Skip to content

Controller / UI Release: 22.06 - July 6, 2022

Features

  • Orchestration and Integration
    • AWS Global Accelerator Integration
  • Security and Segmentation Policy
    • TLS 1.3
    • DNS-based FQDN Filtering
    • Policy Rule Deny TCP Reset (L4 and FQDN Filtering)
  • Usability
    • Advanced Boolean Search for Logs and Events
  • Miscellaneous
    • Performance Improvements
    • Controller Operation Improvements
    • Bug fixes and stability Improvements

Enhancements

  • Enhancement: Adds support for FQDNs in a Src/Dest Address Object to support a DNS-based FQDN segmentation policy (requires 22.06 or later Gateway)
  • Enhancement: Adds support for configuring a mix of secured and unsecured frontend and backend configuration in a Service Object
  • Enhancement: Adds support for sending a TCP Reset for a Forwarding rule when Rule Action is Deny or FQDN Filtering action is Deny
  • Enhancement: Adds support to important a certificate from a file
  • Enhancement: Adds support for integrating a Valtix Ingress Gateway with an AWS Global Accelerator. The Valtix Controller will manage the Target Group associated with the Global Accelerator listener by populating the set of one or more Gateway instances associated with the Gateway deployment. This only applies to an Ingress Gateway deployed in AWS.
  • Enhancement: Support boolean logic grouping in advanced search operations
  • Enhancement: Provides support for upgrading multiple Gateways in a single UI operation
  • Enhancement: Provide a list of possible values when a user configures a search criteria
  • Enhancement: Updated the AWS IAM Role permissions to accommodate AWS Global Accelerator integration. This new permission is included in an updated Cloud Formation Template (CFT) for preparing an AWS account for onboarding into Valtix.
  • Enhancement: Updated the Cloud Formation Template (CFT) to leverage an existing CloudTrail for purposes of real-time inventory discovery. Only one CloudTrail is required and any defined CloudTrail is sufficient.

Fixes

  • Fix: Fixes an issue with the GCP account preparation shell script to ensure proper command format when running the script to prepare the GCP Project for onboarding into Valtix
  • Fix: Fixes an issue to ensure that deploying a Valtix Ingress Gateway in AWS using the Internal LB option deploys the internal NLB into the proper subnet (datapath subnet)
  • Fix: Fixes an issue where additional Address Objects could not be added to an existing Group Address Object
  • Fix: Fixes an issue with the Azure account preparation PowerShell script due to Azure command output changes
  • Fix: Fixes an issue where a new Gateway deployment could scale out to max instances before scaling in in certain cases
  • Fix: Fixes an issue where enabling MFA for a user would not function properly
  • Fix: Fixes some issues with advanced searching to ensure proper operation
  • Fix: Fixes an issue where the Azure AD users was shown as “Local” users rather than shown as “Azure AD”
  • Fix: Fixes an issue for an FQDN Filtering Profile to ensure Uncategorized default action is the same as the ALL action
  • Fix: Fixes an issue where the "Save" button was grayed out when updating routes for a protected GCP spoke VPC
  • Fix: Fixes an issue where orchestrating more than one AWS Spoke VPC protection could result in route table change error
  • Fix: Fixes an issue where the Management DNS for an Azure Gateway that is ACTIVE was editable. The DNS configuration can only be pushed to a Gateway when the instance is instantiated.
  • Fix: Provides a warning message when a user attempts to deselect an Availability Zone (AZ) when modifying TGW attachment subnets
  • Fix: Fixes an issue were specifying 30 rows and 60 FQDNs per row for an FQDN Filtering Profile would throw an error
  • Fix: Provides an error message to the user when an row in an FQDN Filtering Profile has no entries
  • Fix: Provides minor display enhancements to the values configured in an Address Object
  • Fix: Fixes an issue where Valtix could not orchestrate a VNet peering if the Spoke VNet names where long
  • Fix: Fixes an issue where updating the value of a Reverse Proxy Target Address Object would not show the Valtix Gateway Policy Ruleset Status as Updating
  • Fix: Fixes an issue to ensure that viewing Malicious Traffic for a VPC would navigate to the logs view for the desired traffic
  • Fix: Provides a minor display change for Investigate to move the System Logs and Audit Logs to the bottom of the left-most pane
  • Fix: Fixes an issue with the GCP account preparation bash script due to add a required parameter
  • Fix: Fixes an issue where GCP Spoke VPC route table changes was not showing a before and after view
  • Fix: Fixes an issue where some regions were not presented as options when orchestrating a Service VPC creation in GCP
  • Fix: Fixes an issue where an FQDN Filtering Profile could be configured with more than 32 total rows
  • Fix: Fixes an issue to ensure consistency in CSP Service display across DNS Query Log and VPC Flow Log displays
  • Fix: Fixes an issue in Easy Setup for GCP Gateway deployment to ensure the GCP Service Account field is visible
  • Fix: Fixes an issue where adding and removing IP address for instances was not being detected by real-time inventory monitoring
  • Fix: Fixes an issue where the Valtix Gateway (IAM) Role was not being pre-populated in the UI when creating a AWS Gateway