Skip to main content

Illumio Core What's New and Release Notes 23.2

VEN

  • Unable to use Windows VEN set-proxy commands (E-103704)

    The Windows VEN did not allow the use of the set-proxy command and instead returned an error. This issue is resolved.

  • VEN Dashboard 403 Error with Scoped User (E-103570)

    Dashboard was not supported for scoped users. The isUserWithReducedScope() check for the Dashboard Icon in the Header Menu was not working. As a result, clicking on the Dashboard icon threw errors for scoped users. This issue is resolved.

  • Pairing Profile VEN version drop-down list is not in any discernable order (E-102162)

    The version list did not display in a discernible order. The UI was corrected, and the version list was put in numerical order. This issue is resolved.

  • Support CloudLinux for VEN (E-101473)

    This release of the VEN adds support for a new distribution of Linux. CloudLinux versions 6, 7, 8, and 9 are now supported.

  • VEN clone fails with "supported_ven_types outside of the schema" error (E-100717)

    There was an issue introduced in 22.5.0 where a clone would no longer re-activate successfully, and users saw an error message in the PCE event log. This issue is resolved with 22.5.10 and subsequent releases.

  • Improper certificate validation on macOS VEN (E-100532)

    Certificate validation was improperly performed on the macOS VEN, impacting traffic between the VEN and the PCE. This issue is resolved.

  • Frequent nftables tampering warnings (E-100010)

    On VENs using nftables 1.0.0 or later, tampering events occurred every 10 minutes, even though no actual tampering occurred. This was caused by a change in nftables 1.0.0. This issue is resolved. The VEN now responds correctly, no matter whether the nftables version is earlier or later than 1.0.0.

  • False nftables firewall tampering error (E-99516)

    In some cases, on operating systems using nftables, a false positive firewall tampering error is reported on enforced workloads with FQDN rules. This issue is resolved.

  • Unauthorized VENs are causing frequent events related to interface_statuses/update (E-98612)

    When a VEN is unpaired from the PCE, it is possible for the VEN to not receive the unpair message. This can happen, for example, if the host is down for an extended time. When the host comes back up, VEN requests to the PCE is rejected, and the PCE emits request.authentication_failed events. This issue is resolved. The VEN no longer makes frequent requests to the PCE after receiving consistent authentication errors.

  • Solaris 11.4 VEN tampering events with ipf.rules.v6.normalized (E-96378)

    When firewall tampering was detected, the following warnings were in platform.log.

    WARNING:: normalize_rules: File /opt/illumio_ven_data/etc/firewall
/workload/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX/current/ipf.rules.v6 
does not exist Error 0. 
log/platform.log-2022-09-15T10:15:02.806-05:00 
WARNING:: normalize_firewall_state: Failed to persist normalized 
firewall state to /opt/illumio_ven_data/etc/firewall/workload/
XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX/tampered/ipf.rules.v6.normalized.

    This issue is resolved.

  • Solaris 11.4 Cannot Allocate Memory errors (E-93290)

    The VEN failed to remove the old policy in some cases after applying a new policy. The accumulation of the old policy led to additional memory consumption in pf and eventually pf ran out of memory. The new version of the VEN corrects this issue by removing the old policy after applying a new policy.