Release Notes v4.0.1
Release date: February, 2025
Summary
This version of the Airwall solution includes major enhancements in the areas of Conductor UI functionality, data visualization, overlay history, and a new Airwall Gateway platform. To download the firmware, see 4.0.1 firmware and software.
Update considerations
- Upgraded OpenWrt base operating system of Conductor for underlying security fixes and improvements.
- Increased password hashing strength to comply with the latest NIST standards.
New features and enhancements
Airwall Gateway 175
The Airwall Gateway 175 Series is a five-port gateway that replaces the Airwall Gateway 150. The Airwall Gateway 175 includes PoE, along with optional cellular. Refer to the Airwall Gateway 175 Series Datasheet and Airwall Gateway 175 Series Installation Guide.
Overlay history tab
You can now view all changes made to an overlay in the new history tab, including policy, membership, network membership, and overlay information changes. This provides a fast way to troubleshoot changes made to the overlay in error. See Editing people who can access an overlay network.
Connectivity checker enhancement
The connectivity checker now includes advanced diagnostics for testing TCP connections and HTTP requests. The TCP open diagnostic verifies remote device responses on specified TCP ports, while the HTTP request diagnostic checks responses to HTTP requests at specified paths. Finally, the connectivity checker analyzes DNS connectivity for hostname bypass destinations, and offers a downloadable report with results along with a new stats tab. See Using the connectivity checker.
Conductor dashboard improvements
The Conductor dashboard Airwall charts and graphs are now sharper and easier to read. See The Conductor Dashboard.
Streamlined Airwall page
The updated Airwall page contains all the same information and settings, but now allows inline editing of all settings. Advanced features are available in the Advanced dropdown to avoid visual clutter. Configuring Airwall Edge Service settings.
Airwall reporting dashboard
The Airwall page Reporting tab now has a new Dashboard subtab, where you view the upgraded reporting graphs in one convenient location. Customize your layout with multiple charts, adjust their size and positions, save your configurations, and easily load them as needed. See Viewing Airwall Edge Service information and status.
Device traffic flows tab
The device details page now includes a Flows tab, displaying recent network flows to and from the device. You can view current, closed, and dropped flows, and see detailed traffic information. The tab supports CQL filtering, enabling flow filtering by various criteria such as socket and EtherType. This feature utilizes the “Device activity data reporting” setting on the Airwall, allowing users to adjust the reporting interval for more or less frequent flow data updates. See Device details page.
PCI updates
You can now adjust the number of days to keep PCI activity history from the 90 day default. See Conductor and Airwall Edge Service PCI Compliance
Enhanced event reporting for cloud and syslog
Airwall and Conductor events can now be reported in CSV format to cloud storage on AWS or Azure, or as syslog messages to a remote syslog facility. This features eliminates the need for direct communication between the Airwalls and the log processing facility. See Setting overlay traffic logging for an Airwall Gateway.
Confirmation for high impact settings
You will now be asked "Are you sure?" before toggling high-impact settings like network communications.
Fixes
| ID | Applies to | Description |
|---|---|---|
| AWDEV-2807 | Airwall Conductor | Fixed an issue where Airwall Agents could not initiate a remote session with the Conductor. |
| AWDEV-2743 | Airwall Conductor |
Fixed a confusing warning message about HA linked Airwalls when using routed mode. |
| AWDEV-2696 | Airwall Conductor |
Fixed an issue where expired Conductor SSL certificates gave "expire soon" warning. |
| AWDEV-2690 | Airwall Conductor |
Fixed an issue where Conductor overlay network visualization settings were not properly saved and restored. |
| AWDEV-2652 | Airwall Conductor | Fixed an issues where AirProxy relays had to be rebooted after issuing a new certificate. |
| AWDEV-2609 | Airwall Conductor | Fixed an issue that could cause the wrong item to be removed when a user selected "remove from network" from the context menu in an overlay network. |
| AWDEV-2449 | Airwall Gateway | Fixed an issue where Airwalls provisioned only with a Tempered identity had to be rebooted after factory reset to onboard to a Conductor. |
| AWDEV-2412 | Airwall Conductor | Fixed issue that would prevent the user from setting a custom system time in the time settings dialog. |
| AWDEV-2251 | Airwall Conductor |
Fixed an issue where we failed to inform the user that policy was not properly added due to a license deficit. |
| AWDEV-2106 | Airwall Conductor | Fixed an issue where overlay networks could not be dragged to the quick navigation bar. |
| AWDEV-2017 | Airwall Conductor | Fixed an issue where hostname bypass destinations were not sorted alphabetically in some places in the UI. |
| AWDEV-1560 | Airwall Conductor | Fixed an issue where adding and removing relays from a managed overlay relay rule were not added to the PCI log. |
| AWDEV-1495 | Airwall Conductor | Fixed a variety of issues with the format and content of the user activity log. |
| AWDEV-1383 | Airwall Conductor | Fixed an issue where the correct API UUID was not displayed in some PCI log entries. |
| AWDEV-825 | Airwall Conductor | Fixed an issue where two devices onboarded by activation codes can get the same NAT pool IP if onboarded at exactly the same time. |
Known issues
| ID | Applies to | Description |
|---|---|---|
| AWDEV-2852 | Airwall | The TLS checkbox for logging Airwall events to a remote syslog server is ignored and will always result in using TLS transport. |
| AWDEV-381 | Airwall Cloud AWS | AWS Airwall Deployment requires Internet Gateway.
Workaround - Deploy with a temporary internet gateway, and then modify settings in AWS to use the transit gateway once deployed. |
| AWDEV-252 | Airwall Agent | Cannot clear incorrect login from OIDC user auth browser. |
| DEV-17263 | Airwall Conductor |
In v3.1.0, if you fix a conflict in a smart device group by changing the IP of one of the conflicted devices, sometimes the change in IP does not result in the device being removed from the group and the change is not propagated to the Airwall Gateway. Workaround – Fully remove the device from the smart device group and then add it back again. |
| DEV-16431 | Airwall Conductor | When specifying a port mirror destination IP address, ensure that it does not conflict with any of the Airwall Gateway's local device IPs |
| DEV-16397 | Airwall Conductor | If you change the LSI prefix and have port mirroring configured, you need to either reboot the Conductor, or go to and select Restart metadata cache to update the LSI prefix. |
| DEV-16068 | Amazon Web Services Conductor | To enable enhanced networking for a cloud Amazon Web Services Airwall Gateway or Conductor, use the custom images instead of the marketplace image. |
| DEV-15808 | Google Cloud Airwall Gateways | Google Cloud Airwall Gateways with the same VM name have the same device serial number, which
can result in a failure when you make a license request in the Conductor. Workaround – In Google Cloud, use unique deployment names (VM names) for Airwall Gateways. |
| DEV-14551 | Conductor | The Android Airwall Agent lets you press the Edit Settings button on the Ports page; however, submitting any changes to the page results in an error message. |
| DEV-14015 | OpenHIP | If an Airwall Relay is also used as a bypass gateway, Airwall Edge Services behind the relay are not able to use that relay.
Workaround – Deploy multiple relays so at least one relay is usable by each pair of Airwall Edge Services that need to communicate. |
| DEV-13650 | Conductor | SoIP device activity is not being reported on an Airwall Gateway Local Devices tab. |
| DEV-13195 | Conductor, Airwall Gateways | When you upgrade a Cellular Airwall Gateway-150 from 2.2.3 to 2.2.5, the cellular details all become
"Unavailable." Workaround – Reboot and the details return. |