Skip to content

Controller / UI Release: December 26, 2021

Features

  • UI Improvements
    • Dashboard enhancements
  • CSP enhancements
    • Oracle Cloud Infrastructure (OCI) Ingress
    • Azure NSG Traffic Visibility Easy Setup orchestration
  • User Operations
    • Rename Security Policies, Profiles, and Objects
    • Gateway Policy Update Status
    • In-solution "Chat with Support"
  • Dynamic Policy Enhancements
    • Tag-based Address Objects for Subnet and VPC/VNet Resources
  • Troubleshooting Enhancements
    • ICMP Support for Egress/East-West Gateway (requires 2.11 Gateway)
    • System, Audit, Event and Traffic logging
  • Public Beta
    • AWS FWaaS Public Beta
    • Azure GWLB Public Beta
  • Miscellaneous
    • Controller Operation Improvements
    • Bug Fixes
    • Terraform Updates (requires 2.11 Terraform Provider)

Enhancements

  • Enhancement: Enhanced the look, feel and behavior of the Valtix Console Dashboard main/home page. The enhancements include entirely new dashboard widgets and the ability to customize the page layout.
  • Enhancement: Added OCI support in Easy Setup to include Account Onboarding, Services VPC creation, and Gateway deployment
  • Enhancement: Support ICMP traffic processing in Forwarding and Forward Proxy Service Objects (requires Gateway version 2.11 or higher)
  • Enhancement: Added support to Src/Dest Address Objects to use VPC/VNet and Subnet resource Tags
  • Enhancement: Added support to change resource names for Security, Decryption and Log Profiles, Policy Rulesets, and Address and Service Objects
  • Enhancement: Added support to view the policy change status when a policy change is pushed to the Gateway
  • Enhancement: Added an in-solution “Chat with Support” to provide an easy way to quickly chat with a Valtix Support Engineer. Chat is available to our Enterprise Tier customers based on a reduced set of support hours.
  • Enhancement: Added support to allow users with admin-rw permissions to create API keys
  • Enhancement: Enhancements to audit log messages to be more descriptive, to include the resource name for operations performed on a VPC/Vnet, and added Source information to show whether the source of an activity was through the UI or Terraform
  • Enhancement: Various enhancements to System Log messages to include messages related to Spoke VPC operations and to include Gateway Instance IDs for messages related to Gateway instances
  • Enhancement: Added orchestration support for enabling Azure VNet Flow Log collection in Traffic Visibility Easy Setup workflow
  • Enhancement: Added a Tag for an AWS Flow Log resource that is created when VPC Flow Log collection is orchestrated by Valtix
  • Enhancement: Added a CVE column to security events tables to view and search for CVE-based security events
  • Enhancement: Enhances the Traffic Summary and System Logs to ensure all available fields are searchable
  • Enhancement: Enhances the Search fields for all log-based table views to ensure a consistent look and feel
  • Enhancement: Added messaging to suggest clearing the browser cache if enhancements have been pushed to the Valtix UI that require objects to be updated. A browser normally maintains its object cache for 24 hours before automatically refreshing objects.
  • Enhancement: Added a column for Region in the Gateways table view
  • Enhancement: Enhances FQDN Filtering resource creation by allowing more than 8 items per row. The limit per row has increased to 64 items.
  • Enhancement: Enhancement to provide support for user-specified resource Tags to be applied to a Services VPC/Vnet that is created by Valtix through orchestration
  • Enhancement: Enhancements to reduce the list of available Gateway release versions available to deploy/upgrade and present them in an order with the most recent releases at the top
  • Enhancement: Enhancements to the Traffic Summary Logs to represent Flow Log TCP/UDP state information as part of the Traffic Summary Logs. This information is related to each session, and reduces the total number of log messages that are presented in the Valtix UI and sent over to a SIEM using a Log Forwarding profile.
  • Enhancement: Added mouseover tooltips for Network Analytics Stats graphs
  • Enhancement: Added support for the Valtix tenant name in the toolbar at the top of the Valtix UI once logged in
  • Enhancement: Enhancements for error checking and validation when orchestrating spoke VPC/VNet attachments
  • Enhancement: Various enhancements and fixes to the Cloud Visibility Reports (CVR)

