What's New in 3.0.0
This version of the Airwall Solution includes several usability and functionality improvements that can simplify and streamline the setup and administration of an Airwall secure network.
Add Trust Policy using Drag-and-drop
You can now add and remove trust between devices on an overlay visually, or through context menus on a graph. Changes to trust on the graph are reflected on the Devices tab.
Learn more – Adding and removing device trust
Backhaul Bypass
You can designate an Airwall Gateway as a bypass egress and then point other Airwall Gateways at it so they can reach bypass destinations through the designated bypass egress Airwall Gateway.
Learn more – Backhaul Bypass
Bulk Editing of People and People Groups
You can add many local users to the Conductor at one time by importing them in bulk. You export a .csv file as a template or with current users, and then import to add people to the Conductor in one step.
Learn more –
Customized Permissions for System and Network Administrators
You can fine tune permissions for system and network administrators, giving you finer control over permissions on your network.
Learn more – Customize Permissions for System and Network Administrators
Streamlined Conductor View for Network Administrators
One of the custom permissions you can set for Network administrators provides them with a streamlined view that can simplify their workflow. Network administrators using the streamlined view can manage their overlays, and the devices, Device groups, and Airwall Edge Services in them.
Learn more – Set a Streamlined View for a Network Administrator
Reports
You can now run reports on different types of network activity on your Airwall secure network, including:
- Onboarding and offboarding of Airwall Edge Services or people
- Status of Airwall Edge Services or devices
- Conductor local or remote access
Learn more – Run Network Activity Reports
Monitors and Alerts
This version includes the following additions:
- CPU Frequency – The Airwall health data monitors can now monitor CPU frequency.
- Details for Intrusion prevention – Intrusion prevention alerts now indicate which devices are the source or destination of the alert where possible.
Conductor Customization
You can customize the Conductor login screen and emails sent from the Conductor for your business. Here's what you can customize:
- Conductor login screen – Add your company logo, and change the background colors and favicon.
- Conductor emails – Add your company logo and change the text color. You can also customize the subject line and add a note from the administrator when sending Airwall Invitations.
Learn more –
Disconnected Mode
Reduce the traffic from Airwall Agents connecting to your Conductor by setting up Disconnected mode. In Disconnected mode, Airwall Agents connect to your Conductor at intervals – between 10 minutes and 12 hours (720 minutes) – to get updates when people are not actively using the connection.
By reducing the traffic on your Conductor, Disconnected mode allows you to improve performance and scalability of your Airwall secure network. In v3.0, Disconnected mode is supported by the v3.0 Android, Linux, and macOS Airwall Agents.
Learn more –
Airwall Invitations
This version includes several enhancements to Airwall Invitations:
- When you're creating People groups with user onboarding enabled, you now have the option to send email to users when they get an activation code in the system. The email provides instructions on how to download an Airwall Agent and connect it to the Conductor.
- The email sent with Airwall Invitations has more options for customization. See Conductor Customization above.
- Airwall Invitations can now be used to give activation codes to existing users in addition to sending them to an email address or bulk downloading them. See the .
- The naming schema for Airwall Invitations can now include the hostname of the connecting Airwall Edge Service.
- You can now include the hostname of the connecting Airwall Edge Service when naming devices connecting using Airwall Invitations.
Learn more – Walkthrough - Onboard people to your Airwall secure network with User Authentication
Linux Airwall Linux Agent
This version includes these additions to the Linux Airwall Linux Agent:
- DockerHub deployment – The Linux Airwall Linux Agent can now be deployed in a container from DockerHub using Ubuntu18 and CentOS8. For additional example Dockerfiles, contact Customer Success at Customer Success.
- Supports Airshell – The Linux Airwall Linux Agent
now has the Airshell
command-line utility. To start it, type
sudo airsh(root user) orsudo airwall -s - Ping from port groups – The ping function can now ping from the underlay or overlay port groups.
- Firmware updates – The Linux Airwall Linux Agent can now be updated from the Conductor.
Learn more –
Conductor Tutorials and Help
The Conductor now contains several tutorials to help you set up and configure a new Conductor, as well as use and understand different features in the Conductor. You can also directly access Airwall help from the Conductor:
Learn more –
Licensing Updates
In v3.0, the following licenses have been changed:
- The Airwall Gateway 100V is no longer available
- You no longer need a separate license for port mirroring
Manage failover between underlay port groups
The Link Manager that Conductor uses to manage port failover groups has been improved. The following has been updated:
- You can now set port group link auto-repair globally per Airwall Gateway.
- You can now manage underlay links independently by traffic type.
- When you set up link failover groups, you can now require all pings to be successful if multiple ping destinations are assigned.
Learn more – Manage Failover between Underlay Port Groups
API Updates
The following updates and improvements have been made to the API:
- Pagination is turned on by default in 3.0 for all index endpoints, which
may affect existing scripts. Enabling pagination helps scale Conductor
capacity. If you need to preserve existing behavior, add a query parameter for
pagination=falseto any index API endpoints you are using. - The API for Airwall Invitations now includes new invitation methods: email invites, download multiple activation codes, apply an invite to an existing person, or download a reusable invitation. The documentation has also been updated.
- People reference now includes
person_group_idsandoverlay_network_ids. - Person groups reference now includes user onboarding configuration information.
Terraform Deployment Support
This version contains Terraform deployment support for Conductors, Airwall Gateways, and Linux Airwall Linux Agents for all supported Cloud Providers. For example plans, please contact Customer Success at Customer Success.
New and Improved Conductor Features
- Dashboard
- The Dashboard now includes a Provisioning tab where you can see and manage all provisioning requests.
- General
- There is now infinite scrolling for lists on most pages, and streamlined inline editing, including direct editing of names and tags at the top on most pages.
- Devices page
- This page has been simplified, and provides more details on device conflicts to help you troubleshoot.
- People page
- Administrators can now view the Airwalls owned by a person from the person details page.
- Settings
- The Conductor Settings page has been streamlined and reorganized to make it easier to find the settings you want.
- New Airwall Agent user authentication settings
- New settings allow you to automate assigning an Airwall Agent owner: Require owner for Airwall Agent authorization and Auto-assign Airwall agent owner on login.
- Replacing Airwalls
- You now have the option to revoke, or both revoke and delete, a source Airwall Edge Service after replacing. Replaced Airwall Edge Services that are not deleted are named "<old name (Replaced by UID of replacement)>" to make them easier to find.
- Diagnostic Tools on the Standby Conductor
- You can now use diagnostic tools on a Standby Conductor.
- Better CA certificate replacement and removal handling
-
When you replace your CA certificates, any Airwall Gateways with custom certs installed now check their cert against the new CA. If they cannot be verified, the cert is removed so the Airwall Gateway does not lose access to the Conductor. If the CA is removed entirely, all customer certs are also removed.
Learn more –
New and Updated Help
In addition to the content added for new features linked above, here’s the new and updated content published since our last major release:
- Walkthrough - Onboard people to your Airwall secure network with User Authentication
- Configure Port Groups with Airshell
- Set up Conductor high availability
- Managing devices dynamically with Smart Device Groups
- Configuring a Conductor IP, Friendly URL, or Port
- Understand People Roles and Permissions
- Configure Conductor Remote Logging
- Enable DNS lookup for bypass destinations
- Monitor Activity and Connections
- Integrate Third-party Authentication with OpenID Connect
- Airwall Gateway Airshell Console Commands
- airsh - New
conf modelcommand