Release Notes 2.2.13

Release Date: Jul 30, 2021

Update Considerations

Update to v2.2.13 if you want to use Advantech ICR-32xx model routers as Airwall Gateways.

What's New in 2.2.13

Here are the new features and enhancements in this version.

Advantech Airwall Gateway

You can now use an Advantech ICR-32xx model router and install Airwall Gateway AV3200g firmware on it. The Advantech is a rugged form factor that you can install in harsher environments. The Advantech Airwall Gateway firmware supports Ethernet and Cell, as well as Serial port access and Serial over IP. It does not currently support Wifi or the second SIM socket. You must upgrade your Conductor to 2.2.13 to use the Advantech Airwall Gateway. If you're interested in this option, please contact Customer Success at Customer Success.

Learn moreSet up Advantech hardware

Fixes

ID Applies to Description
DEV-15984 Cellular Airwall Gateways Fixed an issue that could block bypass traffic on cellular ports.
DEV-15948 Airwall Gateways Fixed a DNS resolver issue that could cause long delays for Airwall Edge Services trying to reconnect to the Conductor that is configured with a hostname.
DEV-15880 Conductors When you replace an Airwall Gateway, the Conductor now replaces port configurations of different Airwall Gateway models.
DEV-15839 Airwall Gateways Fixed an issue that could impact overlay device connectivity.

Known Issues

ID Applies to Description
DEV-15987 Cellular Airwall Gateways Using the "Check Bandwidth" function on the Secure Tunnels tab may cause the Advantech Airwall Gateway to lose access to its cell modem until a reboot.
DEV-15982 Conductors Traffic stats reporting graphs generally show a smooth curve between data points. Over time the graph can show up with sharper angles. The data is still correct, but this is a known cosmetic issue.
DEV-15808 Google Cloud Airwall Gateways In Google Cloud, use a unique deployment name (vm name) for Airwall Gateways. Airwall Gateways with the same vm name will have the same device serial number and this can result in a failure when you make a license request.
DEV-15791 Airwall Gateways On the Airwall Gateway-100, Port 2 might be inactive after a factory-reset.

Workaround – Manually reboot the Airwall Gateway after a factory-reset.

DEV-15787 OSX Airwall Agents Attempting to create a profile from the Remote Access User portal via the Request to connect to Conductor when a profile with that Conductor already exists will fail.

Workaround -- Use an invite code or enter Conductor information manually.

DEV-15705 Android and iOS Airwall Agents Establishing a tunnel TO a mobile agent (iOS / Android) will fail when there is no Airwall Relay involved.

Workaround – Establish the tunnel FROM the mobile agent.

DEV-15572 Airwall Gateways Not specifying a gateway in DHCP server config causes the Airwall DHCP server to not include the DHCP Router option, so the DHCP client cannot configure a default gateway. Not specifying a gateway is an unusual config, and should only be used when you want to configure a single isolated subnet. For example, a subnet for networked PDUs that should not have any outside connectivity aside from remote access through an Airwall Gateway used in conjunction with SNAT over the overlay port group.
DEV-15489 Windows Airwall Agents and Servers Windows 7 Users will see an extra Windows system popup when the UserAuth prompt appears on screen. This message can be safely ignored or the service can be disabled.
DEV-15357 macOS Airwall Agents If you update the macOS Airwall Agent to a release later than v2.2.11 on macOS Mojave using a Conductor-based update package, it may not report the updated version to the Conductor.

Workaround – Restart the agent or reapply the update.

DEV-15302 macOS Airwall Agents The macOS Airwall Agent profile will not work correctly when restored to a new machine via Timemachine.

Workaround – Create a new profile on the Airwall Agent, and then on the Conductor, replace the old profile with the new one for that agent.

DEV-15219 MAP2-Client, OpenHIP Airwall Gateways are not working on the Bell Mobility (Canada) cellular provider, due to the required use of a http/https proxy.
DEV-15031 Airwall Gateways Remote syslog over TLS doesn't work when using keys stored in TPM.
DEV-14860 Conductors Airwall Gateways on older firmware (pre 2.2.0) may send passively discovered device events to the Conductor even when the feature is off.
DEV-14835 Conductors Airwall Gateway-150 serial numbers look like exponentiated numbers to Excel, so the column displaying the Serial number shows xxxEyyy instead of the full serial number.
DEV-14798 Conductors, Airwall Agents Airwall Gateways with negative policy will still be able to talk to each other via their LSI. The peer will also still show up in the UI.
DEV-14772 macOS Airwall Agents If the macOS Airwall Agent is set to "off on boot" and the computer is rebooted, DNS may not be correctly set at startup.

Workaround – Restart the agent to regain access to DNS. Stop the agent, if desired, to return to the DNS servers as given by DHCP.

DEV-14739 Airwall Gateways If you set IPv4 to DHCPv4 and set a static IP address for IPv6, the setting that you set second doesn't get saved.

Workaround – If you need both IPv4 and IPv6, set static IP addresses for both.

DEV-14736 Cellular Airwall Gateways Cellular details may display as "unavailable" on the first boot after you update an Airwall Gateway. The cellular connections are not affected.

Workaround – Reboot the Airwall Gateway again to correctly display the cellular details.

DEV-14726 Conductor If you're viewing an Android Airwall Gateway Ports tab and the Airwall Agent changes how it's connected to the Conductor (for example, from WiFi to cellular), the display doesn't update correctly.

Workaround – Refresh the page.

DEV-14715 macOS Airwall Agents Big Sur ARM64 Macs are not supported in this release
DEV-14610 Conductor After changing the Reporting traffic stats reporting time, the CPU graph will not display.

Workaround – Refresh your browser page.

DEV-14584 Cellular Airwall Gateways Hot-swapping the SIM on an Airwall Gateway 110 with firmware version 2.2.11 may not work.

Workaround – Reboot the Airwall Gateway after installing a new SIM card.

DEV-14570 Conductors If you set an Airwall Agent owner to a user (LDAP, local, or OIDC) and someone attempts to user authenticate with a different OIDC user, they will not be able to authenticate (which is the correct behavior), but they see a 500 instead of a helpful error message.
DEV-14551 Conductors The Android Airwall Agent lets you press the Edit Settings button on the Ports page; however, submitting any changes to the page results in an error message.
DEV-14426 Conductors, Airwall Gateways Bypass destinations with a hostname do not show device activity in the Conductor.
DEV-14361 Airwall Gateways The Build new tunnels if none exist option doesn't build tunnels to peer Airwall Edge Services with IPv6-only policy. This feature currently depends on having IPv4 policy between peer Airwall Edge Services.
DEV-14308 OpenHIP Initial packets dropped while building a new tunnel to a new peer Airwall Edge Service.
DEV-14249 iOS Airwall Agents Check Secure Tunnels / Tunnel Status may show as unavailable on iOS.

Workaround – You can determine tunnel status by checking packets sent or received.

DEV-14223 Cloud-Google Add an overlay IP to agent to talk to device behind Google Cloud Airwall Gateway 300v.
DEV-14218 Airwall Gateways NAT broadcast applied to traffic between ports within a single port group. Use an external switch if you need to connect multiple devices to a single port group and use the NAT broadcast feature and require IP broadcast un-NATed between those local devices.
DEV-14045 Android and iOS Airwall Agents iOS does not currently support overlay ping. This feature may be implemented in a future release.
DEV-14015 OpenHIP If a relay is also used as a bypass gateway, Airwall Edge Services behind the relay are not able to use that relay.

Workaround – Deploy multiple relays so at least one relay is usable by each pair of Airwall Edge Services that need to communicate.

DEV-13760 Conductors Device export/import does not export or import Bypass Devices.
DEV-13754 Airwall Agents and Servers The Conductor can falsely report that the Airwall Agent is offline in some cases.
DEV-13699 Windows Airwall Agents and Servers The initial ping from the Windows Airwall Agent can be misleading since it currently includes the time to initially set up the connection.

Workaround – Ping a second time to see actual ping time.

DEV-13650 Conductors SoIP device activity is not being reported on an Airwall Gateway Local Devices tab.
DEV-13640 Conductors Airwall Relay diagnostics doesn't work on a Standby Conductor.
DEV-13633 Conductors A standby Conductor shows available firmware downloads, but cannot be downloaded.

Workaround – Download firmware from the active Conductor.

DEV-13620 Conductors In Airwall > Ports > Failover settings, the failover ping occurs only every "ping rate" + "ping timeout" seconds, somewhat unexpectedly.
DEV-13607 Conductors, Airwall Gateways Creating a link failover group (Airwall > Ports > Failover settings) does not apply the settings to any port groups. This is easy to miss since you have to set the failover group on the ports page.
DEV-13588 Conductors Opening the Conductor on Internet Explorer 11 can be very slow for medium to large deployments.

Workaround – Use the latest version of Chrome, Firefox, or Edge instead.

DEV-13544 Linux Airwall Servers If no relay is configured, checking Relay probe information on the Linux Airwall Server returns an error.
DEV-13536 Windows Airwall Agents and Servers Uninstalling the Windows Airwall Agent does not remove the tun-tap driver.

Workaround – Delete the driver from C:\Windows\System32\drivers\tnw-tap.sys.

DEV-13531 Cloud Automating creating Cloud HA Conductors only works with same cloud provider used for both active and standby. For example, having both your HA Active and HA Standby Conductors in AWS.

Workaround -- You can manually set up different cloud providers as HA pair Conductors.

DEV-13474 Airwall Gateways Configuring multiple overlay port groups with the same overlay IP subnet (same or different IP addresses) and then creating a local device equal to the entire subnet with port affinity set may not lead to the expected result.
DEV-13331 Cloud-Alibaba Alibaba Cloud Conductor system time is incorrect.
Workaround – Change the Conductor system time to browser time:
  1. In Conductor Settings, under System time, select Edit settings.
  2. Select Set browser time, and then select Update.
DEV-13195 Conductors, Airwall Gateways When you upgrade a Cellular Airwall Gateway-150 from 2.2.3 to 2.2.5, the cellular details all become unavailable.

Workaround – Reboot and the details return.

DEV-13194 Conductors Check Connectivity / Ping Local Devices on an Airwall Gateway will fail in Internet Explorer 11 if one of the devices is defined as a CIDR.

Workaround – use one of the latest versions of Chrome, Firefox, Safari or Edge.

DEV-12852 Windows Airwall Agents and Servers Windows by default doesn't allow multiple 'active' interfaces. It prefers ethernet over cellular whenever possible.
Workaround – Set Windows to keep multiple interfaces open by editing the fMinimizeConnections registry value:
  1. Hold the Windows key and press R.
  2. In the Run dialog, type regedit and click OK.
  3. Navigate to the following path in Registry Editor: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WcmSvc\
  4. See if the GroupPolicy subkey exists. If not with, WcmSvc highlighted, right-click on WcmSvc and select New > Key, and name it GroupPolicy.
  5. Right-click GroupPolicy and select New > DWORD(32-bit) > Create value.
  6. Name the value fMinimizeConnections, and select OK.
  7. Set the value to 0 (false).
  8. Save, reboot, and test.
DEV-11710 macOS Airwall Agents If you change the LSI prefix on the Conductor, the macOS Airwall Agent doesn't update the routes correctly.

Workaround – Close and reopen the macOS Airwall Agent.

DEV-10590 Cloud The Conductor does not display an error when adding a route that would exceed the maximum number of allowed routes in the cloud provider.
DEV-10039 Airwall Gateways An Airwall Gateway-150 can show a "Could not detect attached switch" message intermittently.
DEV-9546 Airwall Gateways, Airwall Gateway-150 The Airwall Gateway-150 serial connection has an intermittent issue when large amounts of data are sent over the console.
DEV-9429 Windows Airwall Agents and Servers Updating the Overlay Device IP address for a Windows Airwall Server in the Conductor doesn't update the first time.

Workaround – Open and update the address a second time.