Applies To:

Show Versions Show Versions

Release Note: FirePass Controller version 5.4.2
Release Note

Software Release Date: 04/24/2005
Updated Date: 08/30/2013

Summary:

This release note documents the version 5.4.2 feature release of the FirePass remote access controller. It applies to both the English edition and the localized editions.

To review the features introduced in this release, see New features and fixes in this release. For existing customers, you can apply the software upgrade to 5.0 and later. For information about installing the software, please refer to Installing the software.

Note: For the FirePass 1000, 4000, and 4100 platforms, version 5.4.2 replaces version 5.4.1 and includes all features and fixes from previous versions. For the FirePass 600 platform, version 5.4.2 replaces version 5.2.2 and includes all features and fixes from the previous version.

Note: F5 now offers both feature releases and maintenance releases. For more information on release policies, please see Description of the F5 Networks software version number format on AskF5.

Contents:

- Minimum system requirements and supported browsers
- Supported platforms
- Installing the software
- New features and fixes in this release
     - New features
     - Fixes in this release
- Known issues


Minimum system requirements and supported browsers

The minimum system requirements for this release are specific to your operating system.

Microsoft Windows

  • Windows® 98 with Dial Up Networking (DUN) 1.4 update and Client for Microsoft Networks. The Client for Microsoft Networks, available as an option on the Windows 98 installation CD, is required for FirePass controller's Network Access setup.
  • Windows® Me
  • Windows® 2000
  • Windows® XP (see the note about the Microsoft update needed for Windows XP Service Pack 2)
  • Windows Mobile™ 2003 (Microsoft Pocket PC 2003 and Microsoft Pocket PC Phone Edition 2003)

Important: If you are running Windows XP Service Pack 2, you must install a hotfix (Windows XPSP2 Update KB884020) in order to resolve an issue (CR39338) which causes the FirePass product to not connect. You can find the update at Update for Windows XP Service Pack 2 (KB884020). For the latest information from F5 Networks, see SOL3289: FirePass compatibility with Windows XP Service Pack 2 clients on AskF5.

Note: You might find it helpful to have the Windows 98 and Windows Me distribution media available as you set up the FirePass controller. Occasionally, changing installation settings for Windows 98 and Windows Me requires that you copy information from the install media.

Note: FirePass 5.4.2 does not support Windows NT. For more information, see SOL3840: End of Life Announcement for the Windows NT client support feature in FirePass on AskF5.

Macintosh

  • Apple® Mac OS® X 10.2
  • Apple Mac OS X 10.3

Linux

  • Workstations with libc version 2 and later
  • Kernel support for PPP interfaces (loadable module or statically built in)
  • PPPD program in the /sbin directory

Solaris

  • Solaris™ Operating Environment version 9 on SPARC® systems

Supported browsers

The supported browsers for remote access provided through the FirePass controller are:

  • Microsoft® Internet Explorer, version 5.0, 5.5, or 6.0
  • Netscape® Navigator, version 4.7X
  • Mozilla® version 1.7 on Apple Macintosh® and Linux® systems
  • Mozilla version 1.4 on Solaris systems
  • Safari® version 1.0 and 1.2 on Apple Mac OS X 10.2 and 10.3 systems
  • OpenWave® WAP browser
  • i-mode phone
  • Microsoft Pocket PC 2003 and Microsoft Pocket PC Phone Edition 2003
  • Firefox 1.0
  • Sun 1.5.0
[ Top ]

Supported platforms

This release supports the following platforms:

  • FirePass 600
  • FirePass 1000
  • FirePass 4000
  • FirePass 4100
[ Top ]

Installing the software

Warning: Prior to upgrading any FirePass controller, it is important to finalize all your network configuration settings. To do this, click Device Management on the navigation pane, expand Configuration, and click Network Configuration. Click the Finalize tab at the upper right to finalize your network configuration changes. If the Finalize tab does not appear on the Network Configuration screen, your configuration has been finalized.

Warning: When you upgrade to Release 5.4.2, the 5.4.1 feature hotfix for reverse proxy bypass mode is lost (CR46054, CR45984). To correct this issue, apply the 5.4.2 reverse proxy bypass mode hotfix (CR47749) .

Important: Back up the FirePass controller configuration before upgrading the controller. If you have a newer FirePass controller, use the Snapshot feature to back up the entire controller configuration. For more information, refer to SOL3244: Backing up and restoring FirePass system software on AskF5. To back up older FirePass controllers, click Device Management on the navigation pane, expand Maintenance, and click Backup/Restore. Click the Create backup of your current configuration link to back up the FirePass controller configuration. See the online help for details.

Note: If you are running any version previous to FirePass version 5.0, you must first upgrade to version 5.0 before upgrading to 5.4.2. For instructions for upgrading to version 5.0, see SOL4272: Upgrading a version 4.x FirePass controller to version 5.0 on AskF5.

Note: Once you upgrade the FirePass controller to version 5.4.2, you cannot downgrade to any previous version. For more information, see SOL2847: Restoring a previous software version on AskF5.

Upgrading from version 5.0 or later

The following instructions explain how to install FirePass 5.4.2 onto existing systems running version 5.0 or later.

To upgrade to version 5.4.2

  1. On the Administrative Console, in the navigation pane, click Device Management, expand Maintenance, and click Online Update.
    A list of available FirePass controller software releases appears.

  2. Select the link for Release 5.4.2 to upgrade the FirePass controller.

For more information about installing and configuring version 5.4.2, see chapter 2 of the FirePass Controller Handbook . To install a new FirePass controller, please refer to the printed Quick Start Instructions, included with the product.

[ Top ]

New features and fixes in this release

The FirePass 5.4.2 release contains the following new features and fixes.

New features

On the FirePass 600, we added the following new features.

External users
The FirePass controller now supports external users for groups that use Windows Domain Server (WDS) or Active Directory Server (ADS) authentication. Configuring groups to use external users replaces the process of importing of users into groups and signup templates.

Auto-launch VPN
The FirePass controller now supports the automatically starting network access VPN favorites, which enhances the end-user experience, and reduces the number of end-user support calls.

Fixes in this release

This release includes the following fixes.

Reverse proxy (CR33580, CR45921, CR46107, CR46184, CR46269, CR46457, CR46533, CR46552, CR47008)
The reverse proxy now has improved cookie rewriting, JavaScript and Java applet handling. Most of the URL decoding has been fixed in this release. You might not notice the implications of the lack of URL decoding with the new reverse-proxy functionality.

Displaying contents of shared folder (CR40100)
On the Japanese version 4.1.1 of the FirePass controller, when the client accesses a shared folder that uses Windows® 98 SE (with a specified IP address instead of a host name), the contents of the shared folder now display correctly.

Deleting system logs (CR41134)
Previously, the Device Management : Maintenance : Logs screen erroneously offered an option to delete all system logs. You can now delete system logs.

Japanese character display (CR43052)
Japanese characters now display correctly in Windows files, Terminal Server, and Web Applications favorites.

Printing when in protected workspace (CR44433)
Formerly, users could print from protected workspace without restriction. Now, there is a setting (Allow user to use printer) to control the availability of the printing functionality in a protected workspace at the screen Endpoint Inspection details at User : Endpoint Security : Pre-login Sequence : edit : Switch to PWS: Protected Workspace Inspector.

Network packet dump on VLAN interfaces (CR45209)
For VLAN interfaces, the FirePass controller now supports network pack dump at the screen Maintenance : Troubleshooting : Network Packet Dump.

Checking MIME types (CR45906)
The FirePass controller now correctly checks both upper and lower case MIME types.

Error logging onto admin console without administrative privileges (CR45994)
Formerly, when a user without administrative privileges tried to access the Admin Console, the FirePass controller logged errors in the system logs. Now, the FirePass controller allows access as appropriate.

Split tunneling issues (CR45999)
Formerly, there were inconsistencies in split tunneling results. Now, the FirePass controller provides additional handling for split tunneling.

Loading PDFs (CR46046)
The FirePass controller now correctly loads PDFs with MIME types for both application/pdf and application/octet-stream formats.

Capture of session IDs (CR46178)
Formerly, it was possible to capture session IDs using the administrative user interface. Now, the FirePass controller has additional protection against session ID capture.

Displaying favorites (CR46278)
The FirePass controller now correctly displays favorites that are associated with resource groups that are included in an administrative realm.

Support for large HTTP cookies (CR46312)
For web applications, the FirePass controller now supports HTTP cookies that are larger than 1,024 bytes.

Blank pre-logon sequence page (CR46380)
Formerly, the pre-logon sequence page was blank after an upgrade. Now, it remains populated.

