Issue resolutions in updates and major releases are cumulative; Technical Support recommends that you install the latest version. To find the most recent release for your product, go to the Product Downloads site.
Issue: Starting with 10.1.7.50, IPS Manager only supports TLS 1.2 ciphers for Manager and Sensor communication.
If you upgrade your Manager to version 10.1.7.50 or later, but your Sensor software doesn't support TLS 1.2, communication between the Manager and Sensor is interrupted.
To avoid this issue, you must first upgrade the Sensor to a software version that supports TLS 1.2 and then upgrade your Manager to 10.1.7.50.
For details about how to avoid this issue, see the related article for a list of TLS 1.2 supported Sensor software, and upgrade your Sensor before rolling out your Manager upgrade.
Non-critical
Reference Number
Related Article
Found in Version
Issue Description
NSPMGR-22648
Issue: If the alert channel is down or the Sensor disconnects from the Manager, the incremental updates fail to reach one of the Sensor nodes in the stack setup.
Click File Hashes, then according to your requirement, choose the Allow List or Block List tab.
Add, delete or modify more than 4000 entries in the Manager to trigger the bulk update to all member Sensors of the stack at the next fifth-minute interval. The disconnected member Sensors are now online and will have all the updated hash entries.
NSPMGR-22642
Issue: Bulk update does not performed when the previous update failed, due to exceeding the heterogenous Sensor limit.
Click File Hashes, then according to your requirement, choose the Allow List or Block List tab.
Remove all the file hashes from the Manager and import the file hashes via CSV import.
If the hashes are within the limit of heterogenous Sensors, they are synched with heterogenous Sensors.
NSPMGR-22639
Issue: After you reboot the Manager, bulk update fails to resume automatically and hash file information fails to reach the Sensor.
Click File Hashes, then according to your requirement, choose the Allow List or Block List tab.
Delete the entries from one list and then add them to other list via CSV import.
For example, if you plan to move hash entries from Allow list to Block list, delete the entries from Allow list and add it to Block list via CSV import.
NSPMGR-22468
11.1
Issue: You see the following errors in the Faults page while attaching NTBA version 9.1 to the Manager:
NTBA Discovery Failure
NTBA Signature Set Mismatch Error
NTBA Deployment Error
Workaround:
Click Devices, <Admin Domain Name>, Global, Device Manager and select the required NTBA device on the Sensors tab.
In the bottom-left menu, click Sync.
Enable the Configuration and Signature Set option, and click Sync.
NSPMGR-22113
10.1 Update 10
Issue: Some alerts aren't converted to a detected state for malicious files in the Attack Log page. This issue is seen when the Multi-Vector Virtual Execution (MVX) engine is configured for the stacked Sensors.
NSPMGR-22064
10.1 Update 10
Issue: The Sensor health node keeps loading and doesn't display health information for other devices, when any one of the Sensors connected to the Manager is rebooting.
NSPMGR-21145
Issue: You see an automatic switch over in an MDR pair. This puts the peer Manager into active mode.
NSPMGR-20340
Issue: After upgrading the stack Sensor software version from the Device Manager page, the Sensor fails to reboot automatically.
Issue: Discrepancies are reported in the IP address to the geolocation mapping data when compared with MaxMind and Digital Envoy databases.
NSPMGR-17727
Issue: When you swap the 2 × 40 g and 4 × 40 g modules, the Module information isn't refreshed in the Manager.
NSPMGR-17563
Issue: You can't enter more than two characters in the Ignore rules tab, Search Attack Name text field.
Workaround: You can't type more than two characters, but you can copy and paste the full attack name in the Search Attack Name text field.
NSPMGR-16892
Issue: After you migrate the Manager and Sensor certificate from self-signed to CA-signed, trust establishment fails between the Manager and Sensor.
Workaround:
Reset configurations in the Sensor using the resetconfig command.
Delete the Sensor in the Manager.
Migrate the Sensor certificate from self-signed to CA-signed.
NSPMGR-16846
Issue: You see the last activity displayed as null in the Manager database, when you close the browser session abruptly instead of logging out.
Workaround: Always log off from the Manager using the in-Manager option.
NSPMGR-15657
10.1
Issue: You see Access Denied Exceptions in solr.log, when the Solr data path contains special characters.
Workarounds:
Install the Manager in a path that has no special characters
OR
Install Manager 10.1.7.40 or later
NSPMGR-15626
10.1
Issue: When policies are updated in the Manager, the pending changes status isn't updated under Devices, <Admin Domain Name>, Devices, <Device Name>, Deploy Pending Changes and Devices, <Admin Domain Name>, Global, Deploy Pending Changes
NSPMGR-12791
10.1
Issue: Malware policies for alerts aren't displayed when you access them from the Attack Log, Other Actions, Update Policy option.
NSPMGR-7952
9.1
Issue: You can't integrate NTBA with the Manager because the NTBA Direction drop-down list displays a blank value.
