Threat Mitigation System

Release Notes

Version 9.6.0.0
Legal Notice
The information contained within this document is subject to change without notice. NETSCOUT SYSTEMS, INC.
makes no warranty of any kind with regard to this material, including, but not limited to, the implied warranties of
merchantability and fitness for a particular purpose. NETSCOUT SYSTEMS, INC. shall not be liable for errors
contained herein or for any direct or indirect, incidental, special, or consequential damages in connection with the
furnishings, performance, or use of this material.
Use of this product is subject to the End User License Agreement available at
http://www.NetScout.com/legal/terms-and-conditions or which accompanies the product at the time of shipment
or, if applicable, the legal agreement executed by and between NetScout Systems, Inc. or one of its wholly-owned
subsidiaries (“NETSCOUT”) and the purchaser of this product (“Agreement”).
Government Use and Notice of Restricted Rights: In U.S. government (“Government”) contracts or subcontracts,
Customer will provide that the Products and Documentation, including any technical data (collectively “Materials”),
sold or delivered pursuant to this Agreement for Government use are commercial as defined in Federal
Acquisition Regulation (“FAR”) 2.101and any supplement and further are provided with RESTRICTED RIGHTS. All
Materials were fully developed at private expense. Use, duplication, release, modification, transfer, or disclosure
(“Use”) of the Materials is restricted by the terms of this Agreement and further restricted in accordance with FAR
52.227-14 for civilian Government agency purposes and 252.227- 7015 of the Defense Federal Acquisition
Regulations Supplement (“DFARS”) for military Government agency purposes, or the similar acquisition
regulations of other applicable Government organizations, as applicable and amended. The Use of Materials is
restricted by the terms of this Agreement, and, in accordance with DFARS Section 227.7202 and FAR Section
12.212, is further restricted in accordance with the terms of NETSCOUT’S commercial End User License
Agreement. All other Use is prohibited, except as described herein.
This Product may contain third-party technology. NETSCOUT may license such third-party technology and
documentation (“Third-Party Materials”) for use with the Product only. In the event the Product contains Third-
Party Materials, or in the event you have the option to use the Product in conjunction with Third-Party Materials
(as identified by NETSCOUT in the Documentation provided with this Product), then such third-party materials are
provided or accessible subject to the applicable third-party terms and conditions contained either in the “Read
Me” or “About” file located in the Software or on an Application CD provided with this Product, or in an appendix
located in the documentation provided with this Product. To the extent the Product includes Third-Party Materials
licensed to NETSCOUT by third parties, those third parties are third-party beneficiaries of, and may enforce, the
applicable provisions of such third-party terms and conditions.
Open-Source Software Acknowledgement: This product may incorporate open-source components that are
governed by the GNU General Public License (“GPL”) or licenses that are compatible with the GPL license (“GPL
Compatible License”). In accordance with the terms of the GNU GPL, NETSCOUT will make available a complete,
machine-readable copy of the source code components of this product covered by the GPL or applicable GPL
Compatible License, if any, upon receipt of a written request. Please identify the product and send a request to:
NetScout Systems, Inc.
GNU GPL Source Code Request
310 Littleton Road
Westford, MA 01886
Attn: Legal Department
No portion of this document may be copied, photocopied, reproduced, translated, or reduced to any electronic
medium or machine form without prior consent in writing from NETSCOUT. The information in this document is
subject to change without notice and does not represent a commitment on the part of NETSCOUT.
The products and specifications, configurations, and other technical information regarding the products
described or referenced in this document are subject to change without notice and NETSCOUT reserves the right,
at its sole discretion, to make changes at any time in its technical information, specifications, service, and support
programs. All statements, technical information, and recommendations contained in this document are believed
to be accurate and reliable but are presented “as is” without warranty of any kind, express or implied. You must
take full responsibility for their application of any products specified in this document. NETSCOUT makes no
implied warranties of merchantability or fitness for a purpose as a result of this document or the information
described or referenced within, and all other warranties, express or implied, are excluded.
Except where otherwise indicated, the information contained in this document represents the planned
capabilities and intended functionality offered by the product and version number identified on the front of this
document. Screen images depicted in this document are representative and intended to serve as example images
only.

© 1999-2022 NETSCOUT SYSTEMS, INC. All rights reserved. Confidential and Proprietary.
www.netscout.com
Document Number: TMS-RN-9600-2022/05
02 May, 2022
Contents

Revision History 4

Preface
Introduction 5
Software Versioning Policy 6

Threat Mitigation System (TMS) 9.6.0.0 Release Notes

New Features in TMS 9.6.0.0 7
Enhancements in TMS 9.6.0.0 8
Changes in Behavior in TMS 9.6.0.0 8

Fixed and Known Issues

Fixed Issues 11
Known Issues 13

Upgrade Information
Software Threat Mitigation System (TMS) requires specific CPU instruction sets 15
TMS HD1000 (16x10G) and TMS 5000 automatic configuration replaces user configuration 16
Supported Upgrade Paths 16
Multi-version Upgrades and Deployments 16
About Adding or Upgrading TMS in Sightline Deployments 16

System Requirements
Supported Devices 17
Communication Ports 17

Support and Documentation

Downloading the software and documentation 21
Contacting Arbor Technical Assistance Center 21
About the Sightline and Threat Mitigation System Documentation 21

TMS Release Notes, Version 9.6.0.0 3

TMS Release Notes, Version 9.6.0.0

Revision History

The following table lists the dates when these release notes were updated and a
description of the changes that were made:

Date Description of Changes

April 28, 2022 Content finalized.

4 © NETSCOUT SYSTEMS, INC. Confidential and Proprietary

 Preface

Preface

Introduction
This document includes release information about Threat Mitigation System 9.6.0.0.

Threat Mitigation System 9.6.0.0 lifecycle

Start of General Availability End of Maintenance

May, 2021 May, 2023

© NETSCOUT SYSTEMS, INC. Confidential and Proprietary 5

TMS Release Notes, Version 9.6.0.0

Software Versioning Policy

The following versioning policy applies to Sightline and TMS software releases 9.3.5 and
higher.

Software release levels

Release level Numbering Description

Major x.0.0.0 A release that includes significant new features,

Example: enhancements, and bug fixes.
4.0.0.0

Minor x.y.0.0 A release that follows a major release and includes

Example: new features, enhancements, and bug fixes.
4.3.0.0

Point x.y.z.0 A release that follows a major or minor release and

Examples: includes bug fixes. A point release might also include
4.0.1.0, 4.3.2.0 new features and enhancements.

Maintenance x.y.z.n A release that fixes bugs that were found in the
Examples: associated major, minor, or point release.
4.0.0.2,
4.3.0.1,
4.0.1.3, 4.3.2.1

Lifecycle support
n Major and minor releases have a 3-year support lifecycle (with 2 years of software
maintenance).
n A point release inherits the support lifecycle from the major or minor release that it is
associated with. For example, 4.3.2.0 follows the support lifecycle timeline of 4.3.0.0.
n A maintenance release inherits the support lifecycle from the major or minor release
that it is associated with. For example, 4.3.2.1 follows the support lifecycle timeline of
4.3.0.0.

6 © NETSCOUT SYSTEMS, INC. Confidential and Proprietary

 Threat Mitigation System (TMS) 9.6.0.0 Release Notes

Threat Mitigation System (TMS) 9.6.0.0

Release Notes

New Features in TMS 9.6.0.0

Omnis TMS Guardian
Omnis TMS Guardian is a cost-effective way to sell TMS mitigation services to your
customers. With Omnis TMS Guardian, you purchase licenses for the customer traffic you
want to mitigate with TMS, instead of purchasing a license for the TMS device.

