Resolved Issues in Release 24.2.11-VEN
Connectivity loss following VEN upgrade (E-121251)
On Solaris v11.4 workloads, after upgrading a VEN to version 24.2.11, the VEN may lose connectivity with the PCE. The issue stems from a change in the accepted
/etc/firewall/pf.confsyntax. Workaround: The issue does not occur if the VEN is first upgraded to version 23.2.x. Illumio plans to fix this issue in a future release. Until then, do the following if you experience this issue: After successfully upgrading the VEN, reset the host firewall by issuing the following command from the workload CLI:sudo pfctl -FaVEN unpairing command options failed to return the firewall to the expected state (E-121066)
In VEN release 24.2.10, when unpairing a VEN from a command line and specifying either the "recommended" or "open" post-deactivation option, the firewall wasn't restored to the expected state. Instead, those options restored the firewall rules and configuration to the state it was in before the VEN was installed. This issue only affected unpairing from the command line. Unpairing through the PCE Web Console was unaffected. This issue is resolved.
Possible VEN policy generation failure for some custom iptables rules (E-120387)
On Linux RHEL workloads, VENs were susceptible to generating syntactically incorrect firewall rules for nftables if certain types of custom iptables rules (for example, NAT rules) were included in the Illumio security policy, resulting in nftables failing to load the generated policy. This issue is fixed.
From the PCE, unable to upgrade or uninstall VENs installed on certain Windows workloads (E-120202)
An issue in Illumio Core Release 24.2.10-VEN prevented upgrading or unpairing VENs installed on Windows 7 and Windows Server 2008R2 workloads through the PCE web console. The ability to manually upgrade and uninstall VENs was unaffected. This issue is resolved.