LoadMaster Release Notes for Version 6

Table of Contents

1.Software Release Notes Introduction

The current software is a maintenance release of the KEMP Technologies LoadMaster series and this document describes the features supported in the current and previous releases.

1.1Pre-requisites

The following are recommendations for upgrading the software:

• The person undertaking the upgrade should be a network administrator or someone with equivalent knowledge.
• In case of issues restoring backup configurations, configuring LoadMaster or other maintenance issues, please refer to the LoadMaster documentation which can be found at http://www.kemptechnologies.com/documentation .

1.2Support

Should you experience problems loading the software release, you may contact KEMP support staff via our automated trouble ticket system HERE and a KEMP support Engineer will call you promptly.

1.3Compatible Products

2.Release 6.0-44

2.1New Features

1. Session Management

Session Management security features have been added.

 

2. LDAP User Authentication

All administrative users of the LoadMaster can be authenticated against an external LDAP database.

2.2Feature Enhancements

1. Viewable End User License Agreement (EULA)

The EULA is now viewable from within the WUI.

 

2. Telnet functionality

Telnet functionality is available within the Diagnostic Shell.

 

3. Additional options for adding headers to HTTP traffic

A number of new optionsfor adding headers to HTTP traffic, including the ‘Via’ option, have been added.

 

 

2.3Issues Resolved

1456	Some non-alphanumeric characters are allowed in the username input fields
1849	The Source IP Persistence persistence method now works correctly with the ‘Always Check Persist’ option enabled.
1857	An issue with using a non-local ‘Sorry Server’ in a Layer 7, transparent Virtual Service has been resolved
1862	The initial, default IP address is visible on eth0 (until the user changes it)
2011	The POST health check is allowed within the RESTful API
2046	Non-alphanumeric text is no longer accepted within the DNS Search Domain input field.
2127	Issue with clearing SNMP traps has been resolved
2148	Behavior for the Service Name input field when using templates is corrected
2212	An issue with healthchecking on additional IPv6 interfaces has been resolved
2216	An issue with changing URLs in Content Switching has been resolved
2264	An issue with the Force HA Failover functionality has been resolved
2276	An issue with Intermediate Certificates has been resolved
2279	Transparency now works correctly within nested Virtual Services
2307	Inconsistency with Password input rules has been resolved
2358	Display issue with Rules corrected
2381	Issue with users other than bal using the RESTful API has been resolved
2408	Issue for user with Real Server permissions modifying Real Servers has been resolved
2447	Issue with Active Cookie Persistence and Content Switching on the same Virtual Service has been resolved

2.4Known Issues

1. STARTTLS (if requested) does not work properly in SMTP Virtual services using STARTTLS offloading. In STARTTLS if requested mode, if a client does not choose STARTTLS, things go wrong ONLY if the server requires authorization.
2. Access control whitelist does not function correctly with wildcard Virtual Services

3.Release 6.0-42a

3.1Issues Resolved

2181	Fixed issue relating to RADIUS authentication

4.Release 6.0-42

4.1New Features

4. Least Connections scheduling method has a ‘slow-start’ control

Least Connections scheduling method has a ‘slow-start’ control to enable a controlled ramp-up of the number of connections to the Real Server on start-up.

 

5. The LM-R320 product is available

Add support for the LoadMaster R320 product

4.2Feature Enhancements

6. Added Netconsole to the debug menu

All kernel console messages can be sent to the syslog port on the specified host.

 

7. Content Rules: The maximum length of the match string has been increased

The maximum length of the match string has been increased to 250 characters.

 

8. GoDaddy certificate bundles supported

Support is included for GoDaddy certificates

 

9. Simple error pages hosting when HTTP/HTTPS services are unavailable.

Simple error pages can be hosted for when HTTP/HTTPS services are unavailable.

 

10. Increase the amount of information visible in the statistics page

The number of rows visible in the statistics page has been increased from 9 to up to 100 rows.

 

11. Password Verification is required when creating certificate backups

Password Verification is required when creating certificate backups.

 

12. Non-HTML uploads handled correctly

Some issues with non-HTML uploads have been corrected.

 

13. Auto-generated RSA keys are 1024 bits

In order to be accepted by Windows OS, the auto-generated RSA keys are 1024 bits. Any users attempting to upload RSA keys less than 1024 bits are blocked

 

14. Jumbo Frames are supported on the LM-5300

Jumbo Frames are supported on the LM-5300.

 

15. Quicksetup: the requirement for a subnet mask is now clearer

The requirement for a subnet mask during the Quicksetup is now clearer.

 

16. Indicator of the hypervisor used is displayed

Whichever hypervisor is used the hypervisor name is displayed.