Data corruption using signup by template (CR46409)
Formerly, if you use the signup by template feature to add new users, it resulted in database corruption. Now, it does not.

Support for longer login names (CR46418)
For languages that use double byte character encoding, the maximum length has been increased from 33 to 128 characters. For non-double byte encoding languages such as English, the maximum length of a login name has been increased from 66 to 256 characters.

Maximum number of times a client can try to reconnect (CR46451)
The maximum number of times a standalone Network Access client can try to reconnect to the FirePass controller was increased from 1 time to 7 times.

File creation in protected workspace (CR46454)
Formerly, an Acrobat ActiveX control created files outside the protected workspace. Now, the control cannot create files.

Japanese character display on mobile devices (CR46463)
The FirePass controller now displays Japanese characters correctly on all mobile devices.

Group filters and host keyboard mappings (CR46513)
Formerly, no group filters showed up in the list but still functioned. Also, no host keyboard mappings for tn3270 and 5250 were lost.

Sending an email with password to user (CR46514)
Previously, some administrators could not enable the send e-mail with password to the user option. Now, all administrators can.

Dynamic group mappings (CR46524)
Dynamic group mapping (a global setting), is now available only to administrators with full access to a realm.

HTTP responses with incorrect MIME types (CR46529)
The FirePass controller can now correctly processes HTTP data with incorrect MIME types.

Connecting to Network Access (CR46576)
When non-administrators try to connect to Network Access, they no longer receive a warning message.

Resource groups (CR46586)
App tunnel aliases now work correctly when you select the option Limit App Tunnels Access to Favorites only.

Displaying master groups and resource groups (CR46644)
Master groups and resource groups no longer return blank screens when you clear the User login check box
for Device Management : Configuration : Network Configuration : Web Services.

Underscore in passwords (CR46719)
Formerly, users could not reset forgotten passwords that contained underscore ( _ ). Now, the FirePass controller successfully resets and sends such passwords.

RADIUS attribute ( CR47012)
To ensure compatibility with some RADIUS servers, when the FirePass controller sends a RADIUS accounting start or stop notification to the RADIUS accounting server, it now sends the NAS-port attribute and the value associated with it is always zero (0).

Displaying resource groups (CR47023)
Routing table selection for resource groups now correctly displays at the screen Users : Groups : Resource Groups : Routing table.

HTTP form-based settings (CR47203)
HTTP form-base authentication settings are now stored correctly.

ActiveX controls (CR47241)
ActiveX controls included in the client download MSI package now use the same version as those downloaded by the client at runtime.

Using client certificates (CR47386)
With external groups, client certificates using the option autologin option now work correctly.

[ Top ]


Known issues

The FirePass controller, version 5.4.2 includes the following general known issues. You can find localization-specific known issues in Localization known issues.

Certificates in Lotus Notes (CR28747)
You can open a Lotus® iNotes® mailbox with an expired server certificate. However, you must have a current certificate to open the same mailbox through the FirePass controller.

Length limitations on My Files share names (CR28778)
The FirePass controller has the same length limitations on share names as older versions of Windows (Windows 95, Windows 98, and Windows NT). This limitation applies only to share names. Single-byte share names must be 13 characters or less, and double-byte share names must be 6 characters or less. Users can view the contents of longer shares by typing the explicit path from the FirePass controller My Windows Files screen Go dialog box.

Deleted emails in Outlook (CR28854)
If you use an IMAP email server, Outlook does not provide any visual indication when a user marks an email for deletion.

Euro symbol in Password (CR30346)
When you configure a group that uses NTLM authentication that uses a Windows 2000 Primary Domain Controller, and you also use the signup by template feature, the FirePass controller does not correctly send passwords containing a € (Euro currency) symbol. Please advise new users not to use this symbol when they select their passwords.

Question mark in LDAP URL (CR30914)
If the filter portion of an LDAP query contains an embedded question mark, the query might fail.

Page Not Found error in Setup Wizard (CR30978)
When the Quick Setup wizard finishes, the FirePass controller restarts automatically. The controller's IP address and host name are generally changed during the initial Quick Setup configuration. The browser attempts to connect to the page using the previous IP address, and generates a Page Not Found error. To correct the display, type the new IP address or the new host name in the browser address field, and press the Enter key.

Host name after Quick Setup (CR31505)
When you use the Quick Setup for initial configuration of the FirePass controller, ordinarily you change the host name of the controller. After you restart the controller, your browser still attempts to connect to the previous (default) host name. You must enter the new host name in your browser address field to reconnect to the configured FirePass controller.

