Skip to content

Release notes for the update June, 23 2024

Update Version 4.1.202406211732

New Features

  • Added version support for micro-segmentation policies.

Creation of a new policy as well as updating existing policy will create a minor version of the policy (such as 2.1, 2.2, 2.3, ...). Policy application that generates rules and checks for traffic violations only works with the major versions of the policies while the system users can review all versions.

Added the option to promote current minor version of the policy to a major version.

Added the option to review policy history report with details about each policy version. Added the option to run a policy review for any selected historical version.

Policy versioning adds a story about change control. Changing policy selectors, services or sources might affect multiple endpoints by generating or removing firewall rules on these endpoints. The system allows policy owners to review the change before applying it to the assets either themselves, or with their peers, or with the other stakeholders that have interests in the maintaining the endpoints under management.

Policy Versions 1

Policy Versions 1

  • Firewall Rules synchronization

Added synchronization logic to re-apply segmentation policies to the assets when the new rules created on the endpoints or existing policy-generated rules deleted from the asset directly without the use of the application policies.

This update maintains a consistent state between configured segmentation policies in the application and the state of the firewall on the endpoints even if admins create of delete firewall rules directly on the endpoint.

The process happens in the background and triggers automatically after execution of List Firewall Rules scripts.

  • Policy Preview for Asset Versions

Added support to display Policy Preview screen for a selected asset version and a selected segmentation taxonomy field of this version.

This update continues the story of change control. It allows system owners to review the policy application to an old version of the asset (for example, for the currently production major version) as compared to the last version or to one of the past versions.

Also note that an asset might contain several segmentation taxonomy fields that would apply different policies based on different segmentation taxonomy. It allows demonstration of different segmentation taxonomies and their application to control the traffic for the same asset. Example is that the same asset might be classified based on the location, environment, component and application or it might be classified based on specific process phase, confidentiality level and priority impact. The update allows to run Policy Preview not only for the selected version of the asset but for the selected segmentation field.

Extensions

  • Updated the application favorite icon in the browser page tab.

It looks like the icon has white background instead of transparent background. The original icon has ico format (favicon.ico) that included multiple resolutions. We generated one from the supplied png files using some online WEB converter. Maybe the supplied png files could be combined into the aggregated ico file better than this online converter. We will keep working with the designer to generate the icon in the right format.

  • Menu ident

Changed left side application menu appearance to indent second level menu to the right to show that this is another menu level.

  • Added support for unsupported rules

Added support for ignoring firewall rules from the endpoints that are not supported by the application. We will decide during business operation whether do we want to add support for these rules or leave them undetected. The fix allows to continue micro-segmentation logic in the presence of unsupported firewall configuration. Firewall service has more functionality that is needed for micro-segmentation story so the current approach is to ignore firewall aspects that are not interesting for our current marketing.

The rule in question this week was the enabling Ping service to respond on Windows 10 computers (worked fine for Windows 11). Ping is an ICMP protocol which is outside of the scope of the first implementation (TCP and UDP are supported).

This update should fix the issue we had with Windows 10 computers on the demo tenant.

  • Asset-specific icons

Added the option to change application icon on the asset level overwriting the asset type configuration.

This update allows to emphasize certain areas of the application both containers and assets. We will surely use it for demos. Based on our past experiences, clients like it too.

  • Hardware Architecture

Added hardware architecture information to the system about screen.

  • Mass Promote

Added the option to mass promote selected assets to the major version.

This is a handy productivity enhancement tool especially after large imports but useful for the manual asset creations as well.

Bug Fixes

  • Cleaned up language translations files so they would be consistent with each other.

  • Automated language translations through the corporate Google Cloud account to maintain language translations consistent for the weekly releases.

  • Fixed the issue with importing assets to the system in case the import file does not include asset name (use host instead) or both asset name and a host (post an error during import).

  • Fixed the issue with deleting imported assets from the system without deleting the import before that

  • Fixed the issue with updating default parsers in the existing tenants

  • Fixed the issue with using default script templates for Groovy and PowerShell scripts. This fix resolves the issue that required us to re-save each PowerShell script on the demo tenant before it started to work.

  • Fixed the issue with unclassified API documentation for Import module.

  • Removed default time filter from Interfaces report.

  • Removed default time filter from Firewall Rules report.

  • Removed default time filter from Workloads report.

  • Fixed the issue with not-adjustable IPv6 column on the Interface report to make it fit to the lower resolution displays.