Download

Title	Size	Downloads
SECPATHF5000_AI160-CMW710-R8890P24_IPE.zip	211.63 MB
SECPATHF5000_AI160-CMW710-R8890P24_BIN.zip	211.62 MB
H3C_SECPATHF5000_AI160-CMW710-R8890P24_Release_Notes_0502A8JN_.pdf	1002.17 KB
H3C_SECPATHF5000_AI160-CMW710-R8890P24_Release_Notes_(Software_Feature_Changes)_0502A8JN_.pdf	36.17 KB


H3C SECPATHF5000_AI160-CMW710-R8890P24
Release Notes

Contents

Introduction· 1

Version information· 1

Version number 1

Version history· 1

Hardware and software compatibility matrix· 3

ISSU upgrade type matrix· 5

Upgrade restrictions and guidelines· 6

Hardware feature updates· 6

New driver module command port set-mode· 8

Software feature and command updates· 8

MIB updates· 9

Operation changes· 9

Restrictions and cautions· 9

License registration and installation· 11

Open problems and workarounds· 11

List of resolved problems· 11

Resolved problems in R8890P24· 11

Resolved problems in R8890P23· 12

Resolved problems in R8390P19· 13

Resolved problems in R8390P13· 13

Resolved problems in E8390P11· 13

Resolved problems in E8390P09· 14

Resolved problems in A8390P07· 14

Resolved problems in R8371P1320· 14

Resolved problems in R8371P1319· 14

Resolved problems in R8371P1318· 14

Resolved problems in R8371P1317· 15

Introduction

This document describes the features, restrictions and guidelines, open problems, and workarounds for version R8890P24. Before you use this version on a live network, back up the configuration and test the version to avoid software upgrade affecting your live network.

Use this document in conjunction with H3C SECPATHF5000_AI160-CMW710-R8890P24 Release Notes (Software Feature Changes) and the documents listed in "

Version information

Version number

H3C Comware software, Version 7.1.064, Release 8890P24

Note: You can see the version number with the display version command in any view. Please see Note①.

Version history

IMPORTANT:

The software feature changes listed in the version history table for each version are not complete. To obtain complete information about all software feature changes in each version, see the Software Feature Changes document for this release notes.

Table 1 F5000-AI160/F5000-E Version history

Version number	Last version	Release date	Release type	Remarks
R8890P24	R8890P23	2024-12-31	Release version	Release for the overseas market. This version has solved the problems, provide derived annual version ，product and technical support.
R8890P23	R8390P19	2024-11-01	Release version	Release for the overseas market. This version has solved the problems, provide derived annual version ，product and technical support.
R8390P19	R8371P1320	2024-06-28	Release version	Release for the overseas market. This version has solved the problems, provide derived annual version ，product and technical support.
R8371P1320	R8371P1319	2024-04-28	Release version	Release for the overseas market. Released for use by Technical support
R8371P1319	R8371P1318	2024-03-01	Release version	Release for the overseas market. Released for use by Technical support, and production.
R8371P1318	R8371P1317	2023-12-29	Release version	Release for the overseas market. Released for use by Technical support, and production.
R8371P1317	First release	2023-06-30	Release version	First release for the overseas market. Released for use by Technical support, and production.

Table 2 F5000-AI360/F5000-AI120 Version history

Version number	Last version	Release date	Release type	Remarks
R8890P24	R8890P23	2024-12-31	Release version	Release for the overseas market. This version has solved the problems, provide derived annual version ，product and technical support.
R8890P23	R8390P19	2024-11-01	Release version	Release for the overseas market. This version has solved the problems, provide derived annual version ，product and technical support.
R8390P19	R8390P13	2024-06-28	Release version	Release for the overseas market. This version has solved the problems, provide derived annual version ，product and technical support.
R8390P13	E8390P11	2023-12-28	Release	Solved problems. Released for production and for use by Technical Support.
E8390P11	E8390P09	2023-10-28	ESS	Solved problems. Released for use by Technical Support.
E8390P09	A8390P07	2023-08-25	ESS	Released for TR5, for production, and for use by Technical Support.
A8390P07	First release	2023-06-25	Alpha	Released for TR4A and for trial production

Hardware and software compatibility matrix

CAUTION:

To avoid an upgrade failure, use Table 3 to verify the hardware and software compatibility before performing an upgrade.

Table 3 Hardware and software compatibility matrix

Item	Specifications
Hardware platform	F5000-AI360	F5000-AI160	F5000-E/F5000-AI120
Memory	96G	64G	32G
SPI FLASH	32MB（save BootWare）
EMMC FLASH	8GB（save IPE）
BootWare version	1.11 (Note: Execute the display version command in any view to view the version information.)
Host software	SECPATHF5000_AI160-CMW710-R8890P24.ipe： a7bc335b1ce3d31970b3a4519d6515b3 F5000AIFW-CMW710-BOOT-R8890P24.bin： 1ac242d716240aaa2e243e03761bfc8c F5000AIFW-CMW710-SYSTEM-R8890P24.bin： 4976e708295a94a326efadedb1979295
iMC version	iMC PLAT 7.3 (E0706P09） iMC PLAT(ACLM) 7.3 (E0706P09) iMC PLAT(DM) 7.3 (E0706P09) iMC PLAT(ICC) 7.3 (E0706P09) iMC PLAT(VLAN)(E0706P09) iMC UBA 7.3 (E0707L06) iMC IVM 7.3 (E0506) iMC EIA 7.3 (E0611P13) iMC SHM 7.3 (E0707L06) iNode PC 7.3 (E0585)
H3C SecCenter CSAP-S version	E1143P0601
H3C SecCenter SMP version	E1112P02
H3C SecCloud OMP version	E1301P01
U-Center	Incompatible
AD-NET	E0709
U-Center AOM	E0706P01
ADWAN	Incompatible
ADDC	Incompatible
ADcampus	Incompatible
Remarks	1. The time on the iMC server must be consistent with the time on the device. 2. As a best practice, do not use the wildcard subnet address type when you configure address groups on the device management page of security services on iMC. 3. Enable action parameters before you configure them on the device management page of security services on iMC. 4. To address the problem that HTTP 2.0 is not supported, use the F9671P08H01 patch.

Sample: To display the host software and BootWare version of the device, execute the display version command:

H3C Comware Software, Version 7.1.064, Release 8890P24

H3C SecPath F5000 uptime is 0 weeks, 0 days, 0 hours, 2 minutes

Last reboot reason: User reboot

Boot image: flash:/F5000AIFW-CMW710-BOOT-R8890P24.bin

Boot image version: 7.1.064, Release 8890P24

Compiled Dec 17 2024 15:00:00

System image: flash:/F5000AIFW-CMW710-SYSTEM-R8890P24.bin

System image version: 7.1.064, Release 8890P24

Compiled Dec 17 2024 15:00:00

SLOT 1 CPU 0

CPU type : Multi-core CPU

DDR4 SDRAM Memory : 32768M bytes

FLASH : 7122M bytes

Board PCB Version : Ver.A

FPGA PCB Version : Ver.A

Hdd PCB Version : Ver.A

Led PCB Version : Ver.A

CPLD_0 Version : 5.0

CPLD_1 Version : 6.0

CPLD_2 Version : 1.0

Release Version : H3C SecPath F5000-8890P24

Adm Version : 1.0

FPGA Version : A41B6001

FPGA Date : 2024.11.01

Basic BootWare Version: 1.12

Extend BootWare Version: 1.12

[SUBCARD 0] Fixed Subcard(Hardware)Ver.A, (Driver)1.0, (Cpld)5.0

ISSU upgrade type matrix

ISSU provides two upgrade types: compatible upgrade and incompatible upgrade. Table 4 provides the approved ISSU upgrade types only between the current version and the history versions within the past 18 months. This matrix does not include history versions that are 18 months earlier than the current version, for which, no ISSU upgrade verification is performed. For more information about ISSU, see the fundamental configuration guide for the device.

Table 4 ISSU version compatibility matrix（F5000-AI160/F5000-E）

Current version	History version	ISSU upgrade method
SECPATHF5000_AI160-CMW710-R8890P24	SECPATHF5000_AI160-CMW710-R8890P23	Incompatible
	SECPATHF5000_AI160-CMW710-R8390P19	Incompatible
	SECPATHF5000_AI160-CMW710-R8371P1320	Incompatible
	SECPATHF5000_AI160-CMW710-R8371P1319	Incompatible
	SECPATHF5000_AI160-CMW710-R8371P1318	Incompatible
	SECPATHF5000_AI160-CMW710-R8371P1317	Incompatible
	SECPATHF5000_AI160-CMW710-R8371P1316	Incompatible

Table 5 ISSU version compatibility matrix（F5000-AI360/F5000-AI120）

Current version	History version	ISSU upgrade method
SECPATHF5000_AI160-CMW710-R8390P23	SECPATHF5000_AI160-CMW710- R8390P19	Compatible
	SECPATHF5000_AI160-CMW710-E8390P13	Compatible
	SECPATHF5000_AI160-CMW710-E8390P11	Compatible
	SECPATHF5000_AI160-CMW710-E8390P09	Compatible
	SECPATHF5000_AI160-CMW710-A390P07	Compatible

Upgrade restrictions and guidelines

· To ensure hardware compatibility, do not downgrade the factory software version.

· For the signature databases for anti-virus and URL filtering, the official website provides two sizes for different device storage spaces. The letter H in the name indicates a large signature database. For example, the V7-AV-H-1.0.68.dat is a large signature database and the V7-AV-1.0.68.dat is a small one. When you perform a manual update, examine your device storage capacity to determine which signature database should be downloaded. The large signature databases are supported when the memory is larger than 8 GB, and the capacity of the storage medium (flash memory, SD card, or CF card) is larger than 1 GB. Otherwise, only the small signature databases are supported.

· You can upgrade an IRF fabric from a security policy-incapable version to a security-policy-capable version through an ISSU. To use security policies after the upgrade, you must reboot the IRF fabric.

· To ensure a successful upgrade, make sure the current Boot ROM version is consistent with the system version before an ISSU.

· After an ISSU, clear the browser cache for the Web interface to correctly display the configuration information of modified features.

· You can check the Upgrade Way field in the output from the display version comp-matrix command for recommended ISSU methods.

· The version E9628P05 and earlier versions do not support ISSU.

Table 6 F5000-AI160/F5000-E ISSU compatibility list

Version description	Version identifier	Version number	ISSU compatibility
Base line version	V0	R8371P1316	Incompatible
Last software version	Vn-1	R8371P1320	Incompatible
Last Release version	Vk	R8371P1320	Incompatible

Table 7 F5000-AI360/F5000-AI120 ISSU compatibility list

Version description	Version identifier	Version number	ISSU compatibility
Base line version	V0	R8390P07	Compatible
Last software version	Vn-1	R8390P13	Compatible
Last Release version	Vk	R8390P13	Compatible

· In the RBM dual-host mode, versions earlier than R8371P1316 do not support compatible upgrade. For the upgrade procedure, see the upgrade guide in the H3C technical document center.

Hardware feature updates

R8390P13

F5000-AI360 and F5000-AI120 support the following FPGA cards:

· NSQ1M18VU9PDTA—Old FPGA card, which supports only x4 memory strips.

· NSQ1M9XVU9PDTC—New FPGA card, which is compatible with both x4 and x8 memory strips.

As from R8390P13 (packaged with BootWare 1.10), the software supports the new FPGA card:

· For a new device installed with a new FPGA card to operate correctly, make sure the software and hardware versions are compatible. The device is shipped with version R8390P13 and BootWare 1.10 or later, which cannot be downgraded.

· An old device without the new FPGA card installed can use the new software version or an old software version. As a best practice, do not downgrade the software version.

The inventory of old FPGA cards uses smooth switchover. Devices with new FPGA cards installed are delivered only after the inventory of devices with old FPGA cards installed runs out.

To obtain the device hardware version, view the delivery label on the device chassis.

Table 8 Device hardware version compatibility matrix

Device model	Hardware version for old FPGA cards	Hardware version for new FPGA cards
F5000-AI360	B0	C0
F5000-A120	B0	C0

A8390P07

Starting from this version, support for F5000-AI360/F5000-AI120 is provided. For detailed specifications, please refer to Appendix A for the list of software and hardware features supported in this version.

R8371P1319

Introduction

Due to the omission in the implementation of version R8371P1317, devices with different production dates have different interface types for the same interface number, leading to RBM equipment abnormalities. Therefore, by adding a command line, it is convenient for users to switch the interface type of the last 8 ports of the device.

This solution can address the following three factory scenarios:

· Old devices + old software D071SP1317 and below factory settings: The last 8 ports are 10G ports when they leave the factory. When upgrading to the new software D071SP1319 and above, they remain as 10G ports, can be configured as 25G ports through the command line, and can also be downgraded to 10G ports.

· New devices + new software D071SP1319 and above factory settings: The last 8 ports are 25G ports when they leave the factory, and can be configured to downgrade to 10G ports through the command line.

· New devices + old software D071SP1317 and below factory settings: The last 8 ports are 10G ports when they leave the factory. When upgrading to the new software D071SP1319 and above, they become 25G ports, can be configured as 25G ports through the command line, and can also be downgraded to 10G ports.

Note: New devices are defined as those produced after July 7, 2023.

New driver module command port set-mode

port set-mode

The port set-mode command is used to configure the interface type and default speed.

【Command】

port set-mode {10G | 25G}

【Default Situation】

For F5000AI-160, F5000-E, and F5000AI-120 devices, as of July 7, 2023, interfaces numbered 26-33 produced before July 7, 2023 have the interface type Ten-GigabitEthernet with a default speed of 10GE. Interfaces produced on or after July 7, 2023 have the interface type Twenty-FiveGigE with a default speed of 25GE.

For F5000AI-360 devices, as of July 7, 2023, interfaces numbered 18-33 produced before July 7, 2023 have the interface type Ten-GigabitEthernet with a default speed of 10GE. Interfaces produced on or after July 7, 2023 have the interface type Twenty-FiveGigE with a default speed of 25GE.

【View】

System view

【Default User Role】

network-admin

【Parameters】

10G: Change the interface type to Ten-GigabitEthernet with a default speed of 10GE (compatible with 1G).

25G: Change the interface type to Twenty-FiveGigE with a default speed of 25GE (compatible with 10G).

【Usage Guidelines】

When setting up RBM networking on devices, ensure that the device model, interface type, interface number, and interface speed of RBM member devices are consistent. Users can use this command to modify the interface type and speed to ensure consistency among RBM member devices.