Fixes

  • Fix: Fixes an issue when orchestrating a Spoke VPC route table change in Azure when a default route with next hop type = Internet already exists
  • Fix: Fixes an issue where a security ruleset update to the Gateway could timeout resulting in a continuous datapath restart cycle
  • Fix: Fixes an issue where Azure resources were not found due to case sensitivity mismatch
  • Fix: Fixes Cipher Suite names and their organization ensuring consistency and awareness of the order in which the Gateway will select a Cipher Suite that is supported by the client and send via the client TLS hello
  • Fix: Fixes an issue where Log Forwarding to Datadog sends fields with enum values as integers rather than friendly names
  • Fix: Enhancement to provide consistent information across all user role definitions
  • Fix: Deprecated Create Role in UI until future role creation capabilities are made available
  • Fix: Fixes an issue where admin-super and admin-rw users were unable to delete non-admin-super users that were created via SAML integration
  • Fix: Fixes an issue where CSP Account information is missing for certain Audit Log messages
  • Fix: Fixes an issue where sending over extra ‘/’ characters in Azure value ID string would cause repeated System Log messages
  • Fix: Fixes an issue where a Gateway delete operation could not be performed when a search filter is applied in the Gateways page
  • Fix: Fixes an issue where CSP Account onboarding would potentially fail due to a timeout. Added error handling and a multi-attempt process to help ensure the account is successfully onboarded.
  • Fix: Fixes an issue when a public and private key would be successfully uploaded to a Certificate Object even though the public and private keys do not match. Added a check to ensure the public and private keys match.
  • Fix: Fixes an issue where predefined categories would not populate when searching for Threat Type in security events
  • Fix: Enhances error checking and performance for full refresh of region-based inventory discovery
  • Fix: Fixes various dialog box messaging when completing steps in Easy Setup workflow
  • Fix: Fixes an issue where the Toast message ? in lower right corner would overlap with prev and next operations in security event and traffic log tables
  • Fix: Enhances the Gateway Policy Ruleset selection to ensure that a Policy Ruleset contains features that apply to the Gateway to which it is being applied. If a Policy Ruleset has features that do not apply, then the Policy Ruleset will be greyed out.
  • Fix: Enhances a Gateway Policy Ruleset change to ensure that a policy change being made is supported by the Gateways the policy applies to
  • Fix: Fixes an issue where upgrading a 2.7 Gateway with Gateway SNAT enabled would result in Gateway SNAT becoming disabled
  • Fix: Fixes an issue where the HTTP Methods column for the Layer 7 DOS Protection Profile is too narrow
  • Fix: Enhanced error checking for Easy Setup workflows to ensure configured settings are valid and operations complete successfully
  • Fix: Fixes an issue where a Gateway instantiation operation would instantiate more instances than necessary only to reduce to the necessary number after the operation completed
  • Fix: Fixes an issue where an FQDN Filtering profile is set to Allow traffic, but no FQDN Filtering security event is shown
  • Fix: Fixes operational issues and enhances error checking for Azure account setup and onboarding
  • Fix: Fixes an issue where a Rule Suppression Action was not require, but the field is necessary to ensure the desired action is taken
  • Fix: Fixes an issue where successful account onboarding using Easy Setup does not move the user to the next step in the Easy Setup workflow
  • Fix: Fixes an issue where Gateway Troubleshooting page links would not direct the user to the appropriate CSP console
  • Fix: Fixes an issue where inventory for a previously enabled region could still exist when that region is removed from inventory discovery
  • Fix: Fixes an issue where a URL Filtering Profile was able to be configured in a Forwarding Rule, but a URL Filtering Profile is not supported. A Forwarding Rule should use an FQDN Filtering Profile. URL Filtering Profiles are supported by Forward Proxy Rules.