Release Notes v3.5.2

Release Date: October, 2024

Summary

This version of the Airwall solution includes several bug fixes and brings Airwall Gateways in line with the Conductor 3.5.x code, see Release Notes v3.5.1. This version is the last release before Airwall 4.0.x. To download the firmware, see 3.5.2 firmware and sofware.

New features and enhancements

Airwall Gateway 175 Series

The Airwall Gateway 175 Series is a five-port gateway that replaces the Airwall Gateway 150 in the upcoming 4.0.x release. The Airwall Gateway 175 includes PoE, along with optional cellular and Wi-Fi. Refer to the Airwall Gateway 175 Series Datasheet and Airwall Gateway 175 Series Installation Guide.

Not supported

AuthO actions

Auth0 is replacing rules with actions. If you currently use Auth0 rules to access Airwall, you must replace these with actions before November 18, 2024. To complete this process, see the updated steps in Integrate Third-party Authentication with OpenID Connect.

Intrusion Prevention

Intrusion prevention is deprecated for Airwalls v3.5.1 and greater.

TPM

Airwall firmware no longer supports TPM.

Fixes

ID Applies to Description
AWDEV-2566 Airwall Conductor Fixed an issue where device activity is not sent as frequently as expected for some overlay network flows.
AWDEV-2523 Airwall Gateway Fixed an issue that can cause WSS connections to fall into a bad state when the WSS cert is updated.
AWDEV-2530 Airwall Conductor Fixed an issue where the Airwall relay websocket tool failed to return information after a timeout by adding details about the mode of failure.
AWDEV-2515 Airwall Conductor Fixed an issue where users receive an error during Airwall ports configuration for cloud Airwalls with a single port. This legacy restriction is no longer valid.
AWDEV-2499 Airwall Gateway Fixed an issue where HA pair error continues to be displayed even after the issue has been resolved.
AWDEV-2460 Airwall Conductor Fixed an issue where you could not move directly between overlay networks on the quick navigation bar.
AWDEV-2456 Airwall Conductor Fixed an issue where Airwalls that have been provisioned using a HIP identity could not be HA paired.
AWDEV-2445 Airwall Conductor Fixed an issue where Windows Airwall agents incorrectly reported that they could not open a HIP tunnel to connectivity checker.
AWDEV-2431 Airwall Conductor Fixed an issue where updating a people group removes authentication tags from the configuration.
AWDEV-2423 Airwall Conductor Fixed an issue where the IPs of agile devices are not correctly updated in the Conductor when the IP of a container on an Airwall changes.
AWDEV-2386 Airwall Fixed an issue where LDAP configurations that were working in 3.4.x were broken after upgrading to 3.5.1. For hotfix, see Release Notes v3.5.1 Hotfix – Conductor HF-AWDEV-2386.
AWDEV-2347 Airwall Gateway Fixed an issue where the Airwall replace details can be submitted twice in short succession causing the replaced Airwall to receive the incorrect configuration.
AWDEV-2337 Airwall Agent Fixed an issue where, when replacing Airwall Agents, the replaced Airwall is missing some underlying configuration and cannot form tunnels.
AWDEV-2301 Airwall Gateway Fixed an issue where Airwalls can appear to use a bypass gateway that has been revoked.
AWDEV-2267 Airwall Gateway Fixed an issue where an Airwall would never submit a new provisioning request to Conductor B if it already sent an unaccepted request to Conductor A.
AWDEV-2139 Airwall Conductor Fixed an issue where clicking a link to extend your session fails to extend your session.
AWDEV-2089 Airwall Conductor Fixed an issue where the database downloaded filename did not match the display filename.

Known Issues

ID Applies to Description
AWDEV-382 Airwall Gateway DHCP Passthrough breaks in certain configurations.

Workaround - Remove DHCP configuration from the disabled Overlay port groups.

AWDEV-381 Airwall Cloud AWS AWS Airwall Deployment requires Internet Gateway.

Workaround - Deploy with a temporary internet gateway, and then modify settings in AWS to use the transit gateway once deployed.

AWDEV-252 Airwall Agent Cannot clear incorrect login from OIDC user auth browser.
DEV-17263 Airwall Conductor

In v3.1.0, if you fix a conflict in a smart device group by changing the IP of one of the conflicted devices, sometimes the change in IP does not result in the device being removed from the group and the change is not propagated to the Airwall Gateway.

Workaround – Fully remove the device from the smart device group and then add it back again.

DEV-16431 Airwall Conductor When specifying a port mirror destination IP address, ensure that it doesn't conflict with any of the Airwall Gateway's local device IPs
DEV-16397 Airwall Conductor If you change the LSI prefix and have port mirroring configured, you need to either reboot the Conductor, or go to Settings > Diagnostics and select Restart metadata cache to update the LSI prefix.
DEV-16068 Amazon Web Services Conductor To enable enhanced networking for a cloud Amazon Web Services Airwall Gateway or Conductor, use the custom images instead of the marketplace image.
DEV-15808 Google Cloud Airwall Gateways Google Cloud Airwall Gateways with the same VM name have the same device serial number, which can result in a failure when you make a license request in the Conductor.

Workaround – In Google Cloud, use unique deployment names (VM names) for Airwall Gateways.

DEV-14551 Conductor The Android Airwall Agent lets you press the Edit Settings button on the Ports page; however, submitting any changes to the page results in an error message.
DEV-14015 OpenHIP If an Airwall Relay is also used as a bypass gateway, Airwall Edge Services behind the relay are not able to use that relay.

Workaround – Deploy multiple relays so at least one relay is usable by each pair of Airwall Edge Services that need to communicate.

DEV-13650 Conductor SoIP device activity is not being reported on an Airwall Gateway Local Devices tab.
DEV-13195 Conductor, Airwall Gateways When you upgrade a Cellular Airwall Gateway-150 from 2.2.3 to 2.2.5, the cellular details all become "Unavailable."

Workaround – Reboot and the details return.