A fix has been implemented to better manage the increased memory footprint related to the upgrade of OpenSSL to 1.1.1 in 7.2.45.0.

LoadMaster VLM GSLB functionality has been fixed in Azure.

Unusual debug logs related to a UDP configured VS have been removed.

Previously, in a LoadMaster cluster configuration if a non admin cluster node is marked as down, if the admin node in the cluster is rebooted, the down cluster node can never be disabled.

Now, the issue has resolved and after an admin node is rebooted the non admin down cluster node can be disabled.

An issue where a HTTP/2 enabled Virtual Service received an unexpected server disconnect which caused the LoadMaster to reboot has been fixed.

An issue where the defined netmask for an additional static route on any interface when added gets defaulted to /64 has been fixed.

Issues experienced when running read/write commands to a Real Server with caching and compression features enabled on the LoadMaster have been resolved.

Inconsistencies with the status of a HTTPS Real Server healthcheck have been resolved.

The RC4 ciphers that were removed in a previous firmware version have been reinstated.

If HTTP/2 is enabled on the parent Virtual Service it will also be work on a sub Virtual Service level.

ESP Permitted Group SID(s) can now be up to 64 bytes in length (192 characters) in the following format "XX XX XX" and separated by a semi-colon.

With ESP enabled and Client Authentication Mode set to Delegate to Server the configured Allowed Virtual Hosts now work correctly on VSs and subVSs.

Issues related to users initially being unable to login if ESP is configured after firmware update have been resolved.

Previously, the log message FIPS selftest failed was being generated on a LoadMaster configured in HA mode with Software FIPS enabled.

Now, the log message is no longer being generated and the system behaves as expected.

Issues which caused a LoadMaster reboot with a VS configured with WAF and HTTP/2 have been resolved.

An ESP SSO authenticating user is now correctly normalized to the Domain/Realm that is specified in the SSO Domain configuration.

ESP client-side dual-factor authentication now work as expected when using ESP RSA Secure-ID and either LDAPS or SartTLS.

On a VS with WAF logging enabled and Audit mode set to Audit All, the Real Server response header is now correctly logged. It will default with a "200 OK" when Process Responses is not enabled, otherwise it will use the actual response from the Real Server.

Log partition Disk Usage on the LoadMaster WUI under Statistics >> Real Time Statistics is now available when using the REST and PowerShell API commands.

When the Caching feature was enabled the Maximum Cache usage percentage that was set was not always being honored.

An incorrectly formed user name which resulted in LDAP connection failures when configuring users in Windows Logon format (example: DOMAIN\UserName) in the context of Certificate based client Authentication or ESP Domain health check has been fixed.

There were some issues when WAF is enabled on a VS causing error logs to be produced and instability with WAF processing. These issues have now been resolved.

Previously, the LM with Allow Multi-Interface Access set would not allow access to the WUI on any port other than the default port 443.

Now, this has been resolved and the LM WUI can be accessed on any set port on any interface once Multi-Interface Access is set.

Previously, the LDAP response timeout could not be configured and was defaulted to 5 seconds. 

Now, the LDAP timeout can be configure within the range of 5 to 60 secs.

Previously, Not Available Redirection Handling was not being used when Real Server heath checks failed on a VS with ESP enabled and KCD set as server side authentication method.

Now, this functionality has been improved and if Real Server health checks fail Not Available Redirection Handling processing will now be invoked.

Previously, when an Alternate Gateway was set in a cloud environment networking issues occurred.

Now, this option has been removed for the LoadMaster for cloud environments to remove the risk of networking issues.

An issue where some existing LoadMaster users that are configured to use WUI Authentication with LDAP groups experienced login failures has been resolved.

Issues have been resolved where a template is exported from an older version of the LoadMaster and it contains a VS with content rules configured, a newer LoadMaster cannot import it.

Previously, the extended log view was failing when a date rage was selected using different years.

Now, the extended log view works correctly when the selected range spans different years.

An issue where Virtual Services or Real Servers can report as "up" in the API, even if the SubVSs are disabled has been resolved.

PD-13122

The GLSB cluster checker RESTful API commands mappedname, listfqdns and showfqdn are not correctly updated if the local or remote LoadMaster VS details are modified or if the VS gets deleted.

PD-13103

LoadMaster instability may occur when using HTTP/2 on a Virtual Service.

PD-13082

The LoadMaster RESTful API will not upload SSH Private keys which are larger than 4096 bytes in size.

PD-13038

Elliptic Curve Cryptography (ECC) certificates in pfx format cannot be uploaded to the LoadMaster.

PD-13031

Under high load the Web Application Firewall (WAF) engine may trigger some false positive rules.

As part of the upgrade by OpenSSL to version 1.1.1 support for Eliptic-Curve Diffie–Hellman (ECDH) ciphers has been removed. Users with these ciphers in the assigned list on the LoadMaster may experience issues when saving the list after modifications have been made.

