Release Notes for FLM-TR, Solaris --- Build 9168 Mar 04, 2024 New: Improvements to meet Section 508 compliance. Fixes: Fixed some user interface issues when the client is using older Firefox browsers. --- Build 9160 Jan 03, 2024 Fixes: Multiple minor security updates to meet evolving requirements. --- Build 9112 Mar 27, 2023 Fixes: Fixed problem with scp communication with router/device when on IPv6 network. --- Build 9110 Jan 12, 2023 New: Imported ACL list check filename for date in YYYY-MM-DD format and warn user if applied to an interface on a different day than the one specified in the imported filename. Fixes: Imported ACL lists check for IPv6 or IPv4 and a message is now being shown for IP version mismatch rather than resulting in a failed sync attempt. --- Build 9069 Jul 13, 2021 New: Imported ACL lists now check the filename for v6 and warn user if applied to an interface designated as IPv4 and vice versa --- Build 9027 Apr 29, 2020 New: Juniper filters now are deployed into configuration groups. Juniper filters now use prefix-lists where terms include many source or destination networks. This is controlled with the "PrefixListThreshold" setting on the advanced configuration settings for each interface. --- Build 8939 Oct 17, 2018 New: ACL Simplification process considers module boundaries when building the simplified list. Speed improvements to ACL Simplification process. --- Build 8931 Aug 27, 2018 New: Allow using Radius Callback ID to pass authorization information to FLM in addition to existing use of Cisco AVPair. Fixes: Include RADIUS Message-Authenticator option in access request as recommended in RFC 5080 and compliant with RFC 5080. Include secure-only flag with all session cookies served over HTTPS. --- Build 8913 Nov 29, 2017 New: Added ability to segregate Modules such that modules are not lumped together when filter list is optimized. Module names are used as prefix to ACLX term names in output Juniper filter. FLM-TR Windows tool supports Port 80 Optimization feature when exporting to Juniper filter format. --- Build 8872 Apr 07, 2017 New: FLM-TR Windows tool tcpdump analysis tools now support IPv6, IPSec, fragments, and other IP options. Speed analysis now show line hit counts for filter list in results report. Fixes: In previous builds, user could make changes to group memberships which would result in group lists being added or removed to other lists automatically via background process. Log message for the change would use the login name of the background process rather than the originator of the change. This has been updated to accurately show the username of the user in the log message rather than the username of the daemon. Similar log message issues were possible during rollback operations and when using the 'Device List' feature and when automatically processing list entries with expiration dates/times. --- Build 8833 Jun 13, 2016 Fixes: Added quotation marks around 'then count' names on generated Juniper format lists which prevents syntax errors as some characters were interpreted as other syntax. --- Build 8831 June 7, 2016 Fixes: FLM-TR Tools (Windows Only) Conflict Report had report size limitation which has been removed. --- Build 8824 Apr 19, 2016 New: Juniper IPv6 output now uses payload-protocol keyword rather than next-header keyword by default. Fixes: Corrected Juniper format importing for ::0/96 address and next-header/payload-protocol keywords ::1/128 address is now displaying correctly --- Build 8815 Mar 14, 2016 Fixes: Combination of 'log' and 'count' access list entries had occurred with well known services and has been corrected. --- Build 8786 Nov 16, 2015 New: Import options for 'count' and 'log' with Juniper style access lists. Import options for 'count' and 'log' with Cisco style access lists. Convert 'count' and 'log' entries into Juniper format access lists at deploy time. No longer combine 'count' and 'log' entries when output optimization is on for Juniper format. Improved readability in Juniper output using more protocol names when relevant rather than protocol numbers. Improved readability in optimized Juniper output such that lists of combined network addresses more closely match the output order of the original access list. --- Build 8745 May 04, 2015 Improved import of Cisco IOS standard format access lists to account for and process entries that are preceded by whitespace. --- Build 8729 Mar 27, 2015 Fixed problem in Juniper format conversion when using "CombineEntries" option where specific sequences of access list entries could result in errors in output Juniper lists. --- Build 8724 Feb 19, 2015 Fixed problem in Juniper format conversion when using "CombineEntries" option where specific sequences of access list entries could result in errors in output Juniper lists. --- Build 8664 Aug 19, 2014 FLM-TR Windows Tool: JUNOS import module could translate permit to deny on some statements where JUNOS comment was incorrectly spaced too close to "accept;" term. This has been corrected. Auto-generated comments for site-specific scripting were incorrectly spaced. This has been corrected. This problem is automatically corrected by JUNOS during deployment and causes no production problems with JUNOS. It did cause the previously mentioned import problem with FLM-TR Windows Tool. --- Build 8663 Jul 10, 2014 New: A "Delete Multiple ACLs" option has been added to the "All ACLs" page. Fixes: Juniper deployments where multiple filters were