This document contains Proprietary Trade Secrets of Allot Communications LTD and its

receipt or possession does not convey any right to reproduce, disclose its contents or to
manufacture, use or sell anything that it may describe.

Allot reserves the right to make changes, add, remove or change the schedule of any
element of this document.












Software
Release Notes
Version 1

NetEnforcer S9.1.3
AC-1000 Series

This document details new features, known issues and clarifications concerning
NetEnforcer software version S9.1.3 This release pertains only to the AC-1000 Series.
Please check http://www.allot.com/support/ for any updates to this document.










New Features ................................................................................................................ 2
New Protocols and Applications ................................................................................... 2
Resolved Issues ............................................................................................................ 3
Known Issues ................................................................................................................ 4
NetEnforcer Software Upgrade Procedure ................................................................... 6

NetEnforcer S9.1.3 Release Notes


2010 Allot Communications. All rights reserved. 2
New Features
Enhanced protocols and applications support
A new protocols identification engine is introduced with this version, which both improves current
protocol support and will enhance future protocol support. This new engine brings flexibility and
modularity to the protocol identification realm and extends the platform's identification abilities. All
high-end Service Gateway and NetEnforcer devices use the same engine for protocols
identification.
The new engine now supports classification of uTorrent2.x and similar applications.
This new engine is mandatory for support of all protocol packs 3.9 releases and above. This
mechanism is not compliant with protocol pack releases prior to PP3.9.
Encapsulation Support
AC-1000 version S9.1.3 was added with the following encapsulation support and can classify
traffic traversing within the encapsulation tunnel.
GRE (including GRE Options)
New Protocols and Applications
This version supports Allot Protocol Updates package version 3.1 and above. Version S9.1.3
comes bundled with PP3.9
Please see PP3.9 release notes for details regarding protocols support.
NetEnforcer S9.1.3 Release Notes


2010 Allot Communications. All rights reserved. 3
Resolved Issues
Fixed an issue that could cause misclassification of uTorrent2.x protocol.
Fixed an issue that could cause performance reduction following a device reboot.
Fixed an issue that could cause the device to reboot upon very frequent SNMP
poles (more than one per second) of the network processor statistics.
Fixed an issue that could cause the device to reboot when applying DoS
enforcement to Skype service.
Port redirection action now redirect the session from the first identified packet
and not from the packet following it.
Fixed an issue that could cause time catalog updates to fail when large numbers
of entries are found.
Fixed an issue that could cause subscribers to fall into fallback pipe when
working with SMP.
Fixed an issue that could cause the wrong service plan to be applied for
subscribers when working with SMP and multiple IPs per subscriber.
Fixed a bug with MSN parser that could on rare occasions cause the device to
reboot.
Added a mechanism that improves HTTP processing significantly reducing
latency and delay and increasing forwarding capabilities for HTTP traffic.
NetEnforcer S9.1.3 Release Notes


2010 Allot Communications. All rights reserved. 4
Known Issues
Allot NetEnforcer software version S9.1.3 requires a new key. Please make sure
you have the new key prior to installation. It is possible to download a new key
the Allot web CRM, or, alternatively contact customer support at
support@allot.com in order to receive the new key prior to installation.
When working with NX7.1.1 or older NX versions and creating a new Pipe / VC
the new element will be created with a service entry of All Service, in some
cases this can cause the device to reject the policy and load a default policy.
o Allot Recommends: Instead of "All Service", define the policy as "All
IP".
The Most Active Protocols graph and the CLI command acstat no longer show
TCP ports for protocols that are not in the service catalog. All protocols that are
not in the service catalog are now presented as "Other TCP".
Host entries can not be defined as "Any" in a Pipe/VC template.
When updating from version S7.1.0, if any policy containing the following
unsupported catalog entries, after the upgrade the device will boot in rescue
mode
Service catalog entry with HTTP content.
DoS catalog entry with CER actions.
QoS catalog with Minimum Reserved on Use definition.
Please note this is not applicable to upgrades from S7.1.3.
o Allot Recommends: before upgrading from a previous version delete
from the policy any catalog entries that contain CER and/or HTTP
content.
In some cases DNS protocol might not be identified correctly.
o Allot Recommends: In order to correctly identify DNS go into DNS
service definition and configure it to default port 53.
Reject action causes Drop action to take place instead of Reject.
When upgrading from a previous version, if the NetEnforcer being upgraded is
not connected to NetXplorer server the default behavior is to override the existing
policy). In order to retain the previous policy the user must specifically instruct the
NetEnforcer to do so when prompted. This issue does not occur when the device
is connected to the NetXplorer server/manager.
The option in Action on Failure to Fail all Ports is no longer supported. The
possible actions on fail are either bypass or fail port pair.
Setting back the device time by 15 minutes or more may cause SNMPv3 agent to
stop responding to SNMP requests. Device reboot resolves the problem.
When port redirection is activated it is still possible to activate active redundancy
mode via CLI although it is not available with port redirection.
It is not recommended to use the host file feature available with NX7.5.0 with
version C8.1.0. In some cases this feature may cause the device to reboot.
o Allot Recommends: In order to gain the same functionality use the
dynamic hosts groups when there is a need to associate large number of
hosts to a Pipe / VC.
NetEnforcer S9.1.3 Release Notes


