DefensePro

Release Notes
Version 7.42.07
March 29, 2017
 TABLE OF CONTENTS
CONTENT ..................................................................................................................................................... 3
RELEASE SUMMARY .................................................................................................................................. 3
SUPPORTED PLATFORMS AND MODULES ............................................................................................ 3
MANAGEMENT USING APSOLUTE VISION .............................................................................................. 3
UPDATING THE ONLINE HELP ON THE APSOLUTE VISION SERVER ............................................................... 3
OBTAINING AND INSTALLING THE SOFTWARE..................................................................................... 4
OBTAINING THE SOFTWARE ....................................................................................................................... 4
INSTALLING THE SOFTWARE ...................................................................................................................... 4
UPGRADING THE SOFTWARE .................................................................................................................. 5
WHAT’S NEW ............................................................................................................................................... 8
DEFENSESSL ENHANCEMENTS ................................................................................................................. 8
BDOS UDP FRAGMENTED CONTROLLER—ACCURACY ENHANCEMENTS ..................................................... 8
MANAGEMENT SSL—REMOVED TLS 1.0 ................................................................................................... 8
STABILITY ENHANCEMENTS ....................................................................................................................... 8
MAINTENANCE FIXES ................................................................................................................................ 9
KNOWN LIMITATIONS .............................................................................................................................. 11
RELATED DOCUMENTATION .................................................................................................................. 11

Release Notes: DefensePro version 7.42.07, March 29, 2017 Page 2

Content
Radware announces the release of DefensePro maintenance version 7.42.07.
This Release Notes document describes maintenance fixes since the last released version of
DefensePro, 7.42.06. DefensePro version 7.42.07 includes all bug fixes from version 7.42.06.

Release Summary
Release Date: March 29, 2017.
Objective: Minor software release introducing management and usability enhancements.
Build Number: 49

Supported Platforms and Modules

This version is supported by the following platforms:
Product Platform SME DME
DefensePro-x420-NL-D-HZ OnDemand Switch HT Yes Yes

For more information on platform specifications, refer to the DefensePro Installation and
Maintenance Guide.

Management Using APSolute Vision

This DefensePro version is supported by APSolute Vision version 3.60.00 and later. To use
APSolute Vision to manage DefensePro devices running version 7.42.07, the APSolute Vision
server must be upgraded to version 3.60.00 or later.

Updating the Online Help on the APSolute Vision Server

To upgrade the online help on the APSolute Vision server and include the content of this
version, upload the provided online-help–upgrade package to the APSolute Vision server.
Installation instructions can be found in the appendix “Managing the Online-Help Package on
the Server” of the APSolute Vision User Guide, located at
http://portals.radware.com/Portal/customer/Home.aspx.

Release Notes: DefensePro version 7.42.07, March 29, 2017 Page 3

Obtaining and Installing the Software
This section describes how to obtain and install the software for this version.

Obtaining the Software

Go to https://portals.radware.com/Customer/Home/ and log in if prompted.
Note: You must have a username and password before attempting to download a software
update. If you do not have a username and password, go to
https://portals.radware.com/Not-Logged-In/Customer-Registration-Form/ and complete and
submit the form.
On the Customer portal home page, do the following:
a. From Downloads, select the product family that you want.
b. For the product family you selected, select the product that you want.
c. Select the product version and platform.
d. For the product version you selected, select the Software Downloads tab. Select the
platform you want from the table.
For the release version and platform you want to update or recover, select the Download
Software icon, and download the relevant software update or recovery files to a server
within your own organization that is accessible using FTP or TFTP.

Installing the Software

You can install version 7.42.07 using the USB recovery file for 7.42.07. This method requires
physical access to the device and also a backup of the configuration file.
Note: If you choose the USB recovery file method, you do not need to use the file-system
upgrade tool mentioned below.
For detailed installation steps, please refer to the DefensePro Installation and Maintenance
Guide.

Release Notes: DefensePro version 7.42.07, March 29, 2017 Page 4

Upgrading the Software
For DefensePro upgrade, Radware recommends the following:
 Use the Upgrade Advisor Tool, which you can find at
https://portals.radware.com/Customer/Home/Tools/Upgrade-Advisor-Tool/.
 Prior to any upgrade procedure, perform a manual reboot.
 Following an upgrade, validate that the new version is installed correctly, using one of the
following methods:
 In CLI, run the following command and check the SW version:
system device-info.
 In APSolute Vision, verify the new version in the device-properties pane or in the
Software Version field (Monitoring perspective, under Operational Status > Overview
> Software > Software Version).

