Skip to main content

Illumio Core What's New and Release Notes 22.2

VEN

  • Frequent nft table tampering warnings (E-100010)

    On VENs using nftables 1.0.0 or later, tampering events occurred every 10 minutes, even though no actual tampering occurred. This was caused by a change in nftables 1.0.0. This issue is resolved. The VEN now responds correctly, no matter whether the nftables version is earlier or later than 1.0.0.

  • Failure to deploy the VEN bundle on PCE (E-99725)

    The 22.2.40 VEN bundle cannot be installed in the VEN library on a PCE earlier than 22.2.40 due to a limitation in the allowed VEN bundle size. The VEN can still be installed from the host or VM command line (for example. using RPM). The 22.2.40 PCE allows the installation of the 22.2.40 VEN bundle.

  • Endpoint VEN in IDLE mode reported tampering event (E-98389)

    When the Windows VEN was switched to Idle mode, it could incorrectly report firewall tampering events. This issue is resolved in the 22.2.32 Preview build.

  • (Solaris) VEN could incorrectly report firewall tampering (E-96755)

    The VEN used basic optimization (the default) to load the firewall rules into packet filter. As a result, the rule order could be unpredictable and the VEN could incorrectly detect and report firewall tampering. This issue is resolved. In this release, the VEN no longer uses basic optimization to load firewall rules. Without optimization, the original rule order is maintained. The optimization no longer causes the VEN to incorrectly detect firewall tampering.

  • (Solaris) VEN failed to apply policy on workloads running ICMPv6 services (E-95140)

    Due to an issue with the way the VEN processed ICMPv6 services on Solaris workloads, the VEN couldn’t apply policy from the PCE to those workloads. This issue is resolved. In this release, the VEN can now process ICMPv6 types correctly. Applying policy from the PCE with these workloads is no longer an issue.

  • Compatibility report (problem 2) nftables / RHEL 8 (E-91481, E-92482)

    The customer installs the missing packages and reruns the compatibility report from the Web Console but is unable to run the report.

    Workaround: Either restart the VEN (sudo /opt/illumio_ven/illumio-ven-ctl restart) or rerun the script that manually generates the report (sudo /opt/illumio_ven/bin/.agent_qualify.sh).

    Works as designed.