2010 Allot Communications. All rights reserved. 5
Like any device in your network, the NetEnforcer should be protected by a
unique password that is changed at regular intervals. Therefore, the default
password should be changed immediately following installation or upgrading. The
procedure to do so is as follows:
Admin or Monitoring Password
1. In the NetEnforcer Setup Menu, enter 3 (Change password) and press
<Enter>. The Password screen is displayed.
2. Enter 1 or 2 to specify the type of user whose password you want to
change (Admin or Monitoring) and press <Enter>.
3. Enter a new password and press <Enter>. The password must be
between 5 and 8 characters. You should use a combination of upper and
lower case letters and numbers for the strongest possible security.
4. Re-enter the password and press <Enter>. If NetEnforcer detects a
simple password, a warning is displayed on the screen.
Root Password
NOTE Changing the Root password requires knowledge of the current Root
password. If the Root password is unknown contact Allot Customer
Support at support@allot.com for assistance
1. Log into the NetEnforcer via Telnet and enter the following command:
passwd
2. Enter a new password and press <Enter>. The password must be
between 5 and 8 characters. You should use a combination of upper and
lower case letters and numbers for the strongest possible security.
3. Re-enter the password and press <Enter>. If NetEnforcer detects a
simple password, a warning is displayed on the screen.
4. A message will inform you that the password has been successfully
changed.
NOTE You must change all default passwords to ensure a minimum level of
security.

NetEnforcer S9.1.3 Release Notes


2010 Allot Communications. All rights reserved. 6
NetEnforcer Software Upgrade Procedure

NOTE Before upgrading delete any catalog entries that contain CER and/or HTTP content.

1. Remove the NetEnforcer from service.
2. You may need to free space on the Flash memory card. Before beginning the upgrade access
the NetEnforcer via telnet or the console port, open the /tmp folder on the root directory of the
NetEnforcer and delete the following files found there:
ne<version number>.tgz
packages<number>.tgz
These are old install files which are no longer needed and which could be taking up as much
as 100MB of flash memory space. Files may also be deleted from the directory /V51 or /V511.

NOTE: Type the command df h and verify you have at least 45M Available as shown in the
output example below:
Filesystem Size Used Avail Use% Mounted on /dev/cfa2 225M 171M 46M 79% /
3. Download the software version from the Allot FTP site by completing the following steps:
Open Telnet and log in to the NetEnforcer as User Name: root Password:
bagabu (default).
Type mkdir S913.
Type cd S913.
Type ftp ftp.allot.com (the IP address is 209.62.76.11)
Log into the ftp site with username: Anonymous and password: <YOUR EMAIL
ADDRESS>.
Type cd DPI_device/AC-1000/NX/GA/S913/
Type hash.
Type bin.
Type prompt.
Type mget *
4. Type chmod u+x ne-instl.sh.
5. Type ./ne-instl.sh.
6. If asked if you wish to enter a new QoS key, enter your preference.
7. The upgrade procedure could take as long as 20 minutes and then you'll be prompted to
reboot the box.
8. Enter the command ac_reboot to reboot the unit.
Changing the Passwords

You can change the login password for either the Admin user or the Monitor user. The Admin user has
access to all NetEnforcer functions, while the Monitor user has read-only access. It is strongly
recommended to change the default password. NetEnforcer might enable access from anywhere on
the Internet, and should therefore be protected with a unique password.
1. In the NetEnforcer Setup Menu, enter 3 (Change password) and press <Enter>. The following
Password screen is displayed.
NetEnforcer S9.1.3 Release Notes


2010 Allot Communications. All rights reserved. 7
2. Enter 1 or 2 to specify the type of user whose password you want to change and press
<Enter>.
3. Enter a new password and press <Enter>. The password must be between 5 and 8
characters. You can use a combination of upper and lower case letters and numbers.
4. Re-enter the password and press <Enter>. If NetEnforcer detects a simple password, a
warning is displayed on the screen.

NOTE You must change the default passwords to ensure a minimum level of security.