Issue resolutions in updates and major releases are cumulative; Technical Support recommends that you install the latest version. To find the most recent release for your product, go to the Product Downloads site.
Issue: Starting with 10.1.7.50, the Manager only supports TLS 1.2 ciphers for Manager and Sensor communication.
If you upgrade your Manager to 10.1.7.50 or later but your Sensor software doesn't support TLS 1.2, communication between the Manager and Sensor is interrupted.
To avoid this issue, you must first upgrade the Sensor to a software version that supports TLS 1.2 and then upgrade your Manager to 10.1.7.50.
For details about how to avoid this issue, see the related article for a list of TLS 1.2 supported Sensor software and upgrade your Sensor before rolling out your Manager upgrade.
Non-critical
Reference Number
Related Article
Found in Version
Issue Description
NSPMGR-22113
10.1M10
Issue: Some alerts aren't converted to a detected state for malicious files in the Attack Log page.
This issue is seen when the Multi-Vector Virtual Execution (MVX) engine is configured for stacked Sensors.
NSPMGR-22112
10.1M10
Issue: When you click the report icon in the Attack Log page, Report data isn't available for some alerts.
This issue is seen when the MVX engine is configured.
NSPMGR-22064
10.1M10
Issue: The Ssensor health node keeps loading and doesn't display health information for other devices, when any one of the Sensors connected to the Manager is rebooting.
NSPMGR-21842
10.1M10
Issue: Grouping by the Manager column works only after a refresh in the Device Manager page of the Central Manager.
Workarounds:
In the Device Manager, Manager column header, click the arrow in the triangular icon and toggle between Lock or Unlock from the menu.
Now, click the same icon and select Group by this field.
Click the arrow in the triangular icon in the column header of any other field and select Group by this field.
NSPMGR-21145
Issue: You see an automatic switch over in an MDR pair. This puts the peer Manager into active mode.
NSPMGR-20787
Issue: [AWS] After installing the 10.1.7.44 Manager, the size of the root partition is displayed as 20 GB while the actual size should be 150 GB.
Workaround: Upgrade to the latest Manager and run the new growpart RPM bundled with the Manager.
The steps to extend the root partition can be found under "Extend the file system of EBS volumes" section of the AWS User Guide.
NSPMGR-20340
Issue: After upgrading the stack Sensor software version from the Device Manager page, the Sensor fails to reboot automatically.
Issue: Discrepancies are reported in IP address to geolocation mapping data when compared with MaxMind and Digital Envoy databases.
NSPMGR-17727
Issue: When you swap the 2×40g and 4×40g modules, the Module information isn't refreshed in the Manager.
NSPMGR-17563
Issue: You can't enter more than two characters in the Ignore rules tab, Search Attack Name text field.
Workaround: You can't type more than two characters, but you can copy and paste the full attack name in the Search Attack Name text field.
NSPMGR-16892
Issue: After you migrate the Manager and Sensor certificate from self-signed to CA-signed, trust establishment fails between the Manager and Sensor.
Workaround:
Reset configurations in the Sensor using the resetconfig command.
Delete the Sensor in the Manager.
Migrate the Sensor certificate from self-signed to CA-signed.
NSPMGR-16846
Issue: You see the last activity displayed as null in the Manager database, when you close the browser session abruptly instead of logging out.
Workaround: Always log off from the Manager using the in manager option.
NSPMGR-15657
10.1
Issue: You see Access Denied Exceptions in the solr.log, when the Solr data path contains special characters.
Workarounds:
Install the Manager in a path that has no special characters
or
Install Manager 10.1.7.40 or later
NSPMGR-15626
10.1
Issue: When policies are updated in the Manager, the pending changes status isn't updated under Devices, <Admin Domain Name>, Devices, <Device Name>, Deploy Pending Changes and Devices, <Admin Domain Name>, Global, Deploy Pending Changes
NSPMGR-12791
10.1
Issue: Malware policies for alerts aren't displayed when you access them from the Attack Log, Other Actions, Update Policy option.
NSPMGR-8125
Issue: When you try to reboot Virtual IPS Sensors from the Manager, the reboot fails.
NSPMGR-8034
Issue: The Manager doesn't display properly on Microsoft Edge and Firefox v57 browsers.
Workaround: Disable the touchscreen feature on your system.
To disable the touchscreen feature:
Go to Device Manager.
Search for Human Interface Devices.
Right-click on HID-compliant touch screen and from the list of options displayed, select Disable.
Close the browser instance and start again.
Refresh the Manager and log on.
NSPMGR-7952
9.1
Issue: You can't integrate NTBA with the Manager because the NTBA Direction drop-down list displays a blank value.
This issue might happen when you add an NTBA to the Manager.
Workaround:
Delete the NTBA from the Manager.
Run the deinstallcommand from the NTBA CLI.
Add the NTBA to the Manager.
Re-establish the trust between the Manager and NTBA.
Use the command set sensor sharedsecretkeyfrom the NTBA CLI.
NSPMGR-7895
9.1
Issue: After you quarantine the host, the Quarantine page displays the vNSP Cluster name instead of the Virtual IPS Sensor name.
NSPMGR-2772
10.1
Issue: The File Hashes page stops responding when deleting records from the block or allow lists when the number of entries exceeds 159.
NSPMGR-2758
9.2
Issue: After you upgrade the Manager, the private GTI configurations can't be updated to the Sensor.
NSPMGR-2669
9.2
Issue: After you import chain certificates, an incorrect key length for the parent certificates is displayed.
