StoneOS Release Notes

1

All rights reserved. Copyright 2015, Hillstone Networks SG-0415-5.5R1-02

StoneOS 5.5R1

Release Overview

Release Date: April 15th, 2015

This major release mainly supports innovative features of comprehensive visibility, intelligence,

and threat prevention. All platforms begin to use a unified and optimized interface. A new license

StoneShiled is issued to provide advanced threat detection and abnormal behavior detection.

New virtual firewall (vFW) is released.

Platforms and Images

Platform Models Images

SG-6000-G5150

SG-6000-G3150

SG-6000-G2120

SG-6000-G2110

SG-6000-M6860

SG-6000-M6560

SG-6000-M6115

SG-6000-M6110

SG-6000-M3600

SG-6000-M3108

SG-6000-M3105

SG-6000-M3100

SG-6000-M2600

SG-6000-M2105

SG-6000-M1600

SG6000-M-5.5R1

SG-6000-M8860

SG-6000-M8260

SG-6000-M7860

SG-6000-M7360

SG-6000-M7260

SG-6000-E5960

SG-6000-E5760

SG-6000-E5660

SG-6000-E5560

SG-6000-E5260

SG6000-M-2-5.5R1

SG-6000-E3960 SG6000-M-3-5.5R1

StoneOS Release Notes

2

All rights reserved. Copyright 2015, Hillstone Networks SG-0415-5.5R1-02

SG-6000-E3660

SG-6000-E2800

SG-6000-E2300

SG-6000-E1700

SG-6000-E1600

SG-6000-E1100 (WLAN)

SG-6000-E1100 (WLAN +3G-WCDMA)

SG-6000-E1100 (3G-WCDMA)

SG-6000-C1000

SG-6000-X7180 SG6000-X7180-5.5R1

SG-6000-X6180 SG6000-X6180-5.5R1

SG-6000-X6150 SG6000-X6150-5.5R1

SG6000-X6150-GS SG6000-X6150-GS-5.5R1

SG-6000-VM01

SG-6000-VM02

SG6000-VM01-5.5R1

SG6000-VM02-5.5R1

SG-6000-T5860

SG-6000-T5060

SG-6000-T3860

SG6000-T-5.5R1.iso

SG-6000-G5150

SG-6000-G3150

SG-6000-G2120

SG-6000-G2110

SG-6000-M6860

SG-6000-M6560

SG-6000-M6115

SG-6000-M6110

SG-6000-M3600

SG-6000-M3108

SG-6000-M3105

SG-6000-M3100

SG-6000-M2600

SG-6000-M2105

SG-6000-M1600

SG6000-UIF-5.5R1.bin

SG6000-UIF-5.5R1.iso

SG6000-UIF-5.5R1-disk1.vmdk

SG6000-UIF-5.5R1.ovf

SG6000-UIF-5.5R1.mf

SG-6000-M8860

SG-6000-M8260

SG-6000-M7860

SG-6000-M7360

SG-6000-M7260

SG-6000-E5960

SG-6000-E5760

SG-6000-E5660

SG-6000-E5560

SG-6000-E5260

SG6000-UIF-2-5.5R1.bin

SG6000-UIF-2-5.5R1.iso

SG6000-UIF-2-5.5R1-disk1.vmdk

SG6000-UIF-2-5.5R1.ovf

SG6000-UIF-2-5.5R1.mf

StoneOS Release Notes

3

All rights reserved. Copyright 2015, Hillstone Networks SG-0415-5.5R1-02

SG-6000-M8860

SG-6000-M8260

SG-6000-M7860

SG-6000-M7360

SG-6000-M7260

SG-6000-E3960

SG-6000-E3660

SG-6000-E2800

SG-6000-E2300

SG-6000-E1700

SG-6000-E1600

SG6000-UIF-3-5.5R1.bin

SG6000-UIF-3-5.5R1.iso

SG6000-UIF-3-5.5R1-disk1.vmdk

SG6000-UIF-3-5.5R1.ovf

SG6000-UIF-3-5.5R1.mf

Upgrading Notes

Upgrading Notes for Each Platform

Upgrading Notes for E/X Platform

For different versions of E/X platform, note the following matters:

To upgrade the versions before 5.0R3 to 5.5R1, Hillstone recommends you to first

upgrade to 5.0R4P5, and then upgrade to 5.5R1.

You can upgrade 5.0R3 and its subsequent versions to 5.5R1 directly.

The following versions support upgrading via WebUI: 5.0R4P6, 5.0R3P10, 5.0R4F4,

5.0R3F5.2, and 5.0R4F4.1. For other versions, use CLI to upgrade versions.

For different models of E/X platform, note the following matters:

SG-6000-M2105 (512M) does not support 5.5R1.

Due to storage limitation, Hillstone does not recommend you to upgrade the following

models to 5.5R1: SG-6000-M2105 (1G), SG-6000-M1600, SG-6000-M3100,

SG-6000-M3105, SG-6000-M3108. If needed, contact Service Line to obtain detailed

upgrading guideline.

Upgrading Notes for T Platform

Upgrading T platform takes a long time and it will last dozens of minutes or several hours.

During the upgrading, the device can normally forward the data in the data plane, but the

WebUI of Dashboard, iCenter, and Monitor cannot display normally. For more detailed

upgrading guideline, contact Service Line.

After upgrading from 5.0R4 to 5.5R1, the original threat logs cannot display in iCenter

due to threat database changes and new iCenter functions. To save the original 5.0R4

threat logs, export them via WebUI in 5.0R4.

StoneOS Release Notes

4

All rights reserved. Copyright 2015, Hillstone Networks SG-0415-5.5R1-02

Upgrading Notes for UIF Platform

Upgrading UIF platform takes a long time and it will last dozens of minutes or several

hours. During the upgrading, the device can normally forward the data in the data plane,

but the WebUI of Dashboard, iCenter, and Monitor cannot display normally. For more

detailed upgrading guideline, contact Service Line.

After upgrading from 5.0R4 to 5.5R1, the original threat data cannot display in iCenter

due to threat database changes and new iCenter functions. To save the original 5.0R4

threat logs, export them via WebUI in 5.0R4.

To upgrade E platform to UIF platform, you need to install the unified intelligence server

license. To roll back UIF platform to E platform, you need to first uninstall the unified

intelligence service license.

For more information about UIF platform introduction, installation and upgrading, see

Hillstone Unified Intelligence Firewall Installation Manual.

Upgrading Notes for Each Module

Separating Applications from Services

From 5.0R4 release, applications are separated from services. For example, the old Service FTP

is divided into Service FTP and Appication FTP. This change will affect these modules: policies,

policy routes, NAT, QoS, session limits and statistics. If you update your system to versions higher

than 5.0R4, there is no influence on your normal use (however, an unsupported command

prompt may appear). Due to the separation, downgrading from 5.0R4 will not restore the old

categorization. Please back up your configuration before upgrading to 5.0R4.

Log Type Change

From 5.0R4, StoneOS has moved alarm type logs to event logs (severity level higher than critical).

If system is upgraded to versions higher than 5.0R4, the commands related to alarm logs

(logging alarm/logging syslog...type alarm) will be deleted. If a system is downgraded from

5.0R4 or higher, the event logs of (and higher than) critical severity will be lost.

New Attribute for Address Books

From 5.0R3, StoneOS has added an ID attribute for each address entry. When the system is

upgraded to 5.0R3 from prior versions, the existing address book configurations will be processed

smoothly without any effect to users; when the system is downgraded to versions below 5.0R3,

all the existing address book configurations will be lost.

StoneOS Release Notes

5

All rights reserved. Copyright 2015, Hillstone Networks SG-0415-5.5R1-02

Policy Default Mode Change

From 4.5R1, StoneOS changed its policys default mode to the global configuration mode. When

the system is upgraded to 4.5R1 or higher, the existing policy rule configurations will be

processed smoothly without any effect to users; when the system is downgraded to versions

below 4.5R1, all the existing policy rule configurations will be lost.

Statistics Configuration Adjustment

From 4.5R1, StoneOS has adjusted the configuration of statistics function. When the system is

upgraded to 4.5R1 or higher, the existing statistics configurations will be processed smoothly

without any effect to users; when the system is downgraded to versions below 4.5R1, all the

existing statistics configurations may be lost.

Interface Mirroring Configuration Change

From 5.0R1, StoneOS changed CLI command for interface mirroring:

Before 5.0R1 After 5.0R1

mirror to interface-name [both | rx | tx] mirror to interface-name

mirror enable {both | rx | tx}

When the system is upgraded to 5.0R1 or higher, the command will be upgraded smoothly

without any effect to users; when the system is downgraded to versions lower than 5.0R1, all the

interface mirroring configurations will be lost.

Attack Defense Configuration Change

From 5.0R2, StoneOS does not support layer 2 IP address spoofing attack defense any longer.

When the system is upgraded to versions of 5.0R2 or higher, the configuration of ad

ip-spoofing will be lost.

New QoS: iQos

Intelligent Quality of Service (iQos) is added from version 5.5R1. When the system is upgraded

fro