PD-12981

Spurious OS kernel level warning messages are outputted but are not service affecting.

PD-12980

The following RESTful API commands are missing the VS service name from the GEO Mapping configuration: listclusters and showcluster.

PD-12960

Additional Custom Headers of up to 255 characters can be configured for Real Server health checks but due to an internal OS limitation only 144 characters are processed resulting in some Real Server health check failures.

PD-12864

An issue exists where Adaptive scheduling statistics are not updating on management node in a LoadMaster cluster configuration.

PD-12838

The ESP Permitted Group SID(s) setting is not working as expected when configured on a on a subVS.

The Radius setting of Use Local Account only if AAA Fails does not work as designed when you have a backup Radius server added to the WUI Authorization configuration.

The SNMP OID name vSActivConns Data Type is set incorrectly to Counter32 and should be Gauge32.

A Hyper-V VLM won't boot when a 4th NIC is added.

PD-12616

With Web Application Firewall (WAF) enabled, compressed files are incorrectly decompressed. As a workaround, ensure compression is enabled in VS Advanced Properties by selecting the Enable Compression option.

PD-12492

If an Azure VLM is downgraded to the LTS firmware release (7.1.35.x), the WUI may display in the top right hand corner that the VLM is a Hyper-V VLM. This indicates that the Azure VLM Add-On Package must be added to the system to provide full Azure VLM functionality. If this occurs, please contact Kemp Support to get the required add-on package.

PD-12354

The LoadMasters LM-X25 and LM-X40 do not support the following SFP+ modules in this release: LM-SFP-SX (SFP+ SX Transceiver 1000BASE-SX 850nm, 550m over MMF), LM-SFP-LX (SFP+ LX Transceiver 1000BASE-LX 1310nm, 10KM over SMF).

PD-12237

Configuring NTP with LoadMaster's in a HA configuration causes them to go into Master-Master mode.

PD-12147

In a LoadMaster configuration with ESP and Radius server-side authentication enabled, sessions may fail to be established.

PD-12068

Issues exist with replication of GEO cluster configuration across nodes.

PD-12058

An issue exists when connecting to the LoadMaster WUI when using newer versions of the Firefox browser on initial configuration of a hardware FIPS LoadMaster.

PD-11861

IPv6 is not supported by the current RADIUS implementation in the LoadMaster for both WUI Authorization and ESP Authentication.

PD-11166

Azure LoadMasters are not translating the additional network address between the Master and Slave correctly.

PD-11044

A second authentication prompt is presented when a file is uploaded to SharePoint with the following configuration: WAF is configured with Process Responses enabled on the main Virtual Service and KCD is enabled on the SubVS level for server-side authentication.

PD-11024

The WUI is not accessible on NIC-1 from a non-local subnet.

PD-10917

An issue exists when setting up a 2-armed HA Virtual LoadMaster in Azure.

PD-10784

Configuring LoadMaster HA using eth1 on an Amazon Web Services (AWS) Virtual LoadMaster does not work.

PD-10586

If a GEO FQDN is configured with All Available as the Selection Criteria, IP addresses are returned even if the cluster is disabled.

PD-10490

The vsremovewafrule RESTful API command does not allow multiple rules to be removed.

PD-10474

A SNORT rule is triggering a false positive in certain scenarios.

PD-10466

The LoadMaster LM-X15 does not support the following SFP+ modules in this release: LM-SFP-SX (SFP+ SX Transceiver 1000BASE-SX 850nm, 550m over MMF), LM-SFP-LX (SFP+ LX Transceiver 1000Base-LX 1310nm, 10KM over SMF).

PD-10193

A WAF, ESP, and KCD configuration with Microsoft Exchange 2010 is not supported.

PD-10188

When adding a Real Server to a Virtual Service or SubVS using a Safari browser, the list of available Real Servers is not available.

PD-10159

When upgrading firmware from version 7.1.35.n, CPU and network usage graphs are not appearing. As a workaround, reset the statistics in the WUI.

PD-10136

In a LoadMaster cluster configuration, a new node can be added with the same IP address as an existing node.

PD-10129

There is a discrepancy in validation between global-level connection timeout and Virtual Service-level timeout.

PD-9854

WAF does not support chunked transfer encoding on the POST body.

PD-9816

There is an API command to list individual rules in a ruleset, but there is no command to list the available rulesets themselves.

PD-9765

GEO does not support DNS TCP requests from unknown sources.

PD-9507

Unable to add an SDN controller using the RESTful API/WUI in a specific scenario.

PD-9476

There is no RESTful API command to get/list the installed custom rule data files.

PD-9375

Microsoft Office files in SharePoint do not work in Firefox and Chrome when using SAML authentication.

PD-8853

GEO Location Based failover does not work as expected.

PD-8725

GEO Proximity and Location Based scheduling do not work with IPv6 source addresses.