Release Notes
Release Notes for Cisco SA 500 Series
Security Appliances Firmware Version
SA500-K9-1.1.21
January, 2010
These Release Notes describe the recommended practices and known issues
that apply to the Cisco SA 500 Series Security Appliances for the software
release version SA500-K9-1.1.21.
NOTE This software release is compatible with Cisco Configuration Assistant (CCA)
version 2.2(1) or later (applies to SA 500s that are part of a Cisco Smart Business
Communications System (SBCS) small business network).
Contents
•
“Release Contents,” on page 2
•
“Recommended Practices,” on page 2
•
“Known Issues,” on page 3
•
“Related Information,” on page 4
Release Notes for Cisco SA 500 Series Security Appliances Firmware Version SA500-K9-1.1.21
1
Release Notes
Release Contents
This software release contains the following items:
•
An Intrusion Prevention System (IPS) to detect and prevent malicious
attacks to your network
•
A license management service which allows the user to configure licenses
on the device for supported functionality
•
ProtectLink Endpoint services which protect the devices in or out of the
office from viruses, spyware, or other web threats without running software
on a server
•
Ability to extend the SSL VPN capabilities of the router to increase the
number of connections. This feature is activated using a license.
•
Support for firewall rule prioritization which enables the user to adjust the
rules in the list to meet their needs. Traffic can be filtered by higher priority
rules first before going to lower priority ones.
•
Improved logging configuration, and additional capabilities of filtering logs
•
Improved IPsec VPN performance
•
Bug fixes
Recommended Practices
!
CAUTION If you are upgrading to this image from an earlier released image, the configuration
changes between these images are not compatible. You will have to reconfigure
the router following the upgrade.
Recommended Upgrade Steps
If the SA 500 you are upgrading is in its factory default state or you do not need to
retain any of the existing configuration, you can skip the steps for backing up,
recording, and re-entering your existing configuration settings.
When upgrading the SA 500 follow these steps.
Release Notes for Cisco SA 500 Series Security Appliances Firmware Version SA500-K9-1.1.21
2
Release Notes
STEP 1
Back up the existing configuration using the SA 500 Configuration Utility.
If you have to revert to the previous firmware version, this allows you to restore the
configuration associated with the prior version.
To access the configuration back-up options, click Administration on the menu bar,
then click Firmware & Configuration > Network in the navigation tree.
Follow the instructions in the Cisco SA 500 Series Security Appliances
Administration Guide to back up the configuration.
STEP 2
Write down or take screenshots of your existing configuration settings. After
upgrading to firmware version SA500-K9-1.1.21, you must manually re-enter these
settings through the SA 500 Configuration Utility.
This is necessary because the SA 500 is reset to factory defaults as part of the
upgrade process and the previous configuration back-up file format is
incompatible with the format required for firmware version SA500-K9-1.1.21.
STEP 3
Perform the upgrade by using the Configuration Utility. Upgrade options are
accessible from the Upgrade Firmware section of the Getting Started (Basic) page
of the Configuration Utility.
STEP 4
Manually re-enter the configuration settings you recorded in Step 2.
STEP 5
Verify that the installation is functioning correctly.
If the upgrade is not successful, you can revert to the previous firmware version
and restore the configuration from the backup that you created in Step 1.
Known Issues
The following are the known issues with this software release, and workarounds if
available:
•
Firewall rules and positions within the chain are not the same number. Index
numbers begin counting with 0 (zero), and positions begin counting with 1
(one). This may cause confusion when using the “Move to <index number>”
button.
Workaround: Use the “Move Up” button to move the rule up the chain.
Release Notes for Cisco SA 500 Series Security Appliances Firmware Version SA500-K9-1.1.21
3
Release Notes
•
If a user chooses to perform a factory default reset, the updated signatures
(newer than the image's built-in signatures) will be erased and they will fall
back to the built-in signature in the image. The user will have to download and
install the latest signatures again.
•
Unable to access IPv6 internet addressing when using 6to4 automatic IPv6
tunneling.
•
Voice is not supported on the DMZ interface.
•
SA540 optional port cannot be configured in VLAN trunk mode.
Workaround: Use other LAN ports for VLAN trunking.
•
Traffic takes 6 minutes to start after a reboot with the IPS enabled.
•
Enabling Universal Plug and Play (UPnP) may cause a memory leak.
Workaround: UPnP is disabled by default, leave it disabled unless necessary.
•
IPS license expiry date only shows the expiry period of the current license. It
does not show the cumulative expiry date when multiple licenses are installed.
Additional licenses which were installed and are inactive, will become active
once the current active license expires
Related Information
Support
SA 500 Series Support
Community
Online Technical Support and
Documentation (Login
Required)
Phone Support Contacts
SA 500 Software Downloads
Software Downloads
(Login Required)
www.cisco.com/go/sa500help
www.cisco.com/support
www.cisco.com/en/US/support/tsd_cisco_
small_ business_support_
center_contacts.html
www.cisco.com/go/sa500software
Go to tools.cisco.com/support/downloads, and
enter the model number in the Software
Search box.
Release Notes for Cisco SA 500 Series Security Appliances Firmware Version SA500-K9-1.1.21
4
Release Notes
Open Source Publication
Tarball link
QuickVPN Software
Product Documentation
Technical Documentation
ftp://ftp-eng.cisco.com/pub/opensource/
smallbusiness/sa500/1.1.21/SA500-GPLSRC_v1.1.21.tar.bz2
www.cisco.com/go/qvpnsoftware
www.cisco.com/en/US/products/ps9932/
tsd_products_support_series_home.html
Administration Guides for the www.cisco.com/en/US/products/ps9932/
SA 5XXX Security Appliances prod_maintenance_guides_list.html
Cisco Small Business
Cisco Partner Central for Small www.cisco.com/web/partners/sell/smb
Business (Partner Login
Required)
Cisco Small Business Home
www.cisco.com/smb
Marketplace
www.cisco.com/go/marketplace
CCDE, CCENT, Cisco Eos, Cisco Lumin, Cisco Nexus, Cisco StadiumVision,
Cisco TelePresence, Cisco WebEx, the Cisco logo, DCE, and Welcome to the
Human Network are trademarks; Changing the Way We Work, Live, Play, and Learn
and Cisco Store are service marks; and Access Registrar, Aironet, AsyncOS,
Bringing the Meeting To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP,
CCSP, CCVP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS,
Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo,
Cisco Unity, Collaboration Without Limitation, EtherFast, EtherSwitch, Event Center,
Fast Step, Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet
Quotient, IOS, iPhone, iQuick Study, IronPort, the IronPort logo, LightStream,
Linksys, MediaTone, MeetingPlace, MeetingPlace Chime Sound, MGX,
Networkers, Networking Academy, Network Registrar, PCNow, PIX, PowerPanels,
ProConnect, ScriptShare, SenderBase, SMARTnet, Spectrum Expert, StackWise,
The Fastest Way to Increase Your Internet Quotient, TransPath, WebEx, and the
WebEx logo are registered trademarks of Cisco Systems, Inc. and/or its affiliates
in the United States and certain other countries.
All other trademarks mentioned in this document or website are the property of their respective
owners. The use of the word partner does not imply a partnership relationship between Cisco and
any other company. (0809R)
© 2010 Cisco Systems, Inc. All rights reserved.
OL-21520-01
Release Notes for Cisco SA 500 Series Security Appliances Firmware Version SA500-K9-1.1.21
5