Summary

Usability

New and enhanced issue page, complete with a modern, new design

• New and improved Overview Page
• The Assignee Field now appears in the Issue Page table
• Additional filtering options
• Many more enhancements 

Check Point

• Added check to identify NAT connection usage nearing capacity
• Added check to identify if number of Identity Awareness Users has reached below threshold
• Added cluster state metrics for 61K chassis

Gigamon

• Added check to identify RX packets dropped ratio too high

Palo Alto Networks 

• Added check to identify if any rule has both source and destination zones set to any
• Added check to make sure SNMP community name is not set to the default ones
• Added 34 new vulnerability checks for Palo Alto Networks

Platform

New Features

• New and enhanced Issues and Overview Screens 

Bug Fixes

• IS-4207 – CORE RULE HighLoadAverageRule: change load average from 15 to 1.5
• FRONT-2451 – Removed the option to assign an issue to ‘former user’

Knowledge

New Features

Check Point

• IKP-2914: Added check to identify NAT connection usage nearing capacity
• IKP-2894: Increased history length for Cluster Down alert to fix flapping issue
• IKP-2601: Added cluster state metrics for 61K chassis
• IKP-2347: Added check to identify if number of Identity Awareness Users has reached below threshold

Gigamon

• IKP-2763: Added check to identify RX packets dropped ratio too high

Palo Alto Networks

• IKP-2921: Added check to identify if any rule has both source and destination zones set to any
• IKP-2808: Added check to make sure SNMP community name is not set to the default ones
• IKP-2776: Added 34 new vulnerability checks for Palo Alto Networks

Bug Fixes

Blue Coat Proxy SG

• IKP-2896: Improved header message for Abnormal Status Detected by Health Monitors alert

Check Point

• IKP-2966: Improved failed logins detection for R80.20
• IKP-2889: Improved cluster state parsing for R80.20
• IKP-2918: Improved scripts to track disk, cpu and memory usage for only local chassis
• IKP-2917: Fixed blank subnet error in Connected Networks Do Not Match Across Cluster Members alert
• IKP-2883: Fixed over 100% bandwidth utilization reported by Interface Nearing Maximum Throughput alert
• IKP-2850: Restricted “adlog a dc” command to not run on MGMT/MDS devices
• IKP-2772: Excluded “Dummy” power supply from generating metrics 
• IKP-2624: Excluded “asg diag” command in script due to potential blocking other commands from running

FireEye

• IKP-2913: Fixed interrogation script failed to parse certain NX devices

Fortinet

• IKP-2893: Fixed Telnet was falsely identified as enabled

Palo Alto Networks

• IKP-2905: Updated xpath to account for profiles not in shared location
• IKP-2797: Restricted “show session all filter ssl-decrypt yes count yes” command to only run on firewall devices
• IKP-2794: Supported PAN 9.0 command output change for “show system resources”
• IKP-2768: Supported PAN 9.0 command syntax change from “show neighbor all” to “show neighbor interface”
• IKP-2789: Fixed Certificate Expiration Nearing alert flapping issue due to duplicate subject value across multiple entries
• IKP-2715: Fixed high availability state script to work for both firewall and panorama
• IKP-2056: Restricted “show counter rate” command to run on only PAN 8.0 and above

Known Issues

• Quick Links showing critical, error and warning issues do not filter the issues according to severity. This issue can be worked around by selecting the required severity from the Severity Filter on the issues screen
• Changing the Refresh Interval setting in the Application Settings screen has no effect. This issue may be resolved by using the Refresh Interval setting on the Issues Page
• Changing the default value of the Refresh Interval setting in the Issue Screen is not retained when navigating from the Issues Page