This issue might happen when you add an NTBA to the Manager.
Workaround:
Delete the NTBA from the Manager.
Run the deinstallcommand from the NTBA CLI.
Add the NTBA to the Manager.
Re-establish the trust between the Manager and NTBA.
Use the command set sensor sharedsecretkeyfrom the NTBA CLI.
NSPMGR-7895
9.1
Issue: After you quarantine the host, the quarantine page displays the vNSP cluster name instead of the Virtual IPS Sensor name.
NSPMGR-2758
9.2
Issue: After you upgrade the Manager, the private GTI configurations can't be updated to the Sensor.
NSPMGR-2669
9.2
Issue: After you import chain certificates, an incorrect key length for the parent certificates is displayed.
NSPMGR-2646
9.1
Issue: The Attack Log page doesn't display the IP address for the Too many inbound TCP SYN attack.
NSPMGR-2472
9.1
Issue: The Attack count isn't incremented for any block-listed executable in the Endpoint Executables page.
NSPMGR-2438
9.1
Issue: [Linux-Based Manager] The following diagnostic tools don't work:
Issue: Capturing packets when the port is in span mode under high load causes the Sensor to stop responding and passing network traffic (Sensor crashes).
Non-critical
Reference Number
Related Article
Found in Version
Issue Description
NSPSNSR-13302
11.1 Update 1
Issue: The following HTTP error codes are displayed during MD5 query or file submission requests to DAAS:
HTTP 429: When the number of submissions/queries are more than 10 files per second.
HTTP 403: If an invalid API key is used while sending requests.
HTTP 400: When the file name is >=256 during file submission.
Issue: [NS-Series 9100] Sensors show handshake buffer allocation failures on SSL traffic (Extended Master Secret).
You see the following entry in Sensor.dbg:
EMER ssltsk 55486| ivSSL_HandShakeDataCopyToBuf : ERROR!! Failed to get Free node from SSLHandShakeFreeList"
NSPSNSR-12819
10.1 Update 10
Issue: Some counters don't match the expected values in the show malwareserverstats, show malwareenginestats and show mvx statscommands,
when files are submitted to the MVX engine in bulk.
NSPSNSR-12575
Issue: [NS9x00] 2 × 40 g I/O module ports don't come up in their respective slots, although you enable the ports in the Manager.
NSPSNSR-11939
Issue: A supported file type for malware inspection is uploaded to a server via a POST or PUT request, and the server responds with a file that's downloaded as a Response.
The Sensor can inspect only the file uploaded and doesn't scan the file downloaded for the POST request.
This limitation applies only when both the HTTP download and HTTP upload options are enabled.
NSPSNSR-10394
Issue: [NS3500] The Management port speed is displayed incorrectly in the Sensor CLI.
NSPSNSR-9483
9.1
Issue: The Scheduler intermittently fails to pick files submitted to the cloud to get the report; the files continue to show as pending.
NSPSNSR-9187
10.1
Issue: For GTI-URL-reputation alerts, there's a mismatch in the Matched URL and HTTP URI fields when the outbound SSL decryption is enabled.
NSPSNSR-8235
Issue: An invalid string is seen in the Layer 7 data alerts generated for the Office engine.
NSPSNSR-8195
Issue: The value of the Cache Nodes utilized counter isn't reduced when the Advanced Threat Defense cache purge is started.
NSPSNSR-7935
Issue: In rare scenarios, some files aren't processed for malware scanning.
NSPSNSR-7932
Issue: The packet (pkt) direction isn't set correctly when flow information is sent from the front-end processor to the datapath processor (direction is unknown).
NSPSNSR-7542
Issue: APK files with the extension vnd.android.package-deltaaren't processed for malware detection.
NSPSNSR-6916
Issue: If there are host sweep alerts, there's a mismatch in Network Protocol ID when the Manager forwards alert messages to the syslog server.
NSPSNSR-6837
Issue: Redirection to the Guest Access portal fails for inter-VLAN routing.
NSPSNSR-4344
9.2
Issue: Sensor Snort IDs are sent in the failed rules file instead of Global Snort IDs.
NSPSNSR-4339
9.2
Issue: The Sensor prioritizes HTTP traffic over SSL traffic when outbound SSL decryption is enabled.
NSPSNSR-4326
9.2
Issue: Outbound SSL implementation shows outbound flows as configurable through the Manager.
NSPSNSR-4314
9.2
Issue: Rules with the IPv4 address range can't be created.
NSPSNSR-4278
9.2
Issue: [SNORT] Snort attack packet detected by Suricata can't be exported from the attack log.
NSPSNSR-3990
Issue: Layer 7 data collection remains enabled although it's disabled from the Policy page, which leads to low performance of the device.
NSPSNSR-3069
Issue: The connection limiting host count is as low as 128k, but must be more than 256k for NS-series Sensors.
