Illumio Core What's New and Release Notes 23.2

VEN releases 23.2.21 and earlier crash on macOS 14.2 (Sonoma) machines (E-111819) This issue is fixed in VEN release 23.2.22. If you're running 23.2.21 or earlier VENs and experience this issue, update your VENs to release 23.2.22 or later.

Connections dropped after upgrading older VENs to 23.2.10 or 23.2.20 (E-111663)

After upgrading from VEN versions earlier than 23.2.10 to release 23.2.10 or 23.2.20, established connections could've been dropped whenever the VEN in full Enforcement mode received a policy update from the PCE. The issue occurred because VENs mistakenly removed conntrack entries even when there was a rule allowing such connections. The dropped connections were restored when the workload attempted to re-establish the dropped connection. This issue only affected Linux VENs using iptables. VENs for other operating systems and Linux VENs using nftables were not affected.

Generating an Individual Maintenance Token Failed (E-111662) When the Agent Tampering Detection feature was enabled and a user-generated a token for a specific VEN (as opposed to tokens for all VENs), in some cases, it wasn't possible to perform a protected illumio-ven-ctl action such as stop. For example: PS C:\Program Files> .\Illumio\illumio-ven-ctl.ps1 stop --maintenance-token <token for a specific VEN> Failed to verify maintenance token

VEN failure to process FQDN rules caused blocked traffic (E-111486)

After upgrading VENs from version 19.3.5 to version 22.5 and greater, some VENs failed to process FQDN rules, causing traffic to be blocked. Due to a transient error, the VEN may fail to detect the DNS server(s) on the workload and fail to program FQDN rules correctly. This issue is resolved. Now VENs will continue trying to detect a DNS server after the initial detection fails.