Release Date: July 22nd 2020
Upgrade Patch XML File Verification Notes
By default, verification of the digital signature on upgrade images is required in LMOS 7.2.50 and above. See the Update Verification Options setting under System Administration > Miscellaneous Options > WUI Settings. If the unit you are upgrading is set to require validation, you'll need to supply one of the two XML Verification Files supplied with this release:
- Use this file when upgrading a LoadMaster running a release that is prior to LMOS 7.2.51.
- Use this file when repeating an upgrade to LMOS 7.2.51 -- that is, LoadMaster is already running 126.96.36.199 and you want to repeat the upgrade process.
LoadMasters running an LMOS version prior to 7.2.49 do not provide the option of XML file verification in the UI or API. If you are upgrading from one of these releases to 7.2.51, you can verify the digital signatures using a manual process documented on the support website.
Downgrading from Version 7.2.51
Downgrading a LoadMaster running Version 7.2.51 to an earlier LMOS release image can only be done when the Update Verification Options setting is set to Optional or No verification file . When performing the downgrade, do not specify an XML file. If you want to verify the digital signature on the image before downgrading, you can do so using a manual process documented on the support website.
[Note: The XML file verification is not part of the process of switching the active LoadMaster partition to the LMOS release that was running on LoadMaster before the last update.]
- Citrix StoreFront Gateway for External Virtual Apps and Desktops
- A new Virtual Service (VS) template and deployment guide have been introduced with LMOS 7.2.51 to deploy a Virtual Service as a Citrix StoreFront Gateway for external publishing of Citrix Virtual Apps and Desktops deployments, so that Internet clients can leverage Citrix's Virtual Desktop Infrastructure (VDI).
- Rate Limiting of Real Servers
- A new Real Server (RS) Connection Rate Limit parameter allows you to set a Connections Per Second (CPS) value between 0 and 100000, where 0 means “no limit” (the default) and any other integer is the RS open connection limit.
- Redundant Key Distribution Center for KCD Authentication
- When configuring an SSO Domain for Single Sign On with Kerberos Constrained Delegation (KCD) as the selected Authentication Protocol, you can now specify two servers in the Kerberos Key Distribution Center (KDC) text box, separated by a space.
- UI Login Integration with Cisco ACS / ISE
- When logging into the UI using RADIUS authentication via Cisco ACS or ISE, LoadMaster will now send an Attribute-Value Pair (AVP) to the server as part of the login request, which contains Kemp's Vendor ID.
- Configurable KCD Authentication Request Wait Time
- When KCD is enabled and LoadMaster sends a request that requires authentication, a new global L7 Wait After POST parameter has been added to the System Configuration > Miscellaneous Options > L7 Configuration page that will allow the admin to set the time that the LoadMaster will wait to see if the request is rejected.
- Specifying the Protocol for Remote Logging
- In previous releases, the remote logging functionality assumed the protocol to use based on the port specified: UDP for port 513 and TCP for all other ports. A new Remote Syslog Protocol control has been added to the System Configuration > System Administration > Logging Options > Remote Syslog page of the UI to either UDP, TCP, or TLS, independently of the port number.
- Port Following on Generic Virtual Services in UI
- In previous releases, it was only possible to configure port following on a Generic Virtual Service via the API. This capability has now been added to the UI.
- Enhanced Single Sign On Log Messages
- Improvements have been made to messages generated during normal operation to include additional events and information related to authentication and authorization that in previous releases were only exposed by enabling debug logging
- Assigning Intermediate Certificates to Virtual Services
- Starting with this release, specific intermediate certificates can be assigned to Virtual Services, using controls within the SSL Options accordion in the UI.
- Regeneration of SSH Host Key
- The LoadMaster host key that is used for SSH login can now be regenerated using controls on the system console. Log into the console and choose Local Administration > Regenerate SSH Host Keys to regenerate the key
For full details on all the firmware updates, consult the LoadMaster 188.8.131.52 Release Notes
LM-X1, LM-X3, LM-X15, LM-X25, LM-X40, LM-X40M, LM-2400, LM-3000, LM-3400, LM-4000, LM-5000, LM-5400, LM-5600, LM-8000, LM-8020, LM-8020M, LM-R320
VLM-GEO, VLM-200, VLM-500, VLM-2000, VLM-3000, VLM-5000, VLM-10G, VLM-MAX
Amazon Web Services (AWS)
1. In previous releases, there were 3 upgrade images: one for AWS Cloud, one for Azure Cloud, and one for all other platforms. Starting with 184.108.40.206, there is now a single upgrade image for all platforms.
2. For AWS and Azure VLMs running firmware versions previous to 220.127.116.11, you cannot use this upgrade image. To deploy an updated VLM, backup your current VLM configuration and redeploy a new one through the appropriate Marketplace.