Release Notes 6.5.6
Summary
- Introducing support for Symantec CAS, FireEye NX, Gigamon HC2
- Introducing Role-Based-Access Control – Granular control of specific functions according to the user’s level of permissions
- Usability enhancements – added a control to automatically refresh the issues list at set intervals
- UI navigation improvements – user selection is retained through navigating from the Devices page
Platform
New Features
- IS-3980 Support VDOM Global Configuration
- FRONT-2075 – Introduce Role-Based-Access control to the User Interface
- IS-3973 – Device version added to the device overview screen
- IS-3877 – Added support for current & max temperature sensor metrics on a single chart
- IS-3847 – Added support for device connection count per interface
- IS-3809 – Allow configuration of system-generated alerts (DNR, F2C)
- FRONT-2013 – Make all columns in the Device Page sortable
- FRONT-1738 – Convert syslog message to conform to RFC 5424
- FRONT-1692 – Support new rule “# of Identity Awareness Users has reached below a certain threshold”
- IS-3982 – Add Gigamon, FireEye, Imperva, CAS to ConditionalRemediationSteps
- IS-3937 – Add an indication about when Indeni was last able to extract metrics from a device
- FRONT-2179 – Add a refresh Mechanism to the Current Alerts Tab
- FRONT-2074 – Save sorting state of a page when navigating away from the Devices screens
Bug Fixes
- IS-3979 – Unmonitored devices are included in the license count
- IS-3903 – Indeni hangs while attempting to re-interrogate after a credential set change
- IS-3942 – SSH multi-channel cause device load, causing interrogation to fail in some cases
- IS-3871 – Known Devices API content contains irrelevant data
- IS-3805 – Invalid notifications due to SSH output that includes Carriage Returns
- FRONT-2023 – No validation for empty an empty email address on email notifications section
- FRONT-193 – Audit log not showing deleted devices
Knowledge
New Features
BlueCoat Proxy SG
- IKP-2277 – Added support for configuration compliance check
- IKP-2280 – Added alert for Domain Controller Authentication response time is too high
- IKP-2204 – Added support to identify weak SSL ciphers and protocols used
- IKP-2279 – Added alert for if ICAP Queue is reaching capacity
Symantec CAS
- IKP-2419 – Added alert for when device needs to be updated
- IKP-2301 – Identify if CPU and Memory utilization is too high
- IKP-2311 – Identify if license has expired or nearing expiration date
Check Point
- IKP-2354 – Added support to identify if SecureXL is disabled on the device
- IKP-1656 – Added support to identify if a user without root access is used to add the device
- IKP-2475 – Added support to identify ISP redundancy failure
- IKP-2329 – Added support for ClusterXL Devices metric for 61K devices
- IKP-2346 – Collect “identity-awareness-user-actual” and “identity-awareness-users-limit” metrics for VSX only
- IKP-2485 – Show build number, OS version, firewall version, hostname and interface MAC address on device info page
- IKP-2579 – Added support for Hardware Status metric for R80.20
- IKP-2550 – Added support for Kernal Parameters metrics on device info page for R80.20 and R80.10
Fire Eye
- IKP-2404 – Added support to identify if the number of malicious object detected is increasing
- IKP-2405 – Added support to identity if the number of events or blacklisted IPs reported by BLAT is increasing
- IKP-2404 – Added support to identify if the percentage of missing packet flows is over the threshold
- IKP-2407 – Added support to identify if the percentage of asymmetric flows is over the threshold
- IKP-2409 – Added support to identify if there is any malicious submission detected in the last 24 hours
- IKP-2410 – Added support to identify the security content update service state
Fortinet
- IKP-1034 – Added support to identify firewall cluster configuration sync problem
- IKP-1030 – Added support to identify if one or more firewalls configured on this cluster are having problems
- IKP-1035 – Added support to identify firewall cluster heartbeat interface problem
- IKP-1028 – Added support to identify if HA heartbeat link does not have at least one more operational redundant link
- KP-1040 – Added support to identify firewall cluster monitor interface problem
- IKP-1031 – Added support to identify critical configuration files mismatch across cluster members
- IKP-1077 – Added support to identify if core dump files are found
- IKP-1033 – Added support to identify if Telnet service is enabled on the device
- IKP-2699 – Added global VDOM support
Gigamon
- IKP-2271 – Interrogation for Gigamon devices
- IKP-2532 – Added support to monitor CPU utilization
- IKP-2533 – Added support to monitor interface utilization
- IKP-2535 – Added support to monitor network port status
- IKP-2536 – Added support to monitor map utilization
- IKP-2537 – Added support to monitor tool filter resources and drop & pass filter resources
Palo Alto Networks
- IKP-2259 – Added compliance check to ensure local accounts meet security requirements
- IKP-2245 – Added TLS 1.3 compliance check for SSL decryption forward proxy
- IKP-2265 – Added compliance check to ensure all URL-Filtering profiles have all the known bad url categories configured to block
- IKP-2391 – Added support to monitor connection count for each interface
- IKP-2260 – Added alert for admin lockout time not within recommended time range
- IKP-2267 – Added alert for one or more Vulnerability profiles is not following best practices
- IKP-2269 – Added alert for GlobalProtect Clientless VPN content update schedule is not following best practices
- IKP-2268 – Added alert for Wirefire content update schedule is not following best practices
- IKP-2495 – Added support for Hardware EOS on device info page and alert
Bug Fixes
Blue Coat Proxy SG
- IKP-2682 – Improved privileged mode pattern match
- IKP-2684 – Fixed parsing error for certificate cache ratio metric
Check Point
- IKP-2486 – Fixed hotfix and hotfix take parsing for R80
- IKP-2364 – Fixed admin-state not generated for unconfigured interfaces and interfaces that are administratively disabled
- IKP-2530 – Improved logic to determine communication issues with log servers
- IKP-2124 – Consolidated NTP servers parsing scripts
- IKP-2399 – Improved critical process down alert to handle VSX
- IKP-2463 – Fixed cluster down detection for R80.20
- IKP-2323 – Improved bond status detection for 61K chassis
- IKP-2343 – Fixed device info page only shows one VPN tunnel if multiple VPN tunnels have the same name but different peers
- IKP-2344 – Improved identity awareness state tracking for 61K chassis
- IKP-2484 – Duplicated issues triggered for remote chassis which should not be monitored by current device
- IKP-2373 – Removed asg-ntp-sync-config since it’s been deprecated in R76SP50
- IKP-2506 – Fixed vs-count incorrectly reported in interrogation script
- IKP-2555 – Fixed SecureXL Configuration Mismatch Across Cluster Members alert not generated for R80.20
- IKP-2554 – Fixed Bond/LACP Interface Down alert not generated for R80.20
- IKP-2565 – Fixed deprecated command used for parsing hotfix live-config metrics
- IKP-2592 – Fixed incorrect SIC state value returned in parser
- IKP-2595 – Fixed firewal-kparam live-config metrics not working for VSX
- IKP-2604: Fixed bad casing used in Network Interfaces live-config metrics
- IKP-2375 – Improved VSX related live-config metrics to show VS name and VS ID
- IKP-2306 – Added open ports compliance check and fixed duplicated ports showing up as multiple alert items
- IKP-2227 – Fixed management service down alert false positive for Multi-domain Log Module
- IKP-2453: Fixed number of open connections metric not shown on device info page for non-VSX
- IKP-2527 – Fixed communication issues with certain log servers alert not triggered for VSX
- IKP-2050 – Improved user message for signature update status alert
- IKP-1417 – Fixed uninitialized state for configuration unsaved metric
- IKP-2594 – Fixed parsing error due to mdsstat command output changed in R80.20
- IKP-2590 – Fixed non-VSX cluster member no longer active alert triggered by VSX cluster issue
- IKP-2693 – Fixed duplicated script name for ‘chkp-gaia-show_sysenv’
- IKP-2680 – Exclude asg-diag-verify.ind due to failed diagnostics blocking commands from running
- IKP-2619 – Fixed false positive “Network port(s) down” alert when interface is administratively disabled
Palo Alto Networks
- IKP-2470 – Fixed incorrect year used in core files time stamp
- IKP-2541 – Improved pattern matching for Configuration Unsaved live-config metric
- IKP-2573: Fixed SSH timeout too high alert is triggered even with default 60 mins setting