Basic HTTP authentication with an external server (CR31506)
If you configure a group to authenticate users over HTTP, you must specify an object in the path you set for the external server. Otherwise, authentication fails. For example, the URL http://myauthserver.com fails, but http://myauthserver.com/ succeeds.

Progress bar during online update (CR31670)
During an online update of FirePass controller software, occasionally the third progress bar freezes, and does not indicate the true status of the update. The update, however, ordinarily completes as expected.

Online upgrade and page refresh (CR34238)
During an online upgrade operation, if you perform any action that refreshes the upgrade page, including opening a new browser window, the page refresh corrupts the upgrade. Do not disturb an upgrade in progress.

Tab key use in Host Access with Sun JVM (CR34485)
When using Host Access, you cannot use the Tab key for navigation in Sun JVM.

IPSwitch IMail POP problem with My Email (CR34504)
A SASL authentication bug in IMail prevents use of POP. Using the FirePass controller to access email on IMail server results in erroneous authentication failures with My Email. However, you can use the IMail server configured for IMAP.

Duplicate records in Extra Access log (CR34544)
Each record in the Extra Access log occurs twice.

RADIUS challenge response with Cryptocard and blank passwords (CR34959)
The FirePass controller does not accept blank passwords when using RADIUS challenge response with Cryptocard. The workaround is to enter a temporary password and then enter a permanent password.

UNIX Network File Share directory-delete restriction (CR36352)
You cannot delete a UNIX® Network File Share directory while accessing the file system using the FirePass controller's UNIX Files function.

Monitor Statistics/System Load page data mismatch (CR36658)
The difference in the data shown on the Monitor Statistics page and the System Load page appears to be isolated to the FirePass 4100 platform.

App Tunnels drive mapping with invalid or missing SSL server certificate (CR36803)
If you have not yet installed a trusted SSL certificate on the FirePass controller, then when users attempt to connect to a mapped drive using App Tunnels, the first attempt in a session usually fails. Subsequent attempts using the Relaunch button might succeed. We recommend installing a trusted server certificate as soon as possible.

Moving users among groups (CR36808)
When you move a user from one group to another, the FirePass controller does not prompt for additional data that might be required by the target group. For example, a user moved from a group using LDAP authentication to a group using internal database authentication might lack a password in the internal database account record. This can potentially result in failures of authentication. To prevent these failures, verify the completeness of user account records using the Users : User Management screen.

Constant restart of Flash (CR36933)
Flash constantly restarts at the www.kurzweilai.net and other flash-based web sites.

Network Access fails on computers running Windows® 2000 SP4 (CR37050)
If you use Windows® 2000 with Service Pack 4 installed, when you attempt to install the Network Access client control, you might receive the following error message: An error occurred during the installation of the device. The inf or the device information set or element does not match the specified install class. The installation fails. This is a Microsoft problem described on this Microsoft support page.

Authentication does not check proxy settings (CR37072)
The FirePass controller form-based authentication component does not check or use proxy settings or proxy server credentials. Do not configure a FirePass controller to perform HTTP or HTTPS-based authentication using the proxy server.

Misleading error using unsupported browser on Linux system for Network Access (CR37113)
If you use an unsupported browser (for example, Opera®) on a Linux® system to establish a Network Access connection, you receive a misleading error message: This is for Win32 OS only. In fact, you can establish a Network Access connection from x86-based Linux systems, but you must use a supported browser (Mozilla 1.6 or 1.7). For a list of supported browsers, see supported browsers.

Network Access over dial-up connection where IPsec VPN client is present (CR37127)
You cannot use Network Access over a dial-up connection from a remote Windows® 2000 or Windows XP system that also has a Check Point® SecuRemote/SecureClient IPsec VPN client installed. You can use Network Access over dial-up with a Check Point IPsec VPN client; however, the Network Access connection might take a long time to close, and you must drop and redial the connection to the ISP in order to continue with Internet access.

Browser incompatibility on X Window System with Sun JRE 1.3.x (CR37174)
X Window System::Java client does not work with Windows XP, Windows 2000 Professional, Mozilla 1.7.3, Java™ Plug-in: Version 1.3.0_01, when you are using Java Runtime Environment (JRE) version 1.3.0_01 Java HotSpot™ Client VM. From the Mozilla release notes: "Java J2SE releases previous to 1.3.0_01 will not work with Mozilla. Problems have been reported with JRE 1.3.1. For best results, we recommend JRE 1.4.1."

