Skip to main content

What's New and Release Notes for 26.x

Resolved Issues in NEN 2.7.10

Issue

Fix description

E-135925

Security Information

The ruby 3.1.6 package was upgraded to ruby 3.3.10 to address:

RHSA-2025:23648

RHSA-2024:6785

RHSA-2025:23141

RHSA-2025:23927

RHSA-2025:10217

RHSA-2025:4063

RHSA-2024:3670

RHSA-2025:23062

RHSA-2025:4488

RHSA-2024:3671

RHSA-2025:23063

RHSA-2025:4493

RHSA-2024:6784

RHSA-2025:23140

RHSA-2025:8131

E-135764

Missing information in NEN Health Report now restored

The NEN's Health Report was missing information in some cases:

  • The PCE Connectivity entry reported no information.

  • The HA Mode entry reported no information in some High Availability deployments

This issue is resolved.

E-135492

Resolved issue which prevented connecting to load balancers

Following an operating system update, the NEN couldn't connect to F5 load balancers running an incompatible version of TLS code. An SSL error was thrown. This issue is resolved.

E-134152

NEN now able to send traffic flows to the PCE when proxy is configured

The NEN failed to send traffic flows to the PCE when an HTTP/HTTPS proxy was configured, even though the NEN was able to ingest and process sFlow data. Due to this, no flows for the associated workloads appeared in the PCE map or traffic table. This issue is resolved with this release.

E-133737

Client Auth EKU no longer required in TLS certificates

Prior to release 2.7.10, the NEN relied on TLS certificates with the Client Auth EKU for some internal services. Certificates issued without this EKU could've resulted in operational disruptions. However, with the release of NEN 2.7.10, Client Auth EKU is no longer required.

E-133480

Using a self-signed certificate to set up the NEN no longer fails

Using the --generate-cert option of the illumio-nen-env setup command to generate the NEN service_discovery_cert no longer fails.

E-131456

SLB User ID no longer reaches maximum active login tokens

F5 SLBs experienced login token exhaustion. The NEN service_discovery service was restarting too frequently, which in turn restarted the network_enforcement service. Every time the network_enforcement service was restarted, it requested a new token from the F5 SLB, which eventually caused the F5 SLB to run out of tokens. This issue is resolved.

E-131285

Interactive NEN setup no longer stuck when generating encryption key

The interactive setup no longer gets stuck when generating the service discovery encryption key. It now supports 32-byte encryption keys and completes successfully without manual key entry.

E-130713

Extra ACL entry no longer appears in generated inbound and outbound rules

In some circumstances, when NEN 2.7.0 generated ACLs for a switch integration, it generated an extra ACL entry at the end of the generated inbound and outbound rules. The redundancy had no effect and is now fixed in this release.