In Sightline, you define customer managed objects for the traffic you want to mitigate,
and apply Omnis TMS Guardian licenses to the managed objects. You can then do the
following:
n Use the TMS devices that are configured for Omnis TMS Guardian to mitigate traffic
that matches the managed objects.
n View DoS alert traffic dropped by flowspec mitigations that are protecting the
managed objects.
Omnis TMS Guardian is available with the following TMS devices:
n TMS HD1000 (16x10G)
n TMS HD1000 (4x100G + 8x10G)
n TMS 8100 (8x10G + 8x1G)
n Software TMS

For information on using Software TMS devices with Omnis TMS Guardian, see the topic
“Adding a Software TMS Device Using Omnis TMS Guardian Licensing” in either of the
following documents:
n Software Threat Mitigation System Virtual Machine Installation Guide
n Software Threat Mitigation System Installation on Hardware

For additional information on Omnis TMS Guardian, see the following topics in the
Sightline and Threat Mitigation System User Guide:
n “About Licensing for Omnis TMS Guardian”
n “Using Omnis TMS Guardian in your Deployment”
n “Configuring Omnis TMS Guardian”

© NETSCOUT SYSTEMS, INC. Confidential and Proprietary 7

TMS Release Notes, Version 9.6.0.0

Enhancements in TMS 9.6.0.0

Configure stricter password requirements for TMS local user accounts
You can now configure password requirements for TMS local user accounts that are
stricter than the default password requirements. You can now configure the following:
n a password complexity mode
n a password expiration timeframe
n the display of password expiration warning messages

For additional information, see “Configuring Advanced Password Requirements” in the

Sightline and Threat Mitigation System User Guide.

New 100 GbE network card support for Software TMS

Software TMS, when installed in VMware or KVM, now supports the Mellanox ConnectX-5
100 GbE network card for mitigation ports.

The network cards were configured as follows during our testing:

n each network card used one port
n each network card was connected to different NUMA nodes

Changes in Behavior in TMS 9.6.0.0

TMS HD1000 Bandwidth Licensing
TMS HD1000 appliance licenses previously licensed the appliance without regard to the
bandwidth of the Packet Processing Modules (PPMs) in the appliance. All new TMS
HD1000 appliance licenses are now based on PPM bandwidth.

The bandwidth permitted on the appliance is limited to the bandwidth purchased with
the license. As you modify the number or type of PPMs, you purchase new licenses to
reflect the change in the appliance’s potential bandwidth.

Important
Existing customers can continue using their current TMS HD1000 licenses.

See the following sections in the Sightline and Threat Mitigation System Deployment and
Device Limits document for additional information on TMS HD1000 appliance limits:
n “TMS HD1000 (16x10G) Appliance Limits”
n “TMS HD1000 (4x100G + 8x10G) Appliance Limits”

Automatic configuration for TMS HD1000 (16x10g) and TMS 5000 appliances
In Sightline, you previously needed to manually enter the number and type of Packet
Processing Modules (PPMs) or Application Processing Modules (APM-Es) in TMS HD1000
(16x10g) and TMS 5000 appliances. PPM and APM-E configuration information is now
automatically sent from these appliances to Sightline. The configuration is now shown in
a Slot table displayed in the following areas:
n the Deployment tab of the Add/Edit Appliance page (Administration > Appliances)
n the Appliance Status page (System > Status > Appliance Status)

8 © NETSCOUT SYSTEMS, INC. Confidential and Proprietary

 Threat Mitigation System (TMS) 9.6.0.0 Release Notes

n the Appliance Monitoring page (System > Status > Appliance Monitoring)

Important
When you upgrade, automatic configuration replaces your previous configuration with
the configuration sent from the appliance.

Filter list capacity calculations exclude TMS devices not communicating with
Sightline
When determining if a filter list is too large for a mitigation or a deployment, Sightline
now excludes the filter list capacity of TMS devices that are not communicating with it.
Previously, the non-communicating TMS devices could cause Sightline to use a lower limit
than is currently necessary for filter list sizes.

