Skip to main content

Illumio Core What's New and Release Notes 21.5

Resolved Issues in 21.5.31-VEN

Important

PCE 21.5.31-VEN is available for Illumio Core On-Premises customers and Illumio Core Cloud customers.

  • (Solaris) VEN could incorrectly report firewall tampering (E-96755)

    The VEN used basic optimization (the default) to load the firewall rules into packet filter. As a result, the rule order could be unpredictable and the VEN could incorrectly detect and report firewall tampering. This issue is resolved. In this release, the VEN no longer uses basic optimization to load firewall rules. Without optimization, the original rule order is maintained. The optimization no longer causes the VEN to incorrectly detect firewall tampering.

  • VEN loses connectivity after upgrade over VPN (E-96155, E-94942)

    After upgrading to 21.5.30, the VEN lost connectivity, and all traffic was blocked. Due to the upgrade, the local policy format of the VEN changes and the upgraded VEN was unable to recognize the old policy. The VEN needs to communicate with the PCE to refresh the policy. Because the upgrade was performed over a VPN (the PCE is only accessible over the VPN), when the VEN applies the old policy incorrectly, the local firewall dropped/blocked the VPN connection. Therefore, the VEN was unable to refresh the policy. This issue is resolved.

  • Compatibility report does not detect nftables rules (E-95407, E-94962, E-87414)

    After VENs with existing nftables set up for port forwarding were switched from Idle to Test mode, existing nftables (and port-forwarding rule) were removed. This issue is resolved. For systems with nftables, the compatibility report now displays the correct firewall rules counter.

  • (Solaris) VEN failed to apply policy on workloads running ICMPv6 services (E-95140)

    Due to an issue with the way the VEN processed ICMPv6 services on Solaris workloads, the VEN couldn’t apply policy from the PCE to those workloads. This issue is resolved. In this release, the VEN can now process ICMPv6 types correctly. Applying policy from the PCE with these workload is no longer an issue.

  • VEN failed to upgrade (E-92994)

    During an upgrade, if Windows was not able to verify a code signature due to a missing certificate, the installation could end up in a broken state with missing driver. This issue is resolved. In this release, the installer verifies the code signature before doing the upgrade and the installation or upgrade fails immediately if the installer code signature can’t be verified.

See also: