Release Notes 1.12.1

Important: A HIPswitch running 1.11 can only be updated to 1.12 with a Conductor running 1.12. Update your Conductor before updating your HIPswitches from 1.11.

Conductor Enhancements


ID	Feature	Description
Various	Reporting	You can now view reporting data on the HIPswitch Reporting tab, such as traffic statistics, graphs of system resources, and shared/overlay throughput. You can also select Health Data > Edit settings to enable/disable reporting and set the reporting interval.
Various	Dashboard	The Conductor UI Dashboard has been updated to display the inventory and status of HIP Services in operation, which models are deployed, and which release versions are running. Also you can pin frequently used items from a list in the upper-right of the Dashboard and from the arrow tab located in the upper-right of other pages in the Conductor UI.
Various	Visualization	You can now view a network display diagram of relationships between all connected and protected assets by selecting your overlay on the Overlays page and clicking the Visualization tab.
DEV-857	HIPswitches - 100g and 200g	The cellular configuration for 100g and 200g HIPswitches now displays in the HIPswitch > Ports > underlay > Cellular configuration section of the page.
DEV-2401	Conductor - IFMAP	The Conductor IFMAP service now scales to 500+ simultaneous client connections.
DEV-2422	Conductor UI	You can now configure a HIPswitch underlay interface from the Conductor by selecting HIPswitch > Ports > underlay > Edit settings.
DEV-2426	Conductor	The Conductor now allows you to run ping and traceroute commands to arbitrary destinations from a HIPswitch.
DEV-2873	User Interface	HIPswitches and HIPapps are referred to collectively as HIP Services in the Conductor UI.
DEV-2922	Conductor UI	You can now check the online status of a HIPservice group by clicking the drop-down to the right of the group on the HIP Services > HIPservice groups tab of the Conductor UI and selecting Check online. Additionally, you can select multiple HIP Services from HIP Services tab and click Check online to check the online status of all selected HIP Services.
DEV-3023	Conductor port configuration	You may now change the mode of a HIPservice port assignment from the Conductor user interface or from diagnostic mode. Available modes are shared, device, HA (if supported), and disabled.
DEV-3029	Conductor	The HIPswitch gateway for local devices was renamed to Overlay IP to distinguish it from the gateway configuration on the underlay interface. Additionally, you no longer need to enter a network address.
DEV-3313	Conductor UI	You can now delete revoked HIP Services from the database.
DEV-3338	Conductor	You can no longer add a device with the same IP as the HIPswitch's IP in the underlay. If a HIPswitch is in this state, you will be required to fix the problem before adding or modifying devices on that HIPswitch.

HIP Services Enhancements


ID	Feature	Description
DEV-1406	Provisioning	You can now provision virtual HIPswitches and HIPapps remotely using a Tempered Networks voucher code.
DEV-1658	HIPapp	HIPapp client for Windows is now available for Windows 7 and Windows 10.
DEV-1870	HIPswitch 300v - port configuration	The new HIPswitch 300v has 2 ports by default, underlay and device network. Virtual ports may be added using your hypervisor settings. A new port will be detected and configured as a device port. The port mode may then be changed from the Conductor.
DEV-1940	Firmware updates	Starting with 1.12, HIPswitches will use a common firmware update file that applies to all HIPswitches with the same architecture.
DEV-1988	HIP Services	Logged events now include additional information, such as power/reboot events, firmware upgrades, and login attempts.
DEV-2163	HIPswitch	You can now reload the Conductor-provided HIPswitch configuration from the diagnostic user interface by selecting Actions > Re-fetch configuration.
DEV-2306	HIPapp	The HIPapp Windows installer will open the Windows firewall for hip.exe to communicate to other HIP Services and the Conductor.
DEV-2423	HIPservice configuration	When configuring the Conductor URL in diagnostic mode, the user interface now gives immediate feedback indicating if the Conductor can be reached using the provided URL.
DEV-2424	HIPservice	You can now check if peer HIP Services and local devices are reachable from a HIPservice by selecting HIPswitch > Diagnostics > Check connectivity > Ping peer HIP Services.
DEV-2427	HIPservice	You can now check the status of secure tunnels and available bandwidth on a HIPservice by selecting HIPswitch > Diagnostics > Check secure tunnels.
DEV-2428	HIP Services - packet capture	You can now set additional options when using the packet capture feature to select the capture interface and specify packet filters for IP addresses, protocol, and ports.
DEV-2523	HIPswitch	It is now possible to factory-reset a HIPswitch when in diagnostic mode by selecting Actions > Factory-reset.
DEV-2850	HIP Services	HIP Services can now use AES-GCM ciphers.
DEV-2671	HIPapp	The HIPapp Windows service is configured to start automatically when Windows starts. The HIPapp Windows System Tray application is configured to start on user login.
DEV-2684	HIPapp	You can find the HIPapp logs and configuration file in the HIPapp installation directory: Log: hipapp.log Configuration: endbox.conf
DEV-2685	HIPapp	The HIPapp supports the 32-bit and 64-bit versions of Windows 7 SP1+ and Windows 10+.
DEV-2833	Conductor	All timestamps in the Conductor now display in your local timezone and not UTC.
DEV-2883	Conductor	Conductor now correctly resets all HIPswitch-provided status data after reboot.
DEV-2878	Conductor UI	Inactive users will time-out of the Conductor UI if no activity occurs within 30 minutes. A message is now displayed allowing you to remain logged in to the Conductor UI.
DEV-2895	HIPapp	Windows HIPapp uses OpenSSL 1.0.2g.
DEV-2914 DEV-619	HIP Services - packet capture	The packet capture feature now allows limiting the capture by file size as well as capture time and allows limiting the bandwidth used for uploading the capture file to the Conductor.
DEV-2962	HIP Services	The general settings on the HIPswitch properties page allows users to toggle autoconnect settings. Checking this causes the HIPswitch to build tunnels to remote peer HIPswitches even if no local device traffic exists. This should always be enabled for any HIPswitches behind a NAT or firewall.
DEV-3123	HIPapp	In the event the Windows HIPapp (HIP.exe) crashes, you can locate the crash dump file at %LOCALAPPDATA%\CrashDumps.
DEV-3294	HIPapp	A HIPapp will set the default interface with a default IPv4 gateway. If no default gateway is found, it sets the first interface with an IPv4 address. You can set the master interface in the Windows System Tray by selecting Configure > Master Interface drop-down.

