of Device Performance Monitoring (DPM) and Security Monitoring were
performed in isolated environments for each feature. The concurrent operation of DPM and
Security Monitoring can affect the actual performance.
APM Performance Notes
To achieve the best performance, route events to the G4 interface.

The APM performance limit through the G4 interface is 1000 events per second.
The APM performance limit through the G1 or G2 interface is 500 events per second.
Supported Devices and Versions
APSolute Vision version 3.80.00 supports Alteon, AppWall, LinkProof NG, and DefensePro
devices. DefenseFlow and DefensePipe are also supported.
Supported Alteon Versions

The following table lists the Alteon versions supported by the version:
Software Version Support
29.5.x Support for configuration and monitoring.
Supported AppWall Versions

The following table lists the AppWall versions supported by the version:
5.0.1 Supported by APSolute Vision Reporter (AVR) only.
Note: The device must be manually configured to send security
reporting syslog events to the APSolute Vision server.
6.4.1 Support for configuration, monitoring, real-time security monitoring, and
AVR.
reporting syslog events to APSolute Vision server. The Refine
functionality is not supported.
AVR.
AVR.
Supported LinkProof NG Versions

The following table lists the LinkProof NG versions supported by the version:
Supported DefensePro Versions

The following table lists the DefensePro versions supported by the version:
6.09.01 Support for configuration, monitoring, and security reporting.
6.14.x Support for configuration, monitoring, and security reporting.
vDP 1.00.x Support for configuration, monitoring, and security reporting.
vDP 1.01.x Support for configuration, monitoring, and security reporting.
Supported DefenseFlow Versions

The following table lists the DefenseFlow versions supported by the version:
2.3.0 Support for standalone DefenseFlow deployment.
Support for configuration, real-time, and historical security monitoring
(AVR).
(AVR).
(AVR).
2.6.x Support for standalone DefenseFlow deployment.
(AVR).
Supported DefensePipe Versions

APSolute Vision can provide access to all DefensePipe versions.
Obtaining and Installing the Software
This section describes how to obtain and install the software for this version.
Obtaining the Software

Go to http://portals.radware.com/Customer/Home/ and log in if prompted.
Note: You must have a username and password before attempting to download a software
update. If you do not have a username and password, go to
https://portals.radware.com/Not-Logged-In/Customer-Registration-Form/ and complete and
submit the form.
On the Customer portal home page, do the following:
a. From Downloads, select the product family that you want.
b. For the product family you selected, select the product that you want.
c. Select the product version and platform.
d. For the product version you selected, select the Software Downloads tab. Select the
platform you want from the table.
For the release version and platform you want to update or recover, select the Download
Software icon, and download the relevant software update or recovery files to a server
within your own organization that is accessible using FTP or TFTP.
Installing the Software

For details on installation of the APSolute Vision server, refer to the APSolute Vision Installation
and Maintenance Guide.
Upgrading the Software

You can upgrade to this version from APSolute Vision version 3.40 and later, including fix
packs.
Following software upgrade, you should clean the Web UI browser cache or perform a deep
refresh (Ctrl+F5).
Additionally, following upgrade, make sure APSolute Vision is using the latest version of all
device drivers.
To make sure APSolute Vision is using the latest version of all device drivers
1. In APSolute Vision, select Settings ( ) > System > General Settings > Device Drivers.
2. Click the (Update All Drivers to Latest) button.
What’s New in 3.80.00
The following sections describe the main new features and enhancements supported by
APSolute Vision version 3.80.00.
Operator Toolbox Dashboard Enhancements

Version 3.80 introduces a new look and feel of the Operator Toolbox dashboard, enabling you
to manage and customize contents of the panels in the Toolbox dashboard.
You can manage the contents of the category panels by adding, removing, or moving scripts.
Moving scripts is very easy. You can select a script in another category panel, or an unassigned
script, and simply drag and drop it to the selected panel.
Figure 1: Operator Toolbox Dashboard in APSolute Vision Version 3.80
Toolbox icon—Displays the Toolbox dashboard. Clicking Advanced icon displays the advanced
features of the Toolbox.
You can customize your view of the dashboard. You can drag and drop a script
from one category panel to another category panel. You can add scripts to the
Favorites panel.
You can hover over a script icon and click a button to configure a
scheduled task to run the script, delete the script from your view of
the dashboard, and run the script immediately.
Here is an example of a user-defined icon for a user-defined

script.
You can click this button to select a script in

another panel and move it to the currently selected
panel.
You can use the new Add Scripts dialog box to add one or multiple scripts to a panel in the
Toolbox dashboard.
Figure 2: Add Scripts Dialog Box
Type a string in this box to show only the

matching script names.
The Add Scripts dialog box displays only the

categories that are populated. Here, the
category lists are collapsed.
The Unassigned category contains the
scripts in the APSolute Vision server with the
Category value Unassigned. Here, the
category list is expanded, and it contains an
example of a user-defined icon for a user-
defined script.
Right to Use License Management
APSolute Vision has capacity limitations and limitations based on the right-to-use (RTU) license.
The total number of licenses is called the RTU license pool. The RTU license pool determines
the maximum number of supported physical and virtual devices that the APSolute Vision server
can manage.
In this version and later, APSolute Vision enforces RTU licenses when the system is in violation
of the RTU license—that is, when the number of devices managed by APSolute Vision exceeds
the number of permitted devices by the RTU license pool.
When a system is in violation of the RTU license:
 APSolute Vision allows you to manage only the number of devices corresponding to the
RTU license pool.
 The RTU License status of the devices that are not covered by the RTU license pool is
Invalid.
 APSolute Vision randomly selects which managed devices have the Invalid status.
 You cannot configure devices whose RTU License status is Invalid. In this context, configure
includes: Scheduler tasks, Operator Toolbox scripts, multi-device configuration, and multi-
device configuration with Logical Groups.
APSolute Vision notifies users with Administrator or Vision Administrator roles regarding license
expiration 90 days before the expiration date.
Caution: After upgrading from APSolute Vision versions earlier than 3.80, if there is an RTU-
license alert, there will be a grace period of 30 days. This grace period is intended to grant you
time to contact Radware Technical Support and purchase additional RTU licenses, as required.
After the grace period, APSolute Vision will support only the number of devices covered by the
RTU license pool.
Note: When removing a device from APSolute Vision that is covered by the RTU license pool,
the license portion returns to the pool. If there are managed devices that are not covered by the
pool, APSolute Vision randomly selects one of those devices, and allocates the license portion
to that device.
You can use the RTU Licenses table in the License Management pane (Settings > System >
Device Resources > Device Subscriptions) to help determine whether you exceed
scale/capacity specifications and whether you need to purchase additional RTU license.
The RTU Licenses table includes the following columns:
 Number of Devices—The number of devices of the specific type that APSolute Vision is
managing.
 Devices with No License—The number of devices of the specific type that have no RTU
license. A non-zero value indicates that the system is in violation of the RTU license.
 Allocated Licenses—The number of devices of the specific type from the license pool that
are allocated (used).
 License Pool—The total number of licenses in the pool.
Caution: If you receive any RTU license alert, contact Radware Technical Support to validate
your license.
Logical Groups of Devices

A Logical Group is a group of devices of the same type, which you manage as a single entity.
You can use a Logical Group of devices to help you define the scope of APSolute Vision users,
configure and monitor multiple devices in a single view, and more. When you change the set of
devices in a Logical Group, the features that use the group reflect the change dynamically.
The devices in a Logical Group do not need to be running the same software version, and the
same device can exist in more than one Logical Group, allowing you to manage your devices in
a more flexible manner, customized to your needs.
You can use a Logical Group to help you perform the following:
 Define the scope of APSolute Vision users—The Scope value of a user’s RBAC
role/scope pair can be a Logical Group. The user’s scope dynamically updates, according to
the devices in the Logical Group.
 Manage multiple devices simultaneously—When you configure the devices in a Logical
Group, you use the multi-device view to do the following:
 View the Multiple Devices Summary table—The table contains all the relevant devices
and comprises the following columns: Lock State, Device Type, Device Name, IP
Address, Locked by User, and Status.
 Lock multiple devices to configure them.
 Make configuration changes to the lead device and apply the changes to the other
devices in the Logical Group—APSolute Vision dynamically chooses the lead device
of the Logical Group. After you make a valid change and click Submit All, APSolute
Vision attempts to change the value for the submitted parameter(s) on the lead device
and all the other devices in the Logical Group.
 Run configuration-management actions for the relevant devices—You can run the
Apply or Revert actions on Alteon or LinkProof NG devices. You can run the Update
Policies action on multiple DefensePro devices.
 Open the Security Monitoring perspective—In the multi-device view, the Security
Monitoring perspective displays the Dashboard View and Traffic Utilization tabs—with
the data aggregated for all the selected devices.
 Specify devices for scheduled tasks—In addition to selecting individual devices, you can
specify one or more relevant Logical Groups.
 Specify devices for Operator Toolbox scripts—In addition to selecting individual devices,
you can specify one or more relevant Logical Groups.
 Specify devices for sending or deleting DefensePro configuration templates—In
addition to selecting individual devices, you can specify one or more Logical Groups of
DefensePro devices.
 Specify devices for an Alert Profile—In addition to selecting individual devices, you can
specify one or more relevant Logical Groups.
 Specify devices for the Alerts Table Filter—In addition to selecting individual devices, you
can specify one or more relevant Logical Groups.
 Specify devices for REST API operations—For information on the REST API, see the
APSolute Vision REST API documentation.
Management of the logical groups of devices is done in a new Logical Groups tree, which was
added to the device pane. It contains user-defined Logical Groups and allows adding, editing,
and deleting groups:
Figure 3: Multi-Device Configuration Using a Logical Group
SNMP Alert Reporting
In addition to sending alert reports to a syslog server, or via e-mail, it is now possible to
configure APSolute Vision to send alert reports to multiple SNMP targets.
APSolute Vision displays and stores in the database all the alerts for APSolute Vision and for all
the managed Radware devices.
You can configure APSolute Vision to send SNMP alerts (traps) to external NMS systems
(SNMP servers or SNMP Alert Targets).
The APSolute Vision server can contain multiple SNMP Alert Rules. The configuration of an
SNMP Alert Rule includes one Alert Profile and one SNMP Alert Target.
Each alert profile allows you to select multiple values of the following: Severity, Module, and
Attack Category.
By selecting specific attack categories, you can select the threat types for which you would like
to get alerts.
APSolute Vision supports SNMPv2c and SNMPv3 for configuring the connection with the SNMP
targets. When you select SNMPv3, you can select the Privacy Protocol for encryption settings
(AES128 or DES) and Authentication Protocol (MD5 or SHA).
New Multi-Device Service Status Dashboard

The Service Status Dashboard is a quick and easy-to-view monitoring screen, which enables
you to view, in a single screen, configuration and status information of up to 10 managed Alteon
and LinkProof NG devices.
Notes:
 This feature is available only with Alteon and LinkProof NG version 30.0 and later.
 If there are more than 10 managed ADC devices, by default, the Service Status Dashboard
shows the first 10 devices.
Each monitored device can show the following ADC objects:

 Virtual services
 AppShape++ scripts
 Content rules
 Server groups
 Real servers
 WAN links
You can manage the set of devices that the Service Status Dashboard shows and filter objects
in the tree view using the filter dialog box, which includes the following filter criteria:
 Free text—Free text that filters the results according to ID or other identifier.
 Status—The status of the selected object type.
 Type—The type of the ADC object.
 Devices—The ADC devices that are configured on the APSolute Vision server.
By default, the information in the Service Status Dashboard refreshes every 15 seconds. You
can pause and resume the refresh of Service Status Dashboard display.
The Service Status Dashboard includes doughnut charts that show summary information and a
tree view with more detailed information.
The Service Status Dashboard includes doughnut charts show the following:
 Virtual services—The total number of virtual services configured on the managed devices
and the percentage in each status (Up, Warning, Down, Admin Down, and Shutdown).
 Server groups—The total number of server groups configured on the managed devices and
the percentage in each status (Up, Warning, Down, and Admin Down).
 Real servers—The total number of real servers configured on the managed devices and the
percentage in each status (Up, Warning, Down, Admin Down, and Mixed). The Mixed status
indicates that the real server is associated with multiple server groups, and the statuses are
not the same.
Clicking a segment in a doughnut chart applies a filter to the corresponding objects in the status
tree.
APSolute Vision Deployment on Microsoft Hyper-V Virtual Machine
In addition to VMware or KVM virtual machines, in this version, you can install APSolute Vision
VA on a Microsoft Hyper-V infrastructure, which supports all the functionality of APSolute Vision.
Hyper-V Server is a dedicated stand-alone product that contains the hypervisor, Windows
Server driver model, virtualization capabilities, and supporting components.
Support DefensePro MR Platform

APSolute Vision version 3.80 and later supports the DefensePro on the MR platform.
Query Limitation on Ongoing Attacks Table and Alerts table

