Skip to content

Controller / UI Release: 23.04 - April 20, 2023

Features

  • Discover and Deploy
    • Azure Security Groups (ASG) inventory discovery
    • Azure GWLB architecture support (Ingress)
    • Support for Ashburn Region in OCI
    • Support for Spain, Hyderabad, Jakarta, UAE Regions in AWS
    • Terraform Import official release
  • Security and Segmentation Policy
    • Gateway security hardened base image
    • Dynamic policy support for Load Balancer Tags
  • Management
    • Efficiencies in SIEM Log Forwarding
    • User-specified Gateway NTP configuration
  • Workflows and Usability
    • Traffic Summary and Events time series controls
  • Miscellaneous
    • Performance improvements
    • Controller operation improvements
    • Bug fixes and stability improvements

Enhancements

  • Enhancement: Various enhancements to the Discovery Topology viewer to include more information and enhanced workflows for policy creation
  • Enhancement: Enhances the Discovery logs view to display 30 days
  • Enhancement: Adds support for Azure GWLB-based architectures for Ingress protection
  • Enhancement: Changes the backend infrastructure for System Logs and Audit Logs to improve reading and writing efficiency. The result is a significant impact on the speed in which logs can be queried and viewed within the UI.
  • Enhancement: Enhances Advanced Search for the Gateway view page to accommodate searching on all fields
  • Enhancement: Update to all Terraform Export UI workflows to provide instructions on how to use the exported Terraform code with the Terraform Import command
  • Enhancement: Provides a translation layer between quick filters and advanced search such that when a user specifies a quick filter they can move to advanced search and see the resulting advanced search string
  • Enhancement: Provides support configuring the NTP settings for a Gateway. The Gateway NTP settings can be configured using an NTP Profile that can be assigned to the Gateway.
  • Enhancement: Enhances the periodic and real-time discovery to support discovery of Azure Application Security Groups (ASGs)
  • Enhancement: Changes the look/feel of the navigation pane displayed on the left side of the UI
  • Enhancement: Enhances the hardening of the Centos base image used in the Valtix Gateway. The base image has now been moved to Centos9 and is hardened to accommodate environments that have strict compliance requirements.
  • Enhancement: Updates the Gateway to Controller mutual TLS configuration to require a minimum TLS version of 1.2
  • Enhancement: Improves the arrangement of URLs in the URL Filter Profile to be consistent with the way in which FQDNs are displayed in an FQDN Filter Profile
  • Enhancement: Adds a creation and modified timestamp to all Valtix resources viewable from the resource Details pages
  • Enhancement: Adds a Details page view for the Alert Service and Alert Profile resources
  • Enhancement: Adds support for skipping assignment of public IPs when deploying a Valtix Gateway. This accommodates deploying the Gateway into a user-specified VPC/VNet without public IPs. If a Gateway is deployed into a Valtix created VPC/VNet, public IPs will be assigned depending on how the VPC/VNet was created.
  • Enhancement: Enhances the time series section capability in Traffic Summary and Events views
  • Enhancement: Adds support for Load Balancer Tags in Dynamic User Defined Tag Address Object resources to support Egress and East-West use-cases
  • Enhancement: Adds support for Ashburn region in OCI
  • Enhancement: Adds support for additional AWS Regions: eu-south-2 (Spain), ap-south-2 (Hyderabad), ap-southeast-3 (Jakarta), and me-central-1 (UAE)

Fixes

  • Fix: Fixes an issue with Dashboard login that could produce an error "Account Not Part of Deployment"
  • Fix: Fixes an issue where Traffic Summary Logs and Security Events might not be displayed even when all filters are removed
  • Fix: Fixes an issue where Discovery Summary DNS and VPC graphs show incorrect Malicious Activity
  • Fix: Fixes a UI-related issue to properly display the inheritance of an action in a Network Intrusion (IDS/IPS) Profile
  • Fix: Fixes an issue related to suppression of WAF Rule IDs 949110 and 959100. These Rule IDs are informational and define Security Events stating the WAF anomaly scores (request and response, respectively) have been exceeded along with the Action taken based on the WAF Profile configuration. When these Rule IDs are suppressed, the information Events will not be generated. The fix prohibits the ability to suppress these Rule IDs resulting in the informational Events will always be generated.
  • Fix: Fixes an issue with Terraform Import operation related to a Service VPC resource
  • Fix: Fixes an issue with the operation of the Save button in a URL Filter Profile
  • Fix: Fixes various UI-related display issues related to display of URLs in a URL Filter Profile
  • Fix: Fixes various UI-related display issues in the Network Threat (IDS/IPS) Profile
  • Fix: Fixes an issue where a Group Log Forwarding Profile would not show the Log Forwarding Members in the Details view page
  • Fix: Fixes an issue where Terraform export of a resource could cause the UI to self heal
  • Fix: Fixes an issue with the Advanced Search to ensure the freeform search works properly
  • Fix: Fixes an issue where an Egress Gateway created using the Easy Setup would not become active
  • Fix: Fixes an issue where the Edit/Clone/Export operations for any Profile might be grayed out and not accessible
  • Fix: Fixes an issue where the FQDN Filter Profile policy action was inconsistent between the Edit and View pages
  • Fix: Fixes a display issue in the Traffic Summary Log Table View where the instance tags where not being displayed
  • Fix: Fixes an issue with Terraform Import operation related to a Policy Rules resource
  • Fix: Fixes an issue with the SAML login where the token was not being cleared out resulting in potential failed login
  • Fix: Fixes an issue with the listGateway REST API endpoint where an error would be thrown if the Gateway list is empty
  • Fix: Fixes an issue with enabling MFA for a user where the save operation could produce an "Invalid field UserID" error message
  • Fix: Fixes a UI issue related to Discovery Logs where the Y-axis scale could appear garbled
  • Fix: Fixes an issue with the Malicious IP information helper to point to the correct documentation URL
  • Fix: Changes the discover metering scale to linear
  • Fix: Fixes an issue with the left/right scroller for the header of the discovered VPCs table
  • Fix: Fixes an issue where the Welcome page "Take me to my dashboard" button did not function
  • Fix: Fixes various UI-related issues in the Inventory Discovery page
  • Fix: Fixes an issue where all Account names were not being shown in the CSP Account quick filter dropdown
  • Fix: Fixes an issue where the Controller was unnecessarily pushing Gateway instances to the Azure NLB every 5 minutes
  • Fix: Fixes a UI-related issue for Uncategorized and Any fields in FQDN Filter and URL Filter Profiles
  • Fix: Fixes an issue where creating an API Key with a duration of 365 days would fail
  • Fix: Fixes an issue in the Discovery dashboard where the Security Considerations would show a negative value
  • Fix: Fixes an issue with the Gateway Details page to show the Management VPC used in supporting the management interface when deploying in GCP
  • Fix: Fixes issues with the advanced search string for Traffic Summary Logs and Security Events where the search string would not always properly apply
  • Fix: Update to the Azure onboarding script to add registration of EventGrid, Microsoft.Network, Microsoft.Compute and Microsoft.Marketplace
  • Fix: Fixes an issue where the total logs where not showing in the Logs Page for VPC and DNS Logs
  • Fix: Fixes an issue where the Resource Group for an Address Object that references an Azure Resource was not an active link
  • Fix: Updates the Group Address Object Details view to make the member Address Object references active links
  • Fix: Fixes an issue to display the associated Policy Rule Sets in the Details view of a Service Object
  • Fix: Fixes an issue to display the total number of Rules in the Details view of a Group Policy Rule Set resource
  • Fix: Fixes an issue with the Policy Rule Set dropdown list of a Group Policy Rule Set resource. The sort is now alphabetical.
  • Fix: Fixes various UI-related issues related to field alignment in the URL Filter creation page
  • Fix: Fixes the GCP Datapath VPC name orchestrated by Valtix to represent the name properly and similar to how the Management VPC is named
  • Fix: Fixes an issue with Log Forwarding Profile integration when the SIEM is unreachable. Improvements include eliminating potential loss of Logs/Events and being more efficient in sending Logs/Events via fewer updates.
  • Fix: Fixes an issue with the use of REST API for creating a ReverseProxy Service Object. The UI could self heal if the proper arguments were not specified.
  • Fix: Fixes an issue where the Gateway Name was not able to be used as an advanced searchable field value in Traffic Summary and Security Events table views
  • Fix: Fixes an issue with the exported Terraform for a Dynamic Service Endpoint Address Object. When exported, the service_endpoint_name argument would not be represented in the Terraform block.
  • Fix: Fixes an issue where an API Key file with specific names would be downloaded with the name truncated
  • Fix: Fixes an issue related to the user-defined search field filters specified through the "Add to search". When adding to search, the desired search filter would not be properly added.
  • Fix: Fixes an issue with URL Filter Profile when the limits for URLs has been exceeded. The fix ensures the error message and UI is consistent with the error message and UI related to the same limits exceeded for an FQDN Filter Profile.
  • Fix: Fixes an issue where the Gateway names would be unnecessarily repeated in the Gateway upgrade confirmation page
  • Fix: Fixes an issue where an MS Sentinel Log Forwarding Profile could not be associated with a Cloud Account to forward Discovery Logs
  • Fix: Fixes an issue where the SumoLogic and AWS S3 Log Forwarding Profile Terraform Export was not being populated with proper Terraform code
  • Fix: Fixes an issue where a Standalone Log Forwarding Profile attached to a Group Log Forwarding Profile that is associated with a Gateway does not show the associated Gateways
  • Fix: Fixes an issue with the Details page for a Network Threat (IDS/IPS) Profile
  • Fix: Fixes an issue where the Dynamic Subnet Address Object would not include public IPs for EC2 instances
  • Fix: Fixes an issue with the Events filter for Type where the != operation would still show the Events
  • Fix: Fixes an issue where the Associated Policy Rule Sets were not shown for an Reverse Proxy Target Address Object when the Address Object is used in a Reverse Proxy Service Object
  • Fix: Removes a private subnet legacy configuration when deploying a Gateway into a user-specified VPC/VNet
  • Fix: Fixes an issue to restrict use of subnets with overlapping CIDRs for Management and Datapath interfaces when deploying a Gateway in GCP
  • Fix: Fixes the Rest API calls related to availability zones to validate proper region input
  • Fix: Fixes advanced search to improve interaction between mouse clicks and completed inputs to enhance usability
  • Fix: Fixes an issue with Traffic Summary Logs and Events that are sent directly from the Gateway to CSP storage systems (S3 Bucket, GCP Logging) where the friendly name to field values was represented by an integer. This would require a documented integer to friendly name translation by the user. The Logs and Events will now contain the friendly name and not the integer value.