Table Of Contents
Release Notes for the PN-MARS Appliance 3.3.4
Introduction
New Features
New Vendor Signatures
Upgrade Instructions
Upgrading from the Browser-Based User Interface
Upgrading from the CLI
Caveats
Open Caveats - Release 3.3.4
Resolved Caveats - Release 3.3.4
Resolved Caveats - Releases Prior to 3.3.4
Product Documentation
Obtaining Documentation
Cisco.com
Documentation DVD
Ordering Documentation
Documentation Feedback
Cisco Product Security Overview
Reporting Security Problems in Cisco Products
Obtaining Technical Assistance
Cisco Technical Support Website
Submitting a Service Request
Definitions of Service Request Severity
Obtaining Additional Publications and Information
Release Notes for the PN-MARS Appliance 3.3.4
CCO Date: March 11, 2005
These release notes are for use with the PN-MARS Appliance Version 3.3.4, and they provide the following information:
•
Introduction
•New Features
•Upgrade Instructions
•Caveats
•Product Documentation
•Obtaining Documentation
•Documentation Feedback
•Cisco Product Security Overview
•Obtaining Technical Assistance
•Obtaining Additional Publications and Information
Introduction
Version 3.3.4 is now available as a patch upgrade to version 3.3.3 of your Protego PN-MARS appliance software. Registered users under the can obtain version 3.3.4 from the support website at:
http://www.cisco.com/cgi-bin/tablebuild.pl/cs-mars
New Features
This release includes the following new features:
•New Vendor Signatures
New Vendor Signatures
The following table describes the most recent signatures supported for each product:
Product
|
Signature Version Supported
|
Cisco NIDS 4.1
|
S145
|
Network Associates Entercept HIDS 4.0
|
Agent Version 40-56
|
ISS RealSecure Network Sensor 7.0
|
24.1
|
ISS RealSecure Host Sensor 7.0
|
24.1
|
Network Associates Intrushield NIDS 1.8
|
1.8.43.4
|
Snort NIDS
|
2.3.0
|
Netscreen IDP 2.1
|
Idp2.1r3 Update 200
|
Enterasys Dragon 6.x
|
Latest signatures as of 2005/02/22
|
Upgrade Instructions
You can upgrade the Protego Networks appliance using its browser-based user interface or by using its CLI. The instructions presented in this section detail upgrading from version 3.3.3 to version 3.3.4.
Caution If you are running any version other that 3.2.2, 3.3.2 Beta, or 3.3.3, contact Protego Support at (408) 262-5270 for guidance on the appropriate upgrade path. If you are running 3.2.2 or 3.3.2 Beta, you must first upgrade to 3.3.3 before you can upgrade to 3.3.4. For instructions on upgrading to 3.3.3, see the
Release Notes for the PN-MARS Appliance Version 3.3.3.
Note If you have a previous version, you can upgrade through the browser-based user interface. See Upgrading from the Browser-Based User Interface for instructions.
Before You Begin
•To configure the PN-MARS to add Cisco Secure ACS, you must download a log agent. You can download this agent from the following URL:
http://www.cisco.com/cgi-bin/tablebuild.pl/cs-mars-misc
•To configure Cisco Secure ACS, see the "Cisco ACS 3.x-side Configuration" section (page 71) in the User Guide for the Cisco Security Monitoring, Analysis and Response System Appliance, Version 3.3.3.
Upgrading from the Browser-Based User Interface
To upgrade the PN-MARS appliance from the user interface, follow these steps:
Step 1 Open the Protego Networks user interface in your browser.
Step 2 Select Admin > System Maintenance > Upgrade.
Step 3 In the Password and Login fields, enter the Protego Support Password and Login that Protego provided you.
Step 4 Click Download.
Depending on the size of the package, this download can take some time. After the download is complete, the Install button becomes active.
Step 5 Click Install.
After you click Install, the system needs some time to process the upgrade. After the upgrade is complete, the system reboots.
Upgrading from the CLI
You can connect to the Protego Networks Support site and complete the upgrade using HTTPS, or you can download the upgrade package onto an FTP server and perform the upgrade.
To upgrade using the CLI, follow these steps:
Step 1 Log in to the appliance via the console port or SSH connection.
Step 2 Enter your PN MARS login name and password.
Step 3 To verify that the appliance is running version 3.3.3, run the CLI command:
version
The Protego Networks MARS appliance should be running version 3.3.3. If not, you must upgrade to 3.3.3 before you can upgrade to 3.3.4. For instructions on upgrading to 3.3.3, see the Release Notes for the PN-MARS Appliance Version 3.3.3.
Step 4 Do one of the following
•To upgrade from the Protego Support server, run the CLI command:
pnupgrade https://upgrade.protegonetworks.com/upgrade/packages/
pn-3.3.4.pkg [user] [password]
Where [user] and [password] are your Protego Networks Support login name and password.
•To upgrade from your FTP server after you have downloaded the file, run the CLI command:
pnupgrade ftp://upgrade.myftpserver.com/upgrade/packages/pn-
3.3.4.pkg [user] [password]
Where ftp://upgrade.myftpserver.com/upgrade/packages is the path where you have downloaded the other.pkg file, and where [user] and [password] are your Protego Networks Support login name and password.
The progress bar appears, indicating the download percentage. After download is complete, the system takes some time to process the upgrade. After the upgrade is complete, the system reboots.
Caveats
This section describes the open and resolved caveats with respect to this release.
•Open Caveats - Release 3.3.4
•Resolved Caveats - Release 3.3.4
•Resolved Caveats - Releases Prior to 3.3.4
Open Caveats - Release 3.3.4
The following caveats affect this release.
Reference Number
|
Description
|
2733
|
Issue: A parsing error caused a high number of malformed reported users to be created in the database when receiving Windows events from the SNARE program running on Windows hosts.
|
2724
|
Issue: Upgrading a GC-LC system through the GUI will not upgrade the Local Controller if the PN-MARS is behind a proxy.
|
2714
|
Issue: On the Incidents page, the false positive icon is currently missing.
|
2712
|
Issue: When adding Local Controllers to a Global Controller, please do not use zone names that contain spaces.
|
2703
|
Issue: On page 137 of the 3.3.3 User Guide PDF (page 95 on the page number), under Symantec AV notification, the text "Action:<Action>" should be "Action: <Actual Action>".
|
2699
|
Issue: The Global Controller and its corresponding Local Controllers should be synched up time-wise in order to view data without problems. This can be accomplished through the CLI using the date and time commands.
|
2689
|
Issue: PN-MARS does not support sending mail through a Windows Exchange server at this time.
|
2688
|
Issue: Viewing a report on a Global Controller and viewing the corresponding report on the Local Controller may differ in time slightly.
|
2666
|
Issue: The email sent when a batch query completes may not have data in the graph if the query only returns one result.
|
2663, Customer Case #: 1322
|
Issue: Viewing the Summary page on a machine with a multi-head graphics card may not display correctly.
|
2656
|
Issue: Leaving the browser on the Summary page for an extended period of time (several days) may occasionally run into an error.
Workaround: Refresh the page to return to the GUI.
|
2594
|
Issue: Clicking on the Path/Mitigate link in an incident that was fired from a device that has since been deleted may result in an error.
|
2574
|
Issue: Having different times on the Global Controller and its associated Local Controllers may cause synchronization problems.
Workaround: Use the CLI to configure NTP or manually set the date and time to be the same on the Global Controller and Local Controllers.
|
2566
|
Issue: Rebooting the PN-MARS while the box is in the upgrading state may cause system configuration errors.
|
2558
|
Issue: After adding and deleting an agent or sensor to a host, adding a sensor with the same name and type as the previously deleted one back to that host will not work.
Workaround: Use a different agent/sensor name the second time around.
|
2549
|
Issue: When viewing report results, clicking on "Edit" or "Clear" in the query summary at the top of the page results in a JavaScript error.
Workaround: Click directly on the "Report type" link to edit the query.
|
2470
|
Issue: Using passwords with the "," (comma) or "'" (quote) characters may cause problems with loading devices from csv files.
