VEN
Policy error thrown after changing the enforcement state from Full Enforcement to Visibility Only mode (E-83721)
Given the following factors:
VENs installed on Linux nodes on which IPv6 support was disabled
In a domain with a DNS server that could return IPv6 address records
An Illumio security policy that included FQDN rules that allowed the DNS server to send IPv6 DNS responses
Issue: A policy error showed up in the Workloads and VENs > Workloads page after the user changed the enforcement state from Full Enforcement back to Visibility Only mode. This issue is resolved.
Unsupported Pairing Script option was available through the CLI (E-83264)
A deprecated visibility option in the Pairing Script,
flow_full_detail, appeared for Core 21.2.x-VEN customers who used a command line to pair a VEN. If the deprecated option was chosen, the VEN didn't pair successfully and an error message appeared advising customers to check their activation code. This issue is resolved; the deprecated option has been removed from the Pairing Script.VEN service on RHEL 8.x workloads crashed following upgrade (E-82319)
Following an upgrade to Core 19.3.6+H3-VEN, a policy sync error occurred and the VEN service
venPlatformHandlercrashed on workloads running RHEL 8.x with consecutive IP addresses specified inetc/resolv.conf. This issue is now resolved andPlatformHandlerno longer crashes in these circumstances.Unexpected tampering events could occur (E-79445)
You could occasionally detect firewall tampering events when the Firewall Coexistence feature was enabled in the PCE for the container and host workloads in the container cluster. This issue occurred when Illumio Kubelink couldn't connect to the PCE and, as a result, the container cluster wasn't “In Sync” with the PCE. This issue is resolved.