 

17. Named users can change their own password

Named users can change their own password.

 

18. Customizable Sorry Server port

The port for the Sorry Server can now be customized.

 

4.3Issues Resolved

1383	DHCP issue for E100 drivers in VMware is resolved
1707	Issue with Content Switching and Redirection when only one rule exists is resolved
1709	Issue with resolving Real Servers is resolved
1710	Missing RESTful API command for Real Server limits is implemented
1714	Issue with users with All Permissions applying Content Rules is resolved
1721	Segfault issue on LM-3600 and LM-3500 HA pair resolved
1875	Issue with setting MTU on fiber interfaces is resolved
1899	Issues handling the’ \’ and ‘&’ characters in packet filters are resolved
1924	Memory issue on ASIC cards with SSL duplication is resolved
2019	Issues with SNORT rules and OWA traffic are resolved
2040	Error message when Real Server is down is handled correctly

4.4Known Issues

3. STARTTLS (if requested) does not work properly in SMTP Virtual services using STARTTLS offloading.
4. In STARTTLS if requested mode, if a client does not choose STARTTLS, things go wrong ONLY if the server requires authorization
5. LoadMaster requires a reboot after changing SNMP trap hosts
6. Cannot set "POST" health check via RESTful API
7. Illegal characters may be entered in DNS search domains

5.Release 6.0-40CMa

5.1Issues Resolved

1982	Resolved interoperability issues with Microsoft Internet Explorer 6 POST operations

6.Release 6.0-40CM

The v.6.0-40CM release is dedicated to the memory of our friend and colleague Chris Miller.

May he Rest In Peace

6.1New Features

LM5305-FIPS; FIPS 140-2 Level 2 compliant product

A new FIPS 140-2 Level 2 compliant product, the LM5305-FIPS, is available.

KVM, para-virtualized Virtual LoadMaster (VLM)

A new VLM package, to support VLM installation within a KVM, para-virtualized environment is available.

Xen, para-virtualized Virtual LoadMaster (VLM)

A new VLM package, to support VLM installation within a Xen, para-virtualized environment is available.

End User License Agreement (EULA)

The EULA is now incorporated into the product.

Jumbo Frames support enabled

Jumbo Frames are now supported within product.

Message of the Day (MOTD) Banner

A message can be added, in banner format, to the LoadMaster’s home page.

Configurable Maximum Transmission Unit size

The MTU (or maximum Ethernet frame size) can be configured for each interface.

New ‘POST’ HTTP Healthcheck method

A new HTTP Healthcheck method, POST, allows more robust health checking methods.

Support for Network Level Authentication for RDP Healthcheck

The RDP Healthcheck now supports Network Level Authentication.

6.2Feature Enhancements

Drop Connections when Drainstop Timer Expires

The drainstop functionality can now be configured so that connections are automatically dropped on disabled servers when the drainstop timer expires.

RESTful API command returns the active HA unit’s IP address

The ‘switchha’ RESTful API command returns the active HA unit’s IP address.

Added functionality for Certificates handling

The way certificates are handled has been made more intuitive.

In the CLI, messages are viewable from within a Terminal view

In the CLI messages, logs, boot msg. etc., are viewable from within a Terminal view.

The HA visual indicators are more intuitive

The green HA visual indicators are now more intuitive and indicate which of the units is active.

STARTTLS supports IMAP4

STARTTLS now supports IMAP4.

Openssl upgraded to 0.9.8x

The Openssl version used within the LoadMaster has been upgraded to v.09.8x.

Statistics can be reset

All statistic summary values can be reset to zero.

Automatic Backup test function

The Automatic Backup can be tested to ensure that it functions correctly.

6.3Issues Resolved

1295	A vsslproxy segfault issue has been resolved
1638	The size of the tcp time wait table has been increased
1723	Spurious L4 diagnostic messages have been removed
1726	NIC driver failure in VMware after upgrade issue resolved
1749	Issue with ‘Common Name’ not displaying after certificate import resolved
1751	Latency issues when using 10Gb fiber interface resolved
1611	Potential security issue with TLS resolved
1455	Issues with email verifications resolved
1614	A vsslproxy child processes issue has been resolved
1615	Healthcheck replies without content length failing for GET requests resolved
1722	URL header modification issue resolved
1391	Erroneous ‘badrequest’ messages issue resolved
1457	Issue with ‘Certificate’ user permissions resolved
1618	Hover help for "L7 Connection Drain Time" improved

6.4Known Issues

1. No Support for Jumbo frames on LM5300 gigabit NIC (82583V).
2. No virtualization environment is shown when the NICs are e1000 in VMware

7.Release 6.0-38

7.1New Features

Hyper-V Support for Synthetic Drivers.

The Virtual LoadMaster for Hyper-V now supports synthetic drivers.

RESTful API Interface.

LoadMaster provides a RESTful API interface for Virtual Services and Real Server functionality designed to allow remote applications access in a simple and consistent manner.

Ability to monitor the number of connections on a Real Server and perform limiting based on it.

LoadMaster monitors the number of open connections on a Real Server and can limit connections to the Real Server when the number of connections exceeds a user defined number.

Updates to how routing is handled for Non-Local Real Servers.

Routing for Non-Local Real Servers has been updated to ensure that traffic is handled in a correct and consistent manner.

Triggered Failover Capability

Switching the roles of a HA pair can be accomplished through a failover button on the WUI.

More detailed Real Server Connect attempt failed messages.

The source IP, port and destination port is included in the Real Server Connect attempt failed messages.

Snapshot of Statistics is included in the backup

A snapshot of the statistics is included in the configuration backup.

7.2Issues Resolved

953 - Resolved issue with LM3600 and “Inter HA L7 Persistency Updates"

An issue with the LM3600 rebooting with “Inter HA L7 Persistency Updates" turned on has been resolved.

1247 - Resolved “Extra port” traffic with per VS Packet Filter enabled issue

An issue with “Extra port” traffic with per VS Packet Filter enabled has been resolved.

1306 - Correct validation of IP address inputs when in iSetup mode

An issue where an incorrect format of IP addresses in console mode was being accepted has been corrected.

1307 - Extended the length of the tcpdump Options field

The length of the tcpdump Options field has been extended to provide greater flexibility.

1370 - Corrected issue with the RADIUS Server Revalidation Interval

Resolved an issue where the RADIUS Server Revalidation Interval was not being set correctly.

1379 - Resolved an issue with the HA Multicast Interface

An issue with the HA Multicast Interface has been resolved.

1380 - Resolved issue with wildcards in the Hyper-V VLM

An issue where wildcards were not functioning correctly in the Hyper-V VLM has been corrected.

1382 - Resolved an issue restoring a 5.1 backup configuration with L7 transparency

An issue restoring a 5.1 configuration backup on a 6.0 build with L7 transparency turned on is resolved.

1384 - The correct method for checking custom ports are configured

When custom ports are configured, LoadMaster no longer incorrectly checks standard ports.

1389 - Inaccuracies in Virtual Services Statistics have been corrected.

Some inaccuracies in how Virtual Services statistics were displayed have been corrected.

1391 - Erratic ‘badrequest’ messages have been resolved

Erratic ‘badrequest’ messages which were being received have been corrected

1392 - Issue with Header Rules and Named Users has been resolved.

An issue using Header Rules with named users has been resolved.

1395 - Resolved a 5.1 to 6.0-34 upgrade issue with the Hyper-V VLM

A 5.1 to 6.0-34 upgrade issue with the Hyper-V VLM has been resolved

1407 - An L7 Transparency issue in the Hyper-V VLM is resolved

An L7 Transparency issue in the Hyper-V VLM is resolved

1459 - An issue with L7 wildcards after switching to L4 has been resolved

An issue with L7 wildcards after switching to L4 has been resolved

1460 - An issue with VS stats and L4 services with Persistency configures has been resolved

An issue with VS stats and L4 services with Persistency configures has been resolved

1461 - A display issue on the homepage with statistics has been rectified

A display issue on the homepage, where numbers were been shown in a negative format in the statistics section, has been rectified

1508 - Resolved an Automated Backup issue

An Automated Backup issue where the directory fails to change, has been resolved.

1509 - An incorrect diagnostic message when using alternate port in log mailer is corrected

An incorrect diagnostic message when using alternate port in log mailer is corrected

1523 - An issue caused by the use of the fixed weight scheduling method has been resolved

A kernel panic caused by the use of the fixed weight scheduling method has been resolved.

1532 - An inconsistent upper boundary error message for the port parameter has been corrected

An inconsistent upper boundary error message for the port parameter has been corrected.

1592 - Correct level for vssslproxy error message set

An error message in the vssslproxy has been reduced in its severity level

7.3Known Issues

1. Issue:Setting up an IPv6 deployment requires two reboots before the IPv6 default gateway becomes set.
2. Issue: Cannot unset error code for Modify Virtual Service via the RESTful API

8.Release 6.0-36

8.1New Features

Disable/Enable Web User Interface Access from the LoadMaster Console.

Access to the Web user Interface can be disabled or enabled from the LoadMaster Console.

8.2Issues Resolved

651 - Kernel Panic with UNIX Sockets issue resolved

A Kernel Panic issue, arising from the interaction of Layer 7 and UNIX Sockets, has been resolved.

832 - Real Server Statistics Can Now Be Viewed Per Virtual Service

The statistics available for Real Servers can now be expanded out to view each Real Server per Virtual Service.

902, 1153 - Access Control List issues resolved

A number of issues with Access Control Lists were resolved.

908 - Error Message when Content Rule name is too long made more relevant

The error message that appears when the content rule name is too long has been made more relevant.

909 - Issue with overlong Error Messages in Virtual Services causing issues is resolved

An issue with adding extra virtual services caused by error messages in the virtual service being too long, has been resolved

911 - Terminal Services Persistency Timeout Value issue is resolved

An issue where the persistency timeout value is not initially visible on a Terminal Services virtual service is resolved.

941, 943 – New Time Zones added

A number of new time zones have been added..

942 - LoadMaster recognizes netmask given by DHCP

An issue where the VLM ignored a netmask given by DHCP is resolved.

1149 - Issue with Alternative Addresses and Disabling Scaling is resolved

An issue where, after enabling scaling, adding alternative addresses and disabling scaling the

LoadMaster still uses the additional addresses have been resolved

1150 - Persistence options now only show relevant options

An issue where inappropriate persistence options were available has been resolved.

1151 - Using an L4 ‘wildcard’ no longer causes the Real Server to fail

Using an L4 ‘wildcard’ no longer causes the Real Server to fail

1152 - The Reply 200 pattern in Healthcheck no longer requires’/’ around the pattern.

The Reply 200 pattern in Healthcheck no longer requires’/’ around the pattern..

1164 - SNMP OID added for Virtual Service Active Connections

SNMP OID added for Virtual Service Active Connections.

1165 - The 403.4 status Code is now allowed in Redirect Handling

The 403.4 status Code is now allowed in Redirect Handling .

1234 - Non-primary DNS Servers are now recognized by the LoadMaster

An issue where non-primary DNS Servers were ignored by the LoadMaster is resolved

1243 - SNMP OID for ‘ipvsRSTotalTable’ now works correctly

An issue with the SNMP OID for ‘ipvsRSTotalTable’is now resolved

1253 - Confusing label in the Certificates screen relabeled

The ‘Filename’ label has been changed to 'Certificate Identifier'

8.3Known Issues

1. Issue: When ‘Inter HA L7 Persistency Updates" is enabled, reboot and warnings may occur.
2. Issue: The ‘Allowed Network’ option within the ‘Add User Permissions’ screen does not work.
3. Issue:Setting up an IPv6 deployment requires two reboots before the IPv6 default gateway becomes set.
4. Issue:Segfault occurswhen switching to SSL mode from cleartext (STARTTLS mode)
5. Issue: Using extra ports while the packet filter is enabled will block traffic to the extra ports.

9.Release 6.0-34

9.1New Features

Perl Compatible Regular Expressions (PCRE) can now be used.

PCRE can now be used to create match strings in Content Matching rules and Header Modification rules.

IPv6 can now be used in a Direct Server Return (DSR) configuration.

IPv6 can now be used in Direct Server Return (DSR) configurations.

Snort Rules version 2.9 is now supported

The LoadMaster now supports Snort Rules versions 2.9 and below

Added an lsetup option to unbind interfaces

Within the lsetup menu, an option has been added to unbind all bonded interfaces.

9.2Issues Resolved

628 - User Name field limit increased to 14 characters

The character limit in the User Name field within the User Management screen has been increased to 14 characters.

631 - TCP idle timeout now dynamically watches for ‘Connection Timeout’ message

Layer 4 TCP idle connection timeouts are no longer fixed to 5 minutes but are now set dependent on the ‘Connection Timeout’ value.

632 - SNMP supports IPv6 at Layer 4

SNMP now fully supports IPv6 at Layer 4

633 - Deadlock issues with persistence corrected

Some deadlock issues that occurred in some obscure cases of persistence have been corrected.

635 - User login permissions copying correctly

An issue with user login permissions copying incorrectly to the slave was corrected.

714 - IPv6 Healthchecks originate from the base address of the interface

IPv6 use the base address of the interface as the source IP address.

767 - Corrected WUI issues with the Manage Template option

Template names in the Manage Template option are no longer too long.

768 - Corrected issues with Packet Filtering

Prefixes can now be as low as 1.

Entries in a Whitelist, when there are no entries in the Blacklist ensure only the IP addresses in the Whitelist are allowed pass. All others are blocked.

769 - Access Control issue on a HTTP Redirect issue corrected

An issue with HTTP Redirect, when used with Packet Filtering turned on but with empty Access Control lists, has been corrected.

770 - Migration from some 5.1-74 configurations caused issue with HA

Some issues caused by migrating from specific configurations in 5.1-74 have been resolved.

771 - UDP services no longer displays TCP healthcheck options

If you select a UDP service while configuring a Virtual Service, you can longer select a TCP healthcheck option.

772 - Implementing upgrade controls between 32 bit and 64 bit options

Users are no longer allowed to upgrade from 32 bit to 64 bit versions of the software.

773- User account permissions working correctly

Some issues with user account permissions working incorrectly were corrected.

776 - Issue with Cavium driver on the LoadMaster 5500 corrected

The Cavium driver now works correctly with the LoadMaster 5500.

777 - Passing normal SMTP traffic through a VS which has STARTTLS set corrected

An issue which arose when passing normal SMTP traffic through a VS which has STARTTLS set, has been corrected.

778 - FQDN consistently displays in certificate on the WUI

An issue where FQDNs were not always displayed within certificates on the WUI has been corrected.

779 - Corrected some issues with automated backup

Some issues with automated backup have been corrected.

781 - Added additional information to the backup file

The backup file now also contains the output of ‘netstat –r’, ‘ps –ef’ and ‘cat /proc/interrupts’.

782 - Additional tcpdump parameters allowed

It is now possible to pass additional parameters via a free format field to tcpdump.

784 - Layer 4 support for IPv6

Issues with Layer 4 support for IPv6 corrected.

785 - Display of more than 100 Real Servers on a Virtual Service corrected

Users can now have up to 1024 Real Servers per LoadMaster.

786 - Issues with the use of ‘$’ in user passwords corrected

Users can now use the ‘$’ character within user passwords

797 - Cookie Persistence works correctly when Real Server fails.

Cookie Persistence now works correctly when the Real Server which the cookie points to fails.

803 - Statistics displaying Ipv6 Layer 4 packets correctly

Some issues with displaying Layer 4 packet statistics have been corrected.

814 - Port numbers deal correctly with leading zeroes

Port numbers now deal correctly with leading zeroes.

838 - Issue with ‘Negation’ and ‘Ignore Case’ in Content Rules corrected

An issue where Negation’ and ‘Ignore Case’ in Content Rules were not being deselected correctly was corrected.

840 - Version information is now printed to the boot log file

The software version information is now printed to the boot log file.

847 - Port Range is displayed on Real Server information

When there is a Port Range, this is now displayed within the Real Server information.

848 - Extended the allowable length of fields and headers in the Custom Headers

The allowable length of both fields and headers within Custom Headers have been increased.

850 - No longer allowed to bond eth0 and eth1

Users are no longer allowed to bond eth0 and eth1.

851 - Add Header to Request field now accepts the ‘_’ and ‘- ‘characters

The Add Header to Request field now accepts the ‘_’ and ‘- ‘characters

867 - Can set Switch to Preferred Server of no preferred host within a HyperV environment

Corrected an issue where you could not set Switch to Preferred Server of no preferred host within a HyperV environment

878 - SNAT changed to Server NAT

Throughout the product, the term ‘SNAT’ has been changed to ‘Server NAT’ to avoid confusion with the more common definition of ‘SNAT’.

9.3Known Issues

1. Issue: When ‘Inter HA L7 Persistency Updates" is enabled, reboot and warnings may occur.
2. Issue: The Terminal Services persistency timeout value not initially visible.
3. Issue: You cannot have more than 90 characters in the ‘Error Message’ field when configuring the ‘Not Available Redirection Handling’ option.
4. Issue: The error message which appears when a Content Rule name is too long is misleading
5. Issue: The ‘Allowed Network’ option within the ‘Add User Permissions’ screen does not work.
6. Issue:Setting up an IPv6 deployment requires two reboots before the IPv6 default gateway becomes set.
7. Issue:TheGlobal Access Control List feature is not working

10.Release 6.0-28a

10.1New Features

New ‘Cookie-Based’ Persistence Methods

New persistence methods, based on cookies, have been added to the existing methods. The methods added are as follows:

• Server Cookie Persistence

This method uses existing cookies generated from the server to determine which server to send users to.

• Active Cookie Persistence

This method uses cookies generated by the LoadMaster, not the server.

• Server Cookie or Source IP Persistence

This method is identical to the Server Cookie setting, but with the additional feature that it will fall back to Source IP persistence in the event no cookies are in the HTTP string.

• Active Cookie or Source IP Persistence

This method is identical to the Active Cookie setting, but with the additional feature that it will fall back to Source IP persistence in the event no cookies are in the HTTP string.

• Hash All Cookies Persistence

This method creates a hash of the values of all cookies in the HTTP stream.