Workaround: Avoid using passwords with these characters for the time being.
|
2449, Customer Case #: 1229
|
Issue: The GUI webserver may occasionally enter into a high CPU usage state, resulting in slow GUI performance.
|
2446, Customer Case #: 1214
|
Issue: Confirming a False Positive creates the drop rule associated with that false positive, but does not move the events to the "User Confirmed False Positive Type."
|
2414
|
Issue: Long keyword strings in rules or reports can cause parts of the GUI layout to be pushed out of the browser window's edges.
|
2410
|
Issue: The PN-MARS stores reported user names in a case-sensitive fashion. Devices that report case-insensitive user names can behave counter-intuitively if they report names inconsistently.
|
2385
|
Issue: Applying $VAR variables to queries on a Global Controller causes GUI errors and may not return correct results.
|
2384
|
Issue: Under certain circumstances queries and reports based on query type: NAT Connections Ranked by Time do not work.
|
2383
|
Issue: An IIS web server cannot be added to the PN-MARS as a generic web server. When configuring the PN-MARS to receive IIS logs, adding generic web server in Reporting Applications does not work.
Workaround: Choose windows operating system under general tab.
|
2366
|
Issue: Using an old bookmark to PN-MARS from version 2.5 or earlier after upgrading to 3.1.1 will not work correctly. It will have "gui" in the URL: https://pnmars/gui/login.jsp
Workaround: Update bookmarks to the PN-MARS to remove the "gui" string. For example: https://pnmars
|
2333
|
Issue: After performing a "pnreset -g" (which cleans up the GC data on the LC - a copy will be made of all GC data used by rules and reports while all other GC data will be deleted), the LC still shows the old zone name by which it was monitored from the GC. When adding that LC back to a GC that was re-installed from the recovery DVD, problems can occur if the zone names for the GC and LC do not match the ones used before.
Workaround: Use the same "old" GC name during the GC configuration. Use the same zone names when re-adding LCs to the GC.
|
2256
|
Issue: When a PN-MARS box is referenced by a DNS name that contains the underscore character '_', Internet Explorer will consider that domain to come from the "Restricted Zone", and disallow any cookies. This will prevent the GUI from functioning.
Workaround: Use only alpha-numeric characters and the dash '-' when assigning DNS names to a PN-MARS box.
|
2251
|
Issue: After upgrading from a PN-MARS 100e to PN-MARS 100, pnstop and pnstart need to be run for the change to take effect.
|
2177
|
Issue: Every 22nd reboot, the PN-MARS file system is checked for consistency. This takes time to complete, and happens before connecting to the network. While this is happening, it may appear that the box simply isn't starting.
Workaround: Attach a console to the PN-MARS to verify that checking is happening if the system does not seem to start after a reboot.
|
2175
|
Issue: Data computed or stored on a standalone PN-MARS while in standalone mode will not be transferred to a GC. Only data computed on an LC that is currently monitored by a GC will be pushed up.
|
2073
|
Issue: After renaming a cloud, clicking the cloud again causes an error.
Workaround: Refresh the page before clicking a renamed cloud.
|
2061
|
Issue: Saving CSV files from reports with IE 6 under Windows XP SP2 causes the file to default to an .htm extension, not .csv extension.
Workaround: Select "All types" from the dropdown while saving, and rename the file to have a .csv extension.
|
2011
|
Issue: Certain special characters do not work in password fields. The characters are " ' ; (double-quote, single-quote and semi-colon).
Workaround: Use passwords that do not contain these characters.
|
1982, Customer Case #: 1108
|
Issue: The PN-MARS is unable to receive Netflow messages on a port number less than 1024.
Workaround: Use a port number greater than 1024.
|
1841
|
Issue: The raw message retrieval feature has a regular refresh rate that can restore the page to default values if the user does not submit the retrieval request within a minute's time.
Resolution: Enter in any values for the data retrieval and hit submit before a minute has elapsed.
|
1438
|
Issue: When running batch queries under a high system load and over a time range containing a large amount of data, the batch query might not complete. If the Progress Completed status stays at 0% for an extended period of time (a day), try stopping any other batch queries you have running or stopping and resubmitting your batch query with narrower criteria. If neither of these works, please contact Protego Support.
|
1382
|
Issue: When you create a new group (MANAGEMENT > IP Management > Add Group) with a combination of Networks, Devices, and IP addresses and then select that group from the pull-down menu, only the Networks in the group appear, even though the Devices and IP addresses are in the group.
|
1343
|
Issue: If you define an invalid query (such as that detailed in the next issue, Reference #1335), the PN-MARS will be in a compromised state where queries will continue to fail, even if they are constructed correctly after the invalid query.
