Skip to main content

Illumio Core What's New and Release Notes 21.5

VEN

  • VEN Compatibility Report Returns a row with an empty Type (E-86148)

    This issue is resolved and the UI works as expected.

  • VEN processes making call to PDC Emulator on remote server (E-85319)

    In idle mode, systems were experiencing many errors for GetGPOFirewallInfo which appeared to cause slowness of GPO downloads. After multiple tests, the test systems could not duplicate the issue. This issue is resolved.

  • Policy that includes wrong PCE IP address fails while in Illumination mode (E-84709)

    While in Illumination mode, if you tried to apply a policy that specifies the wrong IP address for the PCE, the policy failed, which was not expected. The VEN now tolerates such a policy while in Illumination mode (but not while in Enforcement mode). This issue is resolved.

  • UDP traffic flows in Illumination could be confusing (E-84615)

    How the PCE displayed UDP traffic flows in Illumination could be confusing because of the way the VEN evaluated flows for UDP (which is connectionless). For example, Illumination could display false positive flows for the syslog service. Syslog listens on local UDP ports while acting as a client (sending only outbound packets from those ports). This issue is resolved. In this release, Illumio adjusted VEN heuristics for determining UDP flow directions. The VEN now accounts for local and remote UDP port numbers. If local UDP port numbers are ephemeral (>= 1024) and remote UDP port numbers are privileged (< 1024), the VEN doesn't treat these UDP flows as inbound even when a service is listening on the local port.

  • VEN does not retry to pair with the PCE except for 426 error (E-84563)

    When the customer installed VEN and tried to pair it for the first time, the pair failed. The VEN did not seem to retry to pair with the PCE until a service restart using illumio-ven-ctl restart was issued. Workarounds: Before pairing the VEN: If the user wanted to use the Squid proxy, they needed to configure Squid to allow port 443, and unset the Squid proxy variable to allow pce_port through TCP 8443 by issuing: unset http_proxy and unset https_proxy. After pairing the VEN failed: the user had to restart VEN using /opt/illumio_ven/illumio_ven_ctl restart, which allowed the VEN to retry to pair with the PCE and bypass the Squid proxy server. This issue is resolved.

  • PCE user interface displays the Program Name and Service Name on the same ports (E-77450) Typically, as soon as the VEN is paired, on certain connections, the PCE user interface displayed both the Program Name and Service Name as using the same ports. For example, both the service name, svchost.exe, and the program name, TermService, both seemed to be using port 3389. This issue is resolved.

See also: