Release Notes 2.2.8 Hotfix – Airwall Gateway HF-3
Release Date: Oct 19, 2020
This is a hotfix to release v2.2.8 for Airwall Gateways. See Release Notes 2.2.8 for more additions in version 2.2.8. Download HF-3 from Hotfixes. See also Release Notes 2.2.8 Hotfix – Airwall Gateway Hotfix-13955.
2.2.8 Airwall Gateway Hotfix HF-3 includes and replaces Airwall Gateway Hotfixes HF-1 and HF-2. Once installed, it will show all hotfixes (HF-1, HF-2, and HF-3) as installed.
Also install Conductor HF-4, as it fixes some of these issues from the Conductor side. See Release Notes 2.2.8 Hotfix – Conductor HF-4.
What’s New
This hotfix is a replacement for Airwall Gateway HF-2 that fixes a bug in the HA failover logic causing invalid HA state information to be displayed in the Conductor when the failover was triggered by network availability. The hotfix also fixes an issue that could cause excessive device activity event reporting on bypass ports with large device network objects as well as a problem when using device NAT with bridged overlay port groups.
Upgrade Considerations
- Conductor displaying an Invalid HA state for Airwall Gateways
- Excessive disk utilization on the Conductor and/or high network traffic between Airwall Gateways configured with a bypass port group and the Conductor
- Ping devices failures
- Airwall Gateways needing to reconnect to the Conductor
- Airwall Gateways failing a policy check on some overlay networks.
Or if you were impacted by any of the other issues fixed in this or earlier hotfixes.
Fixes
| ID | Applies to | Description |
|---|---|---|
| Airwall Gateway HF-3: | ||
| DEV-14452 | Airwall Gateway | Rate-limited device activity events for network objects. |
| DEV-14451 | Airwall Gateway | Fixed an HA issue after rebooting an Airwall Gateway |
| DEV-14449 | Airwall Gateway | Fixed an issue where the overlay NAT was being applied to traffic between ports in an Overlay port group. |
| Includes Airwall Gateway HF-2: | ||
| DEV-14247 | Airwall Gateway | Fixed a bug that was introduced in Airwall Gateway Hotfix rollup-1 that could cause traffic to get blocked on Airwall Gateways with multiple overlay port groups. |
| DEV-14190 | Airwall Gateway | Fixed an issue that could cause traffic problems in deployments with multiple overlay port groups on the same broadcast domain. |
| DEV-14162 | Airwall Gateway | Fixed an issue in Conductor HF-2 that was causing the "Ping devices" feature to fail for devices with plain IP addresses. |
| DEV-14115 | Conductor | Fixed an issue that could cause infrequent Conductor service issues resulting in all Airwall Gateways needing to reconnect to the Conductor. |
| DEV-14067 | Conductor, Airwall Gateway | Fixed an issue on 2.2.8 Airwall Edge Services that could cause false negatives in the policy check for some overlay network configurations. |
| DEV-13981 | Airwall Gateway | Fixed an issue where setting an overlay default gateway prevented creating both the connected (local subnet) and default routes. |
| DEV-13974 | OpenHIP | Fixed performance regression on multi-core platforms. |
| DEV-13926 | OpenHIP | Fixed a rare packet allocation failure issue on Airwall Gateway-100. |
| DEV-13903 | Airwall Gateway | Airwall Gateway-110 models now can use the link failover monitor. |
| DEV-13843 | Airwall Gateway | Added firewall connection states to the diagnostic report. |
| DEV-13275 | Airwall Gateway | Fixed an issue where a misconfigured local device was corrupting the ARP cache entries for peer Airwall Gateways. |
Known Issues
See Release Notes 2.2.8 for known issues.