Table Of Contents
Release Note for the Cisco Guard Appliance
Contents
Operating Considerations
New Features in Software Version 5.0(1)
Software Version 5.0(x) Open Caveats
Software Version 5.0(3) Resolved Caveats
Related Documentation
Obtaining Documentation, Obtaining Support, and Security Guidelines
Release Note for the Cisco Guard Appliance
July 31, 2006
Note 
The most current Cisco documentation for released products is also available on Cisco.com. The online documents may contain updates and modifications made after the hardcopy documents were released.
Contents
This release note applies to software versions 5.0(1) and 5.0(3) for the Cisco Guard appliance (Guard). This release note contains the following sections:
•New Features in Software Version 5.0(1)
•Operating Considerations
•Software Version 5.0(x) Open Caveats
•Software Version 5.0(3) Resolved Caveats
•Related Documentation
•Obtaining Documentation, Obtaining Support, and Security Guidelines
Operating Considerations
The following operating considerations apply to the Cisco Guard.
•Caution when upgrading the software - Do not press Ctrl-C during the upgrade process or the upgrade may fail.
•The copy ftp command only supports active mode.
New Features in Software Version 5.0(1)
The following new features are available in software version 5.0(1):
•24x7 Protection and Learning
–Simultaneous detection and learning
–Detector learns for Guard
–New handling of snapshots
–New Detector-to-Guard communication protocols
•Traffic Analysis
–DDoS-optimized peace vs. attack traffic analyzer
•Signature Extraction
•Content-based filter
•New activation interfaces
–Protect by IP
–Protect by packet
–New handling of sub-zones
•Internal improvements to DNS anti-spoofing mechanism
•No reload required on most network reconfigurations
•Improved hard drive failure handling
•Worm Detection (TCP policies only)
•Improved attack start and stop timing
•Handling of new attack sub-types
•Secure FTP support for various file exports
Software Version 5.0(x) Open Caveats
The following caveats are open in software version 5.0(x):
•CSCrh00789—All proxy up or down status IP addresses are directly linked to Giga1 status. If you shut down the Giga1 interface, all proxy IP addresses are disabled. Workaround: Use Giga1 as the primary interface. Always deactivate the Guard protection before shutdown.
•CSCrh01198—After you reload the Guard, it erases the default gateway if the gateway is on the same subnet as one of the Guard configured VLAN interfaces. Workaround: Use a static route instead of a default gateway.
•CSCsb07081—The Flex-Content filter cannot find a pattern in SYN packets.
•CSCsb20206—The Web-Based Manager (WBM) remains unresponsive while the pop up window waits for results from the signature generation process. Even if you close the pop up window manually, the WBM remains unresponsive while signature generation is in progress. Workaround: Wait until the pop up window receives a result, or issue the no service wbm command.
•CSCsb29077—The WBM does not allow you to add IP addresses to a threshold list. Using the WBM to add IP addresses to the threshold list of a policy results in wrong IP addresses in the list. Workaround: Only use the CLI to add IP addresses to a threshold list.
•CSCsb29083—You cannot use the same name to create packet dumps in different zones. Workaround: Assign unique names to manual packet dumps.
•CSCuk52975—The Guard does not report the install new-version and reload commands to the accounting server.
•CSCuk54606—When activating a zone (that is, issuing the protect or the learning commands), the Guard displays the following error message even if the configuration is correct and the Guard diversion is working properly: no injection path
The Guard may display this message if it does not have a default injection route and the zone injection definition consists of two or more injection routes with an IP address that does not match the zone IP address (for example, a zone IP address of 192.168.254.0/24 and zone injection routes of 192.168.254.0/25 and 192.168.254.128/25). Workaround: Configure a default injection route for the Guard, or configure the zone injection routes to match the zone IP addresses. For example, if you configure the injection routes to be 192.168.254.0/25 and 192.168.254.128/25, configure the zone IP addresses to be the same.
•CSCsa64914 - The name of the Flexible Filter Drop Count counter in the WBM Zone>Configuration>General menu should be Flexible Filter Drop Rate. This counter accurately displays the drop rate of the Flex-Content filter. The General menu also contains the Flexible Filter Action and Flexible Filter Count fields. When the Flexible Filter Action value is displayed as:
–Drop - the Flexible Filter Count value displays the number of dropped packets
–Count - the Flexible Filter Count value displays the number of counted packets
•CSCsa78440 —The protect-by-packet activation interface does not apply to zones that are on the same subnet as the Guard. Workaround: Use another activation interface.
Software Version 5.0(3) Resolved Caveats
The following caveats were resolved in software version 5.0(3):
•CSCsb46255 - The Guard may erroneously report millions of concurrent connections.
•CSCsb50696 - The Guard uses the root username when importing configurations using SFTP.
•CSCsb52737 - The Guard does not respond after you upgrade it from software version 3.0(x) to 5.0(x).
•CSCsb55055 - The Guard does not properly upgrade zones that contain a hyphen ( - ) or a
period ( . ) in the zone name.
Related Documentation
The following Guard documents are available:
•Cisco Guard Configuration Guide
•Cisco Guard Web-Based Manager Configuration Guide
Obtaining Documentation, Obtaining Support, and Security Guidelines
For information on obtaining documentation, obtaining support, providing documentation feedback, security guidelines, and also recommended aliases and general Cisco documents, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:
http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html
