Release Notes 7.1.0

Ubuntu 14.04 users: please upgrade to Ubuntu 18.04 to upgrade to 7.1
See the migration guide to update to Ubuntu 18.04


New Features

New and improved Issue Page

  • Customizable table – Filter, sort and pin columns to get your data right. Add, remove and change the width of each column for more efficient use

The New Knowledge Explorer applies a new coat of paint to the Rule Section

  • Explore the Indeni rule and Auto-Triage Elements (ATE) base, customize rule configurations and quickly enable or disable rules for select devices and label

New Dashboard Section

  • Get a high-level view of your device estate, best practice and health rating scores at a glance


  • Run ATEs automatically or manually from the interface for select issues

Granular Device Permissions

  • Allocate granular permissions to different users to efficiently segregate data between user roles. Group devices under labels and assign them to different users to make sure only the right roles can see the information

 Security Features

  • Automatic GUI session timeout
  • Automatic account lockout when an incorrect password has been entered 5 consecutive times

Bug Fixes

  • FRONT-2947: Fixed an issue in which PAN bandwidth charts were showing an incorrect unit on 10Gb interfaces
  • FRONT-2808: Corrected a missing digit showing in some charts in the Custom Reports section


New Features

Blue Coat Proxy SG

IKP-2685: Added checks to identify interface utilization

IKP-3249: Added check to limit SNMP protocol to SNMPv3 only

IKP-3246: Added check to make sure only SSHv2 should be used

IKP-3247: Added check to make sure actions is configured for failed logins to prevent brute force attacks

IKP-3248: Added check to limit the inactivity timeout

IKP-3295: Added check to make sure secure ICAP connection is used

IKP-3296: Added check to identify if the management access is not restricted

IKP-3328: Added check to identify is password policy for password length is too short

Check Point

IKP-3330: Added interrogation support for Maestro Hyperscale Orchestrator

IKP-1811: Added check to identify if unsuccessful logins ratio is too high and if unsuccessful the LDAP queries is too high

IKP-3360: Added playbook to auto-triage DNS lookup failure issue

IKP-3359: Added playbook to auto-triage NTP sync failure issue

IKP-3189: Added playbook to auto-triage High cpu usage per core issue

IKP-3179: Added playbook to auto-triage Communication issues with certain log servers issue

IKP-3353: Added playbook to auto-triage Next hop inaccessible issue

Cisco ASA

IKP-3155: Added check to identify NTP sync failure

IKP-3159: Added check to detect if device is vulnerable to OSPF LSA manipulation

IKP-3161: Added check to identify users defined do not match expected list

IKP-3162: Added check to identify high storage usage

IKP-3163: Added check to identify device uptime too high or too low

IKP-3421: Added check to identify if uptime of the VPN tunnel is too low

IKP-3422: Added check to identify if there is high number of concurrent Anyconnect VPN users

IKP-3584: Added check to identify maximum number of ASDM sessions nearing

IKP-3553: Added check to identify maximum number of routes nearing (IPv4)

IKP-3585: Added check to identify maximum number of SSH sessions nearing

IKP-3586: Added check to identify maximum number of NAT translations nearing

IKP-3598: Added check to identify the number of concurrent connections for a device is too high


IKP-1146: Added check to identify out of memory error


IKP-2891: Added check to identify memory utilization


IKP-3292: Added check to identify slave units high CPU and memory utilization

IKP-3175: Added check to identify when default static route is not configured

IKP-3174: Added check to identify if heartbeat interfaces are not configured following best practices

IKP-3176: Added check to identify when a wildcard FQDN is found

IKP-3233: Added check to identify if firewall doesn’t have an explicit deny rule

Palo Alto Networks

IKP-2266: Added check to identify if User Credential detection is disabled or User Credential submission is allowed

IKP-2656: Added CIS checks to identify Login Banner not configured and device not logging high DP load

IKP-2657: Added checks to ensure management interface settings are following CIS best practices

IKP-2658: Added checks to ensure password requirements are following CIS best practices

IKP-2659: Added checks to ensure authentication settings are following CIS best practices

IKP-2661: Added checks to ensure user identification configurations are following CIS best practices

IKP-2662: Added checks to ensure High Availability configurations are following CIS best practices

IKP-2666: Added checks to ensure Security Policies configurations are following CIS best practices

IKP-3185: Added playbook to auto-triage Configuration changed on standby member issue

IKP-3363: Added playbook to auto-triage Maximum number of routes nearing (IPv4) issue

IKP-3365: Added playbook to auto-triage High CPU Usage per core issue

IKP-3355: Added playbook to auto-triage MAC cache usage high issue

IKP-3356: Added playbook to auto-triage High ARP cache usage issue

IKP-3357: Added playbook to auto-triage Logs are been discarded issue

IKP-3358: Added playbook to auto-triage Disk RAID in error state issue

IKP-3365: Added playbook to auto-triage High CPU Usage per core issue

Bug Fixes

Blue CoatProxy SG

IKP-3262: Network port(s) down issue is not triggering due to missing network-interface-state metric

Check Point

IKP-2798: Fixed false positive issues triggered due to command failure in chkp-tcp-test-18264

IKP-3299: Increased polling interval of cpmiquery-check-SIC-mds to 30 mins

IKP-3386: Signature update status issue not triggering

IKP-2986: Duplicate alert item for License expiration nearing issues

IKP-3499: Management service down false positive for Multi-domain Log Module

IKP-2778: Removed DASERVICE from Critical Process lists

IKP-3128: Missing data caused false positive issue generated by chkp-cphaprob_state_monitoring script

IKP-2701: “fw ctl get int” spamming /var/log/messages

IKP-2837: “Cluster has preemption enabled” is triggering on VSX but does not report VSID or VS Name

IKP-2357: PNotes reported as being down on 3+ node clusters where that is the intended design of such clusters

IKP-2679: Duplicate text in “Critical Process(es) Down” issues

IKP-2806: False positive for “Cluster Down” issue for 3-way cluster situation

IKP-2849: Duplicate connected networks returned in gaia-routes-novsx and gaia-routes-vsx scripts

IKP-3274: Empty value in Cluster ID mismatch across cluster memebers

IKP-3319: False positive caused by incorrect tags used in chkp-debug-securexl-module-options-vsx script

IKP-3343: False positive issues of “Firewall logging locally” triggered for small increments over short intervals

IKP-3432: Fixed asg-hw_monitor script to work with Mastro HALS security group

IKP-3433: Fixed asg-bond script to work with Maestro HALS security group

IKP-3448: Fixed detecting-cluster interrogation script to work in Maestro in security groups

IKP-3563: Excluded hotfix-jumbo-take script from running on R77.30


IKP-3370: Cluster Down false positive issue triggered due to multiple Traffic-Groups configured

Palo Alto Networks

IKP-3077: Restricted some scripts from running on PA-VMs since the commands are not applicable

IKP-3034: PAN update schedule scripts have missing duration metrics

IKP-3331: High log DB usage issue never triggers for PAN devices

IKP-3320: Fixed affected version for Denial of Service in PAN-OS Management Web Interface PAN-SA-2018-0008 check