Resolution: Log in to the CLI and pnstop/pnstart the PN-MARS system, then re-run your valid query.
|
1293
|
Issue: When administering PN-MARS, it is possible to select an unsupported OS from the pull-down menu when adding or editing a host for logging. If you select an OS that does not contain the string "Microsoft Windows" or "Sun Solaris" when you save the Pull host log or Receive hostlog parameters. For example, if you select "Sun Cobalt," the GUI does not work correctly.
|
1270
|
Issue: The free-form search may not work for the following devices:
•Check Point Opsec NG FP3
•Cisco CSA, 4.0
•Cisco, IDS, 3.1 and 4.0
•ISS, RealSecure, 6.5 and 7.0
•Entercept Entercept, 2.5 and 4.0
•IntruVert IntruShield, 1.5
|
1144
|
Issue: Due to a bug in a third-party library, the day of the "Sent" date of the e-mail notification is one day earlier than actual date.
|
1134
|
Issue: The cloud name input box accepts invalid characters. To reproduce this behavior, click on the Large Graph link on the Hotspot graph. Click on a cloud. Click Change name and enter invalid characters into the input field (for example, ~!# or ###). Sometimes the page returns an error message such as error: Error: Invalid or No Security Perimeter. The graph rendering fails with the IE status bar message "not well formed, line #:column#".
|
1115
|
Issue: When adding a Cisco IDS 3.1 device, you must login as user netrangr. Doing otherwise causes the PN-MARS appliance script to not see when the login prompt appears and causes the Test Connectivity to fail. Please consult your Cisco IDS 3.1 manual to learn how to configure your device to send events to MARS.
|
1051
|
Issue: Logging into a PN-MARS from a non-supported browser and leaving the GUI open will prevent other users from logging into that MARS.
Resolution: If you log in to PN-MARS using a supported browser and see a message saying that your browser is unsupported, please check if another user has logged into the PN-MARS with an unsupported browser and not closed his browser window.
|
1045
|
Issue: Entering an incorrect IP address or directory path for the data archiving feature will result in a cryptic error message.
Resolution: If you see a message of type "Status: PN-0002: No message for PN-0216" after configuring data archiving, please click "Back to Archiving" and check your IP address and directory.
|
1019
|
Issue: When utilizing the data archiving feature, you may experience data loss if your network link is slow or if your archive server does not have the capacity to handle high throughput.
|
937
|
Issue: The 1.1 to 1.2 upgrade can not be performed through the GUI.
Resolution: Use the CLI tool to perform the upgrade.
|
877
|
Issue: When you submit a name that is associated with a device type to the system, changes to its device type can cause issues to incorrectly display some of its configuration information.
Resolution: When adding a device, take care to give it its proper device type.
|
782
|
Issue: On the Admin->System Setup->Security and Monitor Devices page, if you try to add a Windows host and leave the popup window open for 30 minutes, the PN-MARS prompts you to log back in. This may cause a system error.
|
596
|
Issue: On a freshly installed machine starting to get events and sessions, you can get a negative Data Reduction where there are more sessions than events. This is due to the fact that events are written to the database more frequently than sessions.
Resolution: Wait for some time to pass, as events gradually outnumber sessions this number will become increasingly accurate.
|
586
|
Issue: If you are investigating a false positive, and you see a message telling you that a service has crashed, this could be due to vulnerability scanning by the Protego Networks PN-MARS appliance. You may have to re-start the service.
Resolution: It is strongly recommended that you patch the security hole to eliminate this vulnerability.
|
455
|
Issue: If clouds are renamed through diagrams, the system might not display those names.
Resolution: Here are some workaround steps to rename clouds:
Click the cloud you want to rename.
Enter in the new name in the text field near the top of the popup window.
Click "Change".
Once it's done, click "Close".
Click the "Large Graph" button in the Hotspot Graph.
Finally, go back to the Summary page.
|
464
|
Issue: Slightly confusing rollover text for Plus ( + ) signs on Incident Details page. "This X Set" refers to the items to the left of the ( + ), which expands underneath the ( + ).
- Under "Source IP/Port" - the rollover message reads "Expand this Event Set"
- Under "Destination IP/port" - "Expand this Source Set."