If you have TMS devices in your deployment that are not communicating with Sightline,
you may see the following changes in behavior:
n You may no longer see some warnings about filter lists being too large.
n In warnings or messages, you may see a different maximum size allowed for filter lists.

Sightline UI changes on the Add/Edit TMS Group page

In order to simplify the configuration of TMS groups, two tabs on the Add/Edit TMS Group
page have been combined. The following tabs have been merged into the new Mitigation
Handling tab:
n Deployment
n Mitigation Preconditions

The labels for the check boxes that were on those tabs have also changed. The table
below shows the old and new labels, and the tab that previously contained the check box:

Previous tab
Old labels New label location

End mitigation if one or more group Stop mitigations if Deployment

members fails or becomes unreachable. any of the following
Also controls whether individual group conditions occur:
members will end mitigation if leader n a TMS group
becomes unreachable. member fails or is
unavailable
n the Sightline leader
is unreachable
n the mitigation
becomes degraded

Require all group members to be up Require all TMS group Mitigation

before starting a mitigation members to be up Preconditions
and available.

© NETSCOUT SYSTEMS, INC. Confidential and Proprietary 9

TMS Release Notes, Version 9.6.0.0

Previous tab
Old labels New label location

Require all diversion peering sessions to Require all diversion Mitigation

be up before starting a mitigation peering sessions to Preconditions
be up.

Require all group members to have Require all TMS group Mitigation
available bandwidth before starting a members to have Preconditions
mitigation available bandwidth.

Sightline UI Mitigation > Threat Management menu item renamed

In the Sightline UI, the Mitigation > Threat Management menu item has been renamed
to Mitigation > TMS.

10 © NETSCOUT SYSTEMS, INC. Confidential and Proprietary

 Fixed and Known Issues

Fixed and Known Issues

Fixed Issues

Bug Number Ticket Number Fixed In TMS Fixed Issues Description

76155 160802-000013 9.6.0.0 When the Shaping countermeasure was configured

211222-000040 with an FCAP expression that would never match a
packet (for example, proto tcp and proto udp), the
countermeasure erroneously matched every packet.

92043 9.6.0.0 Non-critical temperature sensor alerts were not being

sent to Sightline.

92092 9.6.0.0 Non-critical temperature sensor alerts were not being

sent to Sightline.

92787 9.6.0.0 An uncommon race condition could cause the

following cosmetic TMS status alert: System check
module check_hwdevice failed.

94170 210824-000099 9.6.0.0 On the TMS HD1000, TMS services could improperly
start on a Packet Processing Module.

94195 210828-000006 9.6.0.0 TMS generated an Internal error: regex load

210917-000004 failed status alert when a regular expression that
211129-000045 was functionally equivalent to an existing regular
expression was added to a running mitigation. The
211201-000018
mitigation did not properly mitigate traffic until a
220117-000098 different regular expression was saved, which cleared
the invalid configuration.

94510 211012-000033 9.6.0.0 Payload Regular Expression compilation times

sometimes caused LACP keepalives to be lost.

94519 211013-000074 9.6.0.0 When uninstalling or installing a TMS software

package, the session idle timeout value was reset to
the default value.

94751 211112-000029 9.6.0.0 When using GRE in L3 deployment mode, packet

processors could fail when processing fragmented
traffic.

94766 211026-000030 9.6.0.0 The SIP Malformed countermeasure erroneously

considered a SIP message malformed if the Status-
Line did not have a Reason-Phrase.

© NETSCOUT SYSTEMS, INC. Confidential and Proprietary 11

TMS Release Notes, Version 9.6.0.0

Bug Number Ticket Number Fixed In TMS Fixed Issues Description

94793 211015-000014 9.6.0.0 Under certain conditions, the TMS 5000 failed to
handle deny list entries properly. This resulted in any
of the following issues:
n failure to add an item to the deny list
n failure to remove an item from the deny list
n failure to show that an item was on the deny list

95027 220126-000066 9.6.0.0 Management interfaces did not respond to Multicast

Listener Query packets. In networks with Multicast
Listener Discovery snooping enabled, such as when
using a VMware Distributed vSwitch, this could result
in a loss of IPv6 connectivity to the TMS.