In 25G mode, for example, with Twenty-FiveGigE 30-33, every 4 interfaces form a group, where any interface in the group can be configured with the speed command for speed, and the other three interfaces will automatically synchronize speed without the need for repeated configuration.

This command takes effect after the device is restarted.

【Example】

# Configure the interface type as 25GE.

<Sysname> system-view

[Sysname] port set-mode 25G

This command will change the type of some interfaces. Continue? [Y/N]: y

Set the 25G mode on the interface successfully. Please reboot the device for the 25G mode to take effect.

【Related Commands】

· speed (Interface Management Command Reference/Ethernet Interface)

Software feature and command updates

This version has no feature changes.

For more information about the software feature and command update history, see H3C SECPATHF5000_AI160-CMW710-R8371P1320 Release Notes (Software Feature Changes).

MIB updates

Table 9 MIB updates

Item	MIB file	Module	Description
R8890P24
‘None	None	None
Modified	None	None	None
R8890P23
‘None	None	None
Modified	None	None	None
R8390P19
‘None	None	None
Modified	None	None	None
R8371P1320
‘None	None	None
Modified	None	None	None
R8371P1319
None	None
None	None
R8371P1318
None	None
None	None
R8371P1317
None	None
None	None

Operation changes

None.

Restrictions and cautions

Before performing an upgrade, see H3C SECPATHF5000_AI160-CMW710-R8890P24 Release Notes (Software Feature Changes) and related documentation to see the software feature changes and evaluate the influence on the service.

To avoid abnormality and configuration failure, follow these restrictions:

Restrictions

· If you need to form an RBM or IRF, make sure that the hardware version, software version, interface type, and speed of the two devices are consistent.

· 25G port and 100G port do not support stacking.

· IRF physical interfaces must be the same type. You can use only the following ports as IRF physical interfaces:

¡ Fiber ports on the panel.

¡ Ports on an interface module installed in slot 1 or slot 2.

· IRF might downgrade performance. As a best practice, configure RBM.

· For 4SFP&4SFP+ and 8SFP+ interface modules, the following restrictions apply:

¡ 10 GE ports on the interface modules support GE/10GE autosensing, but they do not support copper transceiver modules.

¡ The interface modules can be installed only in slot 3.

¡ For GE ports on a 4SFP&4SFP+ interface module, speed or duplex autonegotiation is disabled by default. As a best practice for a GE port on the interface module to come up, make sure the speed or duplex mode on the interface is the same as that on the peer interface.

· The device does not support the VSYS feature.

Cautions

· Use the following browsers:

¡ Chrome 40 or higher.

¡ Firefox v19 or higher.

¡ Internet Explorer 10 or higher.

· To avoid garbled characters on the Web interface, make sure the CLI uses GB18030 encoding.

· When two power modules are installed, do not repeatedly re-install them within a short period. To avoid the CPU errors caused by frequent power module re-installation, install power modules correctly in one operation.

· The Web interface and CLI cannot be used together. Do not configure a feature through both the Web interface and CLI.

· When you use SSL VPN Web access to access WeChat, Alipay, and hao123 pages, login failure or page display failure occurs if URL rewrite is not performed for some contents on the pages.

· If DPI is not configured, the maximum number of contexts is as described in the context specification. If DPI is configured, the maximum number of contexts is half the specification.

· As from F9660P12, the device supports global NAT. However, VPN and DNS mapping are to be supported yet.

· Because global NAT determines the destination security zone according to the FIB table, a destination security zone cannot be used by global NAT to match traffic that has been permitted by PBR or LLB. If a destination security zone is not used by a global NAT rule, packets to the destination security zone cannot match the global NAT rule, or services will be interrupted if application changes or configuration changes occur.

· As from R8371P1317, the IP address of an email server supporting the report subscription page can be an IP address or a host name.

· The standby device in RBM cannot process SSL VPN dialup traffic.

· The MAC addresses of a main interface and its subinterfaces must be the same.

· When domain name-based address object groups are used:

¡ If the local DNS server for the terminal is the device, the device acts as the DNS proxy, and you do not need to enable DNS snooping.

¡ If the local DNS server for the terminal is a DNS server on the external network, the device transmits packets for the terminal transparently. To avoid service interruption, you must enable DNS snooping after upgrading to R9671P1317.

· Because DPI does not support HTTP 2.0, a URL filtering policy configured to block Youtube, Facebook, Twitter, and onehub cannot take effect. Additionally, the onehub server uses bidirectional authentication, SSL decryption cannot take effect for the onehub website.

· It is not recommended to configure packet-by-packet forwarding when DPI, AFT, NAT, and other services are configured to avoid device malfunctions.

Licenses

About licenses

To use license-based features, you must purchase licenses from H3C and install the licenses.

For more information about license-based features and supported licenses, see H3C SecPath F1000 & F5000 Firewall Series License Matrixes.

License registration and installation

H3C License Management Platform provides product licensing services for H3C customers. You can access this system to obtain an activation file or transfer licenses.

H3C License Management Platform is accessible at http://www.h3c.com/en/License/.

For more information about license registration, activation file installation, and license transfer, see H3C Security Products Licensing Configuration Demonstration Video (Comware 7), H3C Security Products Licensing Configuration Demonstration (Comware 7), H3C Security Products Licensing Configuration Examples (Comware 7), and H3C Security Products Licensing Guide (Comware 7).

H3C provides license-related FAQ. For more information, see H3C Security Products Licensing FAQ (Comware 7).

Open problems and workarounds

None

List of resolved problems

Resolved problems in R8890P24

202410170247

· Symptom: webpage lagging, dropping large packets when pinging.

· Condition: When accessing the webpage.

202410311030

· Symptom: Backup machine command line prohibits issuing ip vpn-instance.

· Condition: RBM backup machine closes configuration synchronization.

202411250233

· Symptom: Causes the custom item to not take effect.

· Condition: In some customizations, a tab was mistakenly added before the custom parameters.

202411160368

· Symptom: The security domain configuration in the object group is not backed up in the active standby or batch backup.

· Condition: RBM networking, configuring security domain in IPv4 and 6 address object groups.

202410151516

· Symptom: The Yutai PHY 8521YS optical port occasionally falsely appears as up.

· Condition: Installation of 4 optical and 4 electric cards in devices such as F5000-CN-G55.

202411220281

· Symptom: The device cannot work in conjunction with PFC.

· Condition: External PFC device installed on the device.

Resolved problems in R8890P23

202409111571

· Symptom: RBM standby web interface cannot distribute IP address configuration.

· Condition: In the RBM network, the RBM standby command line can distribute IP address configuration, but configuration through the standby web fails.

202410100424

· Symptom: Formatting required

· Condition: Power outage and restart of hard drive raid0.

202409230782

· Symptom: Partially interested flow is not smooth.

· Conditions for issue: Condition VRRP address is configured, VRRP switchover is executed, the current device is VRRP standby, undo VRRP address; execute VRRP switchover again to make the current device the VRRP master.

202407101787

· Symptom: Second clicked page hangs.

· Condition: Two login pages are opened on one browser and logged into the device, both pages switch to "virtual device" to context 2; click "CLI console".

202407101717

· Symptom: Authentication failure.

· Condition: SSL VPN authentication uses a long connection between the sslvpnd and lauthd processes. When a fault occurs, the lauthd's long connection is closed, but the sslvpnd's long connection remains open.

202408152192

· Symptom: Incomplete configuration view fields.

· Condition: Security policy configuration logs.

202408061394

· Symptom: Backup machine unable to deploy context configuration.

· Condition: RBM network closes configuration synchronization.

Resolved problems in R8390P19

202305080279

· Symptom: Causes "Monitoring -> Statistics -> Traffic Statistics" to be inaccurate.

· Condition: Traffic statistics reuse session statistics, and because session statistics values are truncated when they exceed 4G, such as when 5G traffic comes in, it will restart statistics after exceeding 4G (starting from 0).

Resolved problems in R8390P13

202309111958

· Symptom: The device has failed to start up. It must run the R8390P13 version and BootWare 1.10.

· Condition: This symptom occurs if the device uses the new FPGA card NSQ1M9XVU9PDTC and runs a software version earlier than R8371P1318 or BootWare 1.10. The old FPGA card NSQ1M18VU9PDTA supports only x4 memory strips but the new FPGA card NSQ1M9XVU9PDTC is compatible with x4 and x8 memory strips.

202212190406

· Symptom: Layer 2 pass-through packets fail to be forwarded.

· Condition: This symptom occurs if you enable logic forwarding.

· Workaround: Disable logic forwarding when traffic is forwarded by a Layer 2 trunk interface.

202305092032

· Symptom: Asymmetric traffic interrupts, causing service unreachability.

· Condition: This symptom occurs if TCP ACK packets are processed by logical fast forwarding and sent to the switching chip on a dual-master IRF fabric with asymmetric traffic. The packets are not sent to the CPU, which cannot be transparently transmitted.

· Workaround: The dual-master IRF fabric is not applicable to scenarios with asymmetric traffic.

Resolved problems in E8390P11

202310261652

· Symptom: After successfully loading the file boot/system on the standby device using the ISSU command, the standby device enters the BootWare stage upon reboot and displays the message "Image program does not exist."

· Condition: This symptom might occur after ISSU is updated from D090SP09 to D090SP11 if you plan to upgrade the standby device first.

Resolved problems in E8390P09

202304141648

· Symptom: The device power cycle takes about 18 minutes.

· Condition: This symptom occurs if the device runs F83190P09 or an earlier version.

Resolved problems in A8390P07

First release F5000-AI120/F5000-AI360..

Resolved problems in R8371P1320

202305080445

· Symptom: When the conversation statistics value exceeds 4G, it will be truncated. For example, if 5G of traffic comes in, it will restart the statistics after exceeding 4G (starting from 0), causing the "monitoring->statistics->traffic statistics" to be inaccurate.

· Condition: The traffic statistics reuse the statistics of the session.

202403220831

· Symptom: In the case of high traffic pressure, BFD detection probability will oscillate.。

· Condition: Configure multiple services and multiple BFD links, inconsistent detection period between the remote end and local configuration.

Resolved problems in R8371P1319

202312120001

· Symptom: RBM is faild and result in the kind of the last eight interfaces are not same.

· Condition: The device uses the new FPGA board with NSQ1M9XVU9PDTC, doesn’t uses the R8371P1318.

Resolved problems in R8371P1318

202309111956

· Symptom:The device work anomaly.

· Condition:The device uses the new FPGA board with NSQ1M9XVU9PDTC, doesn’t uses the R8371P1318.

202312052189

· Symptom:The device can not respond in time. You can configure the commond of undo cfg-change log enable to avoid.

· Condition: When the device configures lots of the security policys and acl roles.

202311150441

· Symptom:The device reboot.

· Condition:The device pacets the cookie from the next device and the period is long.

202306151605

· Symptom:The IRF failed. The device doesn’t support to configure the IRF with the 25G interface.

· Condition:The device configures the IRF.

202306061338

· Symptom:The system prints the bfd log.

· Condition:The device configures the static route and track the bfd onctrol-packet.

Resolved problems in R8371P1317

202202070418

· Symptom: The device does not support searching for, deleting, or editing specific IP addresses from an IP address group that contains 200 IP addresses.

· Condition: This symptom occurs when you search for, delete, or edit specific IP addresses from the IP address group.

202111260625

· Symptom: The Application Analysis Center page is slow to load.

· Condition: This symptom occurs when you select Monitor > Application Analysis Center on the Web interface.

202112021170

· Symptom: The device reboots when the APR signature library is rolled back.

· Condition: This symptom occurs if you roll back DPI signature libraries (including the APR signature library) repeatedly in an RBM environment when different types of Layer 4 traffic are present.

202112021468

· Symptom: A configuration consistency check shows that the AAA configurations are inconsistent in an RBM network. Actually, the DPI module has inconsistent DPI configuration (domain reputation).

· Condition: This symptom occurs when you perform a configuration consistency check.

202112021933

· Symptom: On the Network > DNS > DNS Client page, the page crashes when you click the plus sign after the Output interface field.

· Condition: This symptom occurs if you have entered an invalid DNS server IPv6 address.

202108110742

· Symptom: On the Network > Interface Configuration > Interfaces page, the inbound and outbound traffic statistics of an aggregate subinterface are incorrect.

· Condition: This symptom occurs when you view interface traffic statistics on the Web interface.

202202091321

· Symptom: The port object configuration in a port object group displayed in the display this command is not the same as configured.

· Condition: This symptom occurs if you execute the port gt 65534 or port range 1000 1000 command in a port object group.

202201251238

· Symptom: The DPI process cannot obtain applications in the application audit and management module.

· Condition: This symptom occurs if the DPI process starts before the APR process when the device starts up.

