Release Notes 2.1.3
Release Date: May 24, 2018
What's New
New in this release:
- The HIPswitch 75 Series
- The HIPswitch 75, released with 2.1.3, is designed for medical devices, point of sale systems, and others like building automation controls. It securely connects and protects those endpoints across all networks with little to no change to existing infrastructure. The HIPswitch 75 plug and play design makes universal connectivity and segmentation simple, fast, and cost-effective.
- HIPserver for Linux
- With this release, the HIPclient is now available for Linux. Your Linux devices now can natively connect to your IDN overlay, giving them a trusted and verifiable connection wherever you are. Multiple profiles allow you to easily switch between different IDN overlays as needed.
- New platform support for Microsoft Azure and Google Cloud
- You can now create, manage, and retire Microsoft Azure and Google Cloud HIP Services directly from the Conductor UI.
- Support for offline Conductor licensing
- We have added support to allow Conductors without access to the public Internet to complete voucher and provisioning requests with our licensing and provisioning server. You can export a sync package, send it to Tempered Networks Support, and import a file containing your licenses back in to your Conductor from a drop-down on the tab.
- New API token system and improved token management
- We have updated the API to make tokens more secure. All API requests now
require two headers:
- X-API-Client-ID is unique by user and can be found on your user preferences page
- X-API-Token is generated from your user preferences page. This token is secret, so if you lose it, you must generate a new one. Whenever you refresh your token, all previous tokens will be expired.
The client ID and a refreshed secret token may also be acquired via the API using basic authorization at/api/v1/token/generate. Please refer to the API documentation for details.
Note: The X-Person-Email and X-Person-Token headers are deprecated and no longer function. - New network creation wizard
- New in this release is the ability to quickly create a hub-and-spoke or full mesh network using a simple, wizard-driven UI.
Upgrade Considerations
The 2.1.3 release includes all hotfixes from prior releases and addresses all known
support cases at the time of release.
Note: You can now upgrade a HIPswitch directly
to 2.1.3 from either 1.12.6 or 2.0.x. If you are running an earlier version of
1.12.x, we recommend you upgrade to 1.12.6 before upgrading to 2.1.3. When
upgrading a Conductor, we recommend you upgrade to the latest stable 2.0.x first
before upgrading to 2.1.3.
| We recommend you upgrade to 2.1.3 if: | |
|---|---|
|
You want to take advantage of performance and stability increases in 2.1, especially for any of the following features:
|
You were impacted by any issues discovered in prior releases, especially if you have any of the following:
|
Extensive testing was conducted both in-house and with selected development partners, in lab and in production environments to ensure that performance is equivalent to 2.1.2. Additionally, 2.1.3 should be more stable than all prior releases.
Enhancements
| Component | Description |
|---|---|
| Conductor | You can now run the Conductor without opening port 443 for HIPswitch communications. |
| High Availability | We have made performance improvements to Conductor and HIPswitch failover. Additionally, we added a progress bar during database synchronization. |
| HIPswitch 250e | The HIPswitch 250e now supports high-availability mode. |
| HIP Services | HIPswitches now support the option of setting a default route on the overlay network. This can be set on a per HIPswitch basis under the section. |
| HIP Services | It is now possible to perform bulk operations on HIP Services in
the Conductor UI, such as:
|
| HIPclient, Windows | We added additional diagnostic information in the support bundle to properly troubleshoot the HIPclient. |
| HIPclient, Windows | The Windows HIPclient was updated to take advantage of the latest
security patches.
|
Fixes
| ID | Component | Description |
|---|---|---|
| DEV-8172 | HIPswitch, Cellular | Fixed an issue where a HIPswitch 100g Verizon static IP SIM could not aquire its cellular address. |
| DEV-8144 | HIPswitch 100g | Fixed an issue where a HIPswitch 100g modem would not correctly restart if link manager monitors failed. |
| DEV-8042 | HIPswitch 250 | Fixed an issue with the HIPswitch 250 cellular modem interface where the modem would sometimes fail to connect to the cellular network. |
| DEV-8017 | Conductor | Fixed an issue where the Local Devices page for a HIPswitch would not display correctly after updating the properties, requiring a page refresh. |
| DEV-7990 | HIPswitch | Fixed an issue that, would cause a HIPswitch to lose connectivity to local devices after rebooting. |
| DEV-7935 | Conductor | Network Administrators are now able to create smart device groups. |
| DEV-7918 | Conductor | Fixed an issue with smart device groups where negating rules that apply to CIDR/Overlay device networks returned zero device matches. |
| DEV-7894 | HIPclient, Windows | Fixed an issue where the Windows HIPclient health data was not consistently sent to the Conductor. |
| DEV-7845 | HIPclient, macOS | Fixed an issue where a macOS HIPclient would attempt to readdress HIP tunnels with its own overlay device IP after an address change. |
| DEV-7832 | HIPclient, Windows | Fixed an issue where the configuration panel would not display correctly if all profiles were removed. |
| DEV-7746, DEV-7698 | HIPswitch | Fixed an issue that caused HIPswitches to reboot when placed into diagnostic mode after being factory-reset while offline. |
| DEV-7699 | HIPswitch 100g | Fixed an issue where changing the priority of a link may not set in a timely manner, causing problems with default routes. |
| DEV-7682 | Conductor | Fixed an issue where importing legacy devices to the Conductor would not import device names. |
| DEV-7665 | HIPswitch | Fixed an issue where the IMEI, IMSI, ICCID, MSIDSN, and Operator ID sent to the Conductor and displayed in the HIPswitch diagnostic UI were sometimes out of date. |
| DEV-7608 | HIPswitch | Fixed an issue where DHCP IP address changes on the underlay network could result in HIP tunnel failures. |
| DEV-7565 | HIPswitch | Fixed an issue where a HIPswitch configured in one-armed mode could cause downstream routing to local devices behind a HIPswitch to fail. |
| DEV-7555 | HIPswitch | Fixed an issue where file transfers for support bundle requests and firmware updates would not respect the link priority after link failovers on HIPswitches. |
| DEV-7547 | Conductor | Fixed an issue in the Conductor that prevented configuring source NAT for HIPswitches running in one-armed mode. |
| DEV-7531 | HIPswitch | Fixed an issue where an HA pair configured to use one-arm mode could preventing it from functioning correctly. |
| DEV-7500 | Conductor | Fixed an issue where under some circumstances device activity would not display properly in the Conductor. |
| DEV-7482 | Conductor | Fixed an issue where the Conductor would not report a local device's MAC address or device activity if the device was configured to use NAT. |
| DEV-7476 | Conductor | Fixed an issue where subscription licenses would not display correctly if both perpetual and subscription licenses were present for a given model. |
| DEV-7431 | HIPclient, macOS | Fixed an issue where the configuration file for a macOS HIPclient could grow unnecessarily large after repeated configuration changes. |
| DEV-7379 | HIPswitch | A spurious UDP packet is no longer broadcast by a HIPswitch on start-up. |
| DEV-7367 | HIPclient, Windows | Fixed an issue where a HIPclient would fail to connect to the Conductor after being provisioned, requiring a restart. |
| DEV-7366 | API | Fixed an issue where changes to the HIPservice settings device_auto_detect and enabled using the API would not change the settings. |
| DEV-7330 | HIPclient, macOS | Fixed an issue where a macOS HIPclient would occasionally stop responding. |
| DEV-7302 | HIPswitch | Fixed an issue where an upgrade of a HIPswitch in one-arm mode would rewrite port 1 MAC address to the port 2 MAC address. |