Caution: In this version, the Ongoing Attacks and Alerts tables are limited to 10,000 rows per
request. When exceeding this limit using APSolute Vision WBM, the user will be notified and
asked to refine the filter settings to get better results. Exceeding this limit using the APSolute
Vision REST API results in an error.
Automation—REST API
The APSolute Vision REST API documentation for version 3.80 is available on the Radware
website at
http://webhelp.radware.com/Vision/REST/3_80_00/index.html.
Maintenance Fixes
This section lists all fixed issues that were reported by field personnel or mentioned previously
as known limitations or bugs in versions starting with version 1.0. Later versions contain all fixes
of earlier versions unless otherwise noted.
The issues are arranged as follows:
 General issues that relate to the general management of devices, APSolute Vision platform
issues such as RBAC, alert browser, APSolute Vision capacity, and so on.
 Issues related to ADC management, such as specific Alteon configurations or monitoring,
Application Delivery view, APM, DPM, and so on.
 Issues related to security management, such as specific DefensePro configuration,
monitoring, security monitoring, AVR, and so on.
Fixed in Version 3.80.00 (Build 719)
Item Description Bug ID
APSolute Vision—General
This version resolves many security vulnerabilities, including the

following:
CVE-2016-8635, CVE-2016-7545, CVE-2016-7076, CVE-2016-
6313, CVE-2016-6306, CVE-2016-6304, CVE-2016-6302, CVE-
2016-5829, CVE-2016-5387, CVE-2016-5195, CVE-2016-4470,
CVE-2016-2183, CVE-2016-2182, CVE-2016-2181, CVE-2016-
2180, CVE-2016-2179, CVE-2016-2178, CVE-2016-2177, CVE-
2016-2143, CVE-2016-2109, CVE-2016-2108, CVE-2016-2107,
CVE-2016-2106, CVE-2016-2105, CVE-2016-1950, CVE-2016-
1583, CVE-2016-1248, CVE-2016-0799, CVE-2016-0797, CVE-
2016-0718, CVE-2016-0705, CVE-2016-0702, CVE-2015-7575,
CVE-2015-7181, CVE-2015-4000, CVE-2015-3216, CVE-2015-
3197, CVE-2015-3196, CVE-2015-3195, CVE-2015-3194, CVE-
2015-3183, CVE-2015-1792, CVE-2015-1791, CVE-2015-1790,
CVE-2015-1789, CVE-2015-1345, CVE-2015-0293, CVE-2015-
0292, CVE-2015-0289, CVE-2015-0288, CVE-2015-0287, CVE-
2015-0286, CVE-2015-0209, CVE-2015-0206, CVE-2015-0205,
CVE-2015-0204, CVE-2014-9680, CVE-2014-8275, CVE-2014-
8176, CVE-2014-3572, CVE-2014-3571, CVE-2014-3570, CVE-
2014-3567, CVE-2014-3566, CVE-2014-3513, CVE-2014-3511,
CVE-2014-3510, CVE-2014-3509, CVE-2014-3508, CVE-2014-
3507, CVE-2014-3506, CVE-2014-3505, CVE-2014-3470, CVE-
2014-0231, CVE-2014-0226, CVE-2014-0224, CVE-2014-0221,
CVE-2014-0198, CVE-2014-0195, CVE-2014-0160, CVE-2014-
0118, CVE-2014-0098
When upgrading APSolute Vision, configured with a syslog server DE14528
parameters, no exception will be displayed in the logs.
When a user with an Administrator role creates a scheduled task of DE18897
a certain type, APSolute Vision displayed a different task type to
any user with a non-Administrator role. Issue has been resolved.
On some rare scenarios, a user was not able to create username prod00247388,
with a password, receiving an error: "Server is unavailable. Please prod00247389,
contact your system administrator". Issue has been resolved. DE19509
APSolute Vision did not generate an e-mail notification for prod00249482,
DefenseFlow new attack events. Issue has been resolved. prod00249483,
DE21303
An issue regarding a device disconnected from APSolute Vision and DE18372
required to re-register manually to Vision was resolved. APSolute
Vision will re-validate the credentials of the disconnected device
after 5 minutes, and if valid, the device will reconnect.
Issues regarding untranslated labels of some AppShapes from DE18686
English to Chinese/Korean/Japanese were resolved. That is, when
clicking on the Add button in the AppShapes screen, to open the
“Create AppShape Instance” dialog box and selecting “Citrix
XenDesktop”, some of the labels in the “Citrix XenDesktop Instance”
and the “Load Balancing Settings” TABs, were not translated.
The Generate Password Automatically checkbox determines DE18717
whether APSolute Vision generates the password automatically
after verifying that the device has a valid support agreement. The
checkbox is now selected by default.
When trying to activate an APSolute Vision license, which is invalid DE18951
at the time of the installation and will only be valid in the future, a
more detailed and clear message will appear to the user.
When trying to schedule an Operator Toolbox task with wrong date DE19028
and time, APSolute Vision will now display the correct detailed error
message.
After setting the Minimal Log Level to Debug in System > General DE19768
Settings > Advanced, it was not possible to update any of the
parameters in System > General Settings > Alert Settings > Alert
Browser. Issue was resolved.
After logging into APSolute Vision with a the correct password after DE20742
entering the wrong password first, sometimes the user was required
to click on the Log In button more than once in order to successfully
login. Issue was resolved.
Issue regarding the long time it took for the Apply (Required) and DE20905
Save (Required) buttons to display an orange background to
indicate that the new configuration required an Apply or Save
operations. Issue was resolved.
When using the “Generate Automatic Password” option to update DE22233
the device’s software, a blank message appeared when the MIS
server failed to generate password. Issue was resolved.
APSolute Vision generates an alert indicating the software upgrade DE21257
process completed successfully. APSolute Vision displayed the
wrong user name instead of displaying the one with a Vision
Administrator role. Issue was resolved.
Using the (“) character in an FTP password was not supported. prod00250404,
Issue was handled, and the password can now support the (") prod00250408,
character. DE22091
ADC Management
Issues regarding quick links in Alteon’s Configuration > Welcome DE19217

screens were resolved.
When using the Generate Automatic Password option to upgrade DE19005
the software of Alteon VA version 30.5 or higher, the operation
failed due to wrong MAC address parameter. Issue was resolved
when the correct MAC address was used.
DPM
When a license for a DPM subscription has expired, the DPM will no DE19490
longer remain active.
APM
When executing the Validate All APM Services script on the DE15806
Operator Toolbox dashboard after backing up and restoring
configuration, there will be no longer exceptions on the logs.
Security Management
When a Protected Object in DefenseFlow Protected Networks DE22491

screen under Configuration > Security Settings > Protected
Objects, contains too many table entries, it is now possible to click
on the Next Page button and navigate to the table’s next page.
When deleting an AppWall device from APSolute Vision’s Device DE8035
Tree, there is no longer a need to refresh the screen after the
deletion. Now, the screen is updated automatically.
When upgrading a DefensePro version-6.14.x device using DE8994
APSolute Vision using the Operations > Update Software Version
button, the UI no longer displays a notification that uploading the file
has failed, although it has actually completed successfully.
When upgrading the AppWall software and using automatic DE19006
password generation, the action will now succeed.
When the same policy, with identical name, existed in multiple DE19394
devices and when selected by the user to be displayed in the Traffic
Utilization screens under the selected multiple DefensePro devices,
the traffic of the policies with an identical name were counted more
than once, creating duplications. Issue has been resolved.
APSolute Vision could not handle approx. 8,000 terminated attacks DE14817
per hour without affecting the performance, causing the APSolute
Vision server slow down. Scaling performance optimized in order to
allow high rates of terminated attacks.
An issue regarding a wrong status display during a policy update via DE18013
APSolute Vision was resolved. APSolute Vision no longer provides
an indication of a successful update before the policy-database-
update process is completed.
Some messages in the APSolute Vision Alert Table regarding SUS DE19431
and RSA scheduled tasks’ statuses displayed question mark (?)
characters.
APSolute Vision displayed an error message when a user tried to prod00248889,
modify, view active BWM policies. Issue was resolved. prod00248893,
DE20845
A user with limited access to only part of the policies was able to DE19420
view traffic utilization data when the scope included all policies,
including statistics of policies out of the scope. Issue was resolved
and now each user can only see the statistics of the permitted
policies.
A safety mechanism was added to prevent from the Collector prod00250859,
service becoming unavailable, which resulted in no security alerts prod00250860,
and no traffic utilization data. DE22548
AVR
None
Security Management
Traffic Monitoring and Attack dashboards screens will no longer prod00248074,

display No Data text after upgrading to APSolute Vision 3.70.00. DE20053
This issue has been resolved.

following:
CVE-2016-5699, CVE-2016-5696, CVE-2016-5387, CVE-2016-
5385, CVE-2016-4565, CVE-2016-4449, CVE-2016-4448, CVE-
2016-4447, CVE-2016-3705, CVE-2016-3627, CVE-2016-2550,
CVE-2016-2518, CVE-2016-2118, CVE-2016-2115, CVE-2016-
2112, CVE-2016-2111, CVE-2016-2110, CVE-2016-2109, CVE-
2016-2108, CVE-2016-2107, CVE-2016-2106, CVE-2016-2105,
CVE-2016-1908, CVE-2016-1840, CVE-2016-1839, CVE-2016-
1838, CVE-2016-1837, CVE-2016-1836, CVE-2016-1835, CVE-
2016-1834, CVE-2016-1833, CVE-2016-1762, CVE-2016-1550,
CVE-2016-1548, CVE-2016-1547, CVE-2016-1000, CVE-2016-
0799, CVE-2016-0772, CVE-2015-8767, CVE-2015-8543, CVE-
2015-8324, CVE-2015-7979, CVE-2015-7978, CVE-2015-7852,
CVE-2015-7703, CVE-2015-7702, CVE-2015-7701, CVE-2015-
7692, CVE-2015-7550, CVE-2015-6564, CVE-2015-6563, CVE-
2015-5370, CVE-2015-5352, CVE-2015-5219, CVE-2015-5195,
CVE-2015-5194, CVE-2015-5157, CVE-2015-5156, CVE-2015-
4644, CVE-2014-9653, CVE-2014-9620, CVE-2014-8134, CVE-
2014-8117, CVE-2014-8116, CVE-2014-7842, CVE-2014-3538,
CVE-2012-1571, CVE-2015-3194, CVE-2015-3195, CVE-2015-
3196, CVE-2015-4000, CVE-2003-1418
The loading times of Operator Toolbox scripts were significantly DE15439,
reduced and a script loading status was added. DE14928
APSolute Vision now supports the display of a protected object DE16278
with 10,000 protected networks. Issue of impact on performance
resulting in a long screen-load time and a Warning Unresponsive
Script notification has been resolved.
Issues regarding access error notifications when sometimes trying prod00228336,
to add, edit, or delete a row in the SNMP section of a device were prod00235948,
resolved. prod00245660,
DE3626,
DE3828,
DE6487
In a scenario that was not reproduced, APSolute Vision version prod00244419,
3.40 did not display any real-time information on any of the Traffic DE16891
Monitoring and AVR screens. This version has added defense
mechanisms to ensure performance and stability, along with new
logs to be generated in case of such a crash in the future.
It is now possible to edit Privacy Protocol in the device properties prod00243294,
when SNMPv3 is used, and change the value to DES. The DE16067
following error message is no longer displayed “Configuration Error
M_00481: Web api - Failed to parse DevicePojo object.”
Errors when setting the Default Display Language to Japanese DE14681
under System > General Settings were resolved.
Scheduled Tasks now have an improved RBAC enforcement via DE16085
REST API.
It is now possible to edit and update an existing APSolute Vision DE16134
Reporter Backup task without receiving a configuration error.
Added pagination to the APSolute Vision User Statistics table. DE8602
Issues regarding untranslated messages from English to Chinese DE10221
were resolved. That is, the message “M_00259: User max now
locked out. Please contact your administrator in order to reset
password.” was shown in English when a user set the language to
Chinese and submitted a wrong password three times.
Issues regarding partial translation of the AppShape screens from DE9601
English to any language were resolved. That is, when navigating to
the Common Web Application menu item, many of the fields
were displayed in English.
Issues regarding alerts displaying empty messages were resolved. DE11940
Alerts displayed empty messages (“M_01054: ” (empty
message) when importing DefensePro templates.
The user will no longer receive an error notification when trying to DE16123,
change the scope of an existing user. DE13026
When generating a tech-support file, APSolute Vision now collects DE14413
all the zipped logs into a single folder.
When not all the devices are selected in Alert Filter tab when DE15497
configuring the Alert Table, Select All Devices was selected
unintentionally by default. This issue has been resolved and the
Select All Devices checkbox is cleared when at least one device
is filtered out.
APSolute Vision now displays the accumulated traffic utilization DE12465
when multiple protected objects of a DefenseFlow device are
selected in the Security Monitoring > Traffic Monitoring >
Traffic Utilization pane.
Issues regarding partial translation when selecting multiple devices prod00244335,
in the Security Monitoring > Traffic Monitoring > Traffic prod00244347,
Utilization pane from English to Japanese were resolved. DE16797
In the APSolute Vision Service Status View dashboard, an DE16660
AppShape++ script is no longer displayed when not associated to
a virtual service.
When a local user with the role User Administrator changes the DE17156
password for user Radware using the Web UI, the radware user
can now access CLI with the new password.
The server became inaccessible via HTTP/HTTPs and did not prod00245182,
send syslog messages when there was a high load of Network prod00245185,
Protection policy with a high number of login sessions into DE17525
APSolute Vision.
An issue regarding the device-platform temperature incompatibility prod00245495,
between Web UI and CLI has been resolved. That is, when the DE17805
temperature of an Alteon 5208 reached 70 degrees, the Web UI
classified this as high, while in CLI, it was classified as OK.
Platform temperature mapping table in Web UI has been updated,
and it is now aligned with the CLI.
Some messages in the APSolute Vision Alert Table displayed prod00244213,
question mark (?) characters. prod00244216,
DE16686
When selecting multiple devices, there were issues regarding prod00244332,
wrong translation of properties from English to Japanese. prod00244346,
DE16796
Issue regarding access to System > User Management > User prod00245797,
Statistics when Authentication Mode was set to LDAP was prod00245796,
resolved. When a user whose contact info was not set on LDAP DE17991
directory tried to access the User Statistics pane, the following
error notification was displayed:
Error in create object: class
com.radware.insite.model.user.management.LdapUser for
property: contactInfo
The CLI help documentation now properly explains that the CLI DE18152
command system upgrade full includes another parameter
password, which is required only for a major version.
Removed gender-biased pronouns from APSolute Vision. Now, prod00246345,
APSolute Vision displays gender-neutral pronoun when displaying prod00246346,
a notification of a user changing his/her password. DE18517
An issue regarding auditing the correct parameters in the Alert DE10985
browser when adding a new user has been resolved. Now, the
Alert browser displays the user parameter instead of N/A values for
scope, role, and Network Protection policy.
When executing the DefensePro Delete User Operator Toolbox DE15129
script, it was not possible to edit the User Name parameter without
displaying a configuration error message.
An issue regarding an error notification indicating “M_00012: An DE15484
entry with same key already exists” when using LDAP
authentication and attempting to change the role in the object class
permission has been resolved. It is no longer required to delete the
whole class first.
Sorting issues in AppWall Security Monitoring > Attack DE15686
Distribution > Top Attack Types by Source have been resolved.
When executing an Operator Toolbox script that locks the device, DE16237
the lock is now released once the script completed, so other users
are not be blocked for long.
ADC Management
Issues related to 'Trusted CA Group' dropdown list under add SSL DE10506
Policy screen when accessing through the vADC Web UI are now
resolved.
In Alteon 30.5, when configuring using the Alteon Web UI, the DE13563
Quick Application Setup and trying to add a new QAS, clicking
Submit no longer fails.
Issues regarding Certificate Repository management in Alteon’s DE15085
Configuration > Application Delivery > Certificate Repository
screens were resolved. That is, when duplicating a new certificate,
the Type field remained empty.
It is now possible to delete an Authentication Policy when DE15906
accessing through APSolute Vision to Alteon’s Authentication
Policy pane (Configuration > Application Delivery >
Authentication Policy) without receiving a configuration error.
Incompatibility issues in Alteon’s Service Status View pane DE16427,
displaying an incorrect summary status Mixed instead of DE16564,
Shutdown were resolved. DE16555
The AppShape status under a virtual service is now displayed in DE16533
Alteon’s Service Status View pane.
An incorrect error notification was displayed in the Web UI when DE5522
an IPv4 and IPv6 address were configured for PIP under the same
virtual service. The correct error notification is now displayed.
When the CRL name includes underscore character, it can now be DE5886
shown in the Web UI when accessing the Alteon’s CRL screen
under Configuration > Application Delivery.
When accessing Alteon’s Configuration > Application Delivery > DE9158
Filters and adding a URL ID to the Add Traffic Contract field, the
Traffic Contract field no longer displays a drop-down list
containing a null value.
Alteon now deletes multiple selected Health-Check entries from DE10652
Alteon’s Configuration > Application Delivery > Health Check.
Instead of deleting only a single entry while selecting multiple, all
selected entries are deleted when clicking Submit.
Added a missing warning notification when accessing LinkProof DE11580
NG using the Internet Explorer browser, and exporting a file, and
then selecting Include Private Keys without entering the
Passphrase. A warning message is now shown “Error:getcfg fail
passphrase too short please enter at least 4 bytes”.
Issues regarding untranslated messages from English to other DE14346
languages in Alteon’s Configuration > Application Delivery >
Certificate Repository screens were resolved. That is, when
exporting a certificate, success indication messages no longer
contain values in English.
Sometimes after upgrading APSolute Vision, wrong requests could DE14761
be sent to the Alteon device when trying to view Alteon’s real
servers and virtual servers. This was due to new columns, which
needed to be fetched. The issue resolved by fetching those new
columns.
When selecting multiple LinkProof NG devices for configuration DE14958
and clicking on Revert after performing some changes, the action
would succeed, but the UI displayed the former value of the fields
to be reverted. This issue has been resolved, and now the UI
displays the correct values.
Issues regarding deleting objects from both duplicated and original prod00245628,
table lines were resolved. When duplicating a virtual server using prod00245629,
the APSolute Vision Web UI, and then deleting a service from the DE17894
duplicated server before submitting, the service is deleted from the
original virtual server that was used for the duplication.
To resolve an issue regarding the updated HA VRRP state of the prod00241873,
Alteon device when managed using APSolute Vision, a refresh DE16299
functionality was added to the Device pane and Device-properties
pane in the APSolute Vision Web UI.
Issues regarding the disappearance of the drop-down buttons from prod00245172,
Alteon’s Syslog Setting screens when using APSolute Vision were prod00245186,
resolved. That is, when navigating to Configuration > System > DE17209
Logging and Alerts > Syslog Settings, and modifying one of the
attributes (IP Version, IP Address Severity, Facility, and Module),
the drop-down buttons disappeared after clicking Submit.
Pagination issues in Alteon’s Outbound LLB Rules tables were prod00245291,
resolved. When there were enough rules to add pagination to the prod00245294,
table, refreshing the table with the content of a specific table page DE17602
while table filters are being used could display the content of the
wrong page in the table.
Issues regarding displaying fields as greyed out in Alteon’s prod00245898,
Configuration > Application Delivery > SSL > Certificate prod00245899,
Repository pane have been resolved. When clicking Import after DE18109
locking the device in APSolute Vision, the fields in the screen were
greyed out.
The table in the LinkProof NG panes under Monitoring > DE16400
Application Delivery > LinkProof > WAN Link Groups are now
case-insensitive.
Issues regarding bad values when duplicating lines in the DE16463
LinkProof NG Client Authentication Policy table under
Configuration > Application Delivery > SSL Policy > Client
Authentication Policy have been resolved.
Multiple issues regarding wrong translation in multiple locations DE13961,
within Alteon (Close tooltip, high-availability dashboard, vADC’s DE13991,
View, Service Status View, WAN Links) were resolved. DE14267,
DE14272,
DE14283,
DE14348
APSolute Vision VA and APSolute Vision with APM Server VA can prod00233043,
now be deployed on KVM running host OS rhel7 / centos 7. DE3219, 233043
DPM
None
APM
Executing the Validate All APM Services Operator Toolbox script DE15953
will not work on a virtual service of a vADC. Previously, the output
of the script included the following failure message saying:
“Connection array for device Alteon contains too few devices”.
When upgrading from APSolute Vision 3.20 with route settings that DE15900
include the G4 interface used for APM, the G4 route settings will
no longer be deleted.
An issue regarding the Applications tab in the APM Web UI was DE17600
resolved. When hovering over the Application tab and its sub-
menus, the correct menu item will now be highlighted in blue.
Security Management
An SNMPv3 user can now be deleted by APSolute Vision. prod00241501,

prod00232229,
DE2194
Issues regarding the displayed error when trying to edit prod00232233,
Read/Write/Notify fields in the DefensePro Access table were DE2215
resolved.
It is now possible double-click on a user in the DefensePro SNMP prod00231577,
User table. The No-access error notification is no longer displayed. DE3931
Issues regarding configuration of Protected Entities of Alteon DE14201
devices were solved. When selecting multiple AppWall devices
and then adding Protected Entities, submitting the changes
sometimes did not get applied to all the selected devices.
Performance issues related to MSSP connectivity were resolved. DE15080
In a high-scale MSSP environment, APSolute Vision can now
handle a massive bulk of MSSP requests with no impact on overall
performance.
In DefensePro Signatures screen under Configuration > Network DE16110
Protection, filtering issues were resolved, and it is now possible to
filter by Signature Source Type.
An issue regarding automatic refresh of the Security Events screen DE16201
in the Security Monitoring perspective of an AppWall device has
been resolved.
Issues regarding a missing indication in the APSolute Vision Web DE16372
UI when an Update Policies action is required have been resolved.
The Web UI is now fully compatible with the CLI. Both provide an
indication when an Update Policies action is needed.
A certain APSolute Vision user will no longer get configuration prod00243082,
error notifications when trying to create SNMP users with DE16422
authentication and/or privacy protocols different from the protocols
of the creating user.
Content text that includes special characters (that is, quotation DE16608
marks) is now supported in APSolute Vision allowing viewing filter
configuration in DefensePro’s screens.
Performance issues in a high-scale configuration were resolved. In prod00233040,
a configuration with DefenseFlow and 40 DefensePro devices, and DE3956
all devices reporting attack events, it took the DefenseFlow
Security Dashboard more than 10 minutes to complete loading
before displaying the scope.
Issues regarding DefensePro filtering and filter cleaning were DE7105
resolved. In DefensePro templates screens, when uploading or
deleting a template, the policies list is now refreshed, without re-
opening the templates screen as a workaround.
When exporting Network/Server Protection policy while the DE11493
DefensePro device remained unlocked, APSolute Vision will no
longer display the page’s elements as disabled and will enable all
options equally for locked and unlocked DefensePro devices.
Issues regarding inability to search the DNS table in an AppWall DE11754
device under Configuration > Appliance > DNS were resolved.
Added support to look up according to an IP address.
Resolved an issue of wrongly navigating to Packet Anomalies DE12471
when clicking on the Go to Policy link.
Resolved issues of APSolute Vision trying to search for DE14236
unavailable fonts located in a Google site when accessing AppWall
monitoring screens.
When using the AppWall Dashboard View for Monitoring Security DE15227
events in APSolute Vision, when clicking on a line to expand the
security event to show all the parameters, the request description
could get cut off if the description was too long. This issue has
been resolved.
The following updates were added the APSolute Vision online prod00245223,
help: prod00245224,
 Help information now refers correctly to the Connection-Rate DE17545
Report.
 The selected period of display was fixed to the following
values: 10 Minutes, 20 Minutes, 30 Minutes, 1 Hour.
Issue regarding an error notification indicating “M_00386: A role is DE15470
already defined for this scope of for one of its sub-scopes” after an
entry with the same key already exists, when duplicating a line in
DefensePro under Configuration > Network Protection >
Connection Limit Profile > Connection Limit Protections has
been resolved.
AVR
The following issues were resolved when upgrading to version prod00244378,
3.70 and later, but not when upgrading to versions 3.30, 3.40 or prod00244382,
3.60: DE17495
 When upgrading from APSolute Vision version 3.20 or earlier
to a later version, the AVR Attack Details by Latest Timestamp
report would not display data collected before the upgrade.
 The Attacks by Source and Destination report and Top Attack
Sources Blocked appeared to have checkboxes cleared.
References to the Setting Alert Permissions tab were removed prod00239677,
from the documentation. prod00239678,
DE11863
The Forensics report generated by the AVR module now shows prod00244250,
Mbits instead of Kbits, when sent via email or when being prod00244251,
exported. DE16713
Fixed in Version 3.60 (Build 1139)

following:
CVE-2016-0774, CVE-2015-8104, CVE-2015-5307, CVE-2015-
7872, CVE-2015-7613, CVE-2015-2925, CVE-2016-0702, CVE-
2016-0705, CVE-2016-0797, CVE-2015-3197, CVE-2015-7575,
CVE-2015-3194, CVE-2015-3195, CVE-2015-3196, CVE-2015-
5600, CVE-2016-3115, CVE-2015-7547, CESA-2015:2549, CESA-
2015:2594, CESA-2016:0007, CESA-2015:2081, CESA-
2016:0008, CESA-2016:0012, CESA-2015:2636, CESA-
2016:0011.
The APSolute Vision User Guide was updated to show the correct prod00239555,
syntax for the CLI command system backup techSupport. prod00239534
APSolute Vision now provides the correct indication regarding prod00239646,
installed CA certificate for APSolute Vision event forwarding using prod00239633
encrypted syslog.
APSolute Vision now accepts special characters in the device prod00240466,
properties HTTP/S passwords. prod00240462
Errors in the REST API documentation were corrected. In multiple prod00242060,
locations, the REST API URLs wrongly included mgmt/. For prod00242058
example, the URL for locking a device was specified as:
POST /mgmt/system/config/tree/mgmt/device/byip/{ip}/lock
instead of:
POST /mgmt/system/config/tree/device/byip/{ip}/lock
Errors when updating the contact info of users in the APSolute prod00240052,
Vision local user table were resolved. Error: M_01170, which prod00240051
prevented updating user contact info, no longer occurs.
The APSolute Vision Roles table (Settings > User Management > DE10461
Roles) is no longer empty when a user with the role User
Administrator logs on. This issue affected the display of the table,
but did not affect APSolute Vision user management functionality.
The first time a user with the role User Administrator logs in to DE10463
APSolute Vision the user no longer gets the
java.lang.NullPointerException exception.
Issues were resolved regarding upgrading an APSolute Vision DE6694
server after an APSolute Vision server configuration file was
restored to it from an APSolute Vision server of a different
deployment type. For example, upgrading APSolute Vision server
after restore of a configuration file to a VA device that was
exported from a physical appliance and vice versa. The following
error message is no longer displayed: grubby fatal error:
unable to find a suitable template.
ADC Management
Issues regarding the display of DefensePro clusters were resolved. prod00239605,

APSolute Vision now correctly displays DefensePro clusters in the prod00239602
APSolute Vision tree, if they are defined on DefensePro devices
managed by APSolute Vision. Previously, some DefensePro
clusters were not displayed. This issue affected the APSolute
Vision tree display, but did not affect the DefensePro device
configuration or synchronization behavior.
After upgrading an Alteon device from version 30.1.1.0 to prod00240241,
30.2.1.10, the device no longer appears as down in the APSolute prod00240240
Vision device list. This behavior was caused by a bug in which
APSolute Vision loaded the wrong device driver for managing the
upgraded device. This bug affected APSolute Vision display, but
did not affect the Alteon device itself, which continued to function
correctly.
DPM
None
APM
APM raw data is no longer deleted when APSolute Vision with DE10633,
APM Server VA is updated from version 3.00.00, 3.20.00, or DE9841
3.30.00.
System parameters (that is, persister service) settings are no DE10756,
longer reset when upgrading APSolute Vision. DE10814
Transformation rules settings can now be backed up and restored. DE10825
Geo IP: When adding new entries with IP ranges overlapping DE11145
existing IP address ranges, the APM UI now displays a correct
error notification.
An Error condition in the Tomcat service caused an error when DE11546
trying to search for a specific transaction type in the APM search
UI. Restarting the Tomcat service is no longer required to avoid
such a notification, after upgrading the APSolute Vision from
version 3.30.
The Performance Limit parameter in APSolute Vision Edit APM DE12375
Server screen was removed (Settings > System > General
Settings > APM Settings > Edit APM Server).
APM’s Advanced Search UI now displays the correct value of the DE12935
End User SLA Bar column, aggregating the value of Data Center
time, End User network time, and End User rendering time, instead
of displaying only the Data Center time only.
The Define Event Type Thresholds button in APM’s Settings DE13433
Application tab no longer produces error notification pop-up
messages when configuring event-type thresholds.
There is no need to restart the APM server when setting a new DE13653
time in APSolute Vision. Now, APM is automatically updated.
APM is now aligned with Alteon NG’s list of illegal characters for DE14109
service name, and supports a hyphen (-). Service names with a
hyphen can now be enabled with APM.
Security Management
APSolute Vision database handling was optimized to prevent prod00242485,

cases where the real-time security monitoring stopped collecting prod00242478
and displaying information.
An issue with AVR alert mails was resolved. The To and CC fields prod00240457,
of the mail no longer display multiple unnecessary commas. This prod00240455,
issue affected the display fields (unneeded commas), but did not DE13007
affect other functionality.
APSolute Vision no longer displays wrong parameters for prod00230812,
TCP/UDP/ICMP state when creating a DefensePro Anti-Scanning prod00230812
profile.
The AVR UG was updated to explain the behavior of the AVR prod00239556,
Dashboard zoom feature. The explanation is available in the prod00239533,
“Managing Dashboards” chapter, in the “Design Options in Default DE11859
Dashboard Panels” section, “Zoom” bullet.
Issues regarding security monitoring for AppWall version 6.4.x and prod00240140,
6.5.x were resolved. Due to these issues, security monitoring for prod00240139
AppWall devices was not available in version 3.40 for these device
versions. The issue did not affect AppWall version 6.6.x.
APSolute Vision resolved an issue were DefensePro Configuration prod00241106,
Templates did not perform the Update Policies action on the prod00241089,
device, although the user specified that Update Policies should be DE13745
performed.
Issues regarding the display of servers under the DefensePro prod00239045,
HTTP Protection Reports were resolved. The problem was caused prod00239037,
by an internal comparison that was case-sensitive, but should not DE11861
have been. This issue affected the APSolute Vision display, but did
not affect the DefensePro functionality.
AVR
None
The APSolute Vision Installation and Maintenance Guide was DE7130,

