What's New in 3.0.0

This version of the Airwall Solution includes several usability and functionality improvements that can simplify and streamline the setup and administration of an Airwall secure network.

Add Trust Policy using Drag-and-drop

You can now add and remove trust between devices on an overlay visually, or through context menus on a graph. Changes to trust on the graph are reflected on the Devices tab.

Learn more Add and remove device trust

Backhaul Bypass

You can designate an Airwall Gateway as a bypass egress and then point other Airwall Gateways at it so they can reach bypass destinations through the designated bypass egress Airwall Gateway.

Learn more Backhaul Bypass

Bulk Editing of People and People Groups

You can add many local users to the Conductor at one time by importing them in bulk. You export a .csv file as a template or with current users, and then import to add people to the Conductor in one step.

Learn more

Customized Permissions for System and Network Administrators

You can fine tune permissions for system and network administrators, giving you finer control over permissions on your network.

Learn more Customize Permissions for System and Network Administrators

Streamlined Conductor View for Network Administrators

One of the custom permissions you can set for Network administrators provides them with a streamlined view that can simplify their workflow. Network administrators using the streamlined view can manage their overlays, and the devices, Device groups, and Airwall Edge Services in them.

Learn more Set a Streamlined View for a Network Administrator


You can now run reports on different types of network activity on your Airwall secure network, including:

  • Onboarding and offboarding of Airwall Edge Services or people
  • Status of Airwall Edge Services or devices
  • Conductor local or remote access

Learn more Run Network Activity Reports

Monitors and Alerts

This version includes the following additions:

  • CPU Frequency – The Airwall health data monitors can now monitor CPU frequency.
  • Details for Intrusion prevention – Intrusion prevention alerts now indicate which devices are the source or destination of the alert where possible.

Conductor Customization

You can customize the Conductor login screen and emails sent from the Conductor for your business. Here's what you can customize:

  • Conductor login screen – Add your company logo, and change the background colors and favicon.
  • Conductor emails – Add your company logo and change the text color. You can also customize the subject line and add a note from the administrator when sending Airwall Invitations.

Learn more

Disconnected Mode

Reduce the traffic from Airwall Agents and Servers connecting to your Conductor by setting up Disconnected mode. In Disconnected mode, Airwall Agents and Servers connect to your Conductor at intervals – between 10 minutes and 12 hours (720 minutes) – to get updates when people are not actively using the connection.

By reducing the traffic on your Conductor, Disconnected mode allows you to improve performance and scalability of your Airwall secure network. In v3.0, Disconnected mode is supported by the v3.0 Android, Linux, and macOS Airwall Agents and Servers.

Learn more

Airwall Invitations

This version includes several enhancements to Airwall Invitations:

  • When you're creating People groups with user onboarding enabled, you now have the option to send email to users when they get an activation code in the system. The email provides instructions on how to download an Airwall Agent and connect it to the Conductor.
  • The email sent with Airwall Invitations has more options for customization. See Conductor Customization above.
  • Airwall Invitations can now be used to give activation codes to existing users in addition to sending them to an email address or bulk downloading them. See the Airwalls > New Airwall invitations.
  • The naming schema for Airwall Invitations can now include the hostname of the connecting Airwall Edge Service.
  • You can now include the hostname of the connecting Airwall Edge Service when naming devices connecting using Airwall Invitations.

Learn more Walkthrough - Onboard people to your Airwall secure network with User Authentication

Linux Airwall Server

This version includes these additions to the Linux Airwall Server:

  • DockerHub deployment – The Linux Airwall Server can now be deployed in a container from DockerHub using Ubuntu18 and CentOS8. For additional example Dockerfiles, contact Customer Success at Customer Success.
  • Supports Airshell – The Linux Airwall Server now has the Airshell command-line utility. To start it, type sudo airsh (root user) or sudo airwall -s
  • Ping from port groups – The ping function can now ping from the underlay or overlay port groups.
  • Firmware updates – The Linux Airwall Server can now be updated from the Conductor.

Learn more

Conductor Tutorials and Help

The Conductor now contains several tutorials to help you set up and configure a new Conductor, as well as use and understand different features in the Conductor. You can also directly access Airwall help from the Conductor:

Accessing tutorials and help from the Conductor

Learn more

Licensing Updates

In v3.0, the following licenses have been changed:

  • The Airwall Gateway 100V is no longer available
  • You no longer need a separate license for port mirroring

Manage failover between underlay port groups

The Link Manager that Conductor uses to manage port failover groups has been improved. The following has been updated:

  • You can now set port group link auto-repair globally per Airwall Gateway.
  • You can now manage underlay links independently by traffic type.
  • When you set up link failover groups, you can now require all pings to be successful if multiple ping destinations are assigned.

Learn moreManage Failover between Underlay Port Groups

API Updates

The following updates and improvements have been made to the API:

  • Pagination is turned on by default in 3.0 for all index endpoints, which may affect existing scripts. Enabling pagination helps scale Conductor capacity. If you need to preserve existing behavior, add a query parameter for pagination=false to any index API endpoints you are using.
  • The API for Airwall Invitations now includes new invitation methods: email invites, download multiple activation codes, apply an invite to an existing person, or download a reusable invitation. The documentation has also been updated.
  • People reference now includes person_group_ids and overlay_network_ids.
  • Person groups reference now includes user onboarding configuration information.

Terraform Deployment Support

This version contains Terraform deployment support for Conductors, Airwall Gateways, and Linux Airwall Servers for all supported Cloud Providers. For example plans, please contact Customer Success at Customer Success.

New and Improved Conductor Features

The Dashboard now includes a Provisioning tab where you can see and manage all provisioning requests.
There is now infinite scrolling for lists on most pages, and streamlined inline editing, including direct editing of names and tags at the top on most pages.
Devices page
This page has been simplified, and provides more details on device conflicts to help you troubleshoot.
People page
Administrators can now view the Airwalls owned by a person from the person details page.
The Conductor Settings page has been streamlined and reorganized to make it easier to find the settings you want.
New Airwall Agent user authentication settings
New settings allow you to automate assigning an Airwall Agent owner: Require owner for Airwall Agent authorization and Auto-assign Airwall agent owner on login.
Replacing Airwalls
You now have the option to revoke, or both revoke and delete, a source Airwall Edge Service after replacing. Replaced Airwall Edge Services that are not deleted are named "<old name (Replaced by UID of replacement)>" to make them easier to find.
Diagnostic Tools on the Standby Conductor
You can now use diagnostic tools on a Standby Conductor.
Better CA certificate replacement and removal handling

When you replace your CA certificates, any Airwall Gateways with custom certs installed now check their cert against the new CA. If they cannot be verified, the cert is removed so the Airwall Gateway does not lose access to the Conductor. If the CA is removed entirely, all customer certs are also removed.

Learn more

New and Updated Help

In addition to the content added for new features linked above, here’s the new and updated content published since our last major release: