Release Notes 2.2.8 Hotfix – Airwall Gateway HF-3

Release Date: Oct 19, 2020

This is a hotfix to release v2.2.8 for Airwall Gateways. See Release Notes 2.2.8 for more additions in version 2.2.8. Download HF-3 from Hotfixes. See also Release Notes 2.2.8 Hotfix – Airwall Gateway Hotfix-13955.

2.2.8 Airwall Gateway Hotfix HF-3 includes and replaces Airwall Gateway Hotfixes HF-1 and HF-2. Once installed, it will show all hotfixes (HF-1, HF-2, and HF-3) as installed.


Also install Conductor HF-4, as it fixes some of these issues from the Conductor side. See Release Notes 2.2.8 Hotfix – Conductor HF-4.

What’s New

This hotfix is a replacement for Airwall Gateway HF-2 that fixes a bug in the HA failover logic causing invalid HA state information to be displayed in the Conductor when the failover was triggered by network availability. The hotfix also fixes an issue that could cause excessive device activity event reporting on bypass ports with large device network objects as well as a problem when using device NAT with bridged overlay port groups.

Upgrade Considerations

Upgrade to this 2.2.8 hotfix if you were experiencing any of the following issues:
  • Conductor displaying an Invalid HA state for Airwall Gateways
  • Excessive disk utilization on the Conductor and/or high network traffic between Airwall Gateways configured with a bypass port group and the Conductor
  • Ping devices failures
  • Airwall Gateways needing to reconnect to the Conductor
  • Airwall Gateways failing a policy check on some overlay networks.

Or if you were impacted by any of the other issues fixed in this or earlier hotfixes.


ID Applies to Description
Airwall Gateway HF-3:
DEV-14452 Airwall Gateway Rate-limited device activity events for network objects.
DEV-14451 Airwall Gateway Fixed an HA issue after rebooting an Airwall Gateway
DEV-14449 Airwall Gateway Fixed an issue where the overlay NAT was being applied to traffic between ports in an Overlay port group.
Includes Airwall Gateway HF-2:
DEV-14247 Airwall Gateway Fixed a bug that was introduced in Airwall Gateway Hotfix rollup-1 that could cause traffic to get blocked on Airwall Gateways with multiple overlay port groups.
DEV-14190 Airwall Gateway Fixed an issue that could cause traffic problems in deployments with multiple overlay port groups on the same broadcast domain.
DEV-14162 Airwall Gateway Fixed an issue in Conductor HF-2 that was causing the "Ping devices" feature to fail for devices with plain IP addresses.
DEV-14115 Conductor Fixed an issue that could cause infrequent Conductor service issues resulting in all Airwall Gateways needing to reconnect to the Conductor.
DEV-14067 Conductor, Airwall Gateway Fixed an issue on 2.2.8 Airwall Edge Services that could cause false negatives in the policy check for some overlay network configurations.
DEV-13981 Airwall Gateway Fixed an issue where setting an overlay default gateway prevented creating both the connected (local subnet) and default routes.
DEV-13974 OpenHIP Fixed performance regression on multi-core platforms.
DEV-13926 OpenHIP Fixed a rare packet allocation failure issue on Airwall Gateway-100.
DEV-13903 Airwall Gateway Airwall Gateway-110 models now can use the link failover monitor.
DEV-13843 Airwall Gateway Added firewall connection states to the diagnostic report.
DEV-13275 Airwall Gateway Fixed an issue where a misconfigured local device was corrupting the ARP cache entries for peer Airwall Gateways.

Known Issues

See Release Notes 2.2.8 for known issues.