Obtaining documentation

To obtain the related documents from the H3C website at http://www.h3c.com/en:

1. Click http://www.h3c.com/en/Support/Resource_Center/Technical_Documents.

2. Choose the desired product category and model.

Technical support

[email protected]

http://www.h3c.com/en

Appendix A Feature list

Hardware features

Table 10 Firewall specifications

Item	F5000-AI360 Specifications	F5000-AI120/F5000-AI160/F5000-E Specifications
Ports	6×100G 100GBASE-R 28×100GBASE-R 2 × USB host mode ports 2 × HA ports 1× Management port 1个BMC（Hardware support，software doesn’t support） 1个CONSOLE 1个Micro USB	6个100GBASE-R以太网光口 20个10GBASE-R以太网光口 8个25G以太网光口 2个USB接口 2个HA接口 1个管理以太网口、 1个BMC网口（硬件预留，软件暂不支持） 1个CONSOLE接口 1个Micro USB接口
Memory	F5000-AI360：96GB F5000-AI160：64GB F5000-E/F5000-AI120：32GB
SPI FLASH	32MB（save BootWare）
EMMC FLASH	8GB（save IPE）
Expansion slots	Not support
Hard disk slots	2 hard disk slots that support SATA hard disks. Hard disks are not hot swappable.
Power modules	2 × 650 W AC or DC power modules. AC and DC power modules cannot be used together.
Dimensions (W × D× H)	440mm×435mm×44mm
Operating temperature	· Operating: ¡ Without hard disks: 0°C to 45°C (32°F to 113°F) ¡ With hard disks: 5°C to 40°C (41°F to 104°F) · Storage: –40°C to 70°C (–40°F to 158°F)
Relative humidity	· Operating: ¡ Without hard disks: 5% RH to 95% RH, noncondensing ¡ With hard disks: 10% RH to 90% RH, noncondensing · Storage: ¡ Without hard disks: 5% RH to 95% RH, noncondensing ¡ With hard disks: 5% RH to 95% RH, noncondensing

Software features

Table 11 Firewall software features

Category	Features
AAA		RADIUS/HWTACACS+ authentication. CHAP authentication. PAP authentication. Domain authentication.
Firewall		Packet filtering. Security zone-based access control. Time-based access control. ASPF. Virtual firewall. Attack protection against malicious attacks, such as land, smurf, fraggle, WinNuke, ping of death, teardrop, IP spoofing, IP fragmentation, invalid TCP flag, large ICMP packet, address/port scanning, SYN flood, and ICMP flood. Control of ICMP redirection and destination unreachable messages. Tracert message control. Control of IP packets with the RR option. Static blacklist and dynamic blacklist.
Security management		Real-time attack protection logs. Blacklist logs. Session logs. Binary logs. Traffic statistic collection and analysis. Security event statistics.
NAT		NAT support for address pools. NAT support for ACLs. Easy IP. NAT server. Effective period of NAT. NAT ALGs, including FTP, DNS, QQ, MSN, H323, NBT, ILS, RTSP, SQLNET, SIP, RSH, and MGCP. NAT444.
Email filtering		Email sender/recipient-based filtering. Email subject/content/attachment filtering. Uploaded/downloaded FTP file filtering. Support for matching Chinese character codes.
Bandwidth management		Setting the maximum upstream bandwidth and the maximum downstream bandwidth. Setting the guaranteed upstream bandwidth and the guaranteed downstream bandwidth. Specifying traffic profiles based on parameters such as source security zone, destination security zone, source address, destination address, application, application group, time range, and user. Child traffic profiles. Interface-specific bandwidth configuration. AVC reports and logs, including user logs, local logs, and local reports. Traffic blocking and rate-limiting.
IPSec/IKE		AH and ESP. Manual SA setup and IKE SA setup. ESP support for DES, 3DES, and AES encryption algorithms. Support for MD5 and SHA-1 authentication algorithms. Support for IKE main mode and aggressive mode. DPD. NAT traversal.
L2TP		L2TP.
GRE		GRE tunnel.
SSL VPN		SSL VPN features.
LAN		Ethernet_II. VLAN.
IP services		ARP. Static domain name resolution. IP address borrowing. DHCP relay. DHCP server. DHCP client.
IP routing		Static route management. RIP-1/RIP-2. OSPF. BGP. Routing policy. PBR.
Basic IPv6 protocols.		Protocol processing. Ethernet link layer. ICMPv6. IPv6 address management. PMTU. Socket. TCP6. UDP6. RAWIP6. Ping6. DNS6. Tracert6. Telnet6. FIB6. DHCPv6 client. DHCPv6 relay.
IPv6 routing and multicast		RIPng. OSPFv3. BGP4+. Static routes. PBR. PIM-SM. PIM-DM.
IPv6 security		NAT-PT. Manual tunnel. IPv6 over IPv4 GRE tunnel (RFC 2784). 6to4 tunnel (RFC 3056). ISATAP tunnel. IPv6 packet filtering. RADIUS. DS-Lite.
VRRP		VRRP.
RBM		RBM fabric.
Hot backup		Session hot backup. Configuration synchronization.
CLI		Local configuration through a console port. Local or remote configuration through Telnet or SSH. Control of user access to commands. Debugging. Network diagnostic tools, including tracert and ping. Telnetting from the device to other devices. FTP server/client, and file and application upload and download. TFTP file transmission. Logging. File system management. User line configuration.
Web interface		Automatic logout of timed out administrators. Web user login and authentication. Device management, device monitoring, and firewall policy configuration through the Web interface.
Network management		Support for SNMPv3 and compatibility with SNMPv2C and SNMPv1. NTP time synchronization.

Appendix B List of severe vulnerabilities

Severe vulnerabilities in R8371P1320 and earlier versions

CVE-2017-3735

An attacker can exploit this vulnerability to bypass security protections and execute unauthorized operations.

CVE-2019-3855

An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 in the way packets are read from the server. libssh2 is a client-side C library implementing the SSH2 protocol. A remote attacker who compromises an SSH server may be able to execute code on the client system when a user connects to the server.

HSVD-201904-001

A TCP/IP SYN + FIN packet filtering vulnerability. A remote host does not discard TCP SYN packets with the FIN flag set. An attacker might bypass the firewall, depending on the type of firewall used.

HSVD-201902-001

A remote host can exploit the TCP timestamp vulnerability to obtain the online time.

CVE-2019-0548

A Linux kernel vulnerability that can cause information revealing.

JavaScript library vulnerability

Internal IP addresses in destination URLs might be revealed.

CVE-2020-10188

utility.c in telnetd in netkit telnet through 0.17 allows remote attackers to execute arbitrary code via short writes or urgent data, because of a buffer overflow involving the netclear and nextitem functions.

Web JavaScript vulnerability

A medium-risk vulnerability found during Web vulnerability scanning.

Web CSRF vulnerability

A CSRF vulnerability was found on the SSL VPN Web login interface.

HTTP method vulnerability

An attacker can use the OPTIONS method to determine the HTTP methods allowed by each directory.

CRLF injection vulnerability

This vulnerability can be exploited when an HTTP request contains a user-configured domain in the cookies or the request is GET /enterdomain.cgi?domain=%0d%0aSomeCustomInjectedHeader:%0d%0aset-cookie:iamyy HTTP1/1.

CVE-2019-1547

An attacker can exploit this vulnerability to obtain sensitive information.

CVE-2019-1563

An attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key

CVE-2016-7056

A malicious user with local access can exploit this vulnerability to recover Elliptic Curve Digital Signature Algorithm (ECDSA) P-256 private keys. This vulnerability is due to incorrect setting of the BN_FLG_CONSTTIME identifier by the ecdsa_sign_setup() function in the crypto/ec/ecdsa_ossl.c file.

CVE-2018-0739

Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a DoS attack.

CVE-2019-1559

An attacker can exploit this vulnerability to bypass access controls and obtain sensitive information.

CVE-2018-0737

An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key.

CVE-2018-0732

An attacker can exploit this vulnerability to launch a DoS attack.

CVE-2019-1552

This vulnerability is related to OpenSSL. An attacker can exploit this vulnerability to bypass security controls.

CVE-2018-5407

This vulnerability is related to OpenSSL. An attacker can exploit this vulnerability to obtain sensitive information and launch more attacks.

X-Frame-Options vulnerability

The absence of the X-Frame-Options header in HTTP packets can cause a clickjacking attack.

CVE-2021-23841/CVE-2021-23840/CVE-2020-1971

This vulnerability is related to OpenSSL. The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp that compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly and NULL pointer dereference might occur when both GENERAL_NAMEs contain an EDIPARTYNAME.

CVE-2016-6329

Algorithm vulnerability. If the device is configured to not support the algorithms that have this vulnerability, users might not be able to log in to the device through Web after the device is upgraded. To avoid this vulnerability, do not specify 8-byte block CBC algorithms (such as DES, 3DES, and RC2) in the ciphersuite of an SSL server policy. Instead, you can use other ciphers, such as the AES_256_CBC algorithm, and then restart the HTTPS service.

CVE-2021-3711

OpenSSL SM2 decryption buffer overflow. To decrypt SM2 encrypted data, OpenSSL calls the API function EVP_PKEY_decrypt. The function might calculate the buffer size incorrectly, leading to a buffer overflow.

CVE-2021-3712

OpenSSL ASN.1 strings read buffer overflow. ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure. If an ASN1_STRING structure does not NULL terminate the byte array as required, a buffer overflow might occur when OpenSSL prints the ASN.1 data.

Vulnerability in using the get method to transmit information

An attacker can exploit this vulnerability to obtain sensitive information. If sensitive parameters are transmitted by using the get method rather than in the post request body, the sensitive information might be recorded in users' browser history, Web server logs, and any reverse proxy used by host infrastructure. Attackers that successfully steal these records can obtain the sensitive information stored in these records.

File enumeration vulnerability

An attacker can exploit this vulnerability to obtain user files and information. When files are exported on the Objects > User > User Management > Local Users page, an attacker can obtain the file naming method and capture the data packets in the file download requests. Based on the information, the attacker can enumerate other files. In this way, the attacker can obtain user files and other information.

Appendix C Upgrading software

CAUTION:

Do not power off or reboot the device during the upgrade process.

The software upgrade procedure is the same for all security devices. This chapter describes how to upgrade software from the CLI, Web interface, and BootWare menus. The default storage medium varies by device model. This chapter uses the CF card as the default storage medium.

Software images

Software images types

The following software types are available:

· BootWare image—A .btw file that contains a basic segment and an extended segment. The basic segment is the minimum code that bootstraps the system. The extended segment enables hardware initialization and provides system management menus. You can use these menus to load software and the startup configuration file or manage files when the device cannot start up correctly.

· System software image—Includes the following image subcategories:

¡ Boot image—A .bin file that contains the Linux operating system kernel. It provides process management, memory management, file system management, and the emergency shell.

¡ System image—A .bin file that contains the Comware kernel and standard features, including device management, interface management, configuration management, and routing.

¡ Patch image—A .bin file that is released for fixing bugs without rebooting the device. A patch image does not add or remove features.

You can assign the following attributes to a system software image:

¡ Main—The image is the primary image. The system always attempts to load the main image at startup in preference to the backup image.

¡ Backup—The image is the backup image. It is used only if the primary image is corrupt or not available.

Software release forms

Software images are released in one of the following forms:

· Separate .bin files. You must verify compatibility between software images.

· As a whole in one .ipe package file. The images in an .ipe package file are compatible. The system decompresses the file automatically, loads the .bin images and sets them as startup software images.

Configuration files

You can save settings you made to a configuration file so they can survive a reboot.

The device supports .cfg configuration files. The default .cfg configuration file is named startup.cfg.

Upgrade methods

To upgrade system software, use one of the following methods:

· Upgrading system software from the CLI

· Upgrading system software from the Web interface

· Upgrading system software from BootWare menus

To upgrade the BootWare, use either of the following methods:

· Upgrading the BootWare from the CLI

· Upgrading BootWare from BootWare menus

You must reboot the device after a system software or BootWare upgrade. A device reboot interrupts services.

Before a software upgrade, read the release notes to identify the command changes. Some commands in the configuration file might not be supported after a software upgrade.

Preparing for the upgrade

The device can function as the TFTP client, FTP client, or FTP server. In the following examples that use TFTP or FTP, the device functions as the TFTP or FTP client.

To use a PC as the TFTP or FTP server, prepare the TFTP or FTP server software by yourself. The device is not shipped with the software.

Before you upgrade system software, complete the following tasks:

Set up the upgrade environment as shown in Figure 1. The IP address and subnet mask of the PC are 192.168.0.2 and 255.255.255.0, respectively.

· Run a TFTP or FTP server on the file server. (Skip this task if you upgrade software from the Web interface.)

· Assign an IP address to the file server. Make sure the management Ethernet port on the device and the file server can reach each other.

By default, the IP address of the management Ethernet port GigabitEthernet 1/0/0 is 192.168.0.1/24 and the management Ethernet port belongs to the Management security zone. The Management security zone and the Local security zone can communicate with each other.

You can also change the IP address of the management Ethernet port from its default and add it to a security zone other than Management. Then, you configure a zone pair to make sure the security zone and the Local security zone can communicate with each other. For more information about security zones and zone pairs, see the security zone configuration in the fundamentals configuration guide.

· Transfer the software upgrade file to the file server and set the working directory on the TFTP or FTP server.

· Log in to the CLI of the device through the console port. (Skip this task if you upgrade software from the Web interface.)

· Make sure the upgrade has minimal impact on the network services. During the upgrade, the device cannot provide any services.

Figure 1 Setting up the upgrade environment

Upgrading system software

This configuration example upgrades system software from R8513 to R8514. The system software image file name is main.ipe.

Upgrading system software from the CLI

You can use TFTP or FTP on the device to access the TFTP or FTP server to back up or download software files.

Using TFTP to upgrade system software

1. Back up the running system software image and configuration file:

a. Display current software images and startup software images.

<Sysname> display boot-loader

Software images on slot 1:

Current software images:

cfa0:/main-cmw710-boot-R8513.bin

cfa0:/main-cmw710-system-R8513.bin

Main startup software images:

cfa0:/main-cmw710-boot-R8513.bin

cfa0:/main-cmw710-system-R8513.bin

Backup startup software images:

None

b. Back up the current software images.

<Sysname> copy main-cmw710-boot-R8513.bin boot_backup.bin

<Sysname> copy main-cmw710-system-R8513.bin system_backup.bin

c. Specify boot_backup.bin and system_backup.bin as the backup startup image files.

<Sysname> boot-loader file boot cfa0:/boot_backup.bin system cfa0:/system_backup.bin backup

d. Execute the save command in any view to save the running configuration.

<Sysname> save

The current configuration will be written to the device. Are you sure? [Y/N]:y

Please input the file name(*.cfg)[cfa0:/startup.cfg]

(To leave the existing filename unchanged, press the enter key):

cfa0:/startup.cfg exists, overwrite? [Y/N]:y

Validating file. Please wait...

Saved the current configuration to mainboard device successfully.

e. Execute the dir command in user view to identify the system software image and configuration file names and verify that the CF card has sufficient space for the new system software image.

<Sysname> dir

Directory of cfa0:

0 -rw- 4269 Jul 12 2018 13:34:36 + attachmentname + .ak

1 -rw- 5723136 Oct 24 2018 13:03:16 boot_backup.bin

2 drw- - Sep 26 2018 15:21:36 diagfile

3 drw- - Sep 14 2018 08:04:50 dpi

4 -rw- 5723136 Oct 23 2018 16:52:51 main-cmw710-boot-R8513.bin

5 -rw- 137090048 Oct 23 2018 16:58:19 main-cmw710-system-R8513.bin

6 -rw- 735 Sep 13 2018 19:16:22 hostkey

7 -rw- 730 Oct 23 2018 16:58:50 ifindex.dat

8 drw- - Jul 12 2018 13:34:36 license

9 drw- - Sep 13 2018 18:29:20 logfile

10 drw- - Sep 13 2018 19:16:24 pki

11 drw- - Sep 13 2018 18:33:24 seclog

12 -rw- 591 Sep 13 2018 19:16:24 serverkey

13 -rw- 5109 Oct 23 2018 16:58:50 startup.cfg

14 -rw- 134782 Oct 23 2018 16:58:51 startup.mdb

15 -rw- 137090048 Oct 24 2018 13:11:57 system_backup.bin

16 drw- - Oct 23 2018 17:04:21 versionInfo

4088468 KB total (3972960 KB free)

f. Execute the tftp put command in user view to upload the startup.cfg file to the TFTP server.

<Sysname> tftp 192.168.0.2 put startup.cfg

Press CTRL+C to abort.

% Total % Received % Xferd Average Speed Time Time Time Current

Dload Upload Total Spent Left Speed

100 3950 0 0 100 3950 0 204k --:--:-- --:--:-- --:--:-- 642k

2. Upgrade the system software:

a. Execute the tftp get command in user view to download the system software image file to the CF card on the device.

<Sysname> tftp 192.168.0.2 get main.ipe

Press CTRL+C to abort.

% Total % Received % Xferd Average Speed Time Time Time Current

Dload Upload Total Spent Left Speed

100 102M 100 102M 0 0 461k 0 0:03:48 0:03:48 --:--:-- 554k

Writing file...Done.

b. Execute the boot-loader file command in user view to load the main.ipe file and specify it as the main image file at the next reboot.

<Sysname> boot-loader file cfa0:/main.ipe all main

Verifying the file cfa0:/main.ipe on slot 1.........Done.

H3C SecPath T5020 images in IPE:

main-cmw710-boot-R8514.bin

main-cmw710-system-R8514.bin

This command will set the main startup software images. Please do not reboot any MPU during the upgrade. Continue? [Y/N]:y

Add images to slot 1.

File cfa0:/main-cmw710-boot-R8514.bin already exists on slot 1.

File cfa0:/main-cmw710-system-R8514.bin already exists on slot 1.

Overwrite the existing files? [Y/N]:y

Decompressing file main-cmw710-boot-R8514.bin to cfa0:/main-cmw710-boot-R8514.bin..........Done.

Decompressing file main-cmw710-system-R8514.bin to cfa0:/main-cmw710-system-R8514.bin............................................................................................................................................................................Done.

Verifying the file cfa0:/main-cmw710-boot-R8514.bin on slot 1...Done.

Verifying the file cfa0:/main-cmw710-system-R8514.bin on slot 1.........Done.

The images that have passed all examinations will be used as the main startup software images at the next reboot on slot 1.

Decompression completed.

Do you want to delete cfa0:/main.ipe now? [Y/N]:N

c. Execute the display boot-loader command in user view to verify that the file has been loaded.

<Sysname> display boot-loader

Software images on slot 1:

Current software images:

cfa0:/main-cmw710-boot-R8513.bin

cfa0:/main-cmw710-system-R8513.bin

Main startup software images:

cfa0:/main-cmw710-boot-R8514.bin

cfa0:/main-cmw710-system-R8514.bin

Backup startup software images:

cfa0:/boot_backup.bin

cfa0:/system_backup.bin

d. Execute the reboot command in user view to reboot the device.

<Sysname> reboot

Start to check configuration with next startup configuration file, please wait.

........DONE!

This command will reboot the device. Continue? [Y/N]:y

System is starting...

e. After the reboot is complete, execute the display version command to verify that the system software image is correct.

<Sysname> display version

H3C Comware Software, Version 7.1.064, Release 8514

H3C SecPath T5020 uptime is 0 weeks, 2 days, 5 hours, 53 minutes

Last reboot reason: User reboot

Boot image: cfa0:/main-cmw710-boot-R8514.bin

Boot image version: 7.1.064, Release 8514

Compiled Sep 18 2018 15:00:00

System image: cfa0:/main-cmw710-system-R8514.bin

System image version: 7.1.064, Release 8514

Compiled Sep 18 2018 15:00:00

SLOT 1

Uptime is 0 weeks, 2 days, 5 hours, 53 minutes

CPU type: Multi-core CPU

DDR3 SDRAM Memory 32766M bytes

CF0 Card 4002M bytes

Board PCB Version:Ver.A

CPLD_A Version: 1.0

CPLD_B Version: 2.0

Release Version:SecPath T5020-8514

Basic BootWare Version: 2.04

Extend BootWare Version: 2.04

Using FTP to upgrade system software

3. Back up the running system software image and configuration file:

a. Display current software images and startup software images.

<Sysname> display boot-loader

Software images on slot 1:

Current software images:

cfa0:/main-cmw710-boot-R8513.bin

cfa0:/main-cmw710-system-R8513.bin

Main startup software images:

cfa0:/main-cmw710-boot-R8513.bin

cfa0:/main-cmw710-system-R8513.bin

Backup startup software images:

None

b. Back up the current software images.

<Sysname> copy main-cmw710-boot-R8513.bin boot_backup.bin

<Sysname> copy main-cmw710-system-R8513.bin system_backup.bin

c. Specify boot_backup.bin and system_backup.bin as the backup startup image files.

<Sysname> boot-loader file boot cfa0:/boot_backup.bin system cfa0:/system_backup.bin backup

d. Execute the save command in any view to save the running configuration.

<Sysname> save

The current configuration will be written to the device. Are you sure? [Y/N]:y

Please input the file name(*.cfg)[cfa0:/startup.cfg]

(To leave the existing filename unchanged, press the enter key):

cfa0:/startup.cfg exists, overwrite? [Y/N]:y

Validating file. Please wait...

Saved the current configuration to mainboard device successfully.

e. Execute the dir command in user view to identify the system software image and configuration file names and verify that the CF card has sufficient space for the new system software image.

<Sysname> dir

Directory of cfa0:

0 -rw- 4269 Jul 12 2018 13:34:36 + attachmentname + .ak

1 -rw- 5723136 Oct 24 2018 13:03:16 boot_backup.bin

2 drw- - Sep 26 2018 15:21:36 diagfile

3 drw- - Sep 14 2018 08:04:50 dpi

4 -rw- 5723136 Oct 23 2018 16:52:51 main-cmw710-boot-R8513.bin

5 -rw- 137090048 Oct 23 2018 16:58:19 main-cmw710-system-R8513.bin

6 -rw- 735 Sep 13 2018 19:16:22 hostkey

7 -rw- 730 Oct 23 2018 16:58:50 ifindex.dat

8 drw- - Jul 12 2018 13:34:36 license

9 drw- - Sep 13 2018 18:29:20 logfile

10 drw- - Sep 13 2018 19:16:24 pki

11 drw- - Sep 13 2018 18:33:24 seclog

12 -rw- 591 Sep 13 2018 19:16:24 serverkey

13 -rw- 5109 Oct 23 2018 16:58:50 startup.cfg

14 -rw- 134782 Oct 23 2018 16:58:51 startup.mdb

15 -rw- 137090048 Oct 24 2018 13:11:57 system_backup.bin

16 drw- - Oct 23 2018 17:04:21 versionInfo

4088468 KB total (3972960 KB free)

f. Execute the ftp command in user view to access the FTP server.

<Sysname> ftp 192.168.0.2

Press CTRL+C to abort.

Connected to 192.168.0.2 (192.168.0.2).

220 3Com 3CDaemon FTP Server Version 2.0

User (192.168.0.2:(none)): user123

331 User name ok, need password

Password:

230 User logged in

Remote system type is UNIX.

Using binary mode to transfer files.

ftp>

g. Execute the put command in FTP client view to upload the startup.cfg file to the FTP server.

ftp> put startup.cfg

227 Entering passive mode (192,168,0,2,26,3).

125 Using existing data connection.

226 Closing data connection; File transfer successful.

3950 bytes sent in 0.001 seconds (4.13 Mbytes/s)

ftp>

4. Upgrade the system software:

a. Execute the get command in FTP client view to download the system software image file to the CF card on the device.

ftp> get main.ipe

227 Entering passive mode (192,168,0,2,8,252)

125 Using existing data connection

226 Closing data connection; File transfer successful.

107934720 bytes received in 187.994 seconds (560.68 Kbytes/s)

ftp>

b. Execute the quit command in FTP client view to return to user view.

ftp> quit

221 Service closing control connection

c. Execute the boot-loader file command in user view to load the main.ipe file and specify it as the main image file at the next reboot.

<Sysname> boot-loader file cfa0:/main.ipe all main

Verifying the file cfa0:/main.ipe on slot 1.........Done.

H3C SecPath T5020 images in IPE:

main-cmw710-boot-R8514.bin

main-cmw710-system-R8514.bin

This command will set the main startup software images. Please do not reboot any MPU during the upgrade. Continue? [Y/N]:y

Add images to slot 1.

File cfa0:/main-cmw710-boot-R8514.bin already exists on slot 1.

File cfa0:/main-cmw710-system-R8514.bin already exists on slot 1.

Overwrite the existing files? [Y/N]:y

Decompressing file main-cmw710-boot-R8514.bin to cfa0:/main-cmw710-boot-R8514.bin..........Done.

Verifying the file cfa0:/main-cmw710-boot-R8514.bin on slot 1...Done.

Verifying the file cfa0:/main-cmw710-system-R8514.bin on slot 1.........Done.

The images that have passed all examinations will be used as the main startup software images at the next reboot on slot 1.

Decompression completed.

Do you want to delete cfa0:/main.ipe now? [Y/N]:N

d. Execute the display boot-loader command in user view to verify that the file has been loaded.

<Sysname> display boot-loader

Software images on slot 2:

Current software images:

cfa0:/main-cmw710-boot-R8513.bin

cfa0:/main-cmw710-system-R8513.bin

Main startup software images:

cfa0:/main-cmw710-boot-R8514.bin

cfa0:/main-cmw710-system-R8514.bin

Backup startup software images:

cfa0:/boot_backup.bin

cfa0:/system_backup.bin

e. Execute the reboot command in user view to reboot the device.

<Sysname> reboot

Start to check configuration with next startup configuration file, please wait.

........DONE!

This command will reboot the device. Continue? [Y/N]:y

System is starting...

f. After the reboot is complete, execute the display version command to verify that the system software image is correct.

<Sysname> display version

H3C Comware Software, Version 7.1.064, Release 8514

H3C SecPath T5020 uptime is 0 weeks, 2 days, 5 hours, 53 minutes

Last reboot reason: User reboot

Boot image: cfa0:/main-cmw710-boot-R8514.bin

Boot image version: 7.1.064, Release 8514

Compiled Sep 18 2018 15:00:00

System image: cfa0:/main-cmw710-system-R8514.bin

System image version: 7.1.064, Release 8514

Compiled Sep 18 2018 15:00:00

SLOT 1

Uptime is 0 weeks, 2 days, 5 hours, 53 minutes

CPU type: Multi-core CPU

DDR3 SDRAM Memory 32766M bytes

CF0 Card 4002M bytes

Board PCB Version:Ver.A

CPLD_A Version: 1.0

CPLD_B Version: 2.0

Release Version:SecPath T5020-8514

Basic BootWare Version: 2.04

Extend BootWare Version: 2.04

Upgrading system software from the Web interface

CAUTION:

· You can use the default account settings or create a new account to log in to the Web interface for the first time. This section uses the default account settings. For security purposes, if you use the default account settings, modify the default password or create a new account and delete the default account after the first login.

· Do not perform any operation on the Web interface while the system is upgrading software.

Table 12 describes the default settings for you to log in to the Web interface.

Table 12 Default login information

Login information	Default setting
Username	admin
Password	admin
IP address of GigabitEthernet 1/0/0	192.168.0.1/24

NOTE:

The default management Ethernet port varies by device model. In this example, the default management Ethernet port is GigabitEthernet 1/0/0.

To upgrade the system software from the Web interface:

1. Use an Ethernet cable to connect the PC to an Ethernet port on the device. As a best practice, connect the PC to the management Ethernet port on the device.

2. Assign an IP address on the same subnet as the management port GigabitEthernet 1/0/0 to the PC.

In this example, assign 192.168.0.2 to the PC.

3. Launch the Web browser, and enter 192.168.0.1 in the address bar.

The Web login page appears.

4. Type the default username and password, and click Login.

5. Select System > Upgrade Center > Software Upgrade from the navigation tree.

6. Click Upgrade immediately on the Software Upgrade page.

7. Select the startup file to be used, and click OK.

Figure 2 Upgrade Immediately page

Upgrading system software from BootWare menus

To upgrade Comware images from BootWare menus, use one of the following methods:

· Using TFTP to upgrade system software through the management Ethernet port

· Using FTP to upgrade system software through the management Ethernet port

Preparing for the upgrade

1. Connect the configuration terminal to the MPU's console port.

2. Connect the MPU's management Ethernet port to the TFTP or FTP file server.

The TFTP or FTP server can be co-located with the configuration terminal (typically, a PC).

3. Prepare the upgrade file:

¡ If you are using TFTP, store the upgrade file on the TFTP server, and specify the directory.

¡ If you are using FTP, store the upgrade file on the FTP server, and specify the directory, FTP username, and password.

4. Run the terminal emulation program on the configuration terminal.

5. Power on the device, and then press Ctrl+B within 5 seconds at prompt to access the EXTEND-BOOTWARE menu (see "Using the EXTENDED-BOOTWARE menu").

Using TFTP to upgrade system software through the management Ethernet port

1. Enter 3 in the EXTEND-BOOTWARE menu to access the Ethernet submenu.

==========================<Enter Ethernet SubMenu>==========================

|Note:the operating device is sda0 |

|<1> Download Image Program To SDRAM And Run |

|<2> Update Main Image File |

|<3> Update Backup Image File |

|<4> Download Files(*.*) |

|<5> Modify Ethernet Parameter |

|<0> Exit To Main Menu |

|<Ensure The Parameter Be Modified Before Downloading!> |

============================================================================

Enter your choice(0-5):

2. Enter 5 in the Ethernet submenu to configure the network settings.

NOTE:

To use the existing setting for a field, press Enter without modifying the setting.

======================<ETHERNET PARAMETER SET>==============================

|Note: '.' = Clear field. |

| '-' = Go to previous field. |

| Ctrl+D = Quit. |

============================================================================

Protocol (FTP or TFTP):tftp

Load File Name :main.ipe

Target File Name :main.ipe

Server IP Address :192.168.0.2

Local IP Address :192.168.0.1

Subnet Mask :255.255.255.0

Gateway IP Address :0.0.0.0

Table 13 Network parameter fields and shortcut keys

Field	Description
'.' = Clear field	Press a dot (.) and then press Enter to clear the setting for a field.
'-' = Go to previous field	Press a hyphen (-) and then press Enter to return to the previous field.
Ctrl+D = Quit	Press Ctrl+D to exit the ETHERNET PARAMETER SET menu.
Protocol (FTP or TFTP)	Set the file transfer protocol to TFTP.
Load File Name	Set the name of the file to be downloaded.
Target File Name	Set a file name for saving the file on the device. The target file name must have the same extension as the source file. By default, the target file name is the same as the source file name.
Server IP Address	Set the IP address of the TFTP server.
Local IP Address	Set the IP address of the Ethernet interface that connects to the TFTP server.
Subnet Mask	Set the IP address mask.
Gateway IP Address	Set a gateway IP address if the device is on a different network than the server.