The recommended upgrade path for DefensePro software version 7.42.07 is:
 7.32.06
 7.42.0x

If the DefensePro software version currently running on your device is not one of versions
mentioned above, follow the guidelines and recommendations in the Upgrade Advisor Tool.
You can perform the software upgrade to version 7.42.07 using one of the following interfaces:
 Web-Based Management (WBM)
 Command-line interface
 APSolute Vision

Release Notes: DefensePro version 7.42.07, March 29, 2017 Page 5

Web-Based Management (WBM)
To upgrade to this version using WBM
Select File > Software Update.

In the Software version field, enter the software version: 7.42.07.

In the File field, enter the path to the software upgrade file.
Generate a password for the upgrade and enter it in the appropriate field.
Click Set. The upgrade starts, and the Software Update in Progress message is displayed in
your browser:

After several seconds, the following message is displayed:

The device reboots.

Note: In WBM, under File > Software List, two versions display when only the latest one,
version 7.42.07, is active.

Release Notes: DefensePro version 7.42.07, March 29, 2017 Page 6

Command-Line Interface
To upgrade to this version using the CLI
Using WinSCP, copy the appropriate software upgrade file to DefensePro in the
directory/mnt/cf/downloads.
Generate a password for the upgrade and enter it in the appropriate field of the next
command.
Run the following command to upgrade to DefensePro software version 7.42.07:
system sw-upgrade set <software_upgrade_filename> -pw <password> –v
7.42.07

APSolute Vision
To upgrade to this version using APSolute Vision
Lock the device that you are upgrading.

Click Operations ( ) and select Update Software Version.

Enter the current software version.
Generate a password for the upgrade and enter it in the appropriate field.
Browse to the software upgrade file for 7.42.07.
Click Update.

Note: Upgrade over a public IP connection (WAN) can take a long time.
Recommendation: Upload the version file using Windows Secure Copy (WinSCP).

Release Notes: DefensePro version 7.42.07, March 29, 2017 Page 7

What’s New
This section describes new capabilities in version 7.42.07.

DefenseSSL Enhancements
The DefenseSSL solution, composed of DefensePro and Alteon, is designed for SSL Flood
Protection.
DefensePro version 7.42.07 introduces the following enhancements:
 DefenseSSL now fully supports IPv6 traffic seamlessly, when using IPv4 and IPv6 in IP-
version settings.
 The DefensePro DoS Shield feature can now be used along with SSL policies.

BDoS UDP Fragmented Controller—Accuracy Enhancements

In recent years, there has been a steady increase in reflective amplification DDoS attacks,
which typically use fragmented UDP.
Up to DefensePro version 7.42.07, the BDoS UDP controller was used to monitor both UDP and
fragmented UDP traffic.
In order to enhance the detection accuracy for fragmented UDP attacks, this version introduces
a standalone fragmented-UDP controller with a configurable quota level.

Management SSL—Removed TLS 1.0

In version 7.42.07, the DefensePro management SSL service does not allow Transport Layer
Security (TLS) protocol version 1.0. The minimum version is TLS 1.1 and later.

Stability Enhancements
DefensePro version 7.42.07 introduces the following stability enhancements:
 Enhanced inter-instance communication and synchronization.
 Enhanced DME packet queueing, based on weighted random early detection (WRED).
 Enhanced the DME recovery mechanism (DME-Fast-Reset) for automatic recovery after
problems related to DME internal-buffer management. The mechanism first attempts to reset
the DME only, and if that is not helpful, the mechanism can ultimately reboot the device to
ensure recovery (default: disabled, report-only).