- Under "Time" - "Expand this Destination Set"
|
293
|
Issue: When tabbing over three-digit entries in IP fields on the Configuration Information page, the cursor can disappear.
Resolution: Use your mouse to move between fields on this screen when editing IP addresses.
|
259
|
Issue: On the Setting Runtime Logging Levels page, if you set the level for GUI to Trace and save, it is saved as Debug.
Resolution: Do not change settings on the Setting Runtime Logging Levels page without a Protego Support representative.
|
247
|
Issue: The automatic time-out feature built into the GUI does not work when the Summary page is left open with automatic refresh selected.
Resolution: Please log out of the system when you are no longer using it.
|
212
|
Issue: Diagrams on the Summary pages occasionally do not display.
Resolution: Exit the browser. The next time you log on, the diagrams should have re-drawn.
|
183
|
Issue: Adding many devices (more than 20) without activating those devices can cause messy output in the diagrams.
Resolution: Click the Activate button after adding many devices.
|
166
|
Issue: The use of ANY in queries and rules is slightly inconsistent. When selecting ANY in the Query page, if other items are selected at the same time for that field, the ANY is ignored. When selecting ANY on the Rules page, if other items are selected at the same time for that field, the other items are ignored and ANY is the selection.
|
146
|
Issue: Identical reports differed by slashes and dashes result in conflicting reports. When you have reports with identical names differing only by slashes (/) and dashes (-), running and viewing the reports causes them to get confused and point at the other.
Resolution: Do not use slashes or dashes in your rule configuration.
|
Resolved Caveats - Release 3.3.4
The following caveats have been resolved in this release.
Reference Number
|
Description
|
2717
|
Issue: Events from Cisco IDS 4.x security devices did not have their full context stored in the database.
Resolution: This has been fixed.
|
2704
|
Issue: There was a bug in the archiving feature preventing data restore. In version 3.3.3, there is a workaround available through Protego Support.
Resolution: This has been fixed.
|
Resolved Caveats - Releases Prior to 3.3.4
The following caveats have been resolved in releases prior to this one.
Reference Number
|
Description
|
2668
|
Issue: There was a memory problem in the event parsing binary.
Resolution: This has been fixed.
|
2652, 2662,
Customer Case #: 1313
|
Issue: There were problems exporting report results as a CSV file.
Resolution: This has been fixed.
|
2649
|
Issue: Devices with the "" characters in the name will not show up in the HotSpot window on the Summary page.
Resolution: This has been fixed.
|
2643
|
Issue: If an error occurs in the discovery of a Cisco IOS 12.2 device, the user will be redirected to the login page.
Resolution: This has been fixed.
|
2576,
Customer Case #: 1272
|
Issue: Having a quote character in the name of a report (such as "Source IP's from mySecurityDevice") caused an error.
Resolution: This has been fixed.
|
2490,
Customer Case #: 1205, 1280
|
Issue: Adding a switch with Unicode characters in the interface, such as ">", to the PN-MARS topology causes the topology graph to not show up.
Resolution: This has been fixed.
|
2488,
Customer Case #: 1251
|
Issue: After an upgrade, previously user-configured keywords in reports were erased.
Resolution: This has been fixed.
|
2463
|
Issue: When creating a Cisco CatOS or Switch IOS device, the GUI allows the user to select an available module from a list of standalone security devices or Cat6K modules.
Resolution: This has been fixed.
|
2453,
Customer Case #: 1221
|
Issue: The original notification methods sent HTML emails to users, which could not be used for receiving on cell phones.
Resolution: PN-MARS has been enhanced with a new notification called "SMS Notification" which contains the fired rule name, severity, and incident ID only.
|
2401
|
Issue: When a reported user name is used in a rule or report on a Global Controller, but that name is not present on a given Local Controller, the name becomes "NONE".
Workaround: This has been fixed.
|
2382,
Customer Case #: 1176
|
Issue: Clicking on the port number in the legend of a Summary page report resulted in an error.
Resolution: This has been fixed.
|
2374
|
Issue: The Attack Graph / Incident Graph icons for session queries do not work.
Resolution: This has been fixed.
|
2355
|
Issue: Queries of 10 minutes or less don't always return correct results when run from a GC.