updated to specify the vision-files user in lowercase. prod00236591
When a user provides an invalid update password, APSolute DE7168
Vision CLI now provides the following error message: Invalid
upgrade password.
The documentation now explains that in table columns where DE7615,
search is not supported, the search field below the column header prod00236902
is disabled.
The alert on modifying the Device Lock Timeout setting now DE8618,
specifies that the change was performed by the correct user name. prod00237748
The APSolute Vision startup processes were reordered to prevent DE7666,
cases where users were not able to log in to the WBM following prod00236947
upgrade of APSolute Vision server. The processes now always
occur in the same order, to ensure successful login.
When the CPU utilization returns to normal, APSolute Vision stops DE9874,
sending alerts on high CPU utilization. Previously, due to an error prod00238654
in the code, once a high CPU utilization alert was sent, APSolute
Vision would continue sending alerts each time the CPU was lower
than the previous value.
The APSolute Vision Installation and Maintenance Guide was DE8220,
updated to clarify how to get to the console screen during the prod00237504
installation of APSolute Vision VA on KVM.
The APSolute Vision User Guide was updated to clarify the syntax prod00239555,
and usage of the CLI command for creating an APSolute Vision prod00239534
technical support file.
When selecting multiple devices, locking devices fails no longer 226307,
happen if the user has the Device Viewer role for one or more of DE3847
the devices.
ADC Management
APSolute Vision is now able to create capture-file policies on DE7913,
Alteon devices. The issue occurred due to an incorrect file path in prod00237127
the device driver.
The scheduled task Device Configuration Backup now supports the DE9001,
Passphrase field, instead of always using the hardcoded value prod00238560,
radware. prod00237734
Remote server groups that are created using the Alteon CLI are prod00235137
now available in the WBM screen Application Delivery > Virtual
services > Server Groups. The issue was resolved in Alteon
version 30.1.1.0.
The WBM now allows submitting added or edited Alteon GSLB DE2453,
Rules and GSLB Networks. Previously, the Submit button would prod00231189
remain disabled. This was caused due to an error in determining
when the screen included modified fields in order to enable the
Submit button.
DPM
DPM now supports a stronger cipher, and can be accessed using DE6586
the Chrome and Firefox browsers.
The DPM internal library was upgraded. The new library has 174456
improved memory handling. When using the Chrome browser, the
DPM can now remain open for a few days without crashing.
DPM Filter and Export options of a selected report now function prod00234546,
correctly when using the Chrome browser. This follows an internal- DE4744
library upgrade that supports new Chrome versions.
APM
The APM service is now active after installing the APM server DE3951,
license. Previously, if a license was installed during the same time 233520
interval that the server was checking for license existence, a wrong
result was returned, causing the APM service to remain down.
In the APM setting/parameter, the maxAggr* values are now DE3810,
validated. 232240
By changing Role Device configuration in DsrPredefinedRoleType, DE6406
a user with the following permissions can now launch the APM:
 Certificate Administrator
 ADC + Certificate Administrator
 Device Operator
 Vision Reporter
If the APM Application’s description was in any way different from DE10191
the Application Name, no SLA data was displayed in the
Application SLA dashboard. Application description can now be
changed without impacting the displayed SLA data.
The SLA dashboard displayed two identical service application DE7425
lines when an Alteon NG HA pair was used. Now, only the active
Alteon NG device is displayed.
In a combination of APSolute Vision version 3.30 and Alteon 238329,
version 29.5.x, when APM was enabled, all requests sent from the DE9451
Alteon to the APM server were responded to with a ‘404 page not
found’ message, causing APM to fail due to missing JavaScript
files in the default configuration. APSolute Vision 3.40 includes the
missing JavaScript files.
When using any value other than 443 for the APM port, saving and 233396,
then clicking Edit to update the port, the value 443 was displayed DE3707
again. The issue is now resolved.
A link inside an "OK" APM Alert email message contained the DE6337
wrong URL, which is no longer displayed.
Wrong APM Test Email: A user received a message that a test DE6341
email was sent successfully, while an email route was not
configured.
It is now possible to recreate the same application name in APM DE7424
Setting after deletion.
The Virtual Server IP column in the APM-Enabled Services table in DE8846
APSolute Vision Settings > APM Settings now displays IPv6
format when applicable.
In APM’s Common Parameters screen (Settings > Parameters > DE9571
Common Parameters), after scrolling down the screen, not all
parameters were displayed. It is no longer required to scroll up
before switching to common parameters to avoid this.
Security Management
APSolute Vision prevents performing a manual switchover on DE4416,
DefensePro devices repetitively. Now, APSolute Vision does not prod00234277
allow performing switchover if a previous switchover was
performed within the last five minutes.
APSolute Vision now receives security events even if the server DE4712
was previously down for 90 minutes or longer. The internal cleanup
tasks performed on system startup were reorganized so that they
do not interfere with handling new events.
APSolute Vision now generates security alerts on new attacks, with DE4943,
alert severity based on the attack risk. See the full feature prod00234361
description Error! Reference source not found..
APSolute Vision now shows the correct IP addresses in the DE6520,
DefensePro Network Classes pane (Classes > Networks). prod00236002
Previously, wrong rows were shown in the table that included
internal search criteria data.
The Update Policies action now works correctly when multiple DE7612,
devices are selected. Previously, the action would fail due to a prod00236893
wrong internal procedure.
APSolute Vision now successfully opens the DefensePro IP Data DE7919,
Route pane (Setup > Networking > IP Management > IP Data prod00235215,
Route) and does not issue the error message “server is prod00234689,
unavailable.” The issue was caused by improperly handling the prod00234702,
SNMP Get Next Request of a table that has indexes defined as prod00234689,
IPv6 but were handled as IPv4. prod00235195
APSolute Vision now correctly handles creating Signature Profile DE8125,
Rules where the Attribute values include the special ampersand prod00237339
character (&). This character is now escaped and “unescaped”
when loading and setting the items of the combo box.
APSolute Vision now handles Network class names that have a DE9385,
space before or after the name. Leading or trailing spaces are prod00238253
deleted.
APSolute Vision now correctly displays packet captures when the DE8186,
attack is in the “occurred” state. Previously, packet capture files for prod00237406
this state were dropped.
APSolute Vision now supports the Reset Baseline action when DE8198,
multiple devices are selected. prod00237461
The documentation for the Security Monitoring BDoS Traffic prod00235369
Monitoring Statistics Graph Report Legend was clarified to explain
that the DefensePro device reports Suspected Edge and Attack
Edge in Kbps only.
AVR
AVR forensics and attack details now show the correct action for DE8959,
Anti-Scanning attacks. Previously, a wrong internal mapping of prod00237945
numeric values to strings caused the wrong action to be displayed
for this attack type.
AVR now shows all graphs when exporting a report to HTML or DE9118,
PDF. Previously, some of the graphs were not visible in the prod00238039
exported report.
AVR now accepts special characters in the FTP username. DE10073,
prod00238833,
prod00238786,
prod00238773
AVR Forensics reports now export all enumeration values as DE7567,
strings, including the BDoS states, the Action, and the Direction. DE7138,
This fix is relevant for forensics reports exported as text or sent via DE7139,
email. prod00236875,
prod00227898,
prod00227904
The AVR dashboard now enforces RBAC by policy and only shows DE3691,
data for policies that the user is allowed to see. prod00227941,
prod00168811
AVR charts now correctly show Bytes in the Y-axis legend, for DE9036,
reports that display bytes, instead of wrongly showing the legend prod00237995
count.
RTU licenses can now be installed on APSolute Vision server. DE4244,

prod00234106
APSolute Vision KVM deployment on CentOS 6 is now supported. DE5417
APSolute Vision with APM server deployment now correctly DE5870
displays the MAC address of the APSolute Vision port G4.
APSolute Vision configuration backup scheduled task does not DE6438
wrongly delete system files.
ADC Management
The Real Servers pane (Monitoring > Application Delivery > Virtual DE4543,
Service > Real Servers) now correctly displays the Server State. prod00232507
Application Dashboard 24 Hour and 7 Day graphs are now 233198

created.
APM license allocations per vADC are now displayed correctly in 231467,
Alteon with the VX form factor (System > General Settings > DE3746
APM Enabled Devices).
When creation of a new application name in APM server fails, an N/A
error is presented to the user and the APM status of the virtual
service remains disabled.
Security Management
APSolute Vision now allows copying to clipboard of the footprint N/A

field of attack details.
APSolute Vision now supports the x4420 platform. DE5542,
prod00235215
APSolute Vision now displays security monitoring attacks, following DE4974,
upgrade of APSolute Vision server. prod00234762
Issues regarding configuration of Server Cracking profile action DE4797,
were resolved. prod00234565
Issues with creating a DefensePro cluster when using a non-MNG1 DE3858,
port as default for synchronization have been resolved. APSolute prod00232727
Vision will now allow creating a DefensePro cluster when using
other ports. Previously, only using MNG1 port was supported.
The multi-device view of the Security Monitoring perspective, DE3907,
Traffic Utilization Report will now display the correct policy list prod00232399
when policies on different devices use the same policy name, but
the user has a different RBAC assigned to each policy.
The Signatures table now displays the filtered signatures without DE3964
requiring manual refresh (Configuration > Network Protection >
Signature Protection > Signatures).
The Attack Details pane for SYN Flood attacks now shows the DE4086
Average Attack Rate field.
APSolute Vision will now correctly display the Base Mac Address DE3082
for DefensePro vDP devices (Setup > Global Parameters > Base
MAC Address). This issue was caused by wrong determination of
BASE MAC address. In other DefensePro platforms, the BASE
MAC address was the MAC address of the first interface in the
interface table. This was not the case for vDP, so a different logic
was implemented.
Internal AVR log files (avr_monitoring.log and DE3523,
process_monitoring.log) are now cycled correctly. prod00233484
The Attack Details screen now supports exporting packet capture DE3854,
for attacks of type Behavioral DoS and Out of State. DE6547,
prod00232701
prod00232700,
prod00236026
The AVR now supports the UDP Frag controller BDoS baselines prod00222195
reports.
A spelling mistake in the SNMP trap generated by AVR Alert was DE3857,
fixed. prod00232995
The AVR now correctly shows AppWall devices when their DE7141,
management IP addresses has been modified. prod00227888
AVR reports filtered by “Threat Category” will now show all relevant DE7137,
data. prod00227885
Fixed in Version 3.20 (Build 1360) and Version 3.30
APSolute Vision generates separate SSH keys for each DE5419

installation.
Issues regarding APSolute Vision upgrade were resolved. Security DE4974
monitoring information will be available following upgrade.
The hardware issue regarding ODS-VL PCI error “Card not present DE4105
on Slot(0)” was resolved.
The following security vulnerabilities were resolved:
 CESA-2015:0808
 CESA-2015:0806
 CESA-2015:0251
 CESA-2015:0864
 CESA-2015:0715
 CESA-2015:0767
 CESA-2015:0794
Fixed in Version 3.20 GA (Build 1334 and Build 1360)
The output of the CLI command system techsupport local prod00232298

now correctly specifies the HTTPS protocol instead of HTTP.
APSolute Vision now supports non-default TACACS+ port prod00231647,
configuration. prod00231646
The following security vulnerabilities were resolved: CVE-2004- prod00232606,
0230, CVE-2010-4478, CVE-2010-4755, CVE-2010-5107, CVE- prod00232585
2011-3389, CVE-2011-5000, CVE-2012-0814, CVE-2014-1692,
CVE-2014-2532, CVE-2014-2653, CVE-2014-3570, CVE-2014-
9293, CVE-2014-9294, CVE-2014-9295, CVE-2015-0204, CVE-
2015-0205, CVE-2015-0209, CVE-2015-0235, CVE-2015-0286,
CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-
0292, CVE-2015-0293
Security vulnerabilities regarding access to the APSolute Vision prod00233560
maintenance folder were resolved.
Issues regarding login to APSolute Vision server were resolved. prod00233503,
prod00233498
ADC Management
Filtering of the “Virtual Servers” table is now functioning correctly; a prod00232350

“Configuration Error” will no longer be displayed.
Security Management
AVR now correctly displays physical ports of the x420 (HT) prod00185827,
platform, including traffic reports that are direction-specific reports prod00184568
AVR Forensics report with a specific "Set Criteria" Rule Name will prod00229535,
correctly find relevant matches, even when the policy name begins prod00220684
with a digit.
AVR will show traffic report if all values for all physical ports are prod00227893,
"0". prod00222975
A note was added to the "info" tab for DOS attack related to wrong prod00230146,
PPS data. prod00230137
Attack Details of an SSL SYN Flood attack are now correctly prod00232729,
reported. prod00232728
Fixed in Version 3.20 EA (Build 49) and GA (Build 1334)
Issues with the APSolute Vision upgrade process were resolved. prod00229195,
prod00229189,
prod00231658,
prod00231657
The configuration-download screen now closes after saving the prod00229412,
configuration. prod00229411
Windows 7 USB recovery procedure documentation was updated prod00229550,
to mention that it is required to execute the command prompt with prod00229542
administrator rights.
APSolute Vision now respects the TACACS+ port configuration. prod00231647,
prod00231646
ADC Management
In the APSolute Vision with APM Server deployment, after prod00227095

performing system restore, the APM server component is
available.
APM can be enabled through Vision on a VIP when another virtual prod00230055,
service with the same IP and APM enabled exists. This is prod00230052
supported for Alteon 30.0 and later versions.
Note that this limitation still exists for Alteon 29.5.
DPM no longer moves devices to the deleted state unnecessarily. prod00228088,
prod00211897,
prod00228218,
prod00216093
DPM data retention was improved to prevent excessive CPU use. prod00228103,
prod00213991
Security Management
APSolute Vision now supports scrolling through all included prod00230315,

signatures in a signature profile. prod00230311
APSolute Vision now shows all matching signatures in a signature prod00230530,
profile. prod00230527
Filter details are now available for static signatures. prod00229784,
prod00229767,
prod00229783,
prod00229768,
prod00230314,
prod00230310
APSolute Vision now supports creating more than eight filters per prod00228925,
signature. prod00228921
DefensePro capture files now retain their original length and are prod00231571,
not padded to 1530 bytes. prod00197794
APSolute Vision now displays an error message if the user prod00229416,
attempts to export capture files but no files are available in the prod00229415
APSolute Vision server.
In the Current Attacks table and attack details, the terminology prod00229944
(label) Bandwidth was changed to Volume.
The attack details tab is not wrongly displayed twice. prod00230147,
prod00230138
The traffic monitoring reports now correctly display information for prod00230173,
the ODS3 10G/XG ports. prod00230167,
prod00231650,
prod00231648
AVR will display Traffic Utilization reports. prod00230483,
prod00230482
Fixed in Version 3.00 GA (2256)
APSolute Vision – General
The following security vulnerability has been resolved: CVE-2014- prod00224811