95256 220302-000019 9.6.0.0 Traffic was inadvertently dropped during periods

220304-000039 when the rate of traffic was at or near the licensed
220210-000074 bandwidth of a TMS device.

220112-000054
211223-000021
220221-000055
220304-000075
220313-000015
220315-000047

12 © NETSCOUT SYSTEMS, INC. Confidential and Proprietary

 Fixed and Known Issues

Known Issues

Bug Number Ticket Number Found In TMS Known Issues Description

95367 9.6.0.0 When booting a Cisco ASR 9000 vDDoS Protection

device, the following cosmetic error message is
present on the serial console:
IpmitoolException: ipmitool exited with
error: Could not open device at /dev/ipmi0 or
/dev/ipmi/0 or /dev/ipmidev/0: No such file
or directory

82696 211028-000018 9.4.0.0 If a Software TMS device has fewer than 16 physical
interfaces, and on the Deployment tab
(Administration > Appliances), Capabilities is set to
Enable Full Reporting, the following TMS Fault alert
is erroneously generated:
Config File 'dpi.conf' is 'Error' (physical
interface(s) invalid
As a workaround, follow the steps below:
1. Navigate to the Configure Appliances page
(Administration > Appliances).
2. To edit the Software TMS device, click its name
link.
3. On the Deployment tab, set Capabilities to
Advanced.
4. On the Patch Panel tab, select Mitigate, Flow,
DNS, HTTP, and VOIP Capabilities for the ports
used for mitigation or reporting.
5. Click Save, and then commit your changes.

92970 210611-000032 9.3.6 On the TMS 8100 (8x10G + 8x1G), some ports may
incorrectly show their speed as 40 GbE.

90663 9.3.0 In tmsdump, certain packets such as LACP PDU's may

get marked as "consumed" before they have been
transmitted. This is a cosmetic display issue only.

93376 9.3.0 When using PCI passthrough with Software TMS, the
passthrough must be configured for the entire card,
rather than individual ports.

89085 9.2.0 The front panel management port on the TMS-

HD1000 is unable to communicate after negotiating
at 10BASE-T speed.

90797 9.2.0 Mitigations must be stopped prior to upgrading from

TMS 9.0.x to TMS 9.2.x. If the mitigations are not
stopped, TMS may be unable to continue mitigating
or may be unstable after services are started.

© NETSCOUT SYSTEMS, INC. Confidential and Proprietary 13

TMS Release Notes, Version 9.6.0.0

Bug Number Ticket Number Found In TMS Known Issues Description

87174 9.1.0 The following log messages may occur when running
more than 100 mitigations on a TMS 5000. These are
harmless and should be ignored:
n blinky[#]: [S] #MODULE-SKIP check-hwdevice
(already running)
n blinky[#]: [W] #BLINKY apm-X-ipmc -4
seconds out of sync
n SA_ERR_HPI_NO_RESPONSE

88020 9.1.0 If you make certain changes to the TMS patch panel
settings in the presence of traffic, the system can
generate spurious alerts and may become slightly
unstable. You can avoid this by making patch panel
changes only when the TMS is not actively mitigating
traffic, or by waiting about a minute for the condition
to clear.

90798 9.1.0 Mitigations must be stopped prior to upgrading from

TMS 9.0.x to TMS 9.2.x. If the mitigations are not
stopped, TMS may be unable to continue mitigating
or may be unstable after services are started.

14 © NETSCOUT SYSTEMS, INC. Confidential and Proprietary

 Upgrade Information

Upgrade Information

For detailed information about supported upgrade paths, multi-version upgrades, and
multi-version deployments, see the Sightline and Threat Mitigation System Compatibility
Guide. You can download this guide from the Arbor Technical Assistance Center
(https://support.arbornetworks.com).

