5.3.1 Release Notes

July 15, 2022

New Features

  • Better exception reporting: When a next generation firewall (NGFW) without the TFO option is detected, a connection report is issued for the connection between the processing unit (PU) and an external network.
  • Enable TFO discovery by default: TCP Fast Open discovery is now enabled by default and you don’t need to provide any additional parameters to the Enforcer during installation.

Resolved Issues

  • CNS-5306
    : Only Refresh PUs for necessary Enforcer profile changes.
  • CNS-5419
    : Enforcer sends tokens as GET parameters instead of cookies.
  • CNS-5305
    : Enforcer profile update triggers two event calls.
  • CNS-5399
    : Nfqueue alarm during Enforcer upgrade.
  • CNS-4916
    : Not all Enforcer cgroups are monitored for tampering.

Known Issues

  • CNS-5585
    : iptables-restore is failing with "too many ports" error.
  • CNS-5584
    : Proxy protocol header can not be removed from connection.

Recommended For You