Release Notes: DefensePro version 7.42.07, March 29, 2017 Page 8

Maintenance Fixes
This section lists the main issues fixed in this release, which were reported by customers:
Item Description Bug ID
Fixed a stability issue where DefensePro rebooted due to an attack- prod00250297
database update error during an Update Policies operation.
Fixed a configuration issue where SNMP walk on certain OIDs did prod00250618
not show all policies.
Fixed a reporting issue where the Connection Rate Report and prod00249982
Concurrent Connection Report from APSolute Vision were not
available when DefensePro was in IP operation mode.
Fixed a functionality issue related to instances synchronization. prod00249656
Fixed a stability issue related to trace-route command parsing. prod00246862
Fixed a reporting issue with SNMPv3 in a high-availability (active- prod00248816
passive) deployment. Following upgrade, there was no data in the
Current Attacks table in APSolute Vision.
Fixed a reporting issue where discarded inbound traffic was reported prod00250561
to be higher than total inbound traffic in Traffic Monitoring reports in
APSolute Vision.
Fixed a reporting issue related to IPv4 and IPv6 records and Anti- prod00247791
Scanning events.
Fixed a functionality issue where SSL mitigation was not working prod00249701,
with the IPv4 and IPv6 option for IP Version Mode. prod00248575
Fixed a stability issue with the secondary passive DefensePro in prod00247182
high-availability (active-passive) deployment.
Fixed a stability issue related to an unsupported CLI command. prod00247728
Fixed a stability issue related to RADIUS user authentication. prod00249333
Fixed a stability issue related to HTTP service discovery. prod00248227
Enhanced the reporting for overload events to include syslog. prod00249666
Fixed a configuration issue related to Update Policies operation prod00250973
during a policy import/export operation.
Fixed a stability issue when setting a diagnostics policy. prod00249629
Fixed a functionality related to UDP-flood mitigation and internal prod00241210
DME broadcast-anomaly check.
Fixed a reporting issue where a Warm Start trap was sent instead of prod00249114
a Power Supply failure trap.

Release Notes: DefensePro version 7.42.07, March 29, 2017 Page 9

 Item Description Bug ID
Fixed a management issue where DefensePro became prod00192942
unresponsive via the management interface.
Fixed a stability issue related to packet processing in the prod00251631
accelerators.
Fixed a stability issue related to management SSH interface. prod00250692
Fixed a stability issue related to SYN Protection packet processing. prod00239903
Fixed a stability issue related to the delete operation in the policy prod00249911
import/export feature—specifically, deletion of a policy along with its
associated objects (profiles, classes, and so on).
Fixed a reporting issue related to Blacklist reporting in the Current prod00197207
Attacks table in APSolute Vision.
Fixed a stability issue related to DefensePro Network Driver. prod00251679
Fixed a documentation issue in the DefensePro User Guide related prod00248873
to Out-of-State and Packet Anomalies attack ID.
Fixed a documentation issue in the DefensePro User Guide related prod00250159,
to RADIUS passwords. prod00239262
Fixed a documentation issue in the DefensePro User Guide related prod00250749
to the start time of Packet Anomalies events.
Fixed a documentation issue in the DefensePro User Guide related prod00248957
to Traffic Utilization in IP operation mode and IPSec traffic.

Additionally, this release includes other stability and functional fixes.

For information on maintenance fixes relevant to earlier versions, refer to the Maintenance
Release Notes of the previous versions.

Release Notes: DefensePro version 7.42.07, March 29, 2017 Page 10

Known Issues
This version has the following known issues:
Item Description
The maximum number of IPv4 and IPv6 data routes and interfaces is 1000. The user
can define up to 750 data routes and up to 250 interfaces.
DefenseSSL: IPv6 SSL mitigation is supported in Alteon version 30.5 and later. For
more details, refer to Alteon User Guide.

Related Documentation
The following documentation is related to this version: DefensePro 7.42.07 User Guide
For the latest Radware product documentation, please visit:
http://www.radware.com/Customer/Portal/default.asp.

Release Notes: DefensePro version 7.42.07, March 29, 2017 Page 11

 North America International
Radware Inc. Radware Ltd.

575 Corporate Drive 22 Raoul Wallenberg St.

Mahwah, NJ 07430 Tel Aviv 69710, Israel

Tel: +1-888-234-5763 Tel: 972 3 766 8666

© 2017 Radware, Ltd. All Rights Reserved. Radware and all other Radware product and service names are registered
trademarks of Radware in the U.S. and other countries. All other trademarks and names are the property of their respective
owners. Printed in the U.S.A

Release Notes: DefensePro version 7.42.07, March 29, 2017 Page 12