Announcing ExOS 6.4.5
Notes:
A new Policy Action for HTML Responses [B-03747]
Updated Layer 7 Signatures [B-003411]
Bug fixes and minor improvements:
Known Issues:
Notes:
- All versions in the 6.4.3 line after 6.4.3 Update 7 are not able to update to 6.4.5. A 6.4.5 Update 1 will be released that will allow upgrades of versions 6.4.3 Update 8 and later.
- This release includes all changes from releases up to and including these update releases: 6.3.13, 6.4.1 Update 1, 6.4.2 Update 3, 6.4.3 Update 7 and 6.4.4
- No 32-bit images are provided. 6.4 will not be supported on 32 bit hardware
- After upgrading and rebooting it is normal to see "No Data Available" on the graphs for a short period of time.
- This is due to the processes starting up after the restart. When all the processes have restarted, data will show up again.
- 2061, 4010, 4061, 6060, 6062, 8060, 8062, 10060, 10062, Virtual
- 6.0, 6.1, 6.3, 6.4
- 64 bit image (6.4.5)
- Image Size: 424,272,744 bytes
- MD5: 491fff2c25e8ee805dd1bd8e1966a52c
- If you are upgrading to ExOS 6.4 from ExOS 5.x or earlier:
- This upgrade path is not supported. Please upgrade to ExOS 6.3 first.
- When updating to 6.4 from a previous version, there is an upgrade of all the data stored on the appliance. This update process may take up to 24 hours depending on the amount of data stored on the appliance and the type of appliance. While this upgrade is happening, the charts will show "no data available". You can check the status of the data update on the Dashboard -> System page.
- New images for the Virtual appliances are not available. To install a new virtual appliance running 6.4.5, please first install 6.3.0 and upgrade to 6.4.0.
A new Policy Action for HTML Responses [B-03747]
A new policy action has been added. By selecting the new policy action of HTML Response, the source computer will be given an HTML response specified in the policy. This is useful when coupled with Adaptive Response. When a user has exceeded their usage, they are put into a specified network object. All users that are in that network object can be directed to a new policy with the HTML Response policy action so that when they try to visit an HTTP site, they will be given back a custom HTML page that can explain that they have exceeded their quota.A new Policy Action for HTTP redirect [B-03745]
You can find this new feature documented in the online help on the policy documentation page.
You can also find some sample use cases in the online documentation.
A new policy action has been added. By selecting the new policy action of HTTP redirect, any http traffic from a source computer will be responded to with a redirection to the specified URL. This is useful for implementing a captive portal solution when combined with the AD user integration API.Time based Adaptive Response [B-03748]
You can find this new feature documented in the online help on the policy documentation page.
You can also find some sample user cases in the online documentation.
The Adaptive Response feature has been extended to allow quotes based on Time. Adaptive Response objects could previously be defined in terms of the volume of data a user consumes. With this version, the quota can be defined in terms of data volume, elapsed time, or both data volume and time consumed, whichever comes first. The time is tracked in increments of 5 minutes and starts counting down from the first flow for the defined user.Application Definition based on DSCP values [B-03743]
The online documentation for defining Adaptive Response objects has been updated.
The Application Object definition has been extended to include DSCP marks. This allows you to define an Application object based on a single DSCP mark, multiple DSCP marks or a range of DSCP marks. In previous versions of the firmware, DSCP marks could be used as part of the policy definition independent of Application definition. This allowed QoS based on DSCP marks, however, the reporting based on DSCP marks was not as complete and robust as that of applications. By defining an Application object based on DSCP marks, all application reporting can be used to track traffic with particular DSCP marks.Context Sensitive helped moved to the Cloud [B-03794]
You can read about how to define applications with DSCP marks in the online help page forapplication definition.
The context sensitive help has been removed from the appliance and is now hosted on docs.exinda.com. All the context sensitive help links have been updated to point to docs.exinda.com. This has reduced the size of the firmware download. A consequence of this is that the computer accessing the Web UI and the help must have internet access. The documentation can be foundhere.
Updated Layer 7 Signatures [B-003411]
- New Applications:
- 360 Mobile Security
- Vine
- Net2Phone
- Foursquare
- Tumblr
- New protocols:
- Tango subtypes: "IM" and "File-Transfer"
- Improved Signatures
- iTV
- Skinny
- Tango
- HTTP
- Scydo
- FiCall
- Netflix
- RTP
- L2TP
- IRC
- eDonkey
- YouTube
- Flickr
- Skype
- BitTorrent
- Oscar
- TeamViewer
- Vimeo
Bug fixes and minor improvements:
- [B-03947] The Web UI list of DSCP values has been augmented with the official names of the DSCP code point names as listed at https://www.iana.org/assignments/dscp-registry/dscp-registry.xhtml. This should make it easier to select the correct DSCP values if you are familiar with the official names.
- [B-03885] On the Optimizer page, extra links to create new Virtual Circuits and new Policies have been added to make them easier to access
- [B-03654] The labels on the Policy Configuration screen have been changed. In previous versions the labels for the source, destination and traffic direction were labeled as: Host <-> Host. This led to confusion as the labels were not clearly indicating the purpose of these entry fields. The labels have been changed to Source, Direction, Destination. The Source field indicates the network object that contains the system that initiates the conversation. The Destination field indicates the network objets that contains the system that is destination of the conversation. The Direction field has been changed from <--, --> and <--> to "inbound", "outbound", and both. This direction field is relative the the appliance. Inbound represents traffic that flows from the WAN side to the LAN side of the appliance. Outbound represents traffic that flows from the LAN side to the WAN side of the appliance. These label changes make the UI more correct and more consistent with the CLI.
- [D-02595] A regression has been introduced in 6.4.3 that causes the VoIP scores to be incorrect. VoIP scoring was showing very high loss on the inbound side of the traffic which results in the loss measure being very high (30-50%) and the rFactor score to be inaccurate. This has been fixed in this release.
- [D-02988] A warning is now presented when you attempt to define an Adaptive Response object and Monitoring Detailed Records is not enabled. Monitoring Detailed Records is required for the proper functioning of the Adaptive Response feature.
- [D-02595] A regression has been introduced in 6.4.3 that causes the VoIP scores to be incorrect. VoIP scoring was showing very high loss on the inbound side of the traffic which results in the loss measure being very high (30-50%) and the rFactor score to be inaccurate. This has been fixed in this release.
- [D-02532] An issue has been fixed that prevented internal to internal traffic to be ignored in monitoring when the system was configured to be in PBR and MIRROR mode.
- [D-03037] When no configuration changes involving Application definitions have been done for more than 8 hours, the mysql_syncd process will crash when the first Application configuration change is made. This crash is harmless to the functioning of the system. The process will recover with no ill effects.
Known Issues:
- [D-02222] Anonymous Proxy: If the url listed on the Objects -> Applications -> Anonymous Proxy tab is http://www.exinda.com/ap/apdata.tar.gz, then the Anonymous proxy feature will not work. The correct URL is http://updates.exinda.com/aplist/alist.gz. If your Exinda appliance has the wrong URL set, you can issue the following CLI command to set it to the correct URL: anonymous-proxy urlhttp://updates.exinda.com/aplist/alist.gz
- [D-02199] When an acceleration HA cluster is configured and the traffic being accelerated is located on a VLAN and has a VLAN tag, the traffic will not flow through the HA cluster properly. This issue is currently being investigated and a fix is expected soon.
- [D-01777] snmp: after a period of repeatedly querying the following sensors, the WUI will appear to be locked up and various processes within the appliance will crash. This will eventually repair itself. system health/cpu alarm, system health/disk alarm, system health/ram alarm, system health/nic alarm. The work around is to not query these SNMP values.
- [D-01921] Under some circumstances Microsoft Lync traffic will be classified as MSN traffic.