Resolution: This has been fixed.
|
2353
|
Issue: The 'Discover this Gateway' button on a Global Controller's full topology graph does not work.
Resolution: This has been fixed.
|
2288,
Customer Case #: 1178
|
Issue: After configuring a query, clicking on a top-level tab did not clear the configured query.
Resolution: This has been fixed.
|
2117
|
Issue: Local rules cannot be created with the same name as an existing global rule. Global rules can be created with the same name as a local rule; the local rule and global rule will be kept separate.
Resolution: This has been fixed.
|
1864,
Customer Case #: 1086
|
Issue: Cisco FWSM 2.2 could not be added as a device.
Resolution: Cisco FWSM 2.2 has been added as a supported device in version 3.3.1. Users having multiple contexts will need to add them one by one.
|
1497,
Customer Case #: 1211
|
Issue: Digital Signing support has been implemented so that the PN-MARS can pull host logs from hosts with this enabled.
|
1050,
Customer Case #: 1259
|
Issue: When a hard drive on the PN-MARS is about to fail, the PN-MARS was not notifying the pnadmin user through email.
Resolution: This has been fixed.
|
987
|
Issue: Sometimes after tuning for false positives, the statistics for "To be confirmed" and "User confirmed" on the Summary page may be incorrect.
Resolution: This has been fixed.
|
2452,
Customer Case #: 1227
|
Issue: Snort events were not being interpreted correctly, but instead were showing up as linux syslog events.
Resolution: This has been fixed.
|
2441,
Customer Case #: 1199, 1202, 1210, 1218
|
Issue: The GUI was not communicating the status of the upgrade process to the user correctly.
Resolution: This has been fixed and will show up when the user upgrades from 3.3.1 to a future version.
|
2429
|
Issue: Cisco PIX device event type support for events of the form "PIX-3-106023" has been implemented in this release. Previously, the Cisco documentation communicated a format of "PIX-4-106023" which resulted in "PIX-3-106023" events showing up as unknown device event types.
|
2426
|
Issue: The GUI for the Checkpoint Console and Checkpoint Agent was not saving values correctly.
Resolution: This has been fixed.
|
1819,
Customer Case #: 1082
|
Issue: The Linux "top" command is not available in the command-line interface.
Resolution: The "sysstatus" command has been added. It runs the Linux "top" command.
|
1695,
Customer Case #: 1053
|
Issue: System rules can be duplicated, but the duplicated rule remains a system rule with only the appropriate fields editable. This has been noted in the documentation.
|
1693,
Customer Case 3: 1055
|
Issue: The pnadmin user cannot stop other users' batch queries.
Resolution: The pnadmin user can see and control all batch queries in the system.
|
1419
|
Issue: Searches for dotted quad IPs performed from the source or destination selection windows in rules and query do not return complete results (only H-10.1.1.1 hosts are returned).
Resolution: Do not search for IPs using the search field.
|
1416
|
Issue: If you have a large number of SNMP hosts and you try to view "All Hosts" on the SNMP Notifications page, it may time out.
Resolution: Search for a subset of the targets on the SNMP Notifications page. This returns results without timing out.
|
1404
|
Issue: You cannot click under "Action" to edit the action for a rule when there is no action defined.
Resolution: You can now click on "None" to edit an action.
|
1219
|
Issue: If you create a Protego user and select New Provider but do not enter a Pager number, qpage.com fails to run because it has an empty entry, and pnmonitor continually tries to restart the daemon that attempts to access qpage.com.
Resolution: Open each user profile and click Submit to ensure all the required fields are populated.
|
1117
|
Issue: Windows XP or 2000 Systems that have applied the Q832894 security patch from Microsoft may handle HTML form submission improperly. The symptom of this issue appears in the PN-MARS GUI as system errors or empty browser windows due to required data not being submitted to the PN-MARS appliance. This problem exists independently of the PN-MARS product in Internet Explorer.
Resolution: Apply the patches described at this website:
http://support.microsoft.com/default.aspx?scid=kb;en-us;831167
|
1034
|
Issue: Candidate CVEs are identified by the prefix "CAN" in the GUI under Management-Event Management.
|
711
|
Issue: When using the CLI command "time", do not use the dash " - " symbol to separate hours, minutes, and seconds.
Resolution: Use the slash "/" symbol to separate them, e.g. "hour/minute/second".
|
345
|
Issue: Using browser functions such as "Back" can cause errors in the GUI.
Resolution: For GUI navigation, always use links and buttons provided by the GUI rather than by the browser.
|
Product Documentation
Note We sometimes update the printed and electronic documentation after original publication. Therefore, you should also review the documentation on Cisco.com for any updates.
Table 1 describes the product documentation that is available.
Obtaining Documentation
Cisco documentation and additional literature are available on Cisco.com. Cisco also provides several ways to obtain technical assistance and other technical resources. These sections explain how to obtain technical information from Cisco Systems.
Cisco.com
You can access the most current Cisco documentation at this URL:
http://www.cisco.com/univercd/home/home.htm
You can access the Cisco website at this URL:
http://www.cisco.com
You can access international Cisco websites at this URL:
http://www.cisco.com/public/countries_languages.shtml
Documentation DVD
Cisco documentation and additional literature are available in a Documentation DVD package, which may have shipped with your product. The Documentation DVD is updated regularly and may be more current than printed documentation. The Documentation DVD package is available as a single unit.
Registered Cisco.com users (Cisco direct customers) can order a Cisco Documentation DVD (product number DOC-DOCDVD=) from the Ordering tool or Cisco Marketplace.
Cisco Ordering tool:
http://www.cisco.com/en/US/partner/ordering/
Cisco Marketplace:
http://www.cisco.com/go/marketplace/
Ordering Documentation
You can find instructions for ordering documentation at this URL:
http://www.cisco.com/univercd/cc/td/doc/es_inpck/pdi.htm
You can order Cisco documentation in these ways:
•Registered Cisco.com users (Cisco direct customers) can order Cisco product documentation from the Ordering tool:
http://www.cisco.com/en/US/partner/ordering/
•Nonregistered Cisco.com users can order documentation through a local account representative by calling Cisco Systems Corporate Headquarters (California, USA) at 408 526-7208 or, elsewhere in North America, by calling 1 800 553-NETS (6387).
Documentation Feedback
You can send comments about technical documentation to bug-doc@cisco.com.
You can submit comments by using the response card (if present) behind the front cover of your document or by writing to the following address:
Cisco Systems
Attn: Customer Document Ordering
170 West Tasman Drive
San Jose, CA 95134-9883
We appreciate your comments.
Cisco Product Security Overview
Cisco provides a free online Security Vulnerability Policy portal at this URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
From this site, you can perform these tasks:
•Report security vulnerabilities in Cisco products.
•Obtain assistance with security incidents that involve Cisco products.
•Register to receive security information from Cisco.
A current list of security advisories and notices for Cisco products is available at this URL:
http://www.cisco.com/go/psirt
If you prefer to see advisories and notices as they are updated in real time, you can access a Product Security Incident Response Team Really Simple Syndication (PSIRT RSS) feed from this URL:
http://www.cisco.com/en/US/products/products_psirt_rss_feed.html
Reporting Security Problems in Cisco Products
Cisco is committed to delivering secure products. We test our products internally before we release them, and we strive to correct all vulnerabilities quickly. If you think that you might have identified a vulnerability in a Cisco product, contact PSIRT:
•Emergencies — security-alert@cisco.com
•Nonemergencies — psirt@cisco.com
Tip We encourage you to use Pretty Good Privacy (PGP) or a compatible product to encrypt any sensitive information that you send to Cisco. PSIRT can work from encrypted information that is compatible with PGP versions 2.x through 8.x.
Never use a revoked or an expired encryption key. The correct public key to use in your correspondence with PSIRT is the one that has the most recent creation date in this public key server list:
http://pgp.mit.edu:11371/pks/lookup?search=psirt%40cisco.com&op=index&exact=on
In an emergency, you can also reach PSIRT by telephone:
•1 877 228-7302
•1 408 525-6532
Obtaining Technical Assistance
For all customers, partners, resellers, and distributors who hold valid Cisco service contracts, Cisco Technical Support provides 24-hour-a-day, award-winning technical assistance. The Cisco Technical Support Website on Cisco.com features extensive online support resources. In addition, Cisco Technical Assistance Center (TAC) engineers provide telephone support. If you do not hold a valid Cisco service contract, contact your reseller.
