Release Notes 6.4.8

See below for the detailed notes for 6.4.8. Customers head over to the Indeni Forum within Indeni Crowd to join the conversation around these capabilities. Need the latest build? Download Indeni.

In this version we have improved our Palo Alto (SSL decryption, HA and Identify Layer 1 Packet Errors) and Checkpoint (udp open ports and radius server) knowledge

Palo Alto

Identify PAN SSL decryption session issues including:

  • SSL decrypt memory utilization
  • SSL session capacity utilization
  • Drops due to misconfiguration or unsupported SSL ciphers

Identify when HA state has been placed in suspend mode. Devices can be put into suspended mode manually to prevent failovers on a device that requires work. A device that has been left in suspended mode for too long may be an undesirable situation for the cluster at this point.

Identify if slots are failing. Every incident where the slot is failing could cause routing distribution issues (OSPF, EIGRP).

Identify Layer 1 Packet Errors (CRC, Bad MAC). Could be a sign of bad hardware or a mismatch in speed and duplex settings.

Checkpoint

Added compliance check for unsafe udp open ports.

Added compliance check for radius server. Ensures device is configured to the appropriate Radius server.

 

Knowledge New Features

Checkpoint

IKP-1574 New compliance rule for radius server in use

Palo Alto

IKP-1846 Identify Layer 1 Packet Errors(CRC, Bad MAC)

IKP-2081 Track out of memory for SSL decryption

IKP-2083 Track active SSL decryption session utilization

IKP-2084 Identify if SSL decryption is being dropped for non-performance related issues

IKP-1868 Identify slot failures

IKP-1668 Identify when HA state has been placed in suspend mode due to HA link flapping

Knowledge Bug Fixes/Improvements

BlueCoat

IKP-2244 Fixed missing model information

Checkpoint

IKP-2143 Fixed Hardware status missing due to spelling changes

IKP-1805 Fixed VSX routes defined in clish/webui are missing

IKP-1774 Fixed OSPF Neighbor(s) down false positive

IKP-1795 Fixed Accelerator status

IKP-1932 Fixed telnet enabled false positive

IKP-2075  Fixed R80 no MDS interrogation script

IKP-2076 Fixed R80.10 no MDS metric trust-connection-state support

IKP-2077 Fixed R80.10 no MDS metrics mgmt-ha-sync-state & mgmt-ha-sync-state-descriptionsupport

IKP-2078 Fixed R80.10 no MDS metric known-devices support

IKP-2163 Fixed “Cluster down” FP in case of “Active attention” for one of the VSs

IKP-2031 R80.10 MDS management HA sync support

IKP-1800 Fixed vs-cpu-vsx.ind generating wrong values

Palo Alto

IKP-1634 Fixed firewall management plan memory calculation

IKP-1697 Identified virtual memory limit exceeded, restarting in interesting logs rule

IKP-2093 Fixed “User-ID agent is down” from triggering on the passive member

IKP-2095 Updated remediation steps for Power Supply slot is empty issue

IKP-2276 Fixed PAN-OS 8.0 EOL false positive

IKP-2146 Fixed network port down from triggering on passive member

IKP-2148 Fixed connect network mismatch from triggering on passive member

IKP-2149  Fixed Static route mismatch across cluster from triggering on passive member

IKP-2177 Fixed Terminal Service Agent down on standby member

Rule

IKP-2037 Set severity of NextHopRouterInaccessibleRule to error

Platform

FRONT-1563 – Add logs to LDAP flow

BlueCat acquires Indeni to boost its industry-leading DNS, DHCP and IP address management platform to help customers proactively assess network health and prevent outages.

Learn More