After you finish setting the TFTP parameters, the system returns to the Ethernet submenu.

==========================<Enter Ethernet SubMenu>==========================

|Note:the operating device is sda0 |

|<1> Download Image Program To SDRAM And Run |

|<2> Update Main Image File |

|<3> Update Backup Image File |

|<4> Download Files(*.*) |

|<5> Modify Ethernet Parameter |

|<0> Exit To Main Menu |

|<Ensure The Parameter Be Modified Before Downloading!> |

============================================================================

Enter your choice(0-5):

3. Enter 2 or 3 in the Ethernet submenu to upgrade the main or backup software images. For example, enter 2 to upgrade the main software images.

Loading.....................................................................

............................................................................

.........................Done!

94786560 bytes downloaded!

Image file main-cmw710-boot-A9615.bin is self-decompressing...

Saving file sda0:/main-cmw710-boot-A9615.bin ......Done.

Image file main-cmw710-system-A9615.bin is self-decompressing...

Saving file sda0:/main-cmw710-system-A9615.bin .......................

............................................................................

..................Done. .

==========================<Enter Ethernet SubMenu>==========================

|Note:the operating device is sda0 |

|<1> Download Image Program To SDRAM And Run |

|<2> Update Main Image File |

|<3> Update Backup Image File |

|<4> Download Files(*.*) |

|<5> Modify Ethernet Parameter |

|<0> Exit To Main Menu |

|<Ensure The Parameter Be Modified Before Downloading!> |

============================================================================

Enter your choice(0-5):

4. Enter 0 in the Ethernet submenu to return to the EXTEND-BOOTWARE menu.

5. Enter 1 in the EXTEND-BOOTWARE menu to run the new Comware images.

Using FTP to upgrade system software through the management Ethernet port

1. Enter 3 in the EXTEND-BOOTWARE menu to access the Ethernet submenu.

==========================<Enter Ethernet SubMenu>==========================

|Note:the operating device is sda0 |

|<1> Download Image Program To SDRAM And Run |

|<2> Update Main Image File |

|<3> Update Backup Image File |

|<4> Download Files(*.*) |

|<5> Modify Ethernet Parameter |

|<0> Exit To Main Menu |

|<Ensure The Parameter Be Modified Before Downloading!> |

============================================================================

Enter your choice(0-5):

2. Enter 5 in the Ethernet submenu to configure the network settings.

NOTE:

To use the existing setting for a field, press Enter without modifying the setting.

======================<ETHERNET PARAMETER SET>==============================

|Note: '.' = Clear field. |

| '-' = Go to previous field. |

| Ctrl+D = Quit. |

============================================================================

Protocol (FTP or TFTP):ftp

Load File Name :main.ipe

Target File Name :main.ipe

Server IP Address :192.168.0.2

Local IP Address :192.168.0.1

Subnet Mask :255.255.255.0

Gateway IP Address :0.0.0.0

FTP User Name :admin

FTP User Password :******

Table 14 Network parameter fields and shortcut keys

Field	Description
'.' = Clear field	Press a dot (.) and then press Enter to clear the setting for a field.
'-' = Go to previous field	Press a hyphen (-) and then press Enter to return to the previous field.
Ctrl+D = Quit	Press Ctrl+D to exit the ETHERNET PARAMETER SET menu.
Protocol (FTP or TFTP)	Set the file transfer protocol to FTP.
Load File Name	Set the name of the file to be downloaded.
Target File Name	Set a file name for saving the file on the device. The target file name must have the same extension as the source file. By default, the target file name is the same as the source file name.
Server IP Address	Set the IP address of the FTP or TFTP server.
Local IP Address	Set the IP address of the Ethernet interface that connects to the TFTP or FTP server.
Subnet Mask	Set the IP address mask.
Gateway IP Address	Set a gateway IP address if the device is on a different network than the server.
FTP User Name	Set the username for accessing the FTP server. This username must be the same as the username configured on the FTP server.
FTP User Password	Set the password for accessing the FTP server. This password must be the same as the password configured on the FTP server.

After you finish setting the FTP parameters, the system returns to the Ethernet submenu.

==========================<Enter Ethernet SubMenu>==========================

|Note:the operating device is sda0 |

|<1> Download Image Program To SDRAM And Run |

|<2> Update Main Image File |

|<3> Update Backup Image File |

|<4> Download Files(*.*) |

|<5> Modify Ethernet Parameter |

|<0> Exit To Main Menu |

|<Ensure The Parameter Be Modified Before Downloading!> |

============================================================================

Enter your choice(0-5):

3. Enter 2 or 3 in the Ethernet submenu to upgrade the main or backup software images. For example, enter 2 to upgrade the main software images.

Loading.....................................................................

............................................................................

.........................Done!

94786560 bytes downloaded!

Image file main-cmw710-boot-A9615.bin is self-decompressing...

Saving file sda0:/main-cmw710-boot-A9615.bin ......Done.

Image file main-cmw710-system-A9615.bin is self-decompressing...

Saving file sda0:/main-cmw710-system-A9615.bin .......................

............................................................................

..................Done.

==========================<Enter Ethernet SubMenu>==========================

|Note:the operating device is sda0 |

|<1> Download Image Program To SDRAM And Run |

|<2> Update Main Image File |

|<3> Update Backup Image File |

|<4> Download Files(*.*) |

|<5> Modify Ethernet Parameter |

|<0> Exit To Main Menu |

|<Ensure The Parameter Be Modified Before Downloading!> |

============================================================================

Enter your choice(0-5):

4. Enter 0 in the Ethernet submenu to return to the EXTEND-BOOTWARE menu.

5. Enter 1 in the EXTEND-BOOTWARE menu to run the new system software.

Upgrading the BootWare

You can upgrade the BootWare from the CLI or BootWare menus.

Upgrading the BootWare from the CLI

Whether a .btw file is compressed together with an .ipe file depends on the device model and software release. Please check it with H3C technical support. This section describes only how to upgrade the BootWare from the CLI.

To upgrade the BootWare from the CLI:

6. Use FTP or TFTP to download or upload the new BootWare image file to the root directory of the storage medium on the device.

7. Execute the bootrom update command to upgrade the BootWare.

<System> bootrom update file cfa0:/main.btw slot 2

This command will update bootrom file, Continue? [Y/N]:y

Now updating bootrom, please wait...

Updating basic bootrom!

Update basic bootrom success!

Updating extended bootrom!

Update extended bootrom success!

Update bootrom success!

8. Execute the reboot command to reboot the device.

Upgrading BootWare from BootWare menus

To upgrade the BootWare image from BootWare menus, use one of the following methods:

· Using TFTP to upgrade BootWare through the management Ethernet port

· Using FTP to upgrade BootWare through the management Ethernet port

For more information about BootWare menus, see " Using BootWare menus."

NOTE:

This section uses the MPU as an example to describe how to upgrade BootWare.

Preparing for the upgrade

1. Connect the MPU's console port to the configuration terminal.

2. Connect the MPU's management Ethernet port to the TFTP or FTP file server.

The TFTP or FTP server can be co-located with the configuration terminal (typically, a PC).

3. Prepare the upgrade file:

¡ If you are using TFTP, store the upgrade file on the TFTP server, and specify the file directory.

¡ If you are using FTP, store the upgrade file on the FTP server, and specify the file directory, FTP username, and password.

4. Run the terminal emulation program on the configuration terminal.

5. Power on the device, and then press Ctrl+B within 5 seconds at prompt to access the EXTEND-BOOTWARE menu (see "Using the EXTENDED-BOOTWARE menu").

Using TFTP to upgrade BootWare through the management Ethernet port

1. Enter 7 in the BootWare menu to access the BootWare Operation submenu.

=========================<BootWare Operation Menu>==========================

|Note:the operating device is sda0 |

|<1> Backup Full BootWare |

|<2> Restore Full BootWare |

|<3> Update BootWare By Serial |

|<4> Update BootWare By Ethernet |

|<0> Exit To Main Menu |

============================================================================

Enter your choice(0-4):

2. Enter 4 in the BootWare Operation submenu to enter the Ethernet submenu.

===================<BOOTWARE OPERATION ETHERNET SUB-MENU>===================

|<1> Update Full BootWare |

|<2> Update Extended BootWare |

|<3> Update Basic BootWare |

|<4> Modify Ethernet Parameter |

|<0> Exit To Main Menu |

============================================================================

Enter your choice(0-4):

3. Enter 4 in the Ethernet submenu to configure the network settings.

NOTE:

To use the existing setting for a field, press Enter without modifying the setting.

==========================<ETHERNET PARAMETER SET>==========================

|Note: '.' = Clear field. |

| '-' = Go to previous field. |

| Ctrl+D = Quit. |

============================================================================

Protocol (FTP or TFTP):tftp

Load File Name :Main.btw

Target File Name :Main.btw

Server IP Address :192.168.0.2

Local IP Address :192.168.0.1

Subnet Mask :255.255.255.0

Gateway IP Address :0.0.0.0

For more information about the fields, see Table 13.

After you finish setting the TFTP parameters, the system returns to the BOOTWARE OPERATION ETHERNET submenu.

===================<BOOTWARE OPERATION ETHERNET SUB-MENU>===================

|<1> Update Full BootWare |

|<2> Update Extended BootWare |

|<3> Update Basic BootWare |

|<4> Modify Ethernet Parameter |

|<0> Exit To Main Menu |

============================================================================

Enter your choice(0-4):

4. Choose an option from options 1 to 3. For example, enter 1 to upgrade the entire BootWare image.

Loading..............Done.

64245 bytes downloaded!

Updating Basic BootWare? [Y/N]

5. Enter Y to upgrade the basic BootWare segment.

Updating Basic BootWare........Done.

Updating Extended BootWare? [Y/N]

6. Enter Y to upgrade the extended BootWare segment.

Updating Extended BootWare.........Done!

===================<BOOTWARE OPERATION ETHERNET SUB-MENU>===================

|<1> Update Full BootWare |

|<2> Update Extended BootWare |

|<3> Update Basic BootWare |

|<4> Modify Ethernet Parameter |

|<0> Exit To Main Menu |

============================================================================

Enter your choice(0-4):

7. Enter 0 to return to the BootWare Operation menu.

8. Enter 0 in the BootWare Operation menu to return to the EXTEND-BOOTWARE menu.

9. Enter 0 in the EXTEND-BOOTWARE menu to reboot the system.

Using FTP to upgrade BootWare through the management Ethernet port

1. Enter 7 in the BootWare menu to access the BootWare Operation submenu.

=========================<BootWare Operation Menu>==========================

|Note:the operating device is sda0 |

|<1> Backup Full BootWare |

|<2> Restore Full BootWare |

|<3> Update BootWare By Serial |

|<4> Update BootWare By Ethernet |

|<0> Exit To Main Menu |

============================================================================

Enter your choice(0-4):

2. Enter 4 in the BootWare Operation submenu to enter the Ethernet submenu.

===================<BOOTWARE OPERATION ETHERNET SUB-MENU>===================

|<1> Update Full BootWare |

|<2> Update Extended BootWare |

|<3> Update Basic BootWare |

|<4> Modify Ethernet Parameter |

|<0> Exit To Main Menu |

============================================================================

Enter your choice(0-4):

3. Enter 4 in the Ethernet submenu to configure the network settings.

NOTE:

To use the existing setting for a field, press Enter without modifying the setting.

==========================<ETHERNET PARAMETER SET>==========================

|Note: '.' = Clear field. |

| '-' = Go to previous field. |

| Ctrl+D = Quit. |

============================================================================

Protocol (FTP or TFTP) :ftp

Load File Name :Main.btw

Target File Name :Main.btw

Server IP Address :192.168.0.2

Local IP Address :192.168.0.1

Subnet Mask :255.255.255.0

Gateway IP Address :0.0.0.0

FTP User Name :admin

FTP User Password :******

For more information about the fields, see Table 14.

After you finish setting the FTP parameters, the system returns to the BOOTWARE OPERATION ETHERNET submenu.

===================<BOOTWARE OPERATION ETHERNET SUB-MENU>===================

|<1> Update Full BootWare |

|<2> Update Extended BootWare |

|<3> Update Basic BootWare |

|<4> Modify Ethernet Parameter |

|<0> Exit To Main Menu |

============================================================================

Enter your choice(0-4):

4. Choose an option from options 1 to 3. For example, enter 1 to upgrade the entire BootWare image.

Loading.......Done.

64245 bytes downloaded!

Updating Basic BootWare? [Y/N]

5. Enter Y to upgrade the basic BootWare segment.

Updating Basic BootWare........Done.

Updating Extended BootWare? [Y/N]

6. Enter Y to upgrade the extended BootWare segment.

Updating Extended BootWare.........Done.

===================<BOOTWARE OPERATION ETHERNET SUB-MENU>===================

|<1> Update Full BootWare |

|<2> Update Extended BootWare |

|<3> Update Basic BootWare |

|<4> Modify Ethernet Parameter |

|<0> Exit To Main Menu |

============================================================================

Enter your choice(0-4):

7. Enter 0 to return to the BootWare Operation menu.

8. Enter 0 in the BootWare Operation menu to return to the EXTEND-BOOTWARE menu.

9. Enter 0 in the EXTEND-BOOTWARE menu to reboot the system.

Handling software upgrade failures

If a software upgrade fails, the system runs the old software version. To handle a software failure:

1. Check the physical ports for a loose or incorrect connection, and verify that the LEDs are reflecting the correct port status.

2. If you are using the console port for file transfer, check the HyperTerminal settings (including the baud rate and data bits) for any wrong setting.

3. Check the file transfer settings:

¡ If TFTP is used, you must enter the same server IP addresses, file name, and working directory as set on the TFTP server.

¡ If FTP is used, you must enter the same FTP server IP address, source file name, working directory, and FTP username and password as set on the FTP server.

4. Check the FTP or TFTP server for incorrect settings.

5. Check that the CF card has sufficient space for the upgrade file.

6. If the message "Something is wrong with the file" appears, check the file for file corruption.

Appendix D Using BootWare menus

Overview

BootWare provides a menu method to perform basic file operations, software upgrade, and system management when the Comware CLI is inaccessible because of image corruption.

BootWare is stored in each MPU's built-in the SD card. It has one basic segment and one extended segment. The basic segment enables the system to complete basic initialization, and the extended segment bootstraps the Comware images.