Network Access on Safari 1.0 browser on OS X 10.2 (CR37217)
The Network Access control for Macintosh® OS X version 10.2 does not install properly under the Safari® 1.0 browser. The page repeatedly prompts you to install it, even if you have already installed it, but you cannot use it. The Safari 1.0 browser does support the FirePass controller's HTML-based functional components: PortalAccess, Mobile E-mail, Windows Files, Unix Files, and for Desktop access, the Java client only. You can use Safari 1.2 as the Network Access browser.

High traffic levels on Management port can cause 4100 platform to reboot unexpectedly (CR37341)
On the 4100 hardware platform, high levels of traffic through the Management port might cause the unit to reboot. The Management port is intended only for direct connection to the Administrative Console. We do not recommend connecting the FirePass controller to the LAN using this port. An unexpected 4100 reboot might occur if you connect to the Management port with a hub, due to high levels of traffic on the hub. Use a switch rather than a hub when connecting to the Management port.

Saving RSA key using Legacy Hosts with SSH terminal (CR37383)
When you use Legacy Hosts with a terminal type of SSH, and you use a recent version of SSH, you might see a prompt asking if you want to save the RSA key fingerprint for the target server. When you reply Yes to continue the connection, you see this error message: Failed to add the host to the list of known hosts (/home/uroam/.ssh/known_hosts). although it works. You cannot save the RSA key fingerprint. Disregard the error message.

Accessing system after changing the Desktop Access computer name (CR37441)
If you change the system name of an installed Desktop Access computer, take these steps to access it again using Desktop Access.

  1. Delete the previous name using the Desktop Access : Installed Desktops screen.

  2. Delete the old key using the Desktop Access : Key Management screen.

  3. Using the same screen, generate a new key.

  4. Reinstall the Desktop Agent on the target computer, using the new key.

Linux client installation halt (CR37476, CR41552)
The SSL VPN Linux client automatic installation might halt unexpectedly due to insufficient privileges. If your users experience failed installations, they can follow the instructions for manual installation, given in the user help for Network Access. If they still experience problems, have them use these steps:

  1. Completely remove the client using the following commands:

    rm -rf /usr/local/lib/F5Networks
    rm -rf .F5networks
    rm .mozilla/plugins/np_F5_SSL_VPN.so

  2. Follow the FirePass Knowledge Base instructions under FirePass Webtop : Network Access, available at https://<your_FirePass_controller>/kb/.

  3. Restart the browser and try installing the SSL VPN Linux client again.

Incorrect user home page customization (CR37615)
Changes made on the Users : User Experience screen after initial configuration sometimes fail to resequence categories on the users' home pages, or to govern the font sizes as intended.

Network Access restart on Linux systems (CR37690)
On some Linux distributions, you cannot start second and subsequent Network Access sessions within a single browser session immediately after closing the first connection. Wait two minutes or restart your browser.

SNMP trap setting refusal even with defined hosts (CR39354)
The FirePass controller refuses the SNMP trap setting, even if you have defined the hosts using the host name. If this happens, use the IP address instead of the host name.

Start VPN connection button on the PDA SSL VPN (CR39429)
The Start VPN connection button on the PDA SSL VPN client does not become the Stop VPN connection button after you start a connection. You can successfully start the connection using the button.

Incorrect display of links and pictures (CR39491) (CR43191)
On the www.alcatel.com site, the www.microsoft.com site, and maybe others, some links and pictures display incorrectly. The FirePass controller should correct these Flash-related problems, but some may remain.

Left navigation pane/screen mismatch (CR40356)
When you navigate using links within the screens, the navigation pane (on the left) and the content of the right pane do not synchronize.

Drive mapping overwrite of existing share (CR40546)
When you create a new drive-mapping using an already-mapped share name, the system overwrites the existing share without warning.

Lack of terminal services support through Internet Explorer for the Macintosh (CR40618)
The FirePass controller does not support terminal services through the Internet Explorer browser on Macintosh® systems. For more information about Macintosh OS support, see SOL3364: FirePass support for Mac OS clients on AskF5.
Note: Microsoft no longer supports Internet Explorer for the Macintosh OS.