NSPMGR-2646
9.1
Issue: The Attack Log page doesn't display the IP address for the Too many inbound TCP SYN attack.
NSPMGR-2472
9.1
Issue: The Attack count isn't incremented for any block-listed executable in the Endpoint Executables page.
NSPMGR-2438
9.1
Issue: [Linux-Based Manager] The following diagnostic tools don't work:
Issue: Capturing packets when the port is in span mode under high load causes the Sensor to stop responding and passing network traffic (Sensor crashes).
Issue: [NS-Series 9100] Sensors show handshake buffer allocation failures on SSL traffic (Extended Master Secret).
You see the following entry in the Sensor.dbg:
EMER ssltsk 55486| ivSSL_HandShakeDataCopyToBuf : ERROR!! Failed to get Free node from SSLHandShakeFreeList"
NSPSNSR-12819
10.1M10
Issue: Some counters don't match the expected values in show malwareserverstats, show malwareenginestats,and show mvx statscommands,
when files are submitted to the MVX engine in bulk.
NSPSNSR-12575
Issue: [NS9x00] 2×40g I/O module ports don't come up in their respective slots, although you enable the ports in the Manager.
NSPSNSR-12451
Issue: [NS9300] When you bring up the cross-connect ports, the Layer2 status is incorrectly displayed as abnormal, although the Sensor health status is good.
NSPSNSR-12298
10.1M10
Issue: Packet matching might not work correctly in the firewall policy after upgrading to 10.1.5.153 when there are multiple network objects configured in a single rule.
Workaround: Upgrade the Sensor to 10.1.5.170 or later versions to avoid this issue.
NSPSNSR-11939
Issue: A supported file type for malware inspection is uploaded to a server via a POST or PUT request, and the server responds with a file that's downloaded as a Response.
The Sensor can inspect only the file uploaded and doesn't scan the file downloaded for the POST request.
This limitation applies only when both the HTTP download and HTTP upload options are enabled.
NSPSNSR-10394
Issue: [NS3500] The management port speed is displayed incorrectly in the Sensor CLI.
NSPSNSR-9483
9.1
Issue: The Scheduler intermittently fails to pick files submitted to the cloud to get the report; the files continue to show as pending.
NSPSNSR-9187
10.1
Issue: For GTI-URL-reputation alerts, there's a mismatch in the Matched URL and HTTP URI fields when the outbound SSL decryption is enabled.
NSPSNSR-8719
9.1
Issue: GTI File Reputation stops working with high traffic load.
NSPSNSR-8235
Issue: An invalid string is seen in the Layer 7 data alerts generated for Office engine.
NSPSNSR-8195
Issue: The value of the Cache Nodes utilized counter isn't reduced when the Advanced Threat Defense cache purge is started.
NSPSNSR-7937
Issue: Hitless reboot doesn't work as multiple datapath processors stop responding (crash).
NSPSNSR-7935
Issue: In rare scenarios, some files aren't processed for malware scanning.
NSPSNSR-7932
Issue: The packet (pkt) direction isn't set correctly when flow information is sent from the front-end processor to the datapath processor (direction is unknown).
NSPSNSR-7542
Issue: APK files with the extension vnd.android.package-deltaaren't processed for malware detection.
NSPSNSR-6916
Issue: If there are host sweep alerts, there's a mismatch in Network Protocol ID when the Manager forwards alert messages to the syslog server.
NSPSNSR-6837
Issue: Redirection to the Guest Access portal fails for inter-VLAN routing.
NSPSNSR-4344
9.2
Issue: Sensor Snort IDs are sent in the failed rules file instead of Global Snort IDs.
NSPSNSR-4339
9.2
Issue: The Sensor prioritizes HTTP traffic over SSL traffic when outbound SSL decryption is enabled.
NSPSNSR-4326
9.2
Issue: Outbound SSL implementation shows outbound flows as configurable through the Manager.
NSPSNSR-4314
9.2
Issue: Rules with IPv4 address range can't be created.
NSPSNSR-4278
9.2
Issue: [SNORT] Snort attack packet detected by Suricata can't be exported from the attack log.
NSPSNSR-3990
Issue: Layer 7 data collection remains enabled although it's disabled from the Policy page, which leads to low performance of the device.
NSPSNSR-3069
Issue: Connection limiting host count is as low as 128k, but must be more than 256k for NS-series Sensors.
Issue: [VM600] Sensors show handshake buffer allocation failures on SSL traffic (Extended Master Secret).
You see the following entry in the Sensor.dbg:
EMER ssltsk 55486| ivSSL_HandShakeDataCopyToBuf : ERROR!! Failed to get Free node from SSLHandShakeFreeList"
NSPSNSR-11685
10.1
Issue: Jumbo features like Jumbo Malware and Jumbo Frames don't work on the Virtual IPS Sensor deployed on ESX 7.0.
NSPSNSR-10740
10.1
Issue: When youexecute the layer2 mode assert command, the Virtual IPS Sensor doesn't go into to Layer 2 mode.
NSPSNSR-10555
10.1
Issue: In certain conditions for a Windows VM, fewer alerts are seen when consecutive, identical attacks appear.
Critical:
Reference Number
Related
Article
Found in
Version
Issue Description
NSPNAD-1721
10.1
Issue: During split file download, XDP files aren't extracted.
NSPNAD-1690
10.1
Issue: The Manager doesn't trigger alerts for custom rules that use thessl_version field.
Non-critical: There are currently no non-critical issues.