• Hash All Cookies or Source IP Persistence

This method is identical to Hash All Cookies, with the additional feature that it will fall back to Source IP persistence in the event no cookies are in the HTTP string.

10.2Issues Resolved

None

10.3Known Issues

1. Issue: Packet option in the RS metrics page is non-functional
2. Issue: LM-5500 SSL ASIC cards do not load after upgrade. Call support.
3. Issue: Automated backup does not work properly with Windows FTP
4. Issue: FQDN is not displayed when filename begins with a uppercase letter
5. Issue: GEO/DR binddb segfault errors in logs

Workaround: These can safely be ignored as there is no impact on operation

6. Issue: Additional subnets on this Interface: When upgrading to 6.0-28a, these will not be converted correctly. The mask will be incorrectly appended to the end of the actual address. For example, 192.168.0.1/24 becomes 192.168.0.1255.255.255.0

Workaround: Edit the Additional Addresses field to fix the netmask back to the CIDR notation (including the slash)

7. Issue: GEO/DR Configuration backup does not work

Workaround: Rebooting post-restore will apply the changes

8. Issue: GEO/DR Configuration backup becomes overwritten in a multi-geo/dr deployment

Workaround: None

9. Issue: Packet filter/Access Control Lists only causes problems with multiple VS's with the same IP

Workaround: Disable packet filter

11.Release 6.0-28

11.1New Features

None

11.2Issues Resolved

448 - Preferred HA Host

Using preferred HA Host does not cause a change in Master/Standby between units.

474 - WUI Interface

Switching which interface is used for WUI, requires reboot before being applied.

476 - VIP Port Range

VIP displayed port range for RS required small adjustments.

481 - Port Following

Fixed. Did not show as WUI option.

482 - Console CLI

Can now save VS settings..

11.3Known Issues

1. Issue: Packet option in the RS metrics page is non-functional
2. Issue: LM-5500 SSL ASIC cards do not load after upgrade. Call support.
3. Issue: Automated backup does not work properly with Windows FTP
4. Issue: FQDN is not displayed when filename begins with a uppercase letter
5. Issue: GEO/DR binddb segfault errors in logs

Workaround: These can safely be ignored as there is no impact on operation

6. Issue: Additional subnets on this Interface: When upgrading to 6.0-28, these will not be converted correctly. The mask will be incorrectly appended to the end of the actual address. For example, 192.168.0.1/24 becomes 192.168.0.1255.255.255.0

Workaround: Edit the Additional Addresses field to fix the netmask back to the CIDR notation (including the slash)

7. Issue: GEO/DR Configuration backup does not work

Workaround: Rebooting post-restore will apply the changes

8. Issue: GEO/DR Configuration backup becomes overwritten in a multi-geo/dr deployment

Workaround: None

9. Issue: Packet filter/Access Control Lists only causes problems with multiple VS's with the same IP

Workaround: Disable packet filter

12.Release 6.0-27

12.1New Features

Configurable Healthcheck Headers

You can specify up to 4 additional headers/fields which will be sent with each healthcheck request.

12.2Issues Resolved

461 - Disabled Real Server Failure

Stopping an RS prevented further access until drain stop elapsed..

465 - Javascript Resources

Include addrs.js in the index page so it will always be reloaded.

472 - Geo LM Issues

Fixed various sync and filtering issues.

- Multicast Addresses

Can no longer specify invalid / multicast addresses where these would be invalid.

- Carps

The IPv6 address for Carps multicast packets has been changed to the IANA defined value. (Only used on interfaces whose primary address is IPv6).

12.3Known Issues

None

13.Release 6.0-26

13.1New Features

None

13.2Issues Resolved

457 - Adding Addresses

Can now add addresses to eth2 and above.

441 - ACL

Improved diagnostics for Access Control Lists.

460 - Wildcard VS

Can modify a Real Server on Wildcard VS without error message.

13.3Known Issues

None

14.Release 6.0-25

14.1New Features

None

14.2Issues Resolved

448/451 - HA Preferred

Can now set Standby as HA preferred.

454 - VS Statistics

Statistics page shows multiple VS’ per page.

453 - IPv4 Netmask

No longer fills to end of next octet.

452 - VS Healthcheck

SMTP VS health checks now default to port 25 on the RS.

446 - WUI HTTP Header

Issue resolved with caching.

- STARTTLS Service

Creating an SMTP service will automatically select this type! But does not have to STARTTLS in the default configuration mode since it is optional.

14.3Known Issues

None

15.Release 6.0-24

15.1New Features

None

15.2Issues Resolved

432 - Administrative Gateway

Cannot remove admin gateway.

435 - Sorry Server

Now applies to HTTP and is not available for other services.

436 - Automated Backup

Protocol is pure FTP.

