Release Notes 6.4.8
See below for the detailed notes for 6.4.8. Customers head over to the Indeni Forum within Indeni Crowd to join the conversation around these capabilities. Need the latest build? Download Indeni.
In this version we have improved our Palo Alto (SSL decryption, HA and Identify Layer 1 Packet Errors) and Checkpoint (udp open ports and radius server) knowledge
Palo Alto
Identify PAN SSL decryption session issues including:
- SSL decrypt memory utilization
- SSL session capacity utilization
- Drops due to misconfiguration or unsupported SSL ciphers
Identify when HA state has been placed in suspend mode. Devices can be put into suspended mode manually to prevent failovers on a device that requires work. A device that has been left in suspended mode for too long may be an undesirable situation for the cluster at this point.
Identify if slots are failing. Every incident where the slot is failing could cause routing distribution issues (OSPF, EIGRP).
Identify Layer 1 Packet Errors (CRC, Bad MAC). Could be a sign of bad hardware or a mismatch in speed and duplex settings.
Checkpoint
Added compliance check for unsafe udp open ports.
Added compliance check for radius server. Ensures device is configured to the appropriate Radius server.
Knowledge New Features
Checkpoint
IKP-1574 New compliance rule for radius server in use
Palo Alto
IKP-1846 Identify Layer 1 Packet Errors(CRC, Bad MAC)
IKP-2081 Track out of memory for SSL decryption
IKP-2083 Track active SSL decryption session utilization
IKP-2084 Identify if SSL decryption is being dropped for non-performance related issues
IKP-1868 Identify slot failures
IKP-1668 Identify when HA state has been placed in suspend mode due to HA link flapping
Knowledge Bug Fixes/Improvements
BlueCoat
IKP-2244 Fixed missing model information
Checkpoint
IKP-2143 Fixed Hardware status missing due to spelling changes
IKP-1805 Fixed VSX routes defined in clish/webui are missing
IKP-1774 Fixed OSPF Neighbor(s) down false positive
IKP-1795 Fixed Accelerator status
IKP-1932 Fixed telnet enabled false positive
IKP-2075 Fixed R80 no MDS interrogation script
IKP-2076 Fixed R80.10 no MDS metric trust-connection-state support
IKP-2077 Fixed R80.10 no MDS metrics mgmt-ha-sync-state & mgmt-ha-sync-state-descriptionsupport
IKP-2078 Fixed R80.10 no MDS metric known-devices support
IKP-2163 Fixed “Cluster down” FP in case of “Active attention” for one of the VSs
IKP-2031 R80.10 MDS management HA sync support
IKP-1800 Fixed vs-cpu-vsx.ind generating wrong values
Palo Alto
IKP-1634 Fixed firewall management plan memory calculation
IKP-1697 Identified virtual memory limit exceeded, restarting in interesting logs rule
IKP-2093 Fixed “User-ID agent is down” from triggering on the passive member
IKP-2095 Updated remediation steps for Power Supply slot is empty issue
IKP-2276 Fixed PAN-OS 8.0 EOL false positive
IKP-2146 Fixed network port down from triggering on passive member
IKP-2148 Fixed connect network mismatch from triggering on passive member
IKP-2149 Fixed Static route mismatch across cluster from triggering on passive member
IKP-2177 Fixed Terminal Service Agent down on standby member
Rule
IKP-2037 Set severity of NextHopRouterInaccessibleRule to error
Platform
FRONT-1563 – Add logs to LDAP flow