| DEV-7295 | HIPclient, iOS | Fix an issue where an iOS HIPclient would intermittently fail to build secure connections for a newly-added device policy. |
| DEV-7157 | Conductor | Fixed an issues where underlay traffic stats were not displayed in the Conductor if MTU was set to greater than 9000. |
| DEV-7153 | HIPswitch 400,HIPswitch 500 |
Fixed the following issues when configuring expansion ports in
diagnostic mode on the HIPswitch 500 and the HIPswitch 400 with
an 8-port expansion module:
|
| DEV-7145 | HIPswitch 400, HIPswitch 500 | Fixed and issue where the HIPswitch 400 and HIPswitch 500 would display Manage in Conductor on the LCD display panel before being configured with a Conductor URL. |
| DEV-7143 | HIPswitch 400, HIPswitch 500 | Fixed an issue where the HIPswitch 400 and HIPswitch 500 LCD panel would continuously display Firmware Updating after applying a Hotfix from the Conductor. |
| DEV-7104 | HIPswitch 400 | Fixed an issue where placing a factory reset HIPswitch 400 in diagnostic mode before it has displayed the Manage in Conductor message on the LCD, would reboot the HIPswitch. |
| DEV-7092 | Conductor | Fixed an issue where auto-discovered devices may display as protected devices on the Check Connectivity section of the Diagnostic tab for a HIPservice |
| DEV-7060 | HIPswitch | Physical HIPswitch models with LCD now properly display Restarting... when rebooted from the Conductor UI, Diagnostic Mode, or the LCD. |
| DEV-7050 | Conductor | Fixed an issue where you may receive an error accepting the EULA, when configuring a new Conductor. |
| DEV-7025 | HIPclient, iOS | Fixed an issue where an iOS HIPclient would not allow Conductor addresses to be updated. |
| DEV-7014 | HIPclient, Windows | HIPclient for Windows will now generate a crash dump. |
| DEV-6891 | HIPswitch | Fixed an issue where the Conductor would not display underlay IPs in the Conductor UI if a HIPswitch was configured with multiple underlay ports. |
| DEV-6887 | Conductor, PCI | Fixed an issue where a HIPrelay rule was not added in the PCI user activities report. |
| DEV-6868 | HIPswitch | Fixed an issue where HA-paired HIPswitches older than version 1.12.x remained offline in the Conductor after firmware-upgrading to 2.1.x. |
| DEV-6794 | HIPswitch | Fixed an issue where remote logging would not function on HIPswitches after link failover occurred between wired and wireless connections. |
| DEV-6670 | HIPclient, Windows | Fixed an issue where the HIPclient for Windows would not display High Availability peers correctly in network diagnostics. |
| DEV-6563 | Conductor | Fixed an issue where device group additions and removals were not captured in PCI logs. |
| DEV-6460 | HIPclient, iOS | Fixed an issue where a HIPclient for iOS would not update its version correctly in the Conductor. |
| DEV-6459 | Conductor | Fixed an issue where devices configured with serial-over-IP do not display in the Add devices list when attempting to add them to an overlay. |
| DEV-6196 | HIPswitch | Fixed an issue where you were able to enter an invalid IP address without receiving an error message when configuring the Conductor URL in diagnostic mode. |
| DEV-6015 | API | Fixed an issue in the API where the ip filter with GET /api/v1/HIP Services would return an Invalid filter parameter message. |
| DEV-5892 | HIPswitch | Fixed an issue where a HIPswitch would go offline when using the Replace function for HIPswitches on the HIP Services tab in the Conductor UI. |
| DEV-5470 | HIPswitch | Fixed an issues where the cellular port is missing following a factory reset of the HIPswitch. |
| DEV-5434 | HIPswitch | Fixed an issue where clicking Detect Devices repeatedly on a HIPswitch properties page would generate excess traffic. |
| DEV-5089 | API | Fixed an issue where some API calls would return a null string. |
| DEV-4944 | HIPswitch | Fixed an issue where a HIPswitch may report it entered a firmware update state after installing a hotfix. |
| DEV-4846 | HIPswitch | Fixed an issue where a HIPswitch would report it is detecting a device with the same IP as the default gateway and not display it when the HIPswitch was in one-arm mode and device discovery was on. |
| DEV-4357 | HIPswitch-Cellular | Fixed an issue where the IMEI and MSISDN fields of a cellular modem were not displayed correctly in the Conductor and HIPswitch diagnostic UI. |
| DEV-4074 | Conductor-SimpleConnect | Fixed an issue where the Conductor would not check if the gateway IP address is a valid IP on the overlay network when setting up an overlay DHCP server on a HIPswitch. |
Known Issues
| ID | Component | Description |
|---|---|---|
| DEV-8142 | Conductor | If you click Finish two times very quickly
when upgrading Conductor firmware, it may attempt to upgrade the
Conductor twice simultaneously, causing both to
fail. Workaround: Do not repeatedly click Finish. |
| DEV-8122 | Conductor | When creating o modifying a cloud HIPservice, the
Name and Network
name fields do not check for the presence of invalid
characters. This will be fixed in a later
release. Workaround: Do not include
|
| DEV-8120 | HIPswitch, Azure | In rare cases, an Azure HIPswitch may fail to reconnect to the
Conductor after a firmware upgrade. Workaround: In the Azure portal, restart the VM hosting the HIPswitch. It can take up to 10 or 15 minutes to come back online. |
| DEV-8119 | Conductor | A reactivated HIPclient configured with an overlay IP is listed
as two devices, and you are unable to remove the overlay
IP. Workaround: Completely delete a revoked HIPclient and allow it to come back as unmanaged in the Conductor. You can then manage it and configure as desired. |
| DEV-8097 | HIPclient, macOS | If your computer has multiple active NICs and you select a
specific NIC in your HIPclient configuration, the operating system
will choose the NIC for outbound traffic. Workaround: None |
| DEV-8067 | HIPswitch | Combining NAT'd local devices and an overlay VLAN tag will block outbound overlay traffic. |
| DEV-8060 | Conductor | In rare cases, a Conductor HA pair will stop
syncing. Workaround: If this happens, promote the HA-secondary to a primary, then re-pair them. |
| DEV-8051 | Conductor | The IP address field on associated with a HIPswitch may be blank
on the HIP Services tab. Workaround: You can locate the IP address information under the Reporting tab. |
| DEV-8049 | Conductor | A network administrator may be able to view a HIPswitch group
while restricted from viewing some of the HIPswitches in the group.
The UI indicates the HIPswitch group is editable, but will error if
modified. As a result, the user is signed out. Workaround: None |
| DEV-7962 | HIPclient, Windows | If your computer enters sleep mode, upon waking it may cause the
HIPservice to stop and start, taking 30-60 seconds to
recover. Workaround: None |
| DEV-7959 | HIPswitch 100 | If you configures a VLAN tag on a HIPswitch 100, your
currently-active tunnels may stop working. Workaround: To resolve
this issue, perform an action that causes a HIP restart, such as:
|
| DEV-7955 | Conductor | If you ping a HIPswitch running in Azure from another HIPswitch,
it will fail in the Conductor UI. This is due to ICMP being denied
by Azure's security groups. Workaround: None |
| DEV-7814 | HIPclient, Windows | If user authentication fails, your user name is not retained and
you must re-enter it. Workaround: None |
| DEV-7769 | Conductor | Toggling policy on and off too quickly on a HIPswitch hosted in
Google Cloud can result in the route table becoming out of sync when
using route injection. Workaround: After toggling policy, wait 10 seconds before toggling it again. |
| DEV-7661 | Conductor | When replacing a HIPswitch, the new HIPswitch may take a few
minutes to reconnect and appear online in the
Conductor. Workaround: Wait a few minutes after replacing the HIPswitch for it to display in the Conductor UI. |
| DEV-7499 | The bandwidth check in the HIPswitch Diagnostics tab might fail for HA-paired HIPswitches. | |
| DEV-7125 | PCI | When exporting PCI data, HIP Services references may not display
correctly when viewing the CSV file in Microsoft
Excel. Workaround: None |
| DEV-7058 | HIPswitch | When reconfiguring your underlay network from one physical port
to another in the Conductor, the changes may not be applied
successfully and the configuration will revert back to the original
settings. Workaround: Make the configuration changes in diagnostic mode. |
| DEV-6881 | HIPswitch | The LCD panels in the HIPswitch 500 and Conductor-500 are
16-characters wide. Messages are currently formatted for a
20-character LCD screen and may be truncated or display on more than
one line. This will be fixed in a later
release. Workaround: None |
| DEV-6590 | Conductor | You can add a voucher code more then once from the
Licensing tab. This does not create
additional licenses, but is visually confusing. This will be fixed
in a later release. Workaround: None |
| DEV-6587 | Conductor | The Licensing tab may display invalid
entries. Workaround: Remove the invalid items manually. |
| DEV-6533 | Conductor | When creating or editing a smart device group, rules can have the
same original values. This can cause unintended issues in the
processing results. Workaround: When creating rules, verify each rule has a unique ordinal value. |
| DEV-6507 | Conductor | The throughput graph for a HIPservice may occasionally miss a
data point and draws it as a zero value. Workaround: Refresh the page to properly display the data point. |
| DEV-6446 | HIPclient, iOS | When viewing traffic stats in the iOS app, the chart may show
negative values instead of zero. Workaround: None |
| DEV-6226 | Conductor | Currently a fully qualified domain name cannot be used for local
or peer replication addresses on an HA Conductor
pair. Workaround: None |
| DEV-6195 | Conductor | The Conductor incorrectly displays an option to check bandwidth
for HIPclients in diagnostic view. This option is not supported for
HIPclients and will not function correctly if
selected. Workaround: None |
| DEV-6172 | Conductor | When assigning a 1.x.x.x local device IP address to a HIPclient,
the Conductor may continue to display the previous IP of the
device. Workaround: None |
| DEV-5832 | HIPswitch | Device NAT functionality currently does not work with layer 2
traffic. Workaround: None |
| DEV-5530, DEV-5441 | Conductor UI | In some cases, Allow incoming pings (ICMP)
and SYN Flood Protection on the
Firewall page may be disabled and won't
toggle. Workaround: Refresh your browser to resolve the issue. |
| DEV-5448 | Conductor UI | Clicking the Swap roles button for a
secondary HA-paired HIPswitch will cause the UI to stop responding.
Workaround: Refresh your browser. |
| DEV-5430 | Conductor | After configuring a Conductor for the first time, you may receive
a Lost connection to the original server
message if you select Return to settings too
quickly. Workaround. Wait at least 20 seconds before selecting Return to settings. |
| DEV-5428 | Conductor UI | When you create a Smart Device Group with Ignore
auto-discovered devices until accepted checked and
then remove the setting, the Smart Device Group will continue to
ignore unaccepted devices. Workaround: None |
| DEV-5343 | Conductor UI | If you try and log in after your session has timed out, you may
receive the following error: The change you wanted was rejected. Workaround: Refresh your browser and log in. |
| DEV-5008 | PCI Reporting | PCI Reporting shows the UUID reference instead of the name when
generating a PCI report from Workaround: To view names, you can download object references from the same page where you generated the PCI report. |
| DEV-4537 | Conductor | When demoting a master Conductor to standby, the processing
screen might not correctly update. Workaround: Refresh your browser. |
| DEV-2417 | Conductor UI | The password reset email link defaults to the first web enabled
interface, and will be successful only if an administrator
configures the first interface with a publicly-facing default route.
Workaround: None. |
| DEV-1846 | Conductor, HA | Currently the standby Conductor UI in an HA pair will not
timeout. This issue does not affect the master Conductor
UI. Workaround: Log off manually when not using the standby Conductor UI. |