What's New in 2.2.10

Version 2.2.10 of our product includes many new features and enhancements.

What’s New

Access Windows for authenticated users

Specify or restrict what days and times authenticated users can log in to access resources on your secure network using Access Windows.

See more: Set Times Authenticated Users can Access the Secure Network

Automatic Relay Rules

Enable all connections in an overlay network to use a group of relays. This provides a less-granular, but simple way to manage relay rules.

See more: Set an Overlay to Automatically Manage Relay Rules

Airwall Gateway Custom Certificates

By default, Airwall Gateways come with a Tempered factory-installed certificate. You can now add your own custom CA certificate to use for Conductor communication.

See more: Add or Replace a Signed Certificate on an Airwall Gateway for Conductor Communication

Bulk Configuration of Airwall Gateways

Configure certain settings in bulk for Airwall Gateways or Airwall Gateway groups.

See more: Bulk Configuration of Airwall Edge Services

Enable DNS for Seamless Bypass

You can now enable DNS to use fully-qualified domain names (FQDN) for bypass destinations.

Setup Wizards for configuring Conductors and Airwall Gateways

2.2.10 has added two wizards to help you in deploying an Airwall secure network. The Conductor Deployment Wizard walks you through setting up, licensing, and provisioning a new Conductor, and the new Airshell (airsh) command setup-ui walks you through the most common Airwall Gateway setup options.

Airwall Status Indicators

There are new ways to see information and status on the Airwall Edge Services connecting to your Airwall secure network

See more: See Airwall Edge Service Information and Status

Cloud Improvements

This release includes improvements that make it easier to deploy cloud Conductors and Airwall Gateways, and includes support for AWS GovCloud (see below):
  • ENA and SR-IOV support – You can now deploy instances with enhanced networking configuration enabled with either ENA or SR-IOV, and see which machine types support or require ENA. Note that machine types marked as ENA may deploy as SR-IOV.
  • Disk IO has been improved – Cloud deployments now include NVMe (memory) disk options.
  • Cloud HA deployment has been automated – Simplified deployment for HA, eliminating many of the places where misconfiguration could happen.
  • New Azure cloud image names – Image names now reflect their use, making it easier to choose the correct image.
  • Additional information as images are created – More details are included in the status pane as the Conductor creates cloud images.
  • Can now choose resource groups – You can now choose a new or existing resource group when you create cloud Airwall Gateways and Conductors.

    Note: If you choose an existing resource group, make sure no resource names in the existing resource group conflict with the new Airwall Gateway and Conductor deployment name that you are creating.

  • More information available in the Conductor – New attributes are shown for cloud Airwall Gateways on the Diagnostics tab.

Preliminary IPv6 Support

If you have devices with IPv6 addresses, IPv6 is now supported for Airwall Gateways and Linux Airwall Servers. The control for source NAT is shared for both IPv4 and IPv6. Configurations sourcing NAT IPv4 but not IPv6 are not supported.

Airwall Gatewaysnow support static IPv6 addresses for both the underlay and overlay (some cellular carriers may not support it). You also need to assign a static IPv6 address to the Airwall Gateway.

Since IPv6 only supports routed configurations, you need to assign an IPv6 overlay address to the Airwall Gateway to use IPv6 overlay. L2/subnet extensions are not supported.

See more: Set up a secure IPv6 overlay

AWS GovCloud Support

Cloud Conductors and Airwall Gateways can be now be deployed in AWS GovCloud. Follow the instructions for deploying in AWS:

Exponential Backoff

Added exponential backoff to the Airwall Gateway to/from Conductor management connection to comply with Verizon data retry requirements. This change means it could take up to 3 minutes to reconnect after an extended outage. (DEV-14648)