Software Threat Mitigation System (TMS) requires specific

CPU instruction sets
All CPUs used by Software TMS must have the MMX, SSE, SSE2, SSE3 (PNI), and SSSE3
instruction sets. Software TMS may not start if you upgrade to Software TMS 9.6.0.0
with a CPU that does not support these instruction sets.
Note
To check which instruction sets the CPU supports, enter cat /proc/cpuinfo in the
shell command line. The supported instruction sets are listed in the Flags field.
Important
(Software TMS running in a KVM hypervisor only) The default KVM64 CPU does not
support the required instruction sets. When you install Software TMS you must specify
a different CPU that supports the instruction sets. See "Installing Software Threat
Mitigation System from a qcow2 disk image" in Software Threat Mitigation System Virtual
Machine Installation Guide.

© NETSCOUT SYSTEMS, INC. Confidential and Proprietary 15

TMS Release Notes, Version 9.6.0.0

TMS HD1000 (16x10G) and TMS 5000 automatic

configuration replaces user configuration
The new TMS HD1000 (16x10G) and TMS 5000 automatic configuration replaces your
previous configuration with the configuration sent from the appliance. See “Automatic
configuration for TMS HD1000 (16x10g) and TMS 5000 appliances” on page 8 for more
information.

Supported Upgrade Paths

For information about the supported upgrade paths to TMS 9.6.0.0, see “Supported
Upgrade Paths” in the Sightline and Threat Mitigation System Compatibility Guide, available
from the Arbor Technical Assistance Center (https://support.arbornetworks.com).

Important
To upgrade a Cisco ASR 9000 vDDoS Protection device to TMS 9.6.0.0, follow the
instructions in the topic “Upgrading the Software and Installing Maintenance Releases
on TMS Devices” in the Sightline and Threat Mitigation System User Guide. The installation
procedure described in the Cisco ASR 9000 vDDoS Protection Configuration Guide should
be followed for new installations only.

Multi-version Upgrades and Deployments

TMS 9.6.0.0 is multi-version compatible with earlier Sightline, SP, and TMS releases. This
allows you to upgrade the devices in your deployment in stages. For details about multi-
version compatibility, refer to the Sightline and Threat Mitigation System Compatibility
Guide, available from the Arbor Technical Assistance Center
(https://support.arbornetworks.com).

About Adding or Upgrading TMS in Sightline Deployments

You add or upgrade TMS hardware and software in your Sightline deployment by doing
the following:
n installing new or upgraded TMS software on TMS appliances, Cisco ASR 9000 vDDoS
Protection models, virtual machines, or your own hardware
n configuring TMS software in the Sightline web UI or in the Sightline or TMS command
line interface (CLI)

16 © NETSCOUT SYSTEMS, INC. Confidential and Proprietary

 System Requirements

System Requirements

For information about enforced limits and guideline limits for each currently supported
TMS model, see Sightline and Threat Mitigation System Deployment and Device Limits. You
can download this guide from the ATAC website (https://support.arbornetworks.com).

Supported Devices
The following TMS devices are supported in the TMS 9.6.0.0 release:
n TMS 2600
n TMS 2800
n TMS 5000 (32x10G and 4x100G models)
n TMS HD1000 (16x10G)
n TMS HD1000 (4x100G + 8x10G)/PPM-20G
n TMS HD1000 (4x100G + 8x10G)/PPM-50G
n TMS HD1000 (4x100G + 8x10G)/mixed PPMs
n TMS 8100 (8x10G + 8x1G)
n Software Threat Mitigation System
n Cisco ASR 9000 vDDoS Protection (10G, 20G, 40G, and 60G models)

For more information see “TMS Software Compatibility with TMS Devices” in the Sightline
and Threat Mitigation System Compatibility Guide. You can download this guide from the
Arbor Technical Assistance Center (https://support.arbornetworks.com).

Communication Ports
Required ports
The following table lists the ports that TMS requires in a Sightline/TMS deployment.