Cisco Technical Support Website
The Cisco Technical Support Website provides online documents and tools for troubleshooting and resolving technical issues with Cisco products and technologies. The website is available 24 hours a day, 365 days a year, at this URL:
http://www.cisco.com/techsupport
Access to all tools on the Cisco Technical Support Website requires a Cisco.com user ID and password. If you have a valid service contract but do not have a user ID or password, you can register at this URL:
http://tools.cisco.com/RPF/register/register.do
Note Use the Cisco Product Identification (CPI) tool to locate your product serial number before submitting a web or phone request for service. You can access the CPI tool from the Cisco Technical Support Website by clicking the Tools & Resources link under Documentation & Tools. Choose Cisco Product Identification Tool from the Alphabetical Index drop-down list, or click the Cisco Product Identification Tool link under Alerts & RMAs. The CPI tool offers three search options: by product ID or model name; by tree view; or for certain products, by copying and pasting show command output. Search results show an illustration of your product with the serial number label location highlighted. Locate the serial number label on your product and record the information before placing a service call.
Submitting a Service Request
Using the online TAC Service Request Tool is the fastest way to open S3 and S4 service requests. (S3 and S4 service requests are those in which your network is minimally impaired or for which you require product information.) After you describe your situation, the TAC Service Request Tool provides recommended solutions. If your issue is not resolved using the recommended resources, your service request is assigned to a Cisco TAC engineer. The TAC Service Request Tool is located at this URL:
http://www.cisco.com/techsupport/servicerequest
For S1 or S2 service requests or if you do not have Internet access, contact the Cisco TAC by telephone. (S1 or S2 service requests are those in which your production network is down or severely degraded.) Cisco TAC engineers are assigned immediately to S1 and S2 service requests to help keep your business operations running smoothly.
To open a service request by telephone, use one of the following numbers:
Asia-Pacific: +61 2 8446 7411 (Australia: 1 800 805 227)
EMEA: +32 2 704 55 55
USA: 1 800 553-2447
For a complete list of Cisco TAC contacts, go to this URL:
http://www.cisco.com/techsupport/contacts
Definitions of Service Request Severity
To ensure that all service requests are reported in a standard format, Cisco has established severity definitions.
Severity 1 (S1)—Your network is "down," or there is a critical impact to your business operations. You and Cisco will commit all necessary resources around the clock to resolve the situation.
Severity 2 (S2)—Operation of an existing network is severely degraded, or significant aspects of your business operation are negatively affected by inadequate performance of Cisco products. You and Cisco will commit full-time resources during normal business hours to resolve the situation.
Severity 3 (S3)—Operational performance of your network is impaired, but most business operations remain functional. You and Cisco will commit resources during normal business hours to restore service to satisfactory levels.
Severity 4 (S4)—You require information or assistance with Cisco product capabilities, installation, or configuration. There is little or no effect on your business operations.
Obtaining Additional Publications and Information
Information about Cisco products, technologies, and network solutions is available from various online and printed sources.
•Cisco Marketplace provides a variety of Cisco books, reference guides, and logo merchandise. Visit Cisco Marketplace, the company store, at this URL:
http://www.cisco.com/go/marketplace/
•Cisco Press publishes a wide range of general networking, training and certification titles. Both new and experienced users will benefit from these publications. For current Cisco Press titles and other information, go to Cisco Press at this URL:
http://www.ciscopress.com
•Packet magazine is the Cisco Systems technical user magazine for maximizing Internet and networking investments. Each quarter, Packet delivers coverage of the latest industry trends, technology breakthroughs, and Cisco products and solutions, as well as network deployment and troubleshooting tips, configuration examples, customer case studies, certification and training information, and links to scores of in-depth online resources. You can access Packet magazine at this URL:
http://www.cisco.com/packet
•Internet Protocol Journal is a quarterly journal published by Cisco Systems for engineering professionals involved in designing, developing, and operating public and private internets and intranets. You can access the Internet Protocol Journal at this URL:
http://www.cisco.com/ipj
•World-class networking training is available from Cisco. You can view current offerings at this URL:
http://www.cisco.com/en/US/learning/index.html
This document is to be used in conjunction with the documents listed in the "Product Documentation" section.