Default web application URL for resource group (CR40637)
The default URL for a web application is determined at a resource-group level. If a user has multiple resource groups assigned, the web application uses the default web page from the last resource group assigned to a user.

Incorrect user information attribute with first name (CR40694)
Mapping the user's first name against an Active Directory account results in a first name of Administrator, not the actual first name of the user. This error occurs only with the test mapping. Mapping by the FirePass controller works correctly, and the user can log on without problem.

Incorrect online help for NFS Users (CR40759)
The online help page for the Portal Access : Unix Files : Import NFS Users screen incorrectly states that the /etc/passwd file includes the $passwd field. The $passwd field does not appear in the /etc/passwd file.

Authentication requirement for access to shared folders (CR41486)
In Windows Files, you must use the IP address to share folders if the user needs to be authenticated; selecting a computer name from the left pane does not work.

Impersonating a user outside of an administrator's authorized groups (CR41569)
Administrators with access to the Users : Impersonate User screen can impersonate users who are outside their scope of authority. We recommend that you use the Device Management : Security : Administrators > Feature access screen to disable this privilege for administrators with restricted group access, by not configuring the Users : Impersonate User.

Restoring FIPS systems breaking imported keypairs (CR41573)
If you have imported keypairs into a FIPS card and have reinitialized the card since making the most recent backup, then restoring your configuration might render some web services inaccessible. If you use FIPS and then, after restoring your configuration, you lose access to the Admin Console, use the Maintenance account to reinitialize the FIPS card. To correct your configuration, re-import the keypairs you need.

Local redirect instead of full redirect with < DNS (C42669)
If you attempt a full redirect, from admin to admin/, you actually get a local redirect. This problem does not occur if the DNS entry is configured correctly.

Redirect in frame (CR42676)
The redirect to an unlicensed page might occur in a frame when a timeout interval has elapsed.

iNotes compression and caching issue (CR43026)
The iNotes application only works with the options Enable Compression and Cache nothing at the remote browser set.

Post-logon uninstall of previously installed ActiveX components (CR43139)
Using the post-logon option of Uninstall ActiveX components downloaded during FirePass session, does not uninstall ActiveX components that were installed before user logon.

Siebel Call Center 7.7 login issue (CR43287)
Siebel Call Center 7.7 cannot log in. Two windows appear after successful login. Although the main window tries to connect directly, the smaller window tries to connect through the FirePass controller. Eventually the process halts, and an error appears in the browser status bar.

Changing landing URI during active session (CR43296)
The landing URI does not return to its standard appearance after you make changes. You must open a new window to have changes take effect.

Problem for VLAN-based web applications with enabled cache (CR43445)
The Web Application Cache serves content by looking at the destination URL only. It does not consider the resource group of the requested resource. This can cause an invalid response to be served, if multiple resources across different resource groups are identified using the same URL. We recommend that you do not use the Web Application Cache in this situation.

Pre-logon infinite sequence (CR43509)
The pre-logon sequence functionality enables you to create a sequence that results in an infinite loop by choosing a subsequence that references itself as one of the final actions. If you create a sequence whose action includes a reference to itself, the end-user's browser halts during logon. To avoid this problem, make sure the final outcome of a subsequence is not a reference to the same subsequence.

File save with FireFox 1.0 (CR43936)
With FireFox 1.0, you cannot right mouse click to save an attachment. To save the file, copy the link and paste it into the browser address bar.

Restore from 4000 to 4100 (CR44273)
Backing up and restoring from a FirePass 4000 to a FirePass 4100 does not restore settings for Device Management : Customization : Global Customization, Device Management : Configuration : SMTP Server, or Device Management : Configuration : Admin E-Mail.

OWA and iNotes caching requirement (CR44536)
OWA and iNotes require some caching, so for OWA and iNotes, choose an option other than Cache nothing at the remote browser. Performance might suffer. Some advanced web applications might malfunction. As an alternative, you can configure a special UI mode in the pre-logon sequence for OWA, iNotes, i-mode, Pocket PC, Wireless Markup Language (WML) clients, and other mobile browsers. Choosing this UI mode automatically enables the caching and compression settings best suited to the browser type.

Load balancing deactivate (CR44778)
Load balancing does not turn off unless you first clear the check box Allow optional manual logon to slave nodes from master logon page, and then set Load Balance to off.