Service Ports Required Protocol Direction

ArborFlow 31373 UDP n FS appliance to traffic and

routing analysis
n FS appliance to data storage
traffic and routing analysis to
data storage
n traffic and routing analysis to
data storage

ArborFlow (if 5000 (default) UDP n TMS appliance to traffic and

ArborFlow from routing analysis
TMS is enabled)

© NETSCOUT SYSTEMS, INC. Confidential and Proprietary 17

TMS Release Notes, Version 9.6.0.0

Service Ports Required Protocol Direction

BGP 179 TCP n TMS appliance to router

n traffic and routing analysis to
router
n user interface to router
n FS appliance to router
n router to traffic and routing
analysis
n router to user interface
n router to FS appliance
n router to TMS appliance

DNS 53 UDP n Sightline appliance to DNS server

n Return on same port

Flow 2055 UDP n Router to traffic and routing

(netflow) (configurable) analysis
n Router to FS appliance
n By default, traffic and routing
analysis or FS appliances watch
all UDP ports for netflow packets
from configured routers.

HTTPS 443 TCP n Sightline non-leader appliance(s)

to Sightline leader appliance
n Sightline leader appliance to
Sightline non-leader appliance(s)
n TMS appliance to managing
appliance
n Managing appliance to TMS

SNMP polling of 161 UDP n Traffic and routing analysis to

routers router
n FS appliance to router
n Return on same port

Sightline user 443 TCP n User workstation to Sightline

interface (HTTPS) leader or user interface

Note
Some of the ports may not be applicable to your deployment.

18 © NETSCOUT SYSTEMS, INC. Confidential and Proprietary

 System Requirements

Optional ports
The following ports are optional and only need to be enabled if you are using the
corresponding service:

Service Ports Protocol Direction

FTP 20-21 TCP n TMS appliance query to FTP client

n FTP client response to TMS
appliance
n Sightline appliance query to FTP
server
n FTP server response to Sightline
appliance

HTTP 80 TCP n TMS appliance query to HTTP

client
n HTTP client response to TMS
appliance
n Sightline appliance to HTTP server
n HTTP server response to Sightline
appliance

NTP 123 UDP n Sightline or TMS appliance

request to NTP server
n NTP server response to Sightline
or TMS appliance

ping echorequest, ICMP n Sightline or TMS appliance

echoreply request to remote device
n Remote device response to
Sightline or TMS appliance

RADIUS 1812 UDP n Sightline or TMS appliance query

Authentication to RADIUS server
n RADIUS server response to
Sightline or TMS appliance

RADIUS 1813 UDP n Sightline or TMS appliance query

Accounting to RADIUS server
n RADIUS server response to
Sightline or TMS appliance

SMTP 25 TCP n Leader appliance delivery to SMTP

server
n SMTP server response to leader
appliance

SNMP polling of 161 UDP n User polling equipment query to

appliances Sightline or TMS appliance
n Sightline or TMS appliance
response to user polling
equipment

© NETSCOUT SYSTEMS, INC. Confidential and Proprietary 19

TMS Release Notes, Version 9.6.0.0

Service Ports Protocol Direction

SNMP trap 162 UDP n Leader appliance message to

SNMP trap collector
n TMS appliance message to SNMP
trap collector

SSH 22 TCP n Workstation to Sightline or TMS

appliance
n Sightline or TMS appliance
response to workstation
Note
Backup uses SSH

Syslog 514 UDP n Sightline or TMS appliance

message to Syslog server

TACACS+ 49 TCP n Sightline or TMS appliance query

to TACACS+ server
n TACACS+ response to Sightline or
TMS appliance

20 © NETSCOUT SYSTEMS, INC. Confidential and Proprietary

 Support and Documentation

Support and Documentation

Downloading the software and documentation

You can download the software releases and user documentation from the Arbor
Technical Assistance Center at https://support.arbornetworks.com using the Software
Downloads link.

Contacting Arbor Technical Assistance Center

You can download the software release and user documentation from the Arbor
Technical Assistance Center website. You will need a username and password to access
the site.

If you do not already have a customer account, contact the Arbor Technical Assistance
Center (ATAC) at:
n 1 877 272 6721 [U.S. toll free]
n +1 781 768 4301 [Worldwide]
n https://support.arbornetworks.com

About the Sightline and Threat Mitigation System

Documentation
The following documentation is available for Sightline and Threat Mitigation System (TMS)
devices and software. All documentation is available from the Arbor Technical Assistance
Center (https://support.arbornetworks.com).

Document Title Description

Sightline Release Notes Release information about Sightline and TMS,

including new features, enhancements, fixed issues,
Threat Mitigation System Release
and known issues.
Notes

© NETSCOUT SYSTEMS, INC. Confidential and Proprietary 21

TMS Release Notes, Version 9.6.0.0
Document Title
Sightline and Threat Mitigation
System User Guide
Sightline and Threat Mitigation
System Advanced Configuration
Guide
Sightline and Threat Mitigation
System Compatibility Guide
Sightline and Threat Mitigation
System Deployment and Device
Limits
Sightline and Threat Mitigation
System Licensing Guide
Sightline and Threat Mitigation
System Managed Services
Customer Guide
Sightline and Threat Mitigation
System API Guide
Sightline REST API Documentation
22
Description
Instructions and information that explain how to
configure and use Sightline and TMS devices and
software via the Sightline user interface (UI) and the
command line interface (CLI).
You can access the User Guide by clicking the 
icon in the Sightline UI. It is also available as a PDF.
The User Guide contains all information that was
previously included in the following documents:
n Sightline and Threat Mitigation System Advanced
Configuration Guide
n Sightline and Threat Mitigation System Licensing
Guide
This document has been discontinued. The content
previously included in this document is now
included in the Sightline and Threat Mitigation System
User Guide.
Descriptions of the support for multi-version, multi-
platform Sightline and TMS deployments.
Lists the enforced limits and guideline limits for
Sightline and TMS deployments. It also covers the
enforced limits and guideline limits for supported
Sightline and TMS devices.
This document has been discontinued. The content
previously included in this document is now
included in the Sightline and Threat Mitigation System
User Guide.
Instructions and information for the managed
services customers who use the Sightline user
interface.
General information about the following APIs:
n REST API
n Web Services API
n Current SOAP API
n Classic SOAP API (the API that was released prior
to SP version 5.5)
Instructions and information that explain how to
use Sightline REST API. You can access this
documentation from the Sightline UI by selecting
Administration > Sightline REST API
Documentation. It is also available for download.
© NETSCOUT SYSTEMS, INC. Confidential and Proprietary

Document Title
ArbOS REST API Documentation
Sightline Virtual Machine
Installation Guide
Software Threat Mitigation System
Installation on Hardware
Software Threat Mitigation System
Virtual Machine Installation Guide
Software Threat Mitigation System
Performance Benchmarks
Installation Guide for Sightline
and Threat Mitigation System
appliances
© NETSCOUT SYSTEMS, INC. Confidential and Proprietary
Support and Documentation
Description
Instructions and information that explain how to
use ArbOS REST API. You can access this
documentation from the Sightline UI by selecting
Administration > ArbOS REST API Documentation.
It is also available for download.
Instructions on installing Sightline in a VM
environment. Follow the instructions in this guide if
you are using a VM instead of hardware for
Sightline.
Instructions on installing Software TMS on your own
hardware. Follow the instructions in this guide if you
are installing Software TMS on hardware instead of
a VM.
Instructions on installing Software TMS in a VM
environment. Follow the instructions in this guide if
you are using a VM instead of hardware for
Software TMS.
Performance benchmarks for Software TMS
installations on a VM and your own hardware.
This document is published when benchmark
information is available. It may not be published
with each new release of the TMS software.
Instructions and requirements for the initial
installation and configuration of Sightline and TMS
appliances.
23
TMS Release Notes, Version 9.6.0.0

24 © NETSCOUT SYSTEMS, INC. Confidential and Proprietary