BootWare menus

Table 15 lists the menus that each segment provides and the major tasks you can perform using these menus. You can access these menus only during system startup.

Table 15 BootWare menus

BootWare segment	Menu	Tasks	Reference
Basic	BASIC-BOOTWARE	· Modify serial port parameters. · Upgrade BootWare. · Start the primary or backup BootWare extended segment.	Using the BASIC-BOOTWARE menu
Basic	BASIC ASSISTANT	Perform RAM test.	Accessing the BASIC-BOOTWARE menu
Extended	EXTEND-BOOTWARE	· Upgrade Comware software. · Manage files. · Access the system when the console login password is lost. · Clear user privilege passwords.	Using the EXTENDED-BOOTWARE menu
Extended	EXTEND-ASSISTANT	· Examine system memory. · Search system memory.	Accessing the EXTEND ASSISTANT submenu

BootWare shortcut keys

BootWare provides the shortcut keys listed in Table 16.

Table 16 BootWare shortcut keys

Shortcut keys	Prompt message	Function
Ctrl+B	access EXTENDED-BOOTWARE MENU	Accesses the EXTENDED-BOOTWARE menu while the device is starting up.
Ctrl+C	Please Start To Transfer File, Press <Ctrl+C> To Exit.	Stops the ongoing file transfer and exits the current operation interface.
Ctrl+C	Info: Press Ctrl+C to abort or return to EXTENDED ASSISTANT MENU.	Returns to the EXTENDED ASSISTANT menu. If the system is outputting the result of an operation, this shortcut key combination aborts the display first.
Ctrl+D	Press Ctrl+D to access BASIC-BOOTWARE MENU	Accesses the BASIC-BOOTWARE menu while the device is starting up.
Ctrl+D	Ctrl+D = Quit	Exits the parameter settings menu.
Ctrl+E	Memory Test(press Ctrl+C to skip it,press Ctrl+E to ECHO INFO)	Prints information during the memory test.
Ctrl+F	Ctrl+F: Format File System	Formats the current storage medium.
Ctrl+T	Press Ctrl+T to start memory test	Performs a memory test.
Ctrl+U	Access BASIC ASSISTANT MENU	Accesses the BASIC ASSISTANT menu from the BASIC-BOOTWARE menu.
Ctrl+Z	Ctrl+Z: Access EXTENDED ASSISTANT MENU	Accesses the EXTENDED ASSISTANT menu from the EXTENDED-BOOTWARE menu.

Using the BASIC-BOOTWARE menu

Accessing the BASIC-BOOTWARE menu

1. Power on the device.

2. Press Ctrl+D within 4 seconds after the "Press Ctrl+D to access BASIC-BOOTWARE MENU" prompt message appears. If you fail to do this within the time limit, the system starts to run the extended BootWare segment.

======================<BASIC-BOOTWARE MENU(Ver 1.19)>=======================

|<1> Modify Serial Interface Parameter |

|<2> Update Extended BootWare |

|<3> Update Full BootWare |

|<4> Boot Extended BootWare |

|<5> Boot Backup Extended BootWare |

|<0> Reboot |

============================================================================

Ctrl+U: Access BASIC ASSISTANT MENU

Enter your choice(0-5):

Table 17 BASIC-BOOTWARE menu options

Option	Task	Reference
<1> Modify Serial Interface Parameter	Change the baud rate of the console port. Perform this task before downloading an image through the console port for software upgrade.	Modifying serial port parameters
<2> Update Extended BootWare	Upgrade the extended BootWare segment. If the extended segment is corrupt, choose this option to repair it.	Upgrading the extended BootWare segment
<3> Update Full BootWare	Upgrade the entire BootWare, including the basic segment and the extended segment.	Upgrading the entire BootWare
<4> Boot Extended BootWare	Run the primary extended BootWare segment.	Running the primary extended BootWare segment
<5> Boot Backup Extend BootWare	Run the backup extended BootWare segment.	Running the backup extended BootWare segment
<0> Reboot	Reboot the device.	N/A
Ctrl+U: Access BASIC ASSISTANT MENU	Press Ctrl+U to access the BASIC ASSISTANT menu.	Accessing the BASIC ASSISTANT menu

Modifying serial port parameters

To change the baud rate of the console port:

1. Enter 1 in the BASIC-BOOTWARE menu.

Enter your choice(0-5): 1

===============================<BAUDRATE SET>===============================

|Note:'*'indicates the current baudrate |

| Change The HyperTerminal's Baudrate Accordingly |

|---------------------------<Baudrate Available>---------------- ----------|

|<1> 9600(Default)* |

|<2> 19200 |

|<3> 38400 |

|<4> 57600 |

|<5> 115200 |

|<0> Exit |

============================================================================

Enter your choice(0-5):

2. Enter the number that represents the baud rate you want to choose. For example, enter 5 to set the baud rate to 115200 bps.

NOTE:

Baud rate change is a one-time operation. The baud rate will restore to the default (9600 bps) at reboot. To set up a console session with the device after a reboot, you must change the baud rate of the configuration terminal back to 9600 bps.

Upgrading the extended BootWare segment

Enter 2 in the BASIC-BOOTWARE menu.

Enter your choice(0-5): 2

Please Start To Transfer File, Press <Ctrl+C> To Exit.

Waiting ...CCC

Upgrading the entire BootWare

Enter 3 in the BASIC-BOOTWARE menu.

Enter your choice(0-5): 3

Please Start To Transfer File, Press <Ctrl+C> To Exit.

Waiting ...CCC

Running the primary extended BootWare segment

Enter 4 in the BASIC-BOOTWARE menu.

Enter your choice(0-5): 4

Booting Normal Extended BootWare.

The Extended BootWare is self-decompressing....Done.

****************************************************************************

* *

* H3C SecPath BootWare, Version 1.05 *

* *

****************************************************************************

Compiled Date : Aug 31 2017

Memory Type : DDR3 SDRAM

Memory Size : 16384MB

Sda0 Size : 8MB

sda0 Size : 3728MB

CPLD Version : 1.0

PCB Version : Ver.B

BootWare Validating...

Press Ctrl+B to access EXTENDED-BOOTWARE MENU...

Loading the main image files...

Loading file sda0:/Main-CMW710-SYSTEM-A9615.bin. ......................

............................................................................

...........................Done.

Image file sda0:/Main-CMW710-BOOT-A9615.bin is self-decompressing......

.................................................Done.

System image is starting...

Running the backup extended BootWare segment

Enter 5 in the BASIC-BOOTWARE menu.

For information about backing up the extended BootWare segment, see "Accessing the BootWare Operation submenu."

Enter your choice(0-5): 5

Booting Backup Extended BootWare.

The Extended BootWare is self-decompressing............................Done!

NOTE:

This option is not supported if the password recovery capability is enabled. For more information about configuring the password recovery capability at the CLI, see "Controlling the password recovery capability."

Accessing the BASIC ASSISTANT menu

Press Ctrl+U in the BASIC-BOOTWARE menu.

===========================<BASIC-ASSISTANT MENU>===========================

|<1> RAM Test |

|<0> Exit To Main Menu |

============================================================================

Enter your choice(0-1):

Table 18 BASIC ASSISTANT menu options

Option	Description
<1> RAM Test	Test the memory.
<2> Exit To Main Menu	Return to the BASIC-BOOTWARE menu.

Testing the memory

IMPORTANT:

To avoid unexpected exceptions, perform this task under the guidance of H3C Support.

To test the memory, use one of the following methods:

· In the BASIC-BOOTWARE menu, press Ctrl+T within 4 seconds after the "Press Ctrl+T to start memory test" prompt message appears.

· In the BASIC-BOOTWARE menu, press Ctrl+U to access the BASIC ASSISTANT menu.

Using the EXTENDED-BOOTWARE menu

Accessing the EXTENDED-BOOTWARE menu

1. Power on the device.

2. Press Ctrl+B within 5 seconds after the "Press Ctrl+B to access EXTENDED-BOOTWARE MENU..." prompt message appears. If you fail to do this within the time limit, the system starts up.

System is starting...

Press Ctrl+D to access BASIC-BOOTWARE MENU...

Press Ctrl+T to start heavy memory test..

Booting Normal Extended BootWare

The Extended BootWare is self-decompressing....Done.

****************************************************************************

* *

* H3C SecPath BootWare, Version 1.05 *

* *

****************************************************************************

Compiled Date : Aug 31 2017

Memory Type : DDR3 SDRAM

Memory Size : 16384MB

Sda0 Size : 8MB

sda0 Size : 3728MB

CPLD Version : 1.0

PCB Version : Ver.B

BootWare Validating...

Press Ctrl+B to access EXTENDED-BOOTWARE MENU...

Password recovery capability is enabled.

Note: The current operating device is sda0

Enter < Storage Device Operation > to select device.

3. Press Enter to access the EXTENDED-BOOTWARE menu.

===========================<EXTENDED-BOOTWARE MENU>=========================

|<1> Boot System |

|<2> Enter Serial SubMenu |

|<3> Enter Ethernet SubMenu |

|<4> File Control |

|<5> Restore to Factory Default Configuration |

|<6> Skip Current System Configuration |

|<7> BootWare Operation Menu |

|<8> Skip Authentication for Console Login |

|<9> Storage Device Operation |

|<0> Reboot |

============================================================================

Ctrl+Z: Access EXTENDED ASSISTANT MENU

Ctrl+F: Format File System

Enter your choice(0-9):

Availability of some options in this menu depends on the password recovery capability state (displayed on top of the EXTEND-BOOTWARE menu). For more information about the feature, see "Controlling the password recovery capability."

Table 19 EXTENDED-BOOTWARE menu options

Option	Tasks	Reference
<1> Boot System	Run the Comware software without rebooting the device. Choose this option after completing operations in the EXTENDED-BOOTWARE menu.	N/A
<2> Enter Serial SubMenu	Accessing the Serial submenu.	Accessing the Serial submenu
<3> Enter Ethernet SubMenu	Use FTP or TFTP to upgrade Comware images through the management Ethernet port.	Accessing the Ethernet submenu
<4> File Control	· Display files on the current storage medium. · Set a Comware image file as the main or backup startup software image file. · Delete files to release storage space.	Managing files
<5> Restore to Factory Default Configuration	Restore the factory-default configuration. This option is available only if password recovery capability is disabled.	Restoring the factory-default configuration
<6> Skip Current System Configuration	Start the device with the factory-default configuration without loading any configuration file. This option is available only if password recovery capability is enabled.	Skipping the configuration file
<7> BootWare Operation Menu	Back up, recover, and upgrade the BootWare image.	Accessing the BootWare Operation submenu
<8> Skip Authentication for Console Login	Skip console login authentication. This option is available only if password recovery capability is enabled. This is a one-time operation and takes effect only for the first system boot or reboot after you choose this option.	Skipping console login authentication
<9> Storage Device Operation	Set the storage medium from which the device will start up. Set the storage medium where file operations are performed. This storage medium is referred to as the "current storage medium."	Managing storage media
Ctrl+F: Format File System	Format the file system.	Formatting the file system
Ctrl+Z: Access EXTENDED ASSISTANT MENU	Access the EXTENDED ASSISTANT menu.	Accessing the EXTEND ASSISTANT submenu
<0> Reboot	Reboot the device.	N/A

Controlling the password recovery capability

Password recovery capability controls console user access to the device configuration from BootWare menus. This feature decides the method to handle a password loss situation.

· If password recovery capability is enabled, a console user can handle a password loss situation as follows:

¡ If the console login password is lost, the user can skip console login authentication, and then access the CLI to configure a new password.

¡ If a user role password is lost, the user can skip the configuration file, and then access the CLI to configure a new password.

· If password recovery capability is disabled, console users must restore the factory-default configuration before they can configure new passwords.

To enhance system security, disable password recovery capability.

To enable or disable password recovery capability:

Step	Command	Remarks
5. Enter system view.	system-view	N/A
6. Enable or disabled password recovery capability.	· Enable the feature: password-recovery enable · Disable the feature: undo password-recovery enable	By default, password recovery capability is enabled.

Step

Command

Remarks

5. Enter system view.

system-view

N/A

6. Enable or disabled password recovery capability.

· Enable the feature:
password-recovery enable

· Disable the feature:
undo password-recovery enable

By default, password recovery capability is enabled.

Running Comware images

Enter 1 in the EXTEND-BOOTWARE menu.

Enter your choice(0-9): 1

Loading the main image files...

Loading file cfa0:/main-cmw710-system-e8526.bin.........................

............................................................................

.....................................................Done.

Loading file cfa0:/main-cmw710-boot-e8526.bin...........................

...................................Done.

Image file cfa0:/main-cmw710-boot-e8526.bin is self-decompressing.......

............................................................................

........Done.

System image is starting...

Accessing the Serial submenu

Enter 2 in the EXTEND-BOOTWARE menu.

Enter your choice(0-9): 2

===========================<Enter Serial SubMenu>===========================

|Note:the operating device is sda0 |

|<1> Download Image Program To SDRAM And Run |

|<2> Update Main Image File |

|<3> Update Backup Image File |

|<4> Download Files(*.*) |

|<5> Modify Serial Interface Parameter |

|<0> Exit To Main Menu |

============================================================================

Enter your choice(0-5):

Table 20 Serial submenu options

Option	Tasks
<1> Download Image Program To SDRAM And Run	Load and run Comware images in SDRAM. This option is available only if password recovery capability is enabled.
<2> Update Main Image File	Download Comware images to the current storage medium as the main images (the file attribute is set to M). As a result, the M file attribute of the original main images is removed.
<3> Update Backup Image File	Download Comware images to the current storage medium as backup images (the file attribute is set to B). As a result, the B file attribute of the original backup images is removed.
<4> Download Files(.)	Download files from the server to the device.
<5> Modify Serial Interface Parameter	Change the baud rate of the console port. The baud rate change is a one-time operation. The baud rate will restore to the default (9600 bps) at reboot. To set up a console session with the device after a reboot, you must change the baud rate setting on the configuration terminal to 9600 bps.
<0> Exit To Main Menu	Return to the EXTENDED-BOOTWARE menu.

NOTE:

To set the current storage medium, see "Managing storage media."

Accessing the Ethernet submenu

You can upgrade the Comware software through the management Ethernet port from the Ethernet submenu and configure file transfer settings.