3566
Limitations regarding user RBAC by DefensePro policy that existed prod00223619,
in APSolute Vision 3.00 EA were resolved. The limitations did not prod00223149
exist in earlier versions.
When editing an APSolute Vision local user, the Scope drop-down prod00215606
list now fully opens.
Accessing the APSolute Vision Web-based interface using a prod00221072
hostname that is not FQDN (without a period) now works with all
supported browsers, including Internet Explorer.
APSolute Vision WBM and Alteon on-device WBM now do not get prod00219233
stuck when using Chrome version 36.0.
Issues regarding the APSolute Vision server temperature sensor prod00223920,
were resolved. The numbering was updated and temperature prod00223907,
readings are now correct. prod00223921,
prod00223870
ADC Management
When using APSolute Vision and the APM server VA, the IP prod00206032
address of port G4 (SharePoint data) can now be defined on any
subnet, and the address does not need to be defined on a
separate subnet from the remaining APSolute Vision ports.
Enabling APM in a specific configuration now succeeds. prod00215318,
prod00215172
APM shows the correct transaction name. prod00221907,
prod00221904
Accessing the APM WBM now succeed as expected. This prod00226697,
limitation existed only in APSolute Vision 3.00 EA. prod00226686
Security Management
Limitations regarding Security Monitoring attacks of type Black List prod00223357
that existed in APSolute Vision 3.00 EA were resolved. These
limitations existed only in Vision 3.00 EA.
A typo regarding protocol statistics enum was resolved (“ICMP”). prod00226521,
prod00226518
The Update Policies button now does not disappear from the prod00224367
device toolbar. This limitation existed only in Vision 3.00 EA.
Updating a device driver while APSolute Vision is being accessed prod00221487
by its hostname now succeeds. The limitation existed only in Vision
3.00 EA.
The APSolute Vision Reporter User Guide was enhanced to prod00224615,
include explanation regarding the total number of Kbits per attack prod00224593
calculation.
Signature creation now does not fail. This limitation existed only in prod00226413
Vision 3.00 EA.
Fixed in Version 3.00.00 build EA (128) and GA (2256)
APSolute Vision – General
The following security vulnerabilities have been resolved: CVE- prod00216073,

2013-2566, CVE-2008-5161, CVE-2014-6277, and CVE-2014- prod00216072
6278.
APSolute Vision now correctly displays its platform: “Vision ODS- prod00208406,
VL” for the physical appliance, "Virtual" for the virtual appliance. prod00208404
ADC Management
None N/A
Security Management
The following AVR reports now display correct historical prod00208141,

information: prod00185458,
 Traffic Reports—Traffic Reports – Kbps: prod00208147,
prod00178379
 Traffic Utilization—Inbound (Kbps)
 Traffic Utilization—Outbound (Kbps)
 Traffic Utilization (Kbps)
 Traffic Reports—Traffic Reports – PPS:
 Traffic Utilization—Inbound (PPS)
 Traffic Utilization—Outbound (PPS)
 Traffic Utilization (PPS)
Importance: High
Occurrence: Consistent
Workaround: None.
The information displayed in the APSolute Vision client Security
Monitoring pane perspective Traffic Utilization reports can be used
for real-time traffic utilization monitoring.

The AVR dashboard pane now displays full data, and does not prod00207958,
restart itself. prod00204535,
prod00208772
APSolute Vision now allows breaking a DefensePro cluster when prod00208738,
one or both of the devices in the cluster are down. prod00208737
The APSolute Vision Reporter User Guide was updated to include prod00217534,
information on the OIDs of SNMP traps generated by AVR. This is prod00217533
included in Appendix B—AVR MIB.
The AVR online help was updated to state that export packets to prod00208140,
the ethereal format is not supported for the Anomalies category. prod00202628
Discrepancies in AVR report APSolute Vision 2.00 - build 634 (Fix prod00207955,
pack) were resolved. prod00185491
On the Geo Map in APSolute Vision, “Panama” was mapping out prod00194482,
to “Ecuador”. Note that as the Geo Map feature is not supported by prod00189629
APSolute Vision 3.00. This fix is planned to be available in a future
APSolute Vision version.
AVR forensic reports now display the correct value for "Unknown," prod00207954,
also when the data is exported. prod00196458
The APSolute Vision Reporter User Guide was updated to explain prod00216273,
the meaning of the “Action = Modified” value. The value Modified prod00216272
is reserved for AppWall alerts.
The documentation was updated to explain that if you open the prod00215012,
APSolute Vision client using an FQDN, AVR can open only if the prod00215010
FQDN and the APSolute Vision system hostname match. APSolute
Vision administrators can modify the hostname using the system
hostname set command.
Signature file update now functions correctly, and does not falsely prod00219996,
report a successful update when the update actually failed. prod00219993
APSolute Vision now displays the complete signature description prod00222949,
for DP-HTQ devices. prod00222948
Traffic Monitoring graphs now display correct information for multi- prod00209003,
device (including site) selection. prod00191183,
prod00191606

The AVR online help included in traffic reports now explains that prod00208390,
AVR reports by hour group information for specific hours across prod00208387
the reporting period, even when the report period includes multiple
days.
Default AVR alerts were changed to include “Event Type = Attack.” prod00209853,
Events whose action is “0,” which represent AppWall alerts, do not prod00209850
trigger default alerts.
AVR did not display a negative packet count value in forensic prod00208143,
reports. prod00196077
In the real-time Security Monitoring Protection Monitoring reports prod00221657,
“suspect” and “attack” edges were not updated when the BW prod00221644
defined in the BDoS profile changed.
Fixed in Version 2.40.00
When using the APSolute Vision with APM Server VA, after prod00207127,
performing a backup and restore of the APSolute Vision prod00207523
configuration or a full APSolute Vision backup, the APM server
license was not retained.
The following limitations regarding APSolute Vision with APM 206007,
Server (VA) were resolved: 206005
 The command net route set host is supported for all
ports.
 The APSolute Vision full system restore restores the IP
address of all ports.
The JBoss admin application is now disabled by default. prod00199473,
prod00195858

The following security vulnerabilities were resolved: prod00203756,
 SSL ciphers weak encryption prod00195457
 SSL version 2 enabled
jmx-console security issue (CVE-2010-1428 and CVE-2010-0738)
APSolute Vision will no longer wrongly display the message: "The prod00205216,
Data Reporting Destinations Table on the device is full.", when the prod00205213
table is not full.
When using the APSolute Vision with APM Server VA, after prod00207127,
performing a backup and restore of the APSolute Vision prod00207523
configuration or a full APSolute Vision backup, the APM server
license was not retained.
ADC Management
Changing the name of a Virtual Service that has APM enabled will 206666
not cause the apply operation to fail.
Security Management
AVR will allow the special characters "-" and "@" within the user prod00199773,
name of the SMTP Settings. prod00188804
The AVR applet was updated to use a new certificate, and now prod00205305,
supports the Java 7 update 51 mandatory security attributes. prod00204283
AVR traffic reports will correctly display data, and will no longer prod00199776,
truncate the data to display the last 10 days. prod00188342,
prod00208142
Issues regarding use of the UTC (Coordinated Universal Time) prod00166056,

timezone were resolved. In some cases, APSolute Vision security prod00164938,
monitoring time and date showed inaccurate date and time prod00204373
information. The bug that was resolved occurred due to a Windows
and Java date/time issue for the specific timezone: UTC
(Coordinated Universal Time). Other UTC timezones (containing a
city name) functioned correctly (for example, UTC London or UTC
Casablanca).
After configuring an APSolute Vision IP address using the first-time prod00198585,
wizard, APSolute Vision sent unnecessary DHCP requests. prod00198782
If the default GW is not configured, APSolute Vision now blocks the prod00186887,
CLI command net nat set with a proper error message. This fix prod00198318
prevents cases where the APSolute Vision server cannot start
because no route is available to the IP address configured using
the net nat command.
APSolute Vision will prevent specifying a NAT hostname that prod00195101,
contains a period, except for the Vision hostname vision.radware. prod00194957
Changing the Vision Support password requires restarting prod00194814,
APSolute Vision server. The system will now prompt the user to prod00190295
restart the system after changing the password.
APSolute Vision now displays the correct SYS OK LED on the prod00193580,
APSolute Vision box. prod00193682
prod00193030
APSolute Vision now allows deleting a NAT name that contains an prod00194935,
underscore. prod00194966
Vision Client UI now correctly displays the APSolute Vision prod00198187,
management IP address. prod00172312
APSolute Vision reduced unneeded access attempts towards the prod00195094,
device, to prevent the user from getting locked out immediately, if prod00195027
wrong credentials were supplied while adding the device to
APSolute Vision.
If configuration of remote storage fails, the APSolute Vision server prod00189046
reverts to use local storage.
The user guide was updated to provide additional information on prod00195100,
how to use the file-export CLI commands. prod00194983
The link for exporting a traffic capture file from APSolute Vision prod00204967,
server was fixed, and no longer displays a broken link. prod00204953
CVE-2010-1428 and CVE-2010-0738 were resolved. prod00198808,
prod00196950
The Tomcat management page will no longer be accessible over prod00197079,
port 9443 of the APSolute Vision server. This is also related to prod00195551,
NFR prod00189173. prod00199471
APSolute Vision no longer allows /invoker/JMXInvokerServlet prod00203263
without a password.
APSolute Vision Reporter supports the handling of AppWall prod00200274
events.
ADC Management
When working with a large number of devices (800 real servers, prod00178192,
400 virtual servers, and 400 groups), using DPM on IE9, the prod00186740
application no longer stops responding after 20–30 minutes.
In the DPM VX dashboard, the Fan Status now refreshes prod00190884,
automatically on Alteon 6420. prod00190808,
prod00193967
After changing the DPM chart type and returning to the original prod00185852,
chart type, the display no longer has missing legends and values. prod00185285
An ADC Operator user no longer changes the Admin Status of the prod00194840,
Real instead of its Operational Status in the Server Group. prod00192626,
The Alteon Server Group operational status column now displays prod00194841,
correct information. prod00191636
Security Management
The timeout for the Update Policies command on x420 series Related to
platforms was increased, to prevent unnecessary retransmissions. prod00187173
The geo-location mapping was updated with correct coordinates prod00194482,
for Panama and Ecuador. prod00189629
APSolute Vision will correctly display attack capture files, sent by prod00200861
DP devices.
The online help for the APSolute Vision server NTP command was prod00193586,
corrected. The correct option is prefer. prod00189634
The APSolute Vision UG was updated to specify that restoring prod00190461
configuration/system/AVR can be performed from the CLI.
For upgrade from Vision 1.30 build 669 or earlier with Vision 2.00 prod00190604
build 605, the NTP service needed to be started using the
command system ntp service start.
Following upgrade to Vision 2.15.10, this is no longer necessary.
The APSolute Vision upgrade process could hang if NTP was prod00190919,
configured and the OS and HW clocks were out-of-sync. prod00190919
The tech-support password no longer reverts to the default prod00191400
following upgrade. This fix is supported only after upgrade from
version 2.15.00 and later. For earlier versions, the tech-support
password still reverts to default after upgrade.
The APSolute Vision client no longer displays alerts specifying prod00193576,
"warning The time values from Vision server deviate from expected prod00192842
values ..." when the client PC and server are in sync.

The following security vulnerabilities were resolved by upgrading
the OS to Centos 6.4: CVE-2007-6514, CVE-2012-0053, CVE-
2012-4929, CVE-2012-4930, CVE-2013-1862 CVE-2012-3499,
CVE-2012-4558, CVE-2012-2687, CVE-2011-4317, CVE-2012-
0031, CVE-2011-3607, CVE-2011-3638, CVE-2011-3368, CVE-
2011-3348, CVE-2011-3192, CVE-2010-1452, CVE-2009-3555,
CVE-2009-3555, CVE-2005-3357, CVE-2005-3352, CVE-2005-
2700, CVE-2005-2728, CVE-2005-2088, CVE-2005-1268, CVE-
2004-2069, CVE-2011-5000, CVE-2012-0053, CVE-2011-3607,
CVE-2012-0031, CVE-2009-3555, CVE-2012-4929.
ADC Management
None
Security Management
APSolute Vision server now supports reporting for a larger number prod00193960,
of DefensePro policies and profiles. As a result, real-time prod00193916,
monitoring graphs no longer display gaps if the system is run prod00195838,
according to the scale limitations provided in the RN. prod00195831,
prod00194001,
prod00194116
The AVR traffic reports no longer display data for port "unknown". prod00195081,
prod00166804
The APSolute Vision User Guide was updated to provide more prod00170222
information regarding RBAC per DefensePro policy. The real-time
monitoring limits data for the devices that are limited by a
DefensePro policy, and displays full data for all other devices.
The total number of sampled rows will now display the correct prod00187099,
value for the selected attack, and not the total number of sample prod00187042
data rows in the system.
The algorithm for generating the name of RSA filters was adjusted prod00190417,
to make sure unique names are generated for each filter. This prod00190261
prevents failures to create the relevant DefensePro filter due to
non-unique name.