previously combined into a single load replace and commit for speed optimization reasons have been changed to use multiple commits due to misprocessing by JUNOS in the load replace command. --- Build 8656 Sep 25, 2013 Windows Tool can now export files as Juniper JUNOS filter format. --- Build 8649 Aug 12, 2013 Improvements to Windows based ACL tool: IPv6 ACL support. Text search and Entry search now have "Find Next". Text search speed improvements. List comment shown above list, now editable from menu or double-click. Drag and drop files to import XML or other router formats. More keyboard shortcuts for common tasks. --- Build 8622 Dec 11, 2012 Added a new option for combining Juniper terms that is more agressive than before. Use 'Advanced' setting: CombineEntriesAlt = true --- Build 8578 Feb 02, 2012 Importing a file into a Group ACL now adds a comment to the beginning of the ACL with the original filename. Removed "Synchronize All" option from interfaces page Added CommitCommand option to Juniper device 'Advanced' area. Fixed problem in Juniper.pl script where some characters were incorrectly not allowed in device filter name. Fixed problem where software patch restarted aclserver daemon even when aclserver daemon was not running before the patch was applied. When importing Juniper format ACL's, 'sample' statements are now ignored. changed Juniper conversion such that when comments are not being used in the Juniper output, the combination of entries is not affected by the comments Total number of entries field added to XML ACL format Fixed problem with GetACL web service function --- Build 8554 Sep 08, 2011 Fixed problem handling some radius vendor specific attributes --- Build 8517 Aug 10, 2011 Added orange list approval icon on some pages. Added "Unclassified" to page banners SNMP traps can now be sent to multiple servers Web services can now be used to compare ACL revisions Web services can now access interface status Fix problem on Edit Interface page where the advanced data was being saved incorrectly. This only affects some systems. --- Build 8245 Mar 14, 2011 ACL Approval process now available Importing netscreen format now supported. Improved error messages for Cisco IOS and Netscreen access list deployments. Added a pop-up box for ease of use when configuring several physical interfaces for a defined 'interface'. Improved notification email messages for sync success/fail. Fixed problem that caused certain types of access list changes to be unviewable in the list history. The rollback function can now restore a deleted ACL. AddEntry/RemoveEntry/SetACL web services added. Configuration items added to control behavior of Web Services; descriptions added to /usr/local/acl/aclserver.conf.original Cutting/Pasting ACL entries with exceptions work more intuitively Fixed 'Advanced Search' feature when searching in 'Exact' mode --- Build 8144 Feb 21, 2011 Simplify List functionality has a more explanatory Key and has progress notifications and a cancel button. Corrected problem where a successful synchronization may have not marked the interface as 'In Sync' in some cases More web services functions added Fixed problem where 'Write' as well as 'Sync' permissions were required to synchronize an interface when 'Sync' permissions should have been sufficient. Pages where deploy logs are viewed have been changed to better present the information especially where a long error message does not fit in the display table. --- Build 7970 Dec 16, 2010 Web services support added Improved ACL XML List Format --- Build 7941 Nov 30, 2010 Support for ASA security contexts Support for deploying object groups to Cisco IOS routers Support for importing object groups from Cisco IOS routers Improved change log reports for networks and services Improved detail of ACL entry expiration notification email Welcome page shows last login time, failed login time, and number of failed login attempts --- Build 7889 Nov 03, 2010 Enhanced list importing functionality Object groups can now be imported to Cyber ACL Networks and Services Support for object groups when deploying to Cisco ASA Support for IPv6 when deploying to Cisco ASA All ACL's page now shows an icon next to modified but not saved ACL's. Number of columns can be changed on All ACL's page and some other pages. --- Build 7754 Oct 12, 2010 Updated some icons to be more visually distinguishable. Added info log message for login/logout events. First argument to command line tool can now be abbreviated instead of typing entire word. Fixed problem that could cause interface to be shown as synchronized even though a dependent list had changed. Simplified and streamlined list searching. --- Build 7715 Oct 05, 2010 A tree style network view has been added. Devices can now be grouped into folders. Allow deployment directly to a Juniper interface. Fixed problem with paging on deployment and list change reports. Added text searching of lists. When searching lists, can now 'show matching only'. Explicitly sending no-cache command in HTTP headers. --- Build 7603 Aug 23, 2010 Juniper combine terms and Port 80 optimization are on by default TFTP is turned off by default -T option added to Juniper.pl perl script Allow importing of Juniper IPv6 filters. Conflict detection and color shading of some ACL entries was incorrect in some cases. --- Build 7531 Jul 08, 2010 Initial release. Copyright 1999-2024 Cyber Operations, A Division of Folsom Metal Products, Inc. All rights reserved.