Fixes


ID	Function	Resolution
DEV-1276	HIPswitch 100v	The HIPswitch 100v is limited to one protected device.
DEV-2096	Conductor	On the Conductor diagnostic page, a menu item on the Configuration menu displays in an invalid item titled Conductor MAP URL. It has been removed.
DEV-2146	HIPswitch cellular setup	A HIPswitch 100g or HIPswitch 200g previously required up to 5 minutes to connect to the cellular network. This has been reduced to 2-3 minutes.
DEV-2280	HIPswitch firmware update	A second-generation HIPswitch 100e/g running v1.11.0 or v1.11.1 can now update firmware in diagnostic mode.
DEV-2637	Kernel	The Linux kernel has been updated for CVE-2016-0728.
DEV-2706		When enabling auto-discovery on a HIPswitch while DHCP server is enabled, the HIPswitch no longer reports the network IP address as a device.
DEV-2774	Conductor	Fixed a bug in the Conductor that could cause excessive disk consumption if the Conductor was running in high availability mode.
DEV-2794	HIP Services	Fixed heartbeat starvation and route management problems on HIPswitches that are part of deployments with a large number of devices. The issue could cause HIPswitch high availability failures and lead to a complete loss of overlay network connectivity.
DEV-2798	HIP Services	Fixed an issue that could cause HIPswitches to lose their overlay network configuration after disabling and then re-enabling the network.
DEV-2805	HIPswitch 400-202 LCD	The LCD panel previously allowed you to perform actions without confirmation. You must now select an additional confirmation to proceed with the following: Enter diagnostic mode Restart the HIPswitch Shutdown the HIPswitch Erase all settings (factory reset)
DEV-2906	HIPswitch 400-series panel	When the 400-series HIPswitch is starting, the status messages were confusing. Additional messaging has been added.
DEV-3232 DEV-3229 DEV-2825 DEV-2703 DEV-2497	OpenSSL	All products were updated with the latest OpenSSL Security Advisory fixes: December 4, 2015: https://www.openssl.org/news/secadv/20151203.txt January 28, 2016: https://www.openssl.org/news/secadv/20160128.txt March 1, 2016: https://www.openssl.org/news/secadv/20160301.txt May 3, 2016: https://www.openssl.org/news/secadv/20160503.txt

Known Issues


ID	Function	Description
DEV-1994	Serial over IP configuration	When modifying an existing Serial over IP configuration, you must reboot the HIPswitch to apply the new configuration settings.
DEV-2022	HIPswitch Conductor High Availability configuration	After configuration setup completes on two HIPswitch Conductors in a High Availability pair, the Conductor user interface may not return to the Dashboard. Refresh your browser to return to the Dashboard.
DEV-2224	HIPswitch HA configuration	Prior to configuring a HIPswitch High Availability pair, the secondary HIPswitch may auto-discover the primary HIPswitch's gateway IP as a device. Workaround: Once the HA pair is configured, log in to the secondary HIPswitch, go to the Devices tab, and delete the erroneous device with the primary HIPswitch’s gateway IP.
DEV-2417	Password reset	The password reset email link defaults to the first web enabled interface, and will be successful only if an administrator configures the first interface with a publicly facing default route.
DEV-2719	Conductor UI	The Connection Lost message is not dismissed automatically when connection is restored. If you dismiss the message it will show up on subsequent pages unless connectivity is restored.
DEV-3304	Conductor - UI	Users may have to refresh the browser page if devices do not appear on the Local Devices tab of a HIPswitch. Workaround: Refresh your browser.
DEV-3314	HIPswitch	100-series HIPswitches do not support VLAN-tagged traffic.
DEV-3342	Conductor	When configuring a HIPswitch, the firewall settings page may become unresponsive. Workaround: Refresh the browser and try the operation again.
DEV-3386	HIPswitch 101e	Do not put one-armed HIPswitches into transparent mode. ARP storms will result.
DEV-3454	HIPswitch downgrade	If you downgrade to 1.11.3 from 1.12 on a HIPswitch with custom port assignments, they are not preserved. Shared and overlay settings revert to the 1.11.3 firmware defaults, however your /etc/config/network configuration file does not. Workaround: Perform a factory reset on the downgraded HIPswitch to reset the default network configuration.