SharePoint document support (CR44815)
Microsoft Office documents that you download from SharePoint Office (such as Word documents, Excel spreadsheets, and others) cannot accept the SharePoint Update functionality; the application shows a warning dialog box. However, you can still edit and save the document. If the document you open is a read-only version, the most likely reason is that other processes did not properly release the lock on the document. To work around this problem, you can use the Save As feature to save the document using a different name.

Client certificates for external users (CR44888)
The FirePass controller stores client certificates. If an external server maintains your user accounts, and you want to use client certificates for your users, you must use your company's certificate authority (CA) infrastructure. FirePass controller cannot distribute client certificates that it does not create. For more information, refer to the online help for client certificates.

Window flash during client logon (CR44889)
With a pre-logon sequence that scans for antivirus, the scanning component briefly posts an in-progress window after it scans each. Within a second or so, the component removes the window. Therefore, during logon, users might experience window-flashes as they log on. The window does not take focus away from the active application, but users might see flashing in the background.

ZoneAlarm activation detection (CR44931)
FirePass controller antivirus components detect the presence of ZoneAlarm 3.5.166.0 but not whether it is active.

Show as plain text functionality (CR45057)
In Windows Files, viewing a file As plain text does not show the last line if it has no return at the end. To work around this issue, add a final return character at the end of any text files.

Blank help and attachments windows in OWA (CR45150)
When you have more than one instance of Internet Explorer running and you try to open help or the attachment window for email, the window might be blank. This occurs intermittently. You can click the Help button a second time to open the help. The attachment window might not work until you close the other browser instance.

OWA .zip attachment handling (CR45152)
When trying to open a .zip attachment using Windows' Compressed Folder users can receive the error message: The Compressed (zipped) Folder is invalid or corrupted. This is due to an issue in Internet Explorer that occurs when users have no external application, such as WinZip, associated for opening .zip archives in Windows. To work around the issue, users can save the attachment first, and then open it using the target application, including Windows' Compressed Folder. To save the attachment, users can right-click the attachment and choose Save Target As.

Licensed options appear differently (CR45157)
In Network Configuration, if you have not yet activated your license, some items are missing, others say "Require license." This does not affect finalizing the setup. The setup completes without problems, and the items appear after license activation.

Using the at sign in the Active Directory logon (CR45446)
You can use the email address as your Active Directory logon, and your email address can (and must) contain the at sign ( @ ). However, Active Directory logons that are not email addresses cannot contain @.

Sign-up by template with RADIUS and RSA SecurID (CR45738)
You cannot have the signup by templates feature configured for both RSA SecurID and RADIUS.

Logon to Intranet Webtop using i-mode (CR45799)
When you specify Intranet Webtop access for a group of users, i-mode-based mobile users cannot log on. A logon attempt results in the FirePass controller posting the following message: URL address is not valid(302).

Split tunnel for Network Access on PocketPC (CR45800)
The FirePass controller does not support split tunnel for Network Access on the Pocket PC.

Protected configurations (CR 46191)
Japanese versions of TrendMicro Virus Buster 2004 (11.x) and Trend Micro Virus Buster and Internet Security 2005 (12.x) cannot be detected by the Windows antivirus checker endpoint inspector during pre-logon inspection. As a result, some resources that are associated with assigned protected configurations are not available to users if the FirePass controller uses information about these installed antiviruses on a remote access point.

WAP devices (CR46192)
When the FirePass controller encounters an unsupported WAP device, the FirePass controller sends the administrator an email that contains the User-Agent string that is associated with this WAP device. To support this device, register it at the Device Mangement : Configuration: New browers screen. To register the WAP device, complete these steps.

  1. Copy the corresponding User-Agent string from the email.

  2. Paste the information that you copied into the User-Agent box at the Device Management: Configuration : New Browsers screen.

  3. Select WAP 1.1+ phone from the Type list.

  4. Press Finalize.

WAP devices and UTF-8 encoding (CR47371)
On some WAP devices, the FirePass controller might send pages in UTF-8 encoding on the mobile email composition page which the device cannot display. To work around this issue, complete these steps:

  1. Copy the corresponding User-Agent information at the Reports: Logons screen.

  2. Paste the information that you copied into the User-Agent box at the Device Management: Configuration : New Browsers screen.

  3. Select WAP 1.1+ phone from the Type list.

  4. Press Finalize.

WebDAV (CR 46263)
WebDAV settings do not synchronize with a cluster or failover pair (standby controller). You must manually update each FirePass controller.