APSolute Vision server now updates all internal clocks after prod00194690,
performing a full restore operation. In the process, the MySQL prod00194688
server is restarted.
APSolute Vision store DefensePro packet capture files up to a prod00175236,
length of 1530 bytes, instead of the previous 255 bytes. prod00136354,
Additionally, APSolute Vision now stores up to 10 packet capture prod0013748,
files per attack, every 10 minutes, for ongoing attacks, for which prod00120669
DefensePro is forwarding packet capture files.
Fixed in Version 2.15.00 build 240
The HTTP timeout for the AVR was updated to 3000 seconds. prod00192589
,
prod00193630
The 2.15.00 build 195 installation process wrongly notified that it prod00189478
completed, prior to the actual completion of the upgrade process. ,
As a result the AVR did not function correctly. The upgrade prod00193244
process of 2.15.00 build 240 was updated to provide clear ,
indication that the upgrade has completed for all of its prod00189227
components.
Fixed in Version 2.15.00 Builds 195 and 240
APSolute Vision server will provide an error message if creating prod00177939,

a backup file fails. No temporary corrupted backup file will be prod00164536
created.
APSolute Vision VA will now be installable on an ESX machine prod00175242,
using an AMD CPU. prod00168032
The APSolute Vision database was optimized to prevent prod00176940,
database overload, which could result in the APSolute Vision prod00170980
client failing to connect to the server.
APSolute Vision client will now display the correct Requires prod00178721,
Reboot status, even if the device is rebooted external to the prod00178563
client, for example from the CLI.
Changes to the syslog configuration of APSolute Vision will now prod00185522,
be correctly applied. prod00184613
APSolute Vision server console will no longer display the prod00185523,
message "Server is running but not responding". When the prod00185018
server is in the process of initialization and cannot yet determine
whether the initialization completed successfully, the user will be
notified with following: “The APSolute Vision Application Server
is now loading. Please check the server status in a short while,
using the command: 'system vision-server status', to verify
successful start-up.”
ADC Management
The DPM multi-device dashboard will no longer display an error prod00177333,

message after remaining open for over an hour. prod00172757
The DPM database connection handling was improved to prod00176921,
prevent leaving unused open connections. prod00176673
DPM Dashboard—A timeout error will no longer appear after prod00177338,
modifying the device configuration. prod00177250
Memory widgets were removed from the DPM dashboard. prod00177498,
prod00177358

Virtual services associated with the SharePath server were prod00178453
removed once a new device configuration is imported.
APSolute Vision Web Application AppShape template will no prod00185520,
longer create an SSL-related configuration when SSL is not prod00179419
selected.
The APSolute Vision AppShape Web Application will no longer prod00185521,
fail the verification process when the configuration is valid. prod00179520
DPM will display fractions, and not round values to zero for the prod00175260,
following reports: prod00185858
 Multi Device Dashboard Throughput Utilization graph
 Network Performance per Real Server
 Network Performance of Application per Real Server
 Network Performance per Port
 Total Usage of Resources per RS
Security Management
AVR will now support export of PCAP files for attacks of type prod00175262,
Intrusion. prod00141880
AVR exported forensic reports will now correctly display the prod00169877,
device name, instead of the internal device identifier. prod00146499,
prod00169878,
prod00158570
AVR will now display the action field using the same values as prod00175252,
the real-time Current Attacks table values in the Security prod00157734,
Monitoring perspective. The action field values will no longer be prod00176670,
aggregated to Allowed/Denied. prod00167889,
prod00175243,
prod00172154
AVR Report creation will no longer display an endless progress prod00169876,
bar when the option Aggregate Data by Day is selected. prod00167701
The AVR graphs will no longer be cut and display inaccurate prod00176731,
information under the Y axis. prod00176370

Vision 2.15 adds AVR support for the DNS attack type, including prod00186130,
attack details. prod00186099
Fixed in Version 2.10.00 Build 745
APSolute Vision internal web server log file will be truncated when prod00178753
it reaches 10 MB.
ADC Management
None
Security Management
None
APSolute Vision will no longer download corrupt device drivers prod00172266,

every 15 seconds. The corrupt status will be stored internally, and prod00172215,
APSolute Vision will cease retrying to download it. prod00177101,
prod00177093

Database access permissions will not be overwritten during the prod00173949,
APSolute Vision upgrade procedure. prod00173866
Performing APSolute Vision Reporter data export will warn the prod00171074,
user that "If the database is large, this operation can take several prod00170178
minutes." before beginning the export.
APSolute Vision will correctly handle error messages when prod00167714,
performing APSolute Vision configuration backup using FTP. prod00167385
NMS IP address configuration in initial set-up will not prevent prod00165781,
APSolute Vision from being able to manage the device. prod00165736
Appropriate error messages will be displayed to the user.
An APSolute Vision server database table column size was prod00168294,
increased to handle IP addresses with additional characters. prod00157769
The output of the APSolute Vision system statistics CLI command prod00168283,
was changed to allow better understanding of the current system prod00156991
state.
When the system is configured to use non-standard font sizes, prod00165932,
APSolute Vision will now correctly display the layout of the client. prod00150763
APSolute Vision server firewall was modified to prevent the prod00174755
vulnerability: CVE-1999-0524 (ICMP timestamp requests (icmp-
timestamp (322) Low Risk).
ADC Management
Issues regarding synchronizing an Alteon 5224 master to backup prod00170923

were resolved.
AppShape SAP: The weight sent by the SAP server is ignored. prod00167716,
The weight is configured as "1", unless the weight is "0", in which prod00167494,
case, APSolute Vision disables the real server. prod00167493,
prod00167715
Issues regarding the "Manage Device" menu item being disabled prod00167709,
were resolved. prod00166374
Security Management
Issues regarding Security Monitoring > HTTP Reports were prod00173355,

resolved. Data for newly added policies will be correctly displayed. prod00173257
A scheduled AVR backup now correctly indicates success or prod00173356,
failure when copying files to a remote directory. prod00172590
Security Monitoring > Traffic Monitoring reports are now available prod00171687,
both for RADIUS authentication and local authentication. prod00171575,
prod00171686,
prod00171574
The Current Attacks table Start Time column now displays date prod00171355
and time, the same as the dashboard.
Issues regarding RBAC by DefensePro policy in the Security prod00171302,
Monitoring dashboard were resolved. prod00171238
APSolute Vision data collection was optimized, which will allow prod00171080,
APSolute Vision to perform better under stress, prevent the prod00170931,
database from filling up, and prevent cases where AVR could not prod00167708,
display attack details. prod00165755,
prod00165980,
prod00155891
The Traffic Monitoring graphs in the Security Monitoring prod00171076,
perspective now correctly indicate time points with missing data, prod00170136,
and will not link the points before and after the missing data. prod00168574,
prod00168401
The default value for the Show Traffic field of the Traffic prod00169431
Monitoring > Traffic Utilization graph was changed to Both.
Known Limitations
This section lists all known limitations for this release.
The Search functionality fails when the search field contains a 214807,
number sign (#) or ampersand (&). 214805
Importance: Medium
Workaround: None.
When changing the timezone for an existing APSolute Vision 131837
server that already has data, some of the existing dates/times
are incorrectly shifted by a few hours.
Affected items:
 Existing alerts
 Scheduled tasks
 Security real-time reports (last 24 hours)
 Graphs for open attacks (in attack details)
 Existing device backups
Importance: Medium
Workaround:
 Alerts—Automatically get resolved with new alerts.
 Scheduler—Task time needs to be manually fixed.
 Security real-time reports—Automatically get resolved after
24 hours.
 Attack graphs (in attack details)—Automatically get resolved
for new attacks.
KVM Installation of APSolute Vision fails if the machine name DE3922,
includes an open parenthesis or a close parenthesis (that is, a ( 233615
or a or ) symbol).
Importance: Medium
Workaround: Do not use these characters in a machine name.
Software upgrade of managed devices may fail in networks with N/A
high latency or when the software upgrade file is very large.
Importance: Medium
Occurrence: Intermittent
Workaround: Upgrade the device using the device Web-based
management or device CLI.
When a user was created with APSolute Vision, connecting to 157174
devices using SNMPv3 with SHA authentication and encryption
sometimes fails.
Importance: Medium
Workaround: Create the user using the CLI or WBM, or create
an SHA user without encryption.
When device SNMP settings in APSolute Vision change from vDirect #4000
SNMPv2 to SNMPv3, the ADC instance in vDirect is not
modified accordingly.
Only the ADC container is configured with the new SNMPv3
settings.
Importance: Medium
Workaround: Modify the ADC instance connection info using the
vDirect interface.
Access to APSolute Vision with IE11 fails when using the DE4457,
APSolute Vision server name. 234349
Importance: Low
Workaround: Access APSolute Vision with the server IP address
instead of the server name.
Creating or breaking a DefensePro cluster fails if the device 219355,
HTTPS credentials of either of the devices are incorrect. The 219351
error message is not informative.
Importance: Low
Workaround: Correct the HTTPS credentials and try again.
If the authentication mode is TACACS+ and the password for 228370,
the radware user has expired, you will not be able to update the 227438
password for that user from the Login dialog box.
Importance: Low
Workaround: Use the CLI command to update the radware
password.
After adding a single device to an APSolute Vision device list 231297
with no other devices, and then deleting the device, the device
still appears in the device list until you manually refresh the
APSolute Vision WBM.
Importance: Very Low
Occurrence: Consistent, when the device list is empty
Workaround: Refresh the page.
When changing a valid certificate to a self-signed certificate (with DE17730
a warning), login to APSolute Vision using an IE browser fails.
Importance: Low
Occurrence: Consistent, after changing the certificate
Workaround: Clear the browser cache.
Radware registers all devices in the install base with their base prod00248264,
MAC address, which usually ends with the digit 0. A base MAC prod00248311,
address ending with the digit 1 is not supported for APSolute DE20277
Vision physical appliance.
Importance: Low
Occurrence: Consistent, when the base MAC address ends with
1
Workaround: Provide an upgrade password manually.
The following characters are not supported in FTP passwords: ?, prod00250745,
&, and ' (question mark, ampersand, and single straight quote). prod00250811,
When these characters are used, the configuration backup task DE22513
fails.
Importance: Low
Workaround: None.
When installing a new RTU license in the License Management DE20915
tab (APSolute Vision Settings view System perspective, General
Settings > License Management) and then clicking Submit,
the status icon of the affected devices is not automatically
refreshed.
Importance: Low
Workaround: Manually refresh the APSolute Vision Web page.
Names of logical groups of devices (Logical Groups) cannot DE22207
include the following characters: ?, &, and ' (question mark,
ampersand, and single straight quote).
Importance: Low
Workaround: None.
After upgrading APSolute Vision software, the Alert Table will be DE21290
empty for several minutes, with no alerts registered before the
upgrade.
Importance: Low
Workaround: None.
In the AppShapes Service tab, if you enter a filter value in the DE21462
Device Name column, no results display.
Importance: Low
Workaround: None.
ADC Management
When using APSolute Vision version 3.x with Alteon versions DE645
earlier than 30.0.4.10, FastView screens are not displayed
correctly. This includes the edit FastView Web Application
screen and the Treatment Sets configuration screens.
Importance: Medium
Workaround: Upgrade to Alteon version 30.0.4.10 or later.
The name of a vADC displayed in the Organization tree may not 166008,
reflect the switch name (Configuration perspective, System > 147376
SNMP > SNMP Settings > Switch Name) if the switch name is
modified after the vADC is added to the tree.
Importance: Medium
Workaround: None.
In Alteon version 31.0 and later, site selection based on the Geo DE21625
Location allows configuring continent, country, and states.
However, when using special characters, for example, “Entre
Ríos Province” state under “South America” > “Argentina”, a
configuration error is displayed.
Importance: Medium
Workaround: None.
In the Service Status Dashboard (APSolute Vision Settings view DE22060
Dashboards perspective > Service Status Dashboard), when
selecting specific devices for filtering and then clicking APPLY,
the selected devices are not be saved when the page is visited
again. Rather, the default, selected devices are shown as
selected.
Importance: Medium
Workaround: Apply the filter in Play mode.
In the Service Status Dashboard (APSolute Vision Settings view DE22136
Dashboards perspective > Service Status Dashboard), filters
do not apply if you can change them while in Pause mode.
Importance: Low
Workaround: Apply filters in Play mode.
Exporting an Alteon configuration using IE browser version 11 is prod00249273,
not supported. DE21168
Importance: Low
Workaround: None.
When the selected language is Chinese, in the Alteon DE19595
Configuration perspective, under Application Delivery > DNS
Authority, the label of the Service Down Response parameter
and the values of the drop-down list are not translated from
English into Chinese.
Importance: Low
Workaround: None.
When using Alteon with an embedded AppWall module,
launching the AppWall applet screens requires a direct route
between the APSolute Vision WBM client and the Alteon device.
Device Performance Monitoring (DPM)

When using vADCs, when working with fewer than four (4) CUs, 173562,
sometimes the XML file is sent every 18 seconds. 174341
Importance: Medium
Workaround: None.
The DPM Total Statistics per Port report displays inaccurate 174590
throughput information. Alteon adds 34 more bytes for each
session. For some outgoing packets, the TX adds 4 bytes more
than needed.
Importance: Medium
Workaround: None.
The Network Performance per ADC - PPS report counts the 176008
packets that entered and exited the data port instead of counting
only packets that entered the data ports.
Importance: Medium
Workaround: None.
When the MP CPU utilization is high, sometimes Alteon sends 176022
the reporting XML file to the Telnet port rather than port 3030.
Importance: Medium
Workaround: None.
For all reports for FTP traffic, Alteon counts only the control 176456
sessions and not the data.
Importance: Medium
Workaround: None.
After upgrading to a new version of APSolute Vision, DPM fails 206035
to open. The following error message displays: Failed to retrieve
user RBAC details.
Importance: Medium
Workaround: Clear the browser cache.
In the DPM Dashboard (Application tab), a pie chart displays 232419,
incorrect status of the selected real servers. DE3933
Importance: Medium
Workaround: For Alteon version 30.2 and later, use the
Application Delivery View of the Alteon Dashboard, which
provides the same information.
DPM does not display a session-expiration event when an 233262,
APSolute Vision Security Monitoring timeout occurs. Timeout is DE3849
enforced only after browser-reload or page-reconnect, displaying
the message: “You can launch the Device Performance Monitor
interface only through the APSolute Vision client.”
Importance: Medium
Workaround: None
There is a slight inconsistency between the DPM Connections 245431,
and Bandwidth fields shown in Mbits under Report > Total 243405,
Usage per real server > Total Usage of Resources per Real DE17765
Server and the information displayed in the CLI.
Importance: Low
Workaround: None.
When Alteon redirects to a URL string that is longer than 64 prod00249091,
characters, the DPM dashboard does not display any data for prod00249092,
the Alteon device. DE21006
Importance: Medium
Workaround: Contact Radware support for a mitigation
procedure.
Application Performance Monitoring (APM)