1. Enter 3 in the EXTENDED-BOOTWARE menu and press Enter to access the Ethernet submenu.

Enter your choice(0-9):3

==========================<Enter Ethernet SubMenu>==========================

|Note:the operating device is sda0 |

|<1> Download Image Program To SDRAM And Run |

|<2> Update Main Image File |

|<3> Update Backup Image File |

|<4> Download Files(*.*) |

|<5> Modify Ethernet Parameter |

|<0> Exit To Main Menu |

|<Ensure The Parameter Be Modified Before Downloading!> |

============================================================================

Enter your choice(0-5):

Table 21 Ethernet submenu options

Option	Description
<1> Download Image Program To SDRAM And Run	Load and run software images in SDRAM. If password recovery capability is enabled, this option is not available.
<2> Update Main Image File	Download software images to the current storage medium as main images (the file attribute is set to M). As a result, the M file attribute of the original main images is removed.
<3> Update Backup Image File	Download software images to the current storage medium as backup images (the file attribute is set to B). As a result, the B file attribute of the original backup images is removed.
<4> Download Files(.)	Download files from the server to the device.
<5> Modify Ethernet Parameter	Configure FTP or TFTP file transfer settings.
<0> Exit To Main Menu	Return to the EXTENDED-BOOTWARE menu.

2. Enter 4 in the Ethernet submenu to configure file transfer settings on the MPU.

Enter your choice(0-4):4

======================<ETHERNET PARAMETER SET>=============================

|Note: '.' = Clear field. |

| '-' = Go to previous field. |

| Ctrl+D = Quit. |

===========================================================================

Protocol (FTP or TFTP) :ftp

Load File Name :main.ipe

Target File Name :main.ipe

Server IP Address :192.168.0.2

Local IP Address :192.168.0.1

Subnet Mask :255.255.255.0

Gateway IP Address :0.0.0.0

FTP User Name :admin

FTP User Password :******

Table 22 Setting Ethernet parameters for file transfer

Field	Description
'.' = Clear field	Press the dot (.), and then press Enter to clear the setting for a field.
'-' = Go to previous field	Press the hyphen (-), and then press Enter to return to the previous field.
Ctrl+D = Quit	Press Ctrl + D to exit the Ethernet parameter settings menu.
Protocol (FTP or TFTP)	Set the file transfer protocol to FTP or TFTP.
Load File Name	Set the name of the file to be downloaded.
Target File Name	Set a file name for saving the file in the current storage medium on the device. By default, the target file name is the same as the source file name.
Server IP Address	Set the IP address of the FTP or TFTP server.
Local IP Address	Set the IP address of the device.
Subnet Mask	Set the IP address mask.
Gateway IP Address	Set a gateway IP address if the device is on a different network than the server.
FTP User Name	Set the username for accessing the FTP server. This username must be the same as configured on the FTP server. This field is not available for TFTP.
FTP User Password	Set the password for accessing the FTP server. This password must be the same as configured on the FTP server. This field is not available for TFTP.

Managing files

You can display all files, set the attribute for a file, and delete a file from the File Control submenu.

Enter 4 in the EXTEND-BOOTWARE menu and then press Enter to access the File Control submenu.

Enter your choice(0-9):4

===============================<File CONTROL>===============================

|Note:the operating device is cfa0 |

|<1> Display All File(s) |

|<2> Set Image File type |

|<3> Set Bin File type |

|<4> Set Configuration File type |

|<5> Delete File |

|<0> Exit To Main Menu |

============================================================================

Enter your choice(0-5):

Table 23 File Control submenu options

Option	Description
<1> Display All File(s)	Display all files.
<2> Set Image File type	Set the attribute for a software image file.
<3> Set Bin File type	Set the attribute for a .bin file.
<4> Set Configuration File type	Set the type for a configuration file.
<5> Delete File	Delete a file.
<0> Exit To Main Menu	Return to the EXTEND-BOOTWARE menu.

Displaying all files

Enter 1 in the File Control submenu.

Enter your choice(0-5): 1

Display all file(s) in cfa0:

