Release Notes 7.0
Platform
New Features:
- New early adopter feature – Auto Triage – Automatic in-depth analysis of issues, generating detailed triage information about issue causes and providing remediation steps towards rectifying the issue
- Support of Ubuntu 18.04
- Assign Multiple Issues to a User – Select multiple issues from the Issue Page and assign them to any user in a single action
- SNMP Support – SNMP v2, v3 is now supported for select devices. Add SNMP credentials from the Credential Screen
- Added ability to chart NAT-Connections and NAT-Connections-Limit metrics on the same chart
- Integration Look and Feel – New look and feel for the Integrations screen. Look for the LDAP Integration under the new Integration tab
- LDAP Custom Group Assignment – Create and manage LDAP groups on Indeni through custom roles
- Various security-related enhancements
Bug Fixes
- FRONT-2692 – Fixed an issue where the server did not not accept restart commands
- IS-4544 – Resolved an issue in which the collector service fails to recover due to “Failed to unmarshal response”
- IS-4587 – Fixed an issue which causes Check Point SSH sessions to stall due to waiting for acknowledgment
- IS-4605 – Resolved an issue in which the maximum number of open device calls was exceeded
- FRONT-2692 – Resolved an issue in which the server stops and does not accept restart command
Knowledge
New Features:
Check Point
- IKP-2511: Update EOS information to the latest
- IKP-3086: QA Test against R80.30
- IKP-2599: Enhanced policy last modified metric to be polled from all blades instead of single blade before
- IKP-3079: Added check to identify if VMAC mode does not match requirements
Cisco ASA
- IKP-1494: Added interrogation script
- IKP-2822: Added CPU monitoring script and updated remediation steps
- IKP-2823: Added memory monitoring script and updated remediation steps
- IKP-2827: Added interface metrics
- IKP-3122: Added check to identify if DNS servers configured do not match requirements
- IKP-3123: Added check to identify if NTP servers configured do not match requirements
- IKP-3124: Added check to identify if SSH v1 is enabled on the device
- IKP-3125: Added check to identify certificate expiration
- IKP-3126: Added check to identify license expiration
- IKP-2828: Added check to identify if ISAKMP negotiations of the IPsec VPN tunnel have not been completed
- IKP-3250: Added check to identify if there is no traffic passing through the IPsec VPN tunnel
F5
- IKP-2578: Added check to identify if any VIPS are not configured with a pool
- IKP-1908: Added check to identify issues with AAA identity server integration
- IKP-2125: Added check to identify SNAT exhaustion
- IKP-2570: Added check to identify iRule not been used
Fortinet
- IKP-3019: Added check to identify if Uninterruptible Upgrade setting is disabled for HA configuration
- IKP-3145: Added support to get log memory settings for VDOM
- IKP-3144: Added support to get log disk settings for VDOM
- IKP-2447: Added check to identify HA cluster monitor interface problem
- IKP-2445: Added check to identify HA cluster heartbeat interface problem
- IKP-2942: Added backup support for Fortinet firewalls
- IKP-3018: Added check to identify hardware version mismatch across cluster members
Gigamon
- IKP-2805: Added check to identify card failures
Palo Alto Networks
- IKP-2941: QA test against PAN 8.x
Bug Fixes
Blue Coat Proxy SG
- IKP-2933: ICAP connectivity issue shows irrelevant external rating service as alert item
- IKP-3102: Fixed view-ssl script enters config mode without exiting which caused other commands to fail
Check Point
- IKP-2971: Critical configuration files mismatch across cluster members false positive due to grep command failure
- IKP-2955: Critical process(es) down (per VS) false positive on MDS/MDLS due to transient init status
- IKP-3066: Excluded chkp-log-server-connected script from running on virtual systems
- IKP-2964: Hardware element down false positive due to new output for command “show sysenv all” in R80.20
- IKP-2923: Added support for new cluster states introduced in R80.20
- IKP-3021: Excluded R80.20SP, R76.40SP and R76.50SP from running command “”cphaprob list -v”
- IKP-3023: Empty vs.name is returned for R76.50SP devices
- IKP-3036: Supported new output for command “asg stat -v” in R80.20SP
- IKP-3047: Added support parsing command “asg_route –dyn-route ospf” R80.20SP
- IKP-3118: Fixed chkp-os-throughput-alert script failed to compile due to method refactor
- IKP-3140: Expanded search for core dump files to include new locations
- IKP-3141: Restricted certain scripts to run only on R80.30
- IKP-3084: Excluded certain scripts from running on chassis
- IKP-3083: Updated EOS dates
- IKP-2906: Added back Firewall Logging Locally check
- IKP-2856: Excluded install_jumbo_take script from running on R80.20 and later
- IKP-477: Updated High Threshold of Five Minute Load Average alert to be based on the number of cores
- IKP-2961: Fixed false positives related to Debug Mode Enabled alert
FireEye
- IKP-2944: Updated device suspension to be based on average CPU usage across all cores
F5
- IKP-2298: Fixed Blade(s) down alert triggering on blades that are unpopulated
- IKP-3030: Fixed unknown status is causing Virtual Server Offline alert to trigger
Fortinet
- IKP-2898: Excluded admin down ports from triggering Network Port(s) Down alert
Palo Alto Networks
- IKP-2900: Restricted show system environmental to only run against hardware firewalls
- IKP-2650: Fixed devices with OS “PA-VM” were been identified as chassis
- IKP-3028: Fixed files were not been identified consistently which caused large number for alert items in Core Dump Files Found alert
- IKP-3029: Fixed Critical Process Down alert wasn’t getting triggered properly due to a wrong tag used
- IKP-3098: User-ID Agent(s) Down alert takes longer to resolve due to invalid regex match on command output
- IKP-3234: Fixed Critical Process(es) Down alert triggering on processes that do not exist on certain devices
- IKP-3226: Limited interfaces monitoring to hardware interface to reduce the amount of API calls to the device
- IKP-3220: Increase script polling intervals to reduce the frequency of API calls to the device
- IKP-3284: Excluded three show system state related scripts from running due to file descriptor leak issue on certain PAN OS versions
- IKP-3072: Updated parser for “show wildfire status” command due to output change in 8.x