Empty screen when logon fails (CR46285)
With an exchange server, your browser might return an empty screen if the FirePass controller has the following options configured at Portal Access : Web Applications : Caching and Compression screen.

  • Enable Dynamic Cache on FirePass
  • Enable Compression
  • Don't cache anything, except Style Sheets and Javascript includes

Network access with a Windows XP client (CR46482, CR46659)
Drive mapping with Windows XP clients might not connect to the Windows file server on the first attempt.

Switching from Desktop Access to My Network (CR46813)
When users switch from Desktop Access to My Network, the FirePass controller logs them out.

Using special mode with OWA and iNotes (CR 47039)
On some sites, the FirePass controller incorrectly detects OWA, or iNotes servers running even though they are not running. If this happens, do not configure the controller to automatically detect OWA or iNotes at Portal Access : Web Applications : Content Process : Global Settings.

Connecting to App Tunnel favorites (CR47053)
The Japanese version of the FirePass controller does not reconnect to App Tunnel favorites.

Strong passwords (CR 47069)
When you configure an internal database of users to use strong password authentication, this setting is not applied to imported users.

Running IPsec on FirePass 4100 controllers (CR47149)
On FirePass 4100 controllers, IPsec does not work.

Displaying messages during pre-logon sequence (CR47197)
When you configure a pre-logon sequence and do not specify an action, the system does not display any warning or explanatory message to inform the user of the reason access is prohibited.

Deleting protected configurations (CR47248)
When you delete a protected configuration at the Users : Endpoint Security : Protected Configurations screen, you cannot use the Cancel button to back out of deleting the configuration. You must use the Back button in your browser or select another menu.

Using a comma with a subsequence (CR47336)
You cannot create a subsequence using a comma (,) at the screen Users : Endpoint Security : Pre-Logon Sequence : Create New Sequence : Create Subsequence.

Naming a subsequence (CR47337)
You must specify a unique name when you create a subsequence using the screen at Users : Endpoint Security : Pre-Logon Sequence : Create New Sequence : Create Subsequence.

Upgrade form-based authentication settings (CR47375)
When you upgrade from a prior release to Release 5.4.2, the HTTP form-based authentication settings might be lost at User : Groups : Master Groups: Authentication screen. We recommend recording your HTTP formed-based authentication settings before you upgrade.

Deleting favorites (CR47446)
You cannot delete a favorite when an alias is associated with it.

Warning message on a webtop (CR47453)
When you configure master groups with the system warnings set to Don't Use at the User Experience screen at Users : Groups : Master Groups, an erroneous warning message appears on the users' webtop.

X Windows favorites (CR 47466)
X Windows favorites are not displayed. To display your favorites, finalize your network configuration and restart the FirePass controller.
[ Top ]


Localization known issues

Viewing EUC or JIS encoded Japanese text files (CR30091)
On a Japanese FirePass controller, when you display a text file from a UNIX® (NFS) server, My UNIX Files always assumes Shift-JIS encoding, even when the browser is set to auto-detect the encoding of the document. As a result, NFS documents that use Japanese Industrial Standard (JIS) or Extended UNIX Coding (EUC) encoding do not display correctly.

Euro symbol in Password (CR30346)
When you configure a group that uses NTLM authentication that uses a Windows 2000 Primary Domain Controller, and you also use the signup by template feature, the FirePass controller does not correctly send passwords containing a € (Euro currency) symbol. Please advise new users not to use this symbol when they select their passwords.

English desktop installation messages (CR40603)
When you install Desktop Access, the message Uncompressing files displays in English, even in localized copies of FirePass controller. If an invalid installation key is used, a second untranslated message appears: Invalid product code, please retry.

Non-English Windows Internet Explorer halt with SSL VPN first connect (CR41183)
Occasionally the SSL VPN connection can halt when using non-English versions of Microsoft Windows. To work around this issue, you can close the browser using the Windows Task Manager and try connecting again.

Localization of pre-defined actions (CR44620)
In non-English systems, the pre-logon sequence screen lists the pre-defined actions in English.

Localization of pre-defined templates (CR44798)
In non-English systems, the Protected Configurations screen shows the pre-defined templates in English.

Multi-language support in Windows Files (CR45645)
When you use the FirePass Windows Files functionality on an English-based Windows 2000/2003 server with multi-language support, the system does not correctly show share names containing non-English characters.

[ Top ]

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)