'M' = MAIN 'B' = BACKUP 'N/A' = NOT ASSIGNED

============================================================================

|NO. Size(B) Time Type Name |

|1 956 Jan/21/2019 17:59:34 N/A cfa0:/ifindex.dat |

|2 24671 Mar/28/2018 09:08:56 N/A cfa0:/wdydiudie.cfg |

|3 735 Mar/28/2018 09:18:22 N/A cfa0:/hostkey |

|4 116549 Oct/09/2017 13:51:02 N/A cfa0:/lwb-t5k.cfg |

|5 963 Mar/27/2018 15:24:12 N/A cfa0:/license/history/deviceid_2|

|0180327152412.did |

|6 965 Mar/27/2018 15:24:12 N/A cfa0:/license/210235a1rsh1640000|

|06.did |

|7 3237 Dec/25/2017 15:14:54 N/A cfa0:/license/ngips2017122515235|

|923325.ak |

|8 3249 Apr/16/2018 16:40:28 N/A cfa0:/license/ngips2018041616523|

|608292.ak |

|9 1611429 Jan/22/2019 14:14:22 N/A cfa0:/logfile/logfile.log |

|10 1048575 Apr/16/2018 17:57:26 N/A cfa0:/logfile/ips.log |

|11 5230 Mar/19/2018 14:40:30 N/A cfa0:/logfile/uflt.log |

|12 1048405 Apr/16/2018 17:57:26 N/A cfa0:/logfile/anti-vir.log |

|13 44840 Aug/10/2017 15:25:46 N/A cfa0:/logfile/dfilter.log |

|14 14195 Jan/21/2019 16:47:54 N/A cfa0:/logfile/cfglog.log |

|15 251751 Jan/03/2019 09:09:56 N/A cfa0:/diagfile/diagfile.log |

|16 69784 Mar/28/2018 09:18:28 N/A cfa0:/dpi/ips/predefined/ips_sig|

|pack_curr.dat |

|17 2373992 Mar/28/2018 09:18:28 N/A cfa0:/dpi/ips/predefined/ips_sig|

|pack_back.dat |

|18 32027352 Apr/16/2018 16:56:28 N/A cfa0:/dpi/av/predefined/av_sigpa|

|ck_curr.dat |

|19 9574536 Apr/16/2018 16:48:00 N/A cfa0:/dpi/av/predefined/av_sigpa|

|ck_back.dat |

|20 68040 Mar/28/2018 09:18:28 N/A cfa0:/dpi/uflt/predefined/uflt_s|

|igpack_curr.dat |

|21 10330760 Mar/28/2018 09:18:36 N/A cfa0:/dpi/uflt/predefined/uflt_s|

|igpack_back.dat |

|22 342232 Mar/28/2018 09:18:24 N/A cfa0:/dpi/apr/predefined/apr_sig|

|pack_curr.dat |

|23 979448 Mar/28/2018 09:18:24 N/A cfa0:/dpi/apr/predefined/apr_sig|

|pack_back.dat |

|24 2840 Jan/22/2019 14:12:46 N/A cfa0:/dpi/filereg/predefined/fil|

|ereg_sigpack_curr.dat |

|25 30 Jan/21/2019 16:53:16 N/A cfa0:/dpi/dpi_sigpack.log |

|26 1566 Mar/28/2018 09:18:20 N/A cfa0:/pki/https-server.p12 |

|27 591 Mar/28/2018 09:18:22 N/A cfa0:/serverkey |

|28 259308 Mar/28/2018 09:08:58 N/A cfa0:/wdydiudie.mdb |

|29 723419 Oct/09/2017 13:51:04 N/A cfa0:/lwb-t5k.mdb |

|30 22692 Jan/21/2019 17:59:36 M cfa0:/startup.cfg |

|31 686202 May/20/2017 19:15:56 N/A cfa0:/pn.cfg |

|32 9275 Oct/28/2017 13:50:12 N/A cfa0:/zp.cfg |

|33 807 Oct/09/2017 15:59:54 N/A cfa0:/.trash/.trashinfo |

|34 5327872 Aug/15/2017 13:06:42 N/A cfa0:/.trash/main-cmw710-boo|

|t-e8518.bin_0001 |

|35 5331968 Aug/15/2017 10:30:04 N/A cfa0:/.trash/main-cmw710-boo|

|t-e8519.bin_0001 |

|36 9048064 Aug/21/2017 13:54:12 N/A cfa0:/.trash/main-cmw710-boo|

|t-e8520.bin_0001 |

|37 2056192 Aug/12/2017 18:05:54 N/A cfa0:/.trash/main-cmw710-dev|

|kit-e8518.bin_0001 |

|38 163840 Aug/14/2017 16:57:06 N/A cfa0:/.trash/main-cmw710-dev|

|kit-e8519.bin_0001 |

|39 163840 Aug/21/2017 14:07:26 N/A cfa0:/.trash/main-cmw710-dev|

|kit-e8520.bin_0001 |

|40 103891968 Aug/15/2017 13:07:04 N/A cfa0:/.trash/main-cmw710-sys|

|tem-e8518.bin_0001 |

|41 107120640 Aug/15/2017 10:30:58 N/A cfa0:/.trash/main-cmw710-sys|

|tem-e8519.bin_0001 |

|42 171900928 Aug/21/2017 14:07:02 N/A cfa0:/.trash/main-cmw710-sys|

|tem-e8520.bin_0001 |

|43 2238 Jan/22/2019 14:14:22 N/A cfa0:/context/context3/logfile/l|

|ogfile.log |

|44 24 Jan/21/2019 17:59:50 N/A cfa0:/context/context3/ifindex.d|

|at |

|45 1192 Jan/21/2019 17:59:50 N/A cfa0:/context/context3/startup.c|

|fg |

|46 34023 Jan/21/2019 17:59:50 N/A cfa0:/context/context3/startup.m|

|db |

|47 18468 Jan/22/2019 14:14:22 N/A cfa0:/context/context4/logfile/l|

|ogfile.log |

|48 1566 Mar/28/2018 09:19:08 N/A cfa0:/context/context4/pki/https|

|-server.p12 |

|49 1671 Jan/22/2019 09:27:00 N/A cfa0:/context/context4/startup.c|

|fg |

|50 37050 Jan/22/2019 09:27:00 N/A cfa0:/context/context4/startup.m|

|db |

|51 52 Jan/22/2019 09:27:00 N/A cfa0:/context/context4/ifindex.d|

|at |

|52 9054208 Apr/20/2018 13:27:02 N/A cfa0:/main-cmw710-boot-e8526|

|.bin |

|53 227919 Jan/21/2019 17:59:36 N/A cfa0:/startup.mdb |

|54 186294272 Apr/20/2018 13:27:30 N/A cfa0:/main-cmw710-system-e85|

|26.bin |

|55 123384832 Jan/21/2019 17:20:04 N/A cfa0:/main.ipe |

|56 3920 Jul/19/2017 18:32:04 N/A cfa0:/86.raw |

|57 3242 Jul/07/2017 09:36:50 N/A cfa0:/ngips2017070709142354252.a|

|k |

|58 120804 Jun/17/2017 17:00:30 N/A cfa0:/1.cfg |

|59 822025 Jun/17/2017 17:00:34 N/A cfa0:/1.mdb |

|60 120727 Jun/17/2017 17:01:02 N/A cfa0:/2.cfg |

|61 821866 Jun/17/2017 17:01:06 N/A cfa0:/2.mdb |

|62 16 Jan/21/2019 17:48:10 N/A cfa0:/versioninfo/versionctl.dat|

|63 536 Jan/21/2019 17:48:10 N/A cfa0:/versioninfo/version0.dat |

|64 796 Mar/20/2018 16:23:44 N/A cfa0:/versioninfo/version1.dat |

|65 796 Mar/20/2018 16:30:22 N/A cfa0:/versioninfo/version2.dat |

|66 796 Mar/20/2018 16:32:22 N/A cfa0:/versioninfo/version3.dat |

|67 796 Mar/20/2018 16:39:04 N/A cfa0:/versioninfo/version4.dat |

|68 536 Mar/27/2018 12:36:40 N/A cfa0:/versioninfo/version5.dat |

|69 796 Mar/27/2018 14:23:12 N/A cfa0:/versioninfo/version6.dat |

|70 536 Mar/28/2018 09:18:16 N/A cfa0:/versioninfo/version7.dat |

|71 796 Apr/16/2018 18:06:04 N/A cfa0:/versioninfo/version8.dat |

|72 536 Jul/24/2018 11:50:02 N/A cfa0:/versioninfo/version9.dat |

|73 9696 Sep/11/2017 17:41:56 N/A cfa0:/libpty.so |

|74 500446 Jul/29/2017 17:59:46 N/A cfa0:/ips.rules |

|75 19586056 Oct/16/2017 17:58:08 N/A cfa0:/50w-2.dat |

|76 117405304 Oct/16/2017 15:38:20 N/A cfa0:/500w-2.dat |

|77 7125 Sep/11/2017 19:43:30 N/A cfa0:/new1.rules |

|78 963 Oct/16/2017 17:12:58 N/A cfa0:/210235a1rsh164000006.did |

|79 9172 Oct/26/2017 11:30:30 N/A cfa0:/uzi.cfg |

|80 792001 May/20/2017 19:15:58 N/A cfa0:/pn.mdb |

|81 554834 May/18/2017 15:40:52 N/A cfa0:/fullconfig.cfg |

|82 684919 May/19/2017 13:50:20 N/A cfa0:/fullconfig2.cfg |

|83 554834 May/18/2017 16:20:36 N/A cfa0:/fullconfig1.cfg |

|84 788347 May/19/2017 13:50:22 N/A cfa0:/fullconfig2.mdb |

|85 154433 Oct/26/2017 11:30:30 N/A cfa0:/uzi.mdb |

|86 685411 May/23/2017 14:08:56 N/A cfa0:/wdy0523.cfg |

|87 791322 May/23/2017 14:08:58 N/A cfa0:/wdy0523.mdb |

|88 3246 Oct/16/2017 17:38:58 N/A cfa0:/ngips2017101617275868747.a|

|k |

|89 164864 Apr/20/2018 13:36:44 N/A cfa0:/main-cmw710-devkit-e85|

|26.bin |

|90 582397 Dec/25/2017 16:17:00 N/A cfa0:/1024.rules |

|91 93544 Dec/25/2017 16:17:30 N/A cfa0:/url.dat |

|92 5684224 Jul/24/2018 11:39:04 N/A cfa0:/main-cmw710-boot-e8530|

|.bin |

|93 154961 Oct/28/2017 13:50:14 N/A cfa0:/zp.mdb |

|94 504464 Oct/28/2017 19:22:12 N/A cfa0:/5e9dd320d3c7fd6fbec3a81a85|

|788002.6d9ada99 |

|95 2491008 Oct/29/2017 15:57:14 N/A cfa0:/8ac3b6bff681d9be6a20f865ac|

|e15a14 |

|96 20 Jan/31/2018 14:20:10 N/A cfa0:/.snmpboots |

|97 2216 Apr/16/2018 18:05:22 N/A cfa0:/pcap/excpt-currentcpu11-20|

|180117140659.cap |

|98 128016 Jan/17/2018 14:29:32 N/A cfa0:/firewall.exp |

|99 2812 Jan/17/2018 20:07:28 N/A cfa0:/web/threat/cn/subthreatrep|

|ort.html |

|100 1139 Jan/17/2018 20:07:28 N/A cfa0:/web/threat/cn/threatid.htm|

|l |

|101 2148 Jan/17/2018 20:07:28 N/A cfa0:/web/threat/cn/threatlog.ht|

|ml |

|102 2370 Jan/17/2018 20:07:28 N/A cfa0:/web/threat/cn/threatrank.h|

|tml |

|103 2067 Jan/17/2018 20:07:28 N/A cfa0:/web/threat/cn/threatrankdl|

|g.html |

|104 4122 Jan/17/2018 20:07:28 N/A cfa0:/web/threat/cn/threatreport|

|.html |

|105 3571 Jan/17/2018 20:07:28 N/A cfa0:/web/threat/cn/threattrend.|

|html |

|106 2857 Jan/17/2018 20:07:28 N/A cfa0:/web/threat/en/subthreatrep|

|ort.html |

|107 1429 Jan/17/2018 20:07:28 N/A cfa0:/web/threat/en/threatlog.ht|

|ml |

|108 2651 Jan/17/2018 20:07:28 N/A cfa0:/web/threat/en/threatrank.h|

|tml |

|109 2419 Jan/17/2018 20:07:28 N/A cfa0:/web/threat/en/threatrankdl|

|g.html |

|110 4213 Jan/17/2018 20:07:28 N/A cfa0:/web/threat/en/threatreport|

|.html |

|111 2721 Jan/17/2018 20:07:28 N/A cfa0:/web/threat/en/threattrend.|

|html |

|112 14068 Jan/17/2018 20:07:28 N/A cfa0:/web/threat/nc.js |

|113 36539 Jan/17/2018 20:07:28 N/A cfa0:/web/threat/netconf.rbac |

|114 19541 Jan/17/2018 20:07:28 N/A cfa0:/web/threat/subthreatreport|

|.js |

|115 13032 Jan/17/2018 20:07:28 N/A cfa0:/web/threat/threatid.js |

|116 98591 Jan/17/2018 20:10:04 N/A cfa0:/web/threat/threatlog.js |

|117 55749 Jan/17/2018 20:07:30 N/A cfa0:/web/threat/threatrank.js |

|118 37582 Jan/17/2018 20:07:30 N/A cfa0:/web/threat/threatrankdlg.j|

|s |

|119 31328 Jan/17/2018 20:07:30 N/A cfa0:/web/threat/threatreport.js|

|120 133659 Jan/17/2018 20:07:30 N/A cfa0:/web/threat/threattrend.js |

|121 106004480 Jul/24/2018 11:39:24 N/A cfa0:/main-cmw710-system-e85|

|30.bin |

|122 5692416 Jan/21/2019 17:29:52 M cfa0:/main-cmw710-boot-e8524|

|p15.bin |

|123 117685248 Jan/21/2019 17:30:12 M cfa0:/main-cmw710-system-e85|

|24p15.bin |

|124 7300 Jan/24/2018 08:53:08 N/A cfa0:/0a704f6998e9602ac5203b1306|

|7b2317 |

|125 151348 Jun/05/2017 16:40:44 N/A cfa0:/o.mdb |

|126 17704 Jan/31/2018 09:44:08 N/A cfa0:/dpi.cfg |

|127 235207 Jan/31/2018 09:44:10 N/A cfa0:/dpi.mdb |

|128 17659 Jan/31/2018 10:53:24 N/A cfa0:/dpi1.cfg |

|129 231817 Jan/31/2018 10:53:26 N/A cfa0:/dpi1.mdb |

|130 110592 Jan/31/2018 14:31:18 N/A cfa0:/core/node16_dpid_202565_11|

|_20180131-143118_1517409078.core |

|131 118784 Jul/24/2018 11:51:10 N/A cfa0:/core/node16_ntopd_820_11_2|

|0180724-115110_1532433070.core |

|132 118784 Dec/17/2018 08:32:20 N/A cfa0:/core/node16_ntopd_803_11_2|

|0181217-083220_1545035540.core |

|133 3249 Apr/16/2018 16:40:28 N/A cfa0:/ngips2018041616523608292.a|

|k |

============================================================================

Setting the attribute for software images

1. Enter 2 in the File Control submenu.

===============================<File CONTROL>===============================

|Note:the operating device is cfa0 |

|<1> Display All File(s) |

|<2> Set Image File type |

|<3> Set Bin File type |

|<4> Set Configuration File type |

|<5> Delete File |

|<0> Exit To Main Menu |

============================================================================

Enter your choice(0-5): 2

'M' = MAIN 'B' = BACKUP 'N/A' = NOT ASSIGNED

============================================================================

|NO. Size(B) Time Type Name |

|1 123384832 Jan/21/2019 17:20:04 N/A cfa0:/main.ipe |

|0 Exit |

============================================================================

2. Enter the numbers of the files you are working with. For example, enter 1.

Enter file No.:1

Modify the file attribute:

============================================================================

|<1>+Main |

|<2>+Backup |

|<0> Exit |

============================================================================

Enter your choice(0-2):

3. Enter a number in the range of 0 to 2 to add or delete a file attribute for the files. For example, enter 1 to assign the M attribute to the files.

Enter your choice(0-2):1

This operation may take several minutes. Please wait....

The file is exist,will you overwrite it? [Y/N]Y

Image file main-cmw710-boot-E8524P15.bin is self-decompressing...

Saving file cfa0:/main-cmw710-boot-E8524P15.bin ........................

............................................................................

.................Done.

Image file main-cmw710-system-E8524P15.bin is self-decompressing...

Saving file cfa0:/main-cmw710-system-E8524P15.bin ......................

............................................................................

.....................................................................Done.

Set the file attribute success!

Setting the attribute for .bin files

Enter 3 in the File Control submenu.

Enter your choice(0-5): 3

'M' = MAIN 'B' = BACKUP 'N/A' = NOT ASSIGNED

============================================================================

|NO. Size(B) Time Type Name |

|1 9054208 Apr/20/2018 13:27:02 N/A cfa0:/main-cmw710-boot-e8526|

|.bin |

|2 186294272 Apr/20/2018 13:27:30 N/A cfa0:/main-cmw710-system-e85|

|26.bin |

|3 164864 Apr/20/2018 13:36:44 N/A cfa0:/main-cmw710-devkit-e85|

|26.bin |

|4 5684224 Jul/24/2018 11:39:04 N/A cfa0:/main-cmw710-boot-e8530|

|.bin |

|5 106004480 Jul/24/2018 11:39:24 N/A cfa0:/main-cmw710-system-e85|

|30.bin |

|6 5692416 Jan/22/2019 14:47:32 M cfa0:/main-cmw710-boot-e8524|

|p15.bin |

|7 117685248 Jan/22/2019 14:47:50 M cfa0:/main-cmw710-system-e85|

|24p15.bin |

|0 Exit |

============================================================================

Note:Select .bin files. One but only one boot image and system image must

be included.

Enter file No.(Allows multiple selection):1

Enter another file No.(0-Finish choice):2

Enter another file No.(0-Finish choice):0

You have selected:

cfa0:/main-cmw710-boot-e8526.bin

cfa0:/main-cmw710-system-e8526.bin

Modify the file attribute:

============================================================================

|<1>+Main |

|<2>+Backup |

|<0> Exit |

============================================================================

Enter your choice(0-2):1

This operation may take several minutes. Please wait....

Set the file attribute success!

Deleting a file

1. Enter 5 in the File Control submenu.

Enter your choice(0-5): 5

Deleting the file in cfa0:

'M' = MAIN 'B' = BACKUP 'N/A' = NOT ASSIGNED

============================================================================

|NO. Size(B) Time Type Name |

|1 956 Jan/21/2019 17:59:34 N/A cfa0:/ifindex.dat |

|2 24671 Mar/28/2018 09:08:56 N/A cfa0:/wdydiudie.cfg |

|3 735 Mar/28/2018 09:18:22 N/A cfa0:/hostkey |

|4 116549 Oct/09/2017 13:51:02 N/A cfa0:/lwb-t5k.cfg |

|5 963 Mar/27/2018 15:24:12 N/A cfa0:/license/history/deviceid_2|

|0180327152412.did |

|6 965 Mar/27/2018 15:24:12 N/A cfa0:/license/210235a1rsh1640000|

|06.did |

|7 3237 Dec/25/2017 15:14:54 N/A cfa0:/license/ngips2017122515235|

|923325.ak |

|8 3249 Apr/16/2018 16:40:28 N/A cfa0:/license/ngips2018041616523|

|608292.ak |

|9 1611429 Jan/22/2019 14:14:22 N/A cfa0:/logfile/logfile.log |

|10 1048575 Apr/16/2018 17:57:26 N/A cfa0:/logfile/ips.log |

|11 5230 Mar/19/2018 14:40:30 N/A cfa0:/logfile/uflt.log |

|12 1048405 Apr/16/2018 17:57:26 N/A cfa0:/logfile/anti-vir.log |

|13 44840 Aug/10/2017 15:25:46 N/A cfa0:/logfile/dfilter.log |

|14 14195 Jan/21/2019 16:47:54 N/A cfa0:/logfile/cfglog.log |

|15 251751 Jan/03/2019 09:09:56 N/A cfa0:/diagfile/diagfile.log |

|16 69784 Mar/28/2018 09:18:28 N/A cfa0:/dpi/ips/predefined/ips_sig|

|pack_curr.dat |

|17 2373992 Mar/28/2018 09:18:28 N/A cfa0:/dpi/ips/predefined/ips_sig|

|pack_back.dat |

|18 32027352 Apr/16/2018 16:56:28 N/A cfa0:/dpi/av/predefined/av_sigpa|

|ck_curr.dat |

|19 9574536 Apr/16/2018 16:48:00 N/A cfa0:/dpi/av/predefined/av_sigpa|

|ck_back.dat |

|20 68040 Mar/28/2018 09:18:28 N/A cfa0:/dpi/uflt/predefined/uflt_s|

|igpack_curr.dat |

|21 10330760 Mar/28/2018 09:18:36 N/A cfa0:/dpi/uflt/predefined/uflt_s|

|igpack_back.dat |

|22 342232 Mar/28/2018 09:18:24 N/A cfa0:/dpi/apr/predefined/apr_sig|

|pack_curr.dat |

|23 979448 Mar/28/2018 09:18:24 N/A cfa0:/dpi/apr/predefined/apr_sig|

|pack_back.dat |

|24 2840 Jan/22/2019 14:12:46 N/A cfa0:/dpi/filereg/predefined/fil|

|ereg_sigpack_curr.dat |

|25 30 Jan/21/2019 16:53:16 N/A cfa0:/dpi/dpi_sigpack.log |

|26 1566 Mar/28/2018 09:18:20 N/A cfa0:/pki/https-server.p12 |

|27 591 Mar/28/2018 09:18:22 N/A cfa0:/serverkey |

|28 259308 Mar/28/2018 09:08:58 N/A cfa0:/wdydiudie.mdb |

|29 723419 Oct/09/2017 13:51:04 N/A cfa0:/lwb-t5k.mdb |

|30 22692 Jan/21/2019 17:59:36 M cfa0:/startup.cfg |

|31 686202 May/20/2017 19:15:56 N/A cfa0:/pn.cfg |

|32 9275 Oct/28/2017 13:50:12 N/A cfa0:/zp.cfg |

|33 807 Oct/09/2017 15:59:54 N/A cfa0:/.trash/.trashinfo |

|34 5327872 Aug/15/2017 13:06:42 N/A cfa0:/.trash/main-cmw710-boo|

|t-e8518.bin_0001 |

|35 5331968 Aug/15/2017 10:30:04 N/A cfa0:/.trash/main-cmw710-boo|

|t-e8519.bin_0001 |

|36 9048064 Aug/21/2017 13:54:12 N/A cfa0:/.trash/main-cmw710-boo|

|t-e8520.bin_0001 |

|37 2056192 Aug/12/2017 18:05:54 N/A cfa0:/.trash/main-cmw710-dev|

|kit-e8518.bin_0001 |

|38 163840 Aug/14/2017 16:57:06 N/A cfa0:/.trash/main-cmw710-dev|

|kit-e8519.bin_0001 |

|39 163840 Aug/21/2017 14:07:26 N/A cfa0:/.trash/main-cmw710-dev|

|kit-e8520.bin_0001 |

|40 103891968 Aug/15/2017 13:07:04 N/A cfa0:/.trash/main-cmw710-sys|

|tem-e8518.bin_0001 |

|41 107120640 Aug/15/2017 10:30:58 N/A cfa0:/.trash/main-cmw710-sys|

|tem-e8519.bin_0001 |

|42 171900928 Aug/21/2017 14:07:02 N/A cfa0:/.trash/main-cmw710-sys|

|tem-e8520.bin_0001 |

|43 2238 Jan/22/2019 14:14:22 N/A cfa0:/context/context3/logfile/l|

|ogfile.log |

|44 24 Jan/21/2019 17:59:50 N/A cfa0:/context/context3/ifindex.d|

|at |

|45 1192 Jan/21/2019 17:59:50 N/A cfa0:/context/context3/startup.c|

|fg |

|46 34023 Jan/21/2019 17:59:50 N/A cfa0:/context/context3/startup.m|

|db |

|47 18468 Jan/22/2019 14:14:22 N/A cfa0:/context/context4/logfile/l|

|ogfile.log |

|48 1566 Mar/28/2018 09:19:08 N/A cfa0:/context/context4/pki/https|

|-server.p12 |

|49 1671 Jan/22/2019 09:27:00 N/A cfa0:/context/context4/startup.c|

|fg |

|50 37050 Jan/22/2019 09:27:00 N/A cfa0:/context/context4/startup.m|

|db |

|51 52 Jan/22/2019 09:27:00 N/A cfa0:/context/context4/ifindex.d|

|at |

|52 9054208 Apr/20/2018 13:27:02 M cfa0:/main-cmw710-boot-e8526|

|.bin |

|53 227919 Jan/21/2019 17:59:36 N/A cfa0:/startup.mdb |

|54 186294272 Apr/20/2018 13:27:30 M cfa0:/main-cmw710-system-e85|