DescriptionAnnouncing ExOS 6.4.1
Now includes 6.4.1 Update 1
- This release includes all changes from 6.3.12 and 6.4.0.
- No 32-bit images are provided. 6.4 will not be supported on 32-bit hardware.
- 2061, 4010, 4061, 6060, 6062, 8060, 8062, 10060, 10062, Virtual
Supported upgrade versions:
- 6.0, 6.1, 6.3, 6.4
- 6.4.1 Update 1 (64-bit) image size: 372,277,814 bytes md5: c7c43be81d72880e1131e16a8d1180a2
- 6.4.1 has been superseded by 6.4.1 Update 1
- If you have been in contact with Support regarding the timestamp issue (see [B-02093] below), then please note that the work around put in place by Support will be undone during the installation of 6.4.1. See the note below for the CLI commands to apply the work around again in a more permanent manner. Once the CLI commands have been issued, the work around will be in place and will persist across future firmware upgrades.
- If you are upgrading to ExOS 6.4 from ExOS 5.x or earlier:
- This upgrade is not supported. Please upgrade to ExOS 6.3 first.
- New ports will need to be opened in any firewalls sitting between two accelerating Exindas to take full advantage of the new features found in 6.4.0. Please see the 6.4.0 release notes.
- New images for the Virtual appliances are not yet available. To install a new virtual appliance running 6.4.0, please first install 6.3.0 and upgrade to 6.4.1.
- When updating to 6.4 from a previous version, there is an upgrade of all the data stored on the appliance. This update process may take up to 24 hours depending on the amount of data stored on the appliance and the type of appliance. While this upgrade is happening, the charts will show "no data available". You can check the status of the data update on the Dashboard -> System page.
Support for Signed CIFS acceleration [B-01660]
This version adds support for accelerating CIFS/SMB connections that requiresigning on the server side. To enable signing please review the SMBdocumentation:To enable signing go to the System -> Optimization -> SMB page to enterdomain credentials and enable signing support.
Support for SMBv3 acceleration [B-01850]
This version adds support for accelerating new the type of SMB communicationbetween windows 8 clients and windows 2012 Server. This new type of SMB isversion 3. This acceleration is enabled by default when accelerating SMBconnections.
Improved MAPI attachment acceleration [B-01483]
MAPI acceleration now pulls out individual attachments for the purposes ofcompressing the transmission using Wan Memory. This results in improved datareduction and lower latency with clients transmitting email withattachments.
Bug fixes and minor improvements:
- Released in 6.4.1 Update 1
- [B-02118] Netflow: A change was made to more evenly distribute emission of the netflow records. This distributes the load on the netflow collectors more evenly.
- [D-01327] APS: When the baseline completes, the sends an email advising the user that the baseline is complete. That email now contains the values determined by the baseline.
- [D-01601] Monitoring: Flash graphs that did not contain data were presented with axis labels that were incorrect. This has been corrected.
- [D-01622] APS: The APS score may show a very large loss % (greater than 100%) in some circumstances. This happens when there are packet retransmissions with corrupted packets.
- [D-01694] When the following conditions are met, file share users will bedenied access to the file share:
- pre-6.3 compatibility mode for SMB acceleration is enabled
- SMB acceleration is disabled
- there are policies for the client and server combination that instruct the Exinda to accelerate the traffic
- there is only a single Exinda appliance in the path between the client or Server
- This is now fixed.
- [D-01704] SMB: When the SMB cache partition would fill up, occasionally smbad alerts would be seen in the logs. The underlying cause of these alerts has been corrected.
- [D-01724] SSL Acceleration: The SSL process is sending a lot of data throughout the day to all the peers in an acceleration community. This shows up as ExindaSSL traffic.
- [D-01727] DVCs: When DVCs were used with multi-queue mode (licenses 2Gb/s or higher) the DVC would restrict traffic to a fraction of the expected transfer rate.
- [D-01728] DVCs: When the amount of traffic in a DVC far exceeds the configured bandwidth cap for the DVC, the resulting shaped traffic would be less than the configured bandwidth cap. This has been addressed and DVC bandwidth is now preserved when throttling a heavy volume of traffic.
- [D-01753] VLAN: In some circumstances traffic would be blocked by the Exinda appliance after an upgrade to 6.4. This was because VLAN tags were being dropped in some circumstances. VLAN traffic passes through the Exinda appliance without issue in this release.
- [D-01752] Virtualization: When following the documentation for loading a virtual image on to the Exinda Services Platform, the product would rename the uploaded file.
- Released in 6.4.1
- [B-01508] If downloading of a new firmware release fails, attempting to download the firmware again will restart from where the first failure occurred. This will help customers on a slow connection such as a satellite link.
- [B-01955] QoS: optimizer: Increase the number of supported policies from 120 to 1900 When using the new high performance (>= 2Gbps) multi queue optimizer.
- [B-02006] The system watchdog is now enabled for all systems after the upgrade. It is highly recommended that the system watchdog be left enabled.
- [B-02093] When accelerating traffic to or from a FreeBSD system, it is recommended that timestamp handling on the Exinda appliance is disabled. See the known issue of [D-01656]. To disable timestamp handling, new cli commands have been added to the system.
To turn timestamp handling off use:no ip tcp timestamps enableTo turn timestamp handling on use:ip tcp timestamps enableTo see the current state of timestamp handling use:show ip tcp timestampsNOTE: If you have contacted support and they disabled timestamphandling, please disable it again using these commands to ensure that itbecomes part of your configuration.
- [D-01437] reporting: On the SLA graphs under service levels>network response, the latency average (blue line) is being reported as Mbps instead of ms
- [D-01481] AD: active directory groups that begin with a '#' character were not handled correctly. This has been fixed.
- [D-01514] monitoring: If detailed records is enabled for monitoring, the data that was being displayed on the monitoring Subnet page was not reflective of the detailed records that are being tracked. The information shown was a summary of the detailed records. This has been corrected so that if detailed records are enabled, these records are used to generate the report on this page.
- [D-01519] In some circumstances accelerating MAPI connections would cause clients using the encrypted MAPI protocol to experience disconnections from the server.
- [D-01535] system: If Asymmetric Flow alerts are enabled and there are many simultaneous asymmetric flows, the collection engine may experience a process crash. The result will be a larger than usual spike in the traffic graphs when the collection engine restarts. Traffic will continue to be processes properly.
- [D-01541] mapi: under certain circumstances the mapi acceleration component would get stuck in a loop and would consume a lot of CPU resources. It would also stop being able to accelerate further MAPI traffic. This has been resolved.
- [D-01596] shaping: enabling Global QoS on license levels higher than 2 Gb/s yields poor performance.
- [D-01600] The subnet used to show mismatched data between inbound and outbound traffic when not sorting the information by object name. This has been resolved.
- [D-01603] SDP: as of 6.3.12 and 6.4.0, the data sent to SDP is not consistent with previous versions. This change ensures that this version and subsequent versions send the same data to SDP as was sent in version 6.3.9
- and prior.
- [D-01631] monitoring: added better APS handling of non-transactional protocols such as RDP and Citrix
- [APP-7713] virtual: Fix the order of nics when using emulated nics instead of the recomended para-virtualised nics.
- [APP-7713] virtual: Fix issues when an odd number of bridges is configured, or bridges are added or removed after initial configuration.
- [D-01469] VLAN tag rewriting through policy rules does not rewrite the tag.
- [D-01595] When UltraSurf is being blocked, it looks for another transport mechanism to use to get through the Exinda. One of the mechanisms that is used is HