Release Notes v3.5.2
Release Date: October, 2024
Summary
This version of the Airwall solution includes several bug fixes and brings Airwall Gateways in line with the Conductor 3.5.x code, see Release Notes v3.5.1. This version is the last release before Airwall 4.0.x. To download the firmware, see 3.5.2 firmware and software.
New features and enhancements
Airwall Gateway 175 Series
The Airwall Gateway 175 Series is a five-port gateway that replaces the Airwall Gateway 150 in the upcoming 4.0.x release. The Airwall Gateway 175 includes PoE, along with optional cellular and Wi-Fi. Refer to the Airwall Gateway 175 Series Datasheet and Airwall Gateway 175 Series Installation Guide.
Not supported
Auth0 actionsAuth0 is replacing rules with actions. If you currently use Auth0 rules to access Airwall, you must replace these with actions before November 18, 2024. To complete this process, see the updated steps in Integrate Third-party Authentication with OpenID Connect.
Intrusion PreventionIntrusion prevention is deprecated for Airwalls v3.5.1 and greater.
TPM
Airwall firmware no longer supports TPM.Fixes
| ID | Applies to | Description |
|---|---|---|
| AWDEV-2566 | Airwall Conductor | Fixed an issue where device activity is not sent as frequently as expected for some overlay network flows. |
| AWDEV-2523 | Airwall Gateway | Fixed an issue that can cause WSS connections to fall into a bad state when the WSS cert is updated. |
| AWDEV-2530 | Airwall Conductor | Fixed an issue where the Airwall relay websocket tool failed to return information after a timeout by adding details about the mode of failure. |
| AWDEV-2515 | Airwall Conductor | Fixed an issue where users receive an error during Airwall ports configuration for cloud Airwalls with a single port. This legacy restriction is no longer valid. |
| AWDEV-2499 | Airwall Gateway | Fixed an issue where HA pair error continues to be displayed even after the issue has been resolved. |
| AWDEV-2460 | Airwall Conductor | Fixed an issue where you could not move directly between overlay networks on the quick navigation bar. |
| AWDEV-2456 | Airwall Conductor | Fixed an issue where Airwalls that have been provisioned using a HIP identity could not be HA paired. |
| AWDEV-2445 | Airwall Conductor | Fixed an issue where Windows Airwall agents incorrectly reported that they could not open a HIP tunnel to connectivity checker. |
| AWDEV-2431 | Airwall Conductor | Fixed an issue where updating a people group removes authentication tags from the configuration. |
| AWDEV-2423 | Airwall Conductor | Fixed an issue where the IPs of agile devices are not correctly updated in the Conductor when the IP of a container on an Airwall changes. |
| AWDEV-2386 | Airwall | Fixed an issue where LDAP configurations that were working in 3.4.x were broken after upgrading to 3.5.1. For hotfix, see Release Notes v3.5.1 Hotfix – Conductor HF-AWDEV-2386. |
| AWDEV-2347 | Airwall Gateway | Fixed an issue where the Airwall replace details can be submitted twice in short succession causing the replaced Airwall to receive the incorrect configuration. |
| AWDEV-2337 | Airwall Agent | Fixed an issue where, when replacing Airwall Agents, the replaced Airwall is missing some underlying configuration and cannot form tunnels. |
| AWDEV-2301 | Airwall Gateway | Fixed an issue where Airwalls can appear to use a bypass gateway that has been revoked. |
| AWDEV-2267 | Airwall Gateway | Fixed an issue where an Airwall would never submit a new provisioning request to Conductor B if it already sent an unaccepted request to Conductor A. |
| AWDEV-2139 | Airwall Conductor | Fixed an issue where clicking a link to extend your session fails to extend your session. |
| AWDEV-2089 | Airwall Conductor | Fixed an issue where the database downloaded filename did not match the display filename. |
Known Issues
| ID | Applies to | Description |
|---|---|---|
| AWDEV-2304 | Airwall Gateway | A factory reset Airwall Gateway can reconnect to its Conductor
after its Conductor setting is cleared. Workaround - If desired, set a new Conductor, then revoke and delete from the old Conductor as usual. |
| AWDEV-382 | Airwall Gateway | DHCP Passthrough breaks in certain
configurations. Workaround - Remove DHCP configuration from the disabled Overlay port groups. |
| AWDEV-381 | Airwall Cloud AWS | AWS Airwall Deployment requires Internet Gateway.
Workaround - Deploy with a temporary internet gateway, and then modify settings in AWS to use the transit gateway once deployed. |
| AWDEV-252 | Airwall Agent | Cannot clear incorrect login from OIDC user auth browser. |
| DEV-17263 | Airwall Conductor |
In v3.1.0, if you fix a conflict in a smart device group by changing the IP of one of the conflicted devices, sometimes the change in IP does not result in the device being removed from the group and the change is not propagated to the Airwall Gateway. Workaround – Fully remove the device from the smart device group and then add it back again. |
| DEV-16431 | Airwall Conductor | When specifying a port mirror destination IP address, ensure that it doesn't conflict with any of the Airwall Gateway's local device IPs |
| DEV-16397 | Airwall Conductor | If you change the LSI prefix and have port mirroring configured, you need to either reboot the Conductor, or go to and select Restart metadata cache to update the LSI prefix. |
| DEV-16068 | Amazon Web Services Conductor | To enable enhanced networking for a cloud Amazon Web Services Airwall Gateway or Conductor, use the custom images instead of the marketplace image. |
| DEV-15808 | Google Cloud Airwall Gateways | Google Cloud Airwall Gateways with the same VM name have the same device serial number, which
can result in a failure when you make a license request in the Conductor. Workaround – In Google Cloud, use unique deployment names (VM names) for Airwall Gateways. |
| DEV-14551 | Conductor | The Android Airwall Agent lets you press the Edit Settings button on the Ports page; however, submitting any changes to the page results in an error message. |
| DEV-14015 | OpenHIP | If an Airwall Relay is also used as a bypass gateway, Airwall Edge Services behind the relay are not able to use that relay.
Workaround – Deploy multiple relays so at least one relay is usable by each pair of Airwall Edge Services that need to communicate. |
| DEV-13650 | Conductor | SoIP device activity is not being reported on an Airwall Gateway Local Devices tab. |
| DEV-13195 | Conductor, Airwall Gateways | When you upgrade a Cellular Airwall Gateway-150 from 2.2.3 to 2.2.5, the cellular details all become
"Unavailable." Workaround – Reboot and the details return. |