437 - Service Specific Access Control

Is an advanced option, not generic.

438 - SSL Acceleration

Renamed to Acceleration Enabled..

439 - Saving Host

Can now save host.

442 - SSH Console

Fixed repeated output message.

443 - Alternate Address eth0

Adding IPv4 alternate address does not require reboot.

15.3Known Issues

None

16.Release 6.0-23

16.1New Features

None

16.2Issues Resolved

431 - RS Check Parameters

Cannot change RS check parameters on duplicated layer 4 VS's. Displays "Down" even when unchecked. User must change IDs of VS and RS when duplicating.

412 - Certificate Backup

On 6.0, using 5.1 cert backup results in disassociation from cert & VS. This also solves the problem of updating from V5.1 to V6 via a patch.

16.3Known Issues

None

17.Release 6.0-22

17.1New Features

None

17.2Issues Resolved

428 - Crash with Compression and Cache

If the client closed a connection while the compression code was running, it could crash the LoadMaster. The error will still occur under these circumstances, but it will no longer crash the device.

- Client Limiter

Can now change values without requiring a reload.

17.3Known Issues

None

18.Release 6.0-21

18.1New Features

None

18.2Issues Resolved

421 - BEAST

"BEAST workaround for SSL". The server has to be told to select ITs certificate instead of letting the client choose.

426 - Restoring Certificates

Restoring certificates results in loss of WUI, reboot fixes. Don't delete the shared certificate file.

- Critical Emails

Are now sent immediately.

18.3Known Issues

None

19.Release 6.0-20

19.1New Features

Security

We have added additional types of STARTTLS service types.

19.2Issues Resolved

389 - Subnet

If subnet originating is enabled, It now works on a per RS basis

- Frame Enable Challenge

Is now based on the machine ID / InstanceId instead of a random number. This allows users to do a "frame enable" over email. The challenge will change every two days, just to make it random.

- Chunked Transfer Posts

Are now fully supported in L7 and over the admin interface. This will help certain java based clients.

19.3Known Issues

None

20.Release 6.0-19

20.1New Features

VS & RS ID

These are now assigned a unique ID which will never change - this is mainly done for SNMP, and it may be used in the future for new features.

Diagnostic Email

The diagnostic email has been upgraded. It is now possible to change the port on the SMTP server. It is now also possible to select SSL or STARTTLS as the security model.

20.2Issues Resolved

405 - Updates

Can't Update - "Update still in progress". -Added better diagnostics also improved message about not being able to update.

414 - Subnets

Fixed issue with "Secondary Network" broken after upgrade from 5.1 to 6.0-17.

- SNMP

SNMP has also been upgraded to support address independent fields instead of IPv4 addresses. A new MIB is required.

- VS & RS Tables

The VS and RS tables which were split between the 12 and 13 trees have been merged – To make it easier for SNMP customers to dump out the state for specific VSs and RSs

20.3Known Issues

None

21.Release 6.0-18

21.1New Features

Security

Added FIPS 140-2 Level 1 support. This is a software implementation of FIPS and may run virtually on a customer’s server or on a LoadMaster model LM-2200 and higher.

21.2Issues Resolved

None

21.3Known Issues

None

22.Release 6.0-17

22.1New Features

None

22.2

22.3Issues Resolved

396 - IPv6

Adding a new IPv6 RS always returned "cannot create".

398 - Automated Backup

Pop up window needed time to be formatted..

404 - Intermediate Certificates

After applying intermediate cert, LM displayed extra/unnecessary text..

401 - SOA Email

Email address requires a trailing dot. Automatically added by LoadMaster.

- PCI Cross Site

If LoadMaster's WUI was requested using a bad method, LoadMaster returned both the bad method and the URL that was requested. Fixed.

22.4Known Issues

None

23.Release 6.0-16

23.1New Features

SSL

Added the ability to replace the administrative SSL certificate with a User specified certificate.

23.2Issues Resolved

387 - isetup

Now able to access Network Configuration in isetup.

390 - SSL ID Persistence

Now displays under a generic VS.

- HA

Corrected issue with HA preferred not turning off once set.

- Healthchecking

Small fix – ticket 1013614

23.3Known Issues

None

24.Release 6.0-15

24.1New Features

L7 Timeout

The timeout waiting for clients has been increased from 20 to 30 seconds.

SNMP

SNMP trap is now sent to indicate that a license has timed out - a new MIB is also available..

24.2Issues Resolved

384 - Additional Ports

Adding extra ports corrected.

383 - HA-1 Address

Changing eth0 no longer locks out a User..

378 - VS Disable

Disabling VS’ no longer disables the RS.

385 - Layer4

Under Layer4, “Alternate Source address’ no longer shows.

379 - HA-2 Setup

Requires a reboot before HA-2 is accessible.

24.3Known Issues

None

25.Release 6.0-14

25.1New Features

Source IP HASH Scheduling

Instead of using the weights or doing round robin, a hash of the source IP is generated and this is used to find the correct real server. This means that the real server is always the same from the same host. You don't need any source IP persistence

LM-5600

Fix for extra ports and MAPing for the 5600.

25.2Issues Resolved

None

25.3Known Issues

None

26.Release 6.0-13

26.1New Features

CPU Efficiency

Improved threading and compression.

Source IP Limiting

If you limit a network, all hosts on the network count towards the limit, in the previous version each host would have separate limits

New Persist

This is the same as superHTTP BUT it also appends the source IP address to the string, thus improving the distribution of the resulting HASH.

HASH Function

The hash function for string persistency types (i.e. non sourceIP) has been improved, it will give a better distribution and fewer clashes

Persistency Timeout

Can now be increased up to one week.

Internal Addressing

Improved handling of internal addresses.

LM-5600

The installable CD-ROM will now allow installation on the 5600.

26.2Issues Resolved

374 - L4

Text corrected after switching to L4

375 - L4

Cannot switch to L4 with IPv6 VS.

26.3Known Issues

None

27.Release 6.0-12

27.1New Features

L7 Network Pages

Yes/No buttons have been replaced by checkboxes..

Client Limiting

It is possible to set a limit of the number of connections per second from a given host. (limit up to 100K is allowed).After setting the "default limit" to a value, the system allows you to set different limits for specific hosts / networksso you can limit a network and / or host. If you set a network and a host on that network, the host should be placed first since the list is processedin the order that it is displayed.

27.2Issues Resolved

None

27.3Known Issues

None

28.Release 6.0-11

28.1New Features

None

28.2Issues Resolved

342 - User Lockout

Prevent User locking themselves out creating a VIP on the loadmaster's wui ip (individual or shared)

364 - Change ethh0 to IPv6.

Maintains connectivity.

366 - IP Address display boxes

Large enough to handle a full v6 address.

367 - gencheck

Displays correct version.

368 - Restore Configurations

Can restore VS and LM base configuration..

28.3Known Issues

None

29.Release 6.0-10

29.1New Features

Default Gateway

Can be set on any address on the interface, i.e. the primary or an additional address.

Automated Backups

The system may be configured to automatically perform backups on a daily or weekly basis.

29.2Issues Resolved

316 - Service Type

When changing from HTTP to Generic service, the LoadMaster will remove all HTTP settings.

348 - DR/GEO

Allows for multiple nameservers.

363 - Port 80 Redirect

Port 80 re-director does now create redirect for "Alternate Address"

29.3Known Issues

None

30.Release 6.0-9

30.1New Features

IPv6 Support

This is the first LoadMaster software that supports IPv6. Along with adding IPv6 colon separated addressing, we have overhauled many of the WUI screens, and added some key features below.

30.2Issues Resolved

354 - Adding RS’

Unable to add RS's on networks made available by "Additional addresses".

357 - WUI Ping

WUI Ping function does not use DNS lookup.

359 - NTP Host

After setting NTP host, time is adjusted, but host field is cleared w/o adjustment popup.

263 - Reverse DNS

RS reverse DNS look up, not working.

30.3Known Issues

None

31.Release 6.0-8

31.1New Features

IPv6 Support

This is the first LoadMaster software that supports IPv6. Along with adding IPv6 colon separated addressing, we have overhauled many of the WUI screens, and added some key features below.

Virtual Service Screen

This now has 5 sections that may be expanded by clicking the ‘+’ sign, i.e. a typical tree view expand/contract, to be more economical on screen real estate.

Network Address Update

Changes to the network address takes effect in real time.

Certificates

There is now a new SSL certificate management page which allows the import of certificates and the association of a certificate to a VS. In addition, more than one VS can be associated with a certificate, and, the VS can have any certificate assigned to it.

FIPS Support

Requires a specific ASIC to be installed along with some other modifications. Contact KEMP support for more details.

Bind Persistency

Fully supports IPv6 functionality.

31.2Issues Resolved

329 - VLAN

The Add/Delete buttons are disabled while waiting for VLAN to be created or deleted.

351 - Change Network Address

After changing the network address the LM does not require a reboot.

349 - LoadMaster Exchange

On factory reset the LM Exchange no longer loses preconfigured VS’s

288 - VS Ports

VS was breaking when using Extra Porta feature on the same IP.

289 - Server Initiating Protocol

Better detection for common VS’s.

31.3Known Issues

None

Document History