APM uses AppShape++ script index #16. 178705
Importance: High
Workaround: Add the event disable_current command
under the if statement that includes the HTTP::respond
command. This forces Alteon to skip the next script, which is the
APM script (relevant in cases that the APM script is not needed
when there is an HTTP::respond command, since Alteon
responds instead of the server)..
Downloading a report from the Report Queue view does not 232794
work, producing an error message, “The Webpage is not
available.”
Note: This limitation exists only when upgrading existing
installations.
Importance: High
Workaround: In APM, select Settings > Parameters > Show All
Parameters > reportsURL. Modify the value of the reportsURL
parameter to the format
https://<APSolute Vision management IP address
(usually G1)>/sharepath-reports-rad, and then, click
Save.
Note: This issue exists only when upgrading existing
installations.
When disabling APM on a virtual service, the AppShape++ script 172617
used for that service is not automatically deleted.
Importance: Medium
Occurrence: Consistent on Alteon 29.5 only
Workaround: Manually delete the script from the AppShape++
Repository in the Configuration Perspective, Application
Delivery > Virtual Services > AppShape++.
Upgrading APSolute Vision with APM from version 3.20.00 to N/A
3.30.00 may require manual reboot.
Importance: Medium
Occurrence: Rare
Workaround: If the upgrade procedure is stuck during the final
step of reboot, do the following to verify that the service has
started, and then, reboot manually. Log in as root and type the
following command service vz restart. If an error
message is received “can't load module xxxx” or “can't find
module xxxxx”, reboot the system.
GeoIP: When adding new entries to an existing database, new 239337,
entries with IP-address ranges overlapping existing IP-address DE11141
ranges are not inserted into the database.
Importance: Medium
Workaround: Use private IP-address-resolution and manually
delete the entries using the APM UI.
After upgrading APSolute Vision from version 3.00.00, APM DE11367
stops sending mail notifications when exceeding the application
SLA.
Importance: Medium
Workaround: Perform an internal manual upgrade after the
upgrade is completed.
Application SLA SMTP alerts can only be sent via the G4 port. DE13752
Importance: Medium
Workaround: None.
Accessing an APM server from an external instance of APSolute 230460
Vision (that is, an APSolute Vision instance running without an
embedded APM Server) fails.
Importance: Low
Workaround: Automatic authentication of APSolute Vision server
on the remote APM will fail. APSolute Vision displays a login
screen, for providing the remote APM user/password.
The following limitation exists regarding APSolute Vision with 206004
APM Server VA: A ping to addresses via the G4 port only
returns correct information from within the APM shell. When
performing a ping from the regular APSolute Vision shell, the
user receives a “no reply.”
Importance: Low
Workaround: None.
When launching APM for the first time, login parameters are 230309,
required; the login is not done automatically. DE17124
Importance: Low
Workaround: Close the tab and click the APSolute Vision APM
button. APM launches automatically, without needing to log in
again.
APSolute Vision does not list APM-enabled services defined on 230957
Alteon version 29.5 with APM Server other than the one
configured in APSolute Vision.
Importance: Low
Workaround: None.
The list of APM-enabled services that are monitored may be out- N/A
of-date if the changed configuration is not applied. Note that it
may take a few seconds for the Apply is Required indication to
be displayed.
Importance: Low
Workaround: When changing the status of APM from enabled to
disabled or vice-versa on a virtual service, wait until the Apply
button is highlighted with a yellow background, before clicking
the Apply button.
Online help does not show relevant information when selected DE13314
from Advanced Search view.
Importance: Low
Workaround: Launch online help from any other view. Select the
search tab, and search for a “search” key word.
When there are no APM enabled virtual services, only a user DE15700
with an Administrator role can access the APM server.
Importance: Low
Workaround: None.
Free-text search in the APM Advanced Search screen operates DE13058
through the keyword pattern only. Searching according to any
text that is part of the transaction data does not work.
Importance: Low
Workaround: Use a specific keyword/parameter combination as
suggested in the UI example.
Clicking Delete Application only hides the application. DE14811
Importance: Low
Workaround: Delete the application through Alteon.
When a demo/evaluation license is installed, the APM functions prod00247478,
well, but the SLA dashboard does not show the data for the User DE21488
Experience SLA and for the Data Center SLA columns.
Importance: Low
Workaround: None.
When the Compatibility view settings is set in the end-user’s IE DE19725
browser, the beacon sent from the browser includes pure lower-
case header names, which are not processed by the APM
server.
Importance: Low
Workaround: Disable Compatibility view settings in the end-
user’s IE browser.
In the APM server, in Monitoring - Applications > DE21690
Applications View > User Experience Information, when
clicking on a specific application, a menu pop-up shows a list of
view navigations available to the user. When the selection is
Locations SLA, a system error notification is shown due to an
incorrect path.
Importance: Low
Workaround: Manually navigate to Monitoring - Locations >
Locations View.
When the APM server sends a mail alert due to an SLA breach DE21719
that includes a link to a realtime_compare_good_vs_bad report,
when clicking on the link, a system error notification is shown
due to an incorrect report path, preventing the user from viewing
the report.
Importance: Low
Workaround: Manually log in and navigate to Monitoring –
Applications > Application Dashboards > User Experience
Information and click on the columns in the Transaction Volume
graph.
Security Management
When importing large configuration templates to a DefensePro DE7918
device, sometimes the process can take more maximum
supported session timeout. The APSolute Vision server will then
close the HTTP connection due to connection timeout.
Importance: High
Workaround: None.
The Toolbox script DefensePro Export/Import Policies does not DE17560
support exporting a user-defined Signature Protection profile.
Importance: High
Workaround: Export manually using the DefensePro WBM.
When a user has permission only to some of the defined DE19420
policies, when none of the policies are selected in the Traffic
Utilization Report pane under Traffic Monitoring > Traffic
Utilization Reporting, the displayed traffic is not subject to the
defined policies permission.
Importance: High
Workaround: None.
Ongoing Attacks and Alerts tables are limited to 10,000 rows per DE21445
request, using APSolute Vision Web UI and REST API.
Importance: High
Workaround: Using the APSolute Vision Web UI, refine your
filter criteria. For REST API, use smaller time intervals.
Starting with Chrome version 42 (released April 2015), Chrome N/A
has disabled the standard way in which browsers support
plugins. This affects launching the AVR.
Importance: Medium
Workaround: Enable NPAPI in Chrome Version 42 and later.
As of Chrome Version 42, do the following to continue using
NPAPI plugins:
In the address box, enter chrome://flags/#enable-npapi
For the Enable NPAPI configuration option, click the Enable
link.
Click the Relaunch button that is displayed at the bottom of
the configuration page.
Developers and system administrators looking for alternative
ways to support users of Chrome can see:
https://blogs.oracle.com/java-platform-
group/entry/java_web_start_in_or, in particular, the “Running
Web Start applications outside of a browser” and “Additional
Deployment Options” sections.
APSolute Vision does not support creating DefensePro high- DE9536
availability clusters for DefensePro VA devices.
Importance: Medium
Workaround: Use CLI or WBM to create the clusters.
You cannot add, edit, or view DefensePro profiles if the profile 83357, 70732,
name plus the name of the first rule is longer than 80 characters 83302, 70730
(Network Protection > Signature Protection > Signature
Profiles).
Importance: Medium
Workaround: Use CLI or WBM to add or edit the profiles.
APSolute Vision does not process SNMP traps and IRP 212642
messages received on an interface that it did not use to register
in the device target table.
Importance: Medium
Workaround: Register in the device target table with the
APSolute Vision interface that is used to receive device traps
and IRP messages.
AVR alerts may be triggered when the traffic is below the DE6353,
configured threshold. This may occur if the threshold setting is 232749
configured to an option other than Trigger this rule if it occurs
at all. The only recommended option to finalize the threshold
settings of AVR rules is Trigger this rule if it occurs at all.
Importance: Medium
Workaround: None.
When upgrading from APSolute Vision 3.40, APSolute Vision DE17541
does not retain the DefensePro Configuration Template tasks
that were configured before the upgrade.
Importance: Medium
Workaround: None.
For each AppWall device, the Device Subscriptions table DE19964
(APSolute Vision Settings view System perspective, Device
Resources > Device Subscriptions) does not show the real
values in the Valid Support Agreement, Valid SUS Agreement,
and Valid RSA Updates Agreement columns.
Importance: Medium
Workaround: None.
When a Virtual DefensePro device is registered using its IP DE19965
address instead of its MAC address, the Device Subscriptions
table (APSolute Vision Settings view System perspective,
Device Resources > Device Subscriptions) does not show the
real values in the Valid Support Agreement, Valid SUS
Agreement, and Valid RSA Updates Agreement columns.
Importance: Medium
Workaround: None.
If multiple DefensePro devices have policies with the same 232399
name, and a user has RBAC for security monitoring information
for some of the policies, but not all of them, security-monitoring
information for all of the policies with the same name will be
available to them.
Importance: Low
Workaround: None.
When creating or breaking a DefensePro cluster, if the device 219351,
HTTPS credentials are wrong, an inaccurate error message is 219355
displayed, and the action fails.
Importance: Low
Workaround: Update the HTTPS user and password in the
device properties screen.
When updating security signatures from RSA, sometimes the DE6000
Web UI displays that the status of the task as In Progress,
when actually, it has already completed successfully.
Importance: Low
Workaround: Refer to the RSA Signatures Last Update
timestamp in DefensePro under Monitoring > Operational
Status > Overview > Signature Update.
When importing a DefensePro configuration file, sometimes the DE6379
Web UI indicates an incorrect status 503 (Service Temporarily
Unavailable), even though the action has actually completed
successfully.
Importance: Low
Workaround: None.
Upgrading DefensePro version 7.41.00 build 51 to version 236003,
7.41.01 build 18 fails and displays the following error notification: DE6553
“M_00359: Http Protocol Error: 10.78.23.20:8443 failed to
respond.”
Importance: Low
Workaround: Upgrade using CLI or the DefensePro WBM.
The Toolbox script DefensePro Export/Import Policies fails when DE18761
selecting a policy named [All], which represents all policies.
Importance: Low
Workaround: Select the Transfer All Policies checkbox.
When upgrading to APSolute Vision 3.70.01 or later, if the Users DE20804
Must Change Password at First Login parameter in APSolute
Vision is enabled (System > User Management > User
Management Settings), the defenseflow user, in DefenseFlow
version 2.5 and later, might not be able to log in to APSolute
Vision without changing the defenseflow password.
Importance: Low
Workaround: Log in to APSolute Vision CLI as the defenseflow
user and change the user password. Log in to APSolute Vision
WBM as an Administrator user. Then, select System > User
Management > Local Users and change the password of
defenseflow user to defenseflow.
In the Local Users table, the Password Expiration Date column DE21086
displays a date for the msspportal and defenseflow users.
However, the passwords of users with the System User role,
such as the msspportal and defenseflow users do not expire.
Importance: Low
Workaround: None. You can ignore the date in the Password
Expiration Date column for the msspportal and defenseflow
users.
The default password of the defenseflow system user does not DE21102
match the APSolute Vision default password, so when resetting
the default passwords in APSolute Vision, the defenseflow
user’s password will be different.
Importance: Low
Workaround: Log in to APSolute Vision WBM as an
Administrator user. Then, select System > User Management >
Local Users and change the password of defenseflow user to
defenseflow.
A DefenseFlow instance can successfully reconnect to APSolute DE21130
Vision after DefenseFlow is unregistered in the APSolute Vision
CLI.
Importance: Low
Workaround: Restart the all APSolute Vision services (system
vision –server stop, system vision –server
start).
In the DefenseFlow Security Monitoring Current Attacks Table, DE20766
the Attack Protocol column does not include Non-IP.
Importance: Low
Workaround: None.
APSolute Vision uses different time formats (24H and 12H) to prod00250448,
display the same attack event in Security Monitoring Ongoing prod00250449,
Attacks Monitor and Current Attacks Table. DE22133
Importance: Very low
Workaround: None.
APSolute Vision Reporter (AVR)

AVR reports display incorrect data for reports regarding DE8197
outbound traffic for DefensePro devices in IP mode. The
displayed values are four times the actual values.
Importance: High
Workaround: None.
AVR alerts are not triggered for DefenseFlow traffic events. DE14015
Importance: High
Workaround: None.
When accessing the AVR for the first time, it may take a few N/A
seconds for the dashboard components to display data.
Importance: Medium
Workaround: None.
AVR does not display the correct policy list per user if policy 222170
names include a comma (,) a forward slash (/), or a backslash
(\).
Importance: Medium
Workaround: Do not use these characters in DefensePro policy
names.
When the AVR database is large, creating an AVR backup using 186886
the APSolute Vision server CLI can take a long time. During this
period, any character typed on the console is considered part of
the password and can cause the export action to fail.
Importance: Medium
Workaround: Wait for the backup creation to complete, and do
not type characters at the console during the operation.
While defining a new report using the AVR wizard, one of the 137622,
steps displays a list of predefined report templates. 135909
Occasionally, the template report list is empty, even though
there are existing report templates.
Importance: Low
Workaround: Click Back and then Next Step in the wizard.
APSolute Vision server CPU consumption is very high when 148055
APSolute Vision Reporter generates multiple reports at the same
time. This can cause the APSolute Vision client to respond
slowly.
Importance: Medium
Workaround: Do not schedule automatic generation of multiple
reports in parallel.
When accessing APSolute Vision Reporter using Internet 148746
Explorer, caching Web pages can cause obsolete data to be
displayed.
Importance: Low
Workaround: In Internet Explorer, select Tools > Internet
Options > General > Browsing history > Settings > Check
for newer versions of stored pages > Every time I visit the
webpage.
When accessing the AVR, the values shown in Traffic Report > DE8197
Outbound IP Mode > Values are four times larger than real
values. The Bandwidth by Hour of Day(PPS) report presentation
and the Bandwidth by Hour of Day - Outbound(PPS) report
presentation display an inaccurate value.
Importance: Low
Workaround: None.
When exporting a Forensics report, the report is generated in a 238774,
text format and is comma delimited, unlike a tabbed text format 238834,
of a scheduled task that is sent to an email. DE10072
Importance: Low
Workaround: None
After configuring AVR to send alert mail in a rich text format, it is prod00248765,
sent in a regular text format instead. prod00248768,
Importance: Very low DE20729
Workaround: None
vDirect Service
When executing an Operator Toolbox script in which the DE22228,
selected targets include one or more logical groups of devices DE20749
(Logical Groups), the script fails if one of the devices in the
Logical Group is down or unresponsive. (Preferably, the script
should not fail; and the script should proceed to the next device
in the Logical Group.)
Importance: High
Workaround: None
Managing two or more vADCs from different VXs causes both
ADCs to be registered under the last VX in vDirect.
Importance: Medium
Workaround: When integration with vDirect is required, use a
sequence of single operations, not bulk operations.
The APSolute Vision Lock operation on a device is not enforced N/A
on vDirect. Each of the two subsystems can modify a device
configuration in parallel. This may cause conflicting
configurations.
Importance: Medium
Workaround: Implement use cases where only one subsystem
modifies the device configurations.
There are rare scenarios in which APSolute Vision loses DE20390
synchronization with the vDirect module.
Importance: Medium
Occurrence: Rare
Workaround: Do the following:
Run the following REST call:
POST/mgmt/system/config/tree/vdirectsync/devices
Run the following command to restart the vDirect service:
service vdirect restart
Device-synchronization messages arriving from vDirect N/A
regarding devices in the Maintenance status are not updated in
APSolute Vision.
Importance: Low
Workaround: None.
If a vADC is created in APSolute Vision but the vADC does not N/A
belong to any VX physical container, vDirect erroneously
registers the ADC as a dedicated container.
Importance: Low
Workaround: Before creating a vADC in the Sites and Clusters
tab, create a physical device (VX form factor) in the Physical
Containers tab of the device tree in APSolute Vision.
Creating an APSolute Vision user named vDirect overrides the N/A
existing special user, which APSolute Vision uses internally for
APSolute Vision-vDirect communication.
Importance: Low
Workaround: Do not create a user in APSolute Vision named
vDirect.
vDirect recognizes LinkProof NG devices as Alteon devices. DE14983
Importance: Low
Workaround: None.
When accessing a device directly through vDirect and changing DE17875
the IP address of a device that is managed through APSolute
Vision, APSolute Vision will not be notified that the IP address
has changed and will lose connection with the device.
Importance: Low
Workaround: Restart APSolute Vision server.
Incompatibility between APSolute Vision and AVR. Although the 245481,
source IP is included in Real Time Monitoring under Scan 245455,
Details, it is not shown in AVR’s Network Scan Attack footprint. DE17791
Importance: Low
Workaround: None.
APSolute Vision Reporter (AVR)—Maintenance Fixes and

Features
This section lists all feature and fixed issues that were added to the AVR reporting engine.
AVR v2.1.1.11 Released on 19-May-2016

 Fixed the following new issues reported by Radware:
 Issue: Copyright year displays as 2014 while generating forensic report and sending it by
mail.
Recommendation: Change copyright year to 2016.
 Issue: In a fresh install environment, the new AVR keeps restarting.
Recommendation: Should not crash the AVR mainengine setup
 prod00242846 Profiles vanished from the vision AVR:
 Added the support to maintain back-up of the profile.xml whenever profile is
created/modified/deleted. The backup file will be in the same location as that of
profiles.xml. This back-up file will be in the format profiles.xml.YYYYMMDD_HHMMSS
Unnecessary back-up files have to be deleted manually.
 Enabled the diagnostic logs to understand the behavior and record evidence if any.
 In case this gets re-created again in the field, provide the following files/details for
diagnosis to EIQ. Meanwhile, customer can restore the profiles.xml from the most recent
backed up copy (profiles.xml.YYYYMMDD_HHMMSS)
o Latest backup copy of profiles.xml
o /var/avr/diaglogs/mainenginediag.log
o /var/avr/diaglogs/cgidiag.log
o /var/avr/logs/access.log and /var/avr/logs/access_<MM><DD><YYYY>.log
o /var/avr/Audit/<YYYY>/<MM>/<DD>/userAudit.log
o /var/avr/Audit/<YYYY>/<MM>/<DD>/userActivity.log
o Actions performed when loss of profiles was witnessed
o Time at which the loss of profiles happened.
AVR v2.1.1.10 Released on 7-April-2016

 Added fixes for Radware newly reported issues:
 Issue: Observed multiple commas on “To” and “CC” fields on Profile Alert mail sent by
Vision.
Recommendation: Remove multiple commas to ‘To’ and ‘CC’ list.
 Issue: Copyright year displays as 2015.
Recommendation: Change copyright year to 2016.
AVR v2.1.1.9 Released on 23-December-2015

 Added fix for Radware newly reported issue:
 Issue: Traffic polling issue. If data is not available in the table
‘traffic_utilizations_per_policy’ then diaglogs and last collected orm id in Lastrecordsid.txt
are failed to update properly even though AVR collects the data from ‘traffic_utilizations’
table.
Recommendation: Collection would be considered as success, Update the last collected
orm id in Lastrecordsid.txt and update diaglog with proper event count if data is collected
from either of the table. Hence AVR always collects the traffic data in next collection
interval using last collection orm id (in Lastrecordsid.txt).
AVR v2.1.1.8 Released on 1-December-2015

 Issue: Suspected bdos edge and suspected attack reports are not seen for DP and
LastRecordIDs.txt file has similar the last record Id for bdos_real_time_edge and
avr_df_bdos_real_time_edge.
Recommendation: Should show the DP BDOS reports and the last record ids should
update properly.
AVR v2.1.1.7 Released on 17-November-2015

 Issue: Not allowing special character “-“in ftp username.
Recommendation: Allow “-“special character in ftp username.
AVR v2.1.1.6 Released on 4-November-2015
 Issue: Y-axis in the graph is showing as ‘Bytes’ instead of ‘Count’ in the exported Count
based reports.
Recommendation: Y-axis in the graph should show as ‘Count’ in the exported Count
based reports.
 Issue: Graphs are not displaying in the exported Appwall reports.
Recommendation: Graphs should display in the exported Appwall reports.
AVR v2.1.1.5 Released on 1-October-2015

 DefenseFlow Device support:
 Attack Reports.
 Traffic Utilization Report.
 Baseline Report.
 Issue: Failed to Edit the report in Profiles.
Recommendation: Edit Report should work in Profiles.
 Issue: Failed to Delete the report in Profiles.
Recommendation: Delete Report should work in Profiles.
 Issue: Displaying the enum value 12 instead of string as ‘Bandwidth Management‘ for
the Threat Category.
Recommendation: Consider enum value ‘12’ as ‘Bandwidth Management‘ for Threat
Category.
 Issue: Bandwidth translation problem from KB to MB. Rounds all values to whole
numbers. In case the value is less than 1 MB, AVR shows 0.
Recommendation: After translating the ‘Bandwidth’ from KB to MB, show the exact
amount of bandwidth, and not round to whole numbers, even if it’s a fraction of MB.
 Issue: Enum values mapping problem at export Forensic to text.
Recommendation: Map the enums into string when exporting forensics details.
AVR v2.1.1.1 Released on 8-July-2015

 Added support to four new action types in addition to the existing.
 Issue: Have the issue with AVR if the users_view table has device_id/rule_name value in ‘[]’
as “[ALL]”.
 Recommendation: If device_id/rule_name has leading and trailing brackets ‘[ ]’ in
users_view table then update these without ‘[ ]’ in AVR user store (UserManager.xml).
 Issue: Disabling vision data collection if MySQL service is in down state after AVR
install/upgrade.
 Recommendation: Don’t consider MySQL service status (stop/start) after AVR
install/upgrade and always enable the configuration parameter to collect vision data
 Issue: Failed to upgrade the AVR at following cases:
 If users_view table is empty.
 If users_view table is not available.
 If MySQL service is in down state
Recommendation: Do not change anything in the existing AVR user store
(UserManager.xml) and proceed with upgrade during the following cases with
corresponding log messages.
These messages would be printed on terminal and also updated to
/var/avr/diaglogs/cgidiag.log.
Case 1: If users_view table is empty.
Log message: [ZeroUserRecords] 'vision.users_view' table is empty. Hence, AVR user
store has not been modified.
Case 2: If users_view table is not available.
Log message: [DBQueryExecFailed] Error! Unable to execute query: <ErrorReason>
Case 3: If MySQL service is in down state.
Log message: [DBConnFailed] Error! Unable to connect to database 'vision':
<ErrorReason>
AVR v2.1.1.0 Released on 18-June-2015

 R-2.4.3 Packet Capture for all Attack Types.
 prod00207747: Forensics Reports include enum values instead of strings.
 prod00202433: Forensic reports shows enum values instead of strings when sent by email.
 prod00191144: AVR device list does not update Management IP of AppWall device, when it
changes.
 Issue: Monitoring data is flushing whenever setUserPerms.cgi was called by Vision.
Recommendation: Whenever setUserPerms.cgi is called by Vision, will not automatically
flush the monitoring data. Alternatively, will check if the user permissions were changed
Resolved and only if the latter is true – data will be flushed.
 Issue: The monitoring data is flushed if there is no call done to monitoring for one long hour.
Recommendation: The data would be flushed only if there is no call done to monitoring for
24 hours.
 Issue: After deleting the device and if same IP is assigned to different device with a new
ORM id then reports are not updating.
Recommendation: All the ORM Ids listed against the IP would be considered irrespective of
the node active state. This would populate the data for an older node as well.
 Issue: Deleted user is still shown for alerts (for radware user).
Recommendation: <No owner> is expected for deleted user in alerts.
 Issue: Attack View for HTTP FLOOD shows enum value instead of string for ‘action’.
Recommendation: Attack View would show string value instead of enum for ‘action’.

 Add ‘radware’ user if not available at AVR user store.
 Return proper HTTP status code if session id is INVALID while adding the user.
 Return proper HTTP status code if session id is INVALID while deleting the user.
 DELETE USER can able to done before LOGOUT or after LOGOUT operation.

 R-2.6.1 User Management (NFR prod00186451):
 AddUser: Add user support is restricted for only Vision users. Appwall user adding
mechanism is same as AVR2.0.
 Delete user support: In any case, if the permissions are shared across the users then,
users would see the entity marked as ‘<No Owner>’ in the owners column of the table.
Any user who edits this entity would then become the new owner.
 User store upgrade script for vision users.
o Users existing in both the stores (AVR user store and Vision DB) are synced i.e.
AVR user store would be updated to have the correct permission set.
o Users existing in just AVR user store (not available in Vision DB) would be deleted
from AVR
o Users existing in just Vision DB would be added to AVR.
o AppWall users available in AVR user store at the time of upgrade would be retained
as is.
 prod00170373: Alerts and monitors do not enforce RBAC by device and policy
 prod00168811: The dashboard shows attacks blocked by policies the user is not allowed to
see.
 prod00195834 - AVR: Profile reports disappeared from AVR view Vision 2.15.00
 All of the items included in the AVR v2.1.0.4 released on 14-April-2015
 R-2.6.1 User Management (NFR prod00186451) – Added support for:
 Add User
 Delete User
 prod00170373: Alerts and monitors do not enforce RBAC by device and policy --
 ‘Permissions’ tab would be hidden in ‘Add/Edit’ GUI of ‘Alerts’
 GUI Filter pane for ‘Policy Name’ field to show only the permitted policies – based on
intersection of the user permission set and the ‘device’ selection in the GUI wizard.

 Changed the MySQL query to pull packet capture details from ‘Packet_Reports’ table.
 This change was warranted because of different formats used for ‘Orm_Id’ field in the
Vision DB.
 ‘Security_Attacks’ report stored orm_id as “var_char(32)” in long format i.e. with leading
zeroes
 But ‘Attack_Reports’ table stored orm_id as ‘BigInt’ – hence the leading zeroes got
truncated.
 Dikla changed the MySQL query to use LPAD to accommodate the leading zeroes.
 AVR v2.1.0.2 released on 10-April-2015
 Fixed mainengine crash – surfaced due to the MySQL query change to address
prod00232157 ( AVR forensic report fails to export PCAP file in large scale setup)
The crash was because of wrong error handling when CHashTable2 lookup fails

 Fixed prod00232157: AVR forensic report fails to export PCAP file in large scale setup
Below are delivered through AVR v2.1.0.
Category Priority Bug/RFE Description
Sustenance P0 prod00220684 Forensics filter by specific rule does not find
matches for existing data.
P0 prod00222975 Traffic Report shows no data, if all traffic
values are zero.
P2 prod00170373 Alerts and monitors do not enforce RBAC
by device and policy.
Port-Mapping P1 R-2.3.1 DefensePro ODS-HT - x420
(Bug ID prod00185827).
P1 R-2.3.2 DefensePro HTQe X4420
AVR will support the port definitions for the
display of the physical ports for the
DefensePro HTQe X4420 platform.
P1 R-2.3.3 DefensePro vDP
AVR will support the port definitions for
display of the physical ports for DefensePro
vDP platform in AVR.
Attack P1 R-2.4.1 Attack Data - Source Port Field
Enhancements P1 R-2.4.2 Attack Data – Bandwidth units to be in MB.
P1 R-2.4.4 IP Routing Mode.
Enum P1 R-2.5.1 SYN Protection Enhancements.
Additions P1 R-2.5.2 BDoS Baseline Reports Enhancements.
Additional P1 R-2.6.1 Provide API for ‘Delete User’ operation
Features (NFR prod00186451).
P1 R-2.6.2 Deleted Devices Management (NFR
prod0019061.
P1 R-2.6.3 Apache timeout should be increased.
Related Documentation
The following documentation is related to this version:
 APSolute Vision Installation and Maintenance Guide
 APSolute Vision User Guide
 APSolute Vision Reporter User Guide
 APM Installation and Troubleshooting Guide
 APSolute Vision REST API
For details regarding AppWall usage, refer to the AppWall User Guide.
For the latest Radware product documentation, download it from
http://www.radware.com/Customer/Portal/default.asp.
North America International
Radware Inc. Radware Ltd.
575 Corporate Drive 22 Raoul Wallenberg St.
Mahwah, NJ 07430 Tel Aviv 69710, Israel

Tel: +1-888-234-5763 Tel: 972 3 766 8666
© 2017 Radware, Ltd. All Rights Reserved. Radware and all other Radware product and service names are registered
trademarks of Radware in the U.S. and other countries. All other trademarks and names are the property of their respective
owners. Printed in the U.S.A

APSoluteVision 3 80 00 RN

Загружено:

Сведения о документе

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

APSoluteVision 3 80 00 RN

Загружено:

Авторское право:

Доступные форматы

APSolute Vision

The following table lists the available deployments:

The specifications of the full-size VA are as follows:

The specifications of the demo VA are as follows:

Interface Topic Capacity Capacity of Capacity of Capacity of

APM Performance Notes

To achieve the best performance, route events to the G4 interface.

Supported Alteon Versions

Supported AppWall Versions

Supported LinkProof NG Versions

Supported DefensePro Versions

Supported DefenseFlow Versions

Supported DefensePipe Versions

Obtaining the Software

Installing the Software

Upgrading the Software

Operator Toolbox Dashboard Enhancements

Here is an example of a user-defined icon for a user-defined

You can click this button to select a script in

Figure 2: Add Scripts Dialog Box

Type a string in this box to show only the

The Add Scripts dialog box displays only the

Logical Groups of Devices

Figure 3: Multi-Device Configuration Using a Logical Group

New Multi-Device Service Status Dashboard

Each monitored device can show the following ADC objects:

Support DefensePro MR Platform

Query Limitation on Ongoing Attacks Table and Alerts table

Item Description Bug ID

This version resolves many security vulnerabilities, including the

Issues regarding quick links in Alteon’s Configuration > Welcome DE19217

When a Protected Object in DefenseFlow Protected Networks DE22491

Item Description Bug ID

Traffic Monitoring and Attack dashboards screens will no longer prod00248074,

Item Description Bug ID

This version resolves many security vulnerabilities, including the

An SNMPv3 user can now be deleted by APSolute Vision. prod00241501,

Item Description Bug ID

This version resolves many security vulnerabilities, including the

Issues regarding the display of DefensePro clusters were resolved. prod00239605,

APSolute Vision database handling was optimized to prevent prod00242485,

Item Description Bug ID

The APSolute Vision Installation and Maintenance Guide was DE7130,

Item Description Bug ID

RTU licenses can now be installed on APSolute Vision server. DE4244,

Application Dashboard 24 Hour and 7 Day graphs are now 233198

APSolute Vision now allows copying to clipboard of the footprint N/A

Item Description Bug ID

APSolute Vision generates separate SSH keys for each DE5419

Item Description Bug ID

The output of the CLI command system techsupport local prod00232298

Filtering of the “Virtual Servers” table is now functioning correctly; a prod00232350

Item Description Bug ID

In the APSolute Vision with APM Server deployment, after prod00227095

APSolute Vision now supports scrolling through all included prod00230315,

Item Description Bug ID

APSolute Vision – General

The following security vulnerability has been resolved: CVE-2014- prod00224811

Fixed in Version 3.00.00 build EA (128) and GA (2256)

Item Description Bug ID

APSolute Vision – General

The following security vulnerabilities have been resolved: CVE- prod00216073,

Item Description Bug ID