Release Notes 6.5.6


  • Introducing support for Symantec CAS, FireEye NX, Gigamon HC2
  • Introducing Role-Based-Access Control – Granular control of specific functions according to the user’s level of permissions
Role Based Access Control
  • Usability enhancements – added a control to automatically refresh the issues list at set intervals
  • UI navigation improvements –  user selection is retained through navigating from the Devices page


New Features

  • IS-3980 Support VDOM Global Configuration
  • FRONT-2075 – Introduce Role-Based-Access control to the User Interface
  • IS-3973 – Device version added to the device overview screen
  • IS-3877 – Added support for current & max temperature sensor metrics on a single chart
  • IS-3847 – Added support for device connection count per interface
  • IS-3809 – Allow configuration of system-generated alerts (DNR, F2C)
  • FRONT-2013 – Make all columns in the Device Page sortable
  • FRONT-1738 – Convert syslog message to conform to RFC 5424
  • FRONT-1692 – Support new rule “# of Identity Awareness Users has reached below a certain threshold”
  • IS-3982 – Add Gigamon, FireEye, Imperva, CAS to ConditionalRemediationSteps
  • IS-3937 – Add an indication about when Indeni was last able to extract metrics from a device
  • FRONT-2179 – Add a refresh Mechanism to the Current Alerts Tab
  • FRONT-2074 – Save sorting state of a page when navigating away from the Devices screens

Bug Fixes

  • IS-3979 – Unmonitored devices are included in the license count
  • IS-3903 – Indeni hangs while attempting to re-interrogate after a credential set change
  • IS-3942 – SSH multi-channel cause device load, causing interrogation to fail in some cases
  • IS-3871 – Known Devices API content contains irrelevant data
  • IS-3805 – Invalid notifications due to SSH output that includes Carriage Returns
  • FRONT-2023 – No validation for empty an empty email address on email notifications section
  • FRONT-193 – Audit log not showing deleted devices


New Features

BlueCoat Proxy SG

  • IKP-2277 – Added support for configuration compliance check
  • IKP-2280 – Added alert for Domain Controller Authentication response time is too high
  • IKP-2204 – Added support to identify weak SSL ciphers and protocols used
  • IKP-2279 – Added alert for if ICAP Queue is reaching capacity

Symantec CAS

  • IKP-2419 – Added alert for when device needs to be updated
  • IKP-2301 – Identify if CPU and Memory utilization is too high
  • IKP-2311 – Identify if license has expired or nearing expiration date

Check Point

  • IKP-2354 – Added support to identify if SecureXL is disabled on the device
  • IKP-1656 – Added support to identify if a user without root access is used to add the device
  • IKP-2475 – Added support to identify ISP redundancy failure
  • IKP-2329 – Added support for ClusterXL Devices metric for 61K devices
  • IKP-2346 – Collect “identity-awareness-user-actual” and “identity-awareness-users-limit” metrics for VSX only
  • IKP-2485 – Show build number, OS version, firewall version, hostname and interface MAC address on device info page
  • IKP-2579 – Added support for Hardware Status metric for R80.20
  • IKP-2550 – Added support for Kernal Parameters metrics on device info page for R80.20 and R80.10

Fire Eye

  • IKP-2404 – Added support to identify if the number of malicious object detected is increasing
  • IKP-2405 – Added support to identity if the number of events or blacklisted IPs reported by BLAT is increasing
  • IKP-2404 – Added support to identify if the percentage of missing packet flows is over the threshold
  • IKP-2407 – Added support to identify if the percentage of asymmetric flows is over the threshold
  • IKP-2409 – Added support to identify if there is any malicious submission detected in the last 24 hours
  • IKP-2410 – Added support to identify the security content update service state


  • IKP-1034 – Added support to identify firewall cluster configuration sync problem
  • IKP-1030 – Added support to identify if one or more firewalls configured on this cluster are having problems
  • IKP-1035 – Added support to identify firewall cluster heartbeat interface problem
  • IKP-1028 – Added support to identify if HA heartbeat link does not have at least one more operational redundant link
  • KP-1040 – Added support to identify firewall cluster monitor interface problem
  • IKP-1031 – Added support to identify critical configuration files mismatch across cluster members
  • IKP-1077 – Added support to identify if core dump files are found
  • IKP-1033 – Added support to identify if Telnet service is enabled on the device
  • IKP-2699 – Added global VDOM support


  • IKP-2271 – Interrogation for Gigamon devices
  • IKP-2532 – Added support to monitor CPU utilization
  • IKP-2533 – Added support to monitor interface utilization
  • IKP-2535 – Added support to monitor network port status
  • IKP-2536 – Added support to monitor map utilization
  • IKP-2537 – Added support to monitor tool filter resources and drop & pass filter resources

Palo Alto Networks

  • IKP-2259 – Added compliance check to ensure local accounts meet security requirements
  • IKP-2245 – Added TLS 1.3 compliance check for SSL decryption forward proxy
  • IKP-2265 – Added compliance check to ensure all URL-Filtering profiles have all the known bad url categories configured to block
  • IKP-2391 – Added support to monitor connection count for each interface
  • IKP-2260 – Added alert for admin lockout time not within recommended time range
  • IKP-2267 – Added alert for one or more Vulnerability profiles is not following best practices
  • IKP-2269 – Added alert for GlobalProtect Clientless VPN content update schedule is not following best practices
  • IKP-2268 – Added alert for Wirefire content update schedule is not following best practices
  • IKP-2495 – Added support for Hardware EOS on device info page and alert

Bug Fixes

Blue Coat Proxy SG

  • IKP-2682 – Improved privileged mode pattern match
  • IKP-2684 – Fixed parsing error for certificate cache ratio metric

Check Point

  • IKP-2486 – Fixed hotfix and hotfix take parsing for R80
  • IKP-2364 – Fixed admin-state not generated for unconfigured interfaces and interfaces that are administratively disabled
  • IKP-2530 – Improved logic to determine communication issues with log servers
  • IKP-2124 – Consolidated NTP servers parsing scripts
  • IKP-2399 – Improved critical process down alert to handle VSX
  • IKP-2463 – Fixed cluster down detection for R80.20
  • IKP-2323 – Improved bond status detection for 61K chassis
  • IKP-2343 – Fixed device info page only shows one VPN tunnel if multiple VPN tunnels have the same name but different peers
  • IKP-2344 – Improved identity awareness state tracking for 61K chassis
  • IKP-2484 – Duplicated issues triggered for remote chassis which should not be monitored by current device
  • IKP-2373 – Removed asg-ntp-sync-config since it’s been deprecated in R76SP50
  • IKP-2506 – Fixed vs-count incorrectly reported in interrogation script
  • IKP-2555 – Fixed SecureXL Configuration Mismatch Across Cluster Members alert not generated for R80.20
  • IKP-2554 – Fixed Bond/LACP Interface Down alert not generated for R80.20
  • IKP-2565 – Fixed deprecated command used for parsing hotfix live-config metrics
  • IKP-2592 – Fixed incorrect SIC state value returned in parser
  • IKP-2595 – Fixed firewal-kparam live-config metrics not working for VSX
  • IKP-2604: Fixed bad casing used in Network Interfaces live-config metrics
  • IKP-2375 – Improved VSX related live-config metrics to show VS name and VS ID
  • IKP-2306 – Added open ports compliance check and fixed duplicated ports showing up as multiple alert items
  • IKP-2227 – Fixed management service down alert false positive for Multi-domain Log Module
  • IKP-2453: Fixed number of open connections metric not shown on device info page for non-VSX
  • IKP-2527 – Fixed communication issues with certain log servers alert not triggered for VSX
  • IKP-2050 – Improved user message for signature update status alert
  • IKP-1417 – Fixed uninitialized state for configuration unsaved metric
  • IKP-2594 – Fixed parsing error due to mdsstat command output changed in R80.20
  • IKP-2590 – Fixed non-VSX cluster member no longer active alert triggered by VSX cluster issue
  • IKP-2693 – Fixed duplicated script name for ‘chkp-gaia-show_sysenv’
  • IKP-2680 – Exclude asg-diag-verify.ind due to failed diagnostics blocking commands from running
  • IKP-2619 – Fixed false positive “Network port(s) down” alert when interface is administratively disabled

Palo Alto Networks

  • IKP-2470 – Fixed incorrect year used in core files time stamp
  • IKP-2541 – Improved pattern matching for Configuration Unsaved live-config metric
  • IKP-2573: Fixed SSH timeout too high alert is triggered even with default 60 mins setting

BlueCat acquires Indeni to boost its industry-leading DNS, DHCP and IP address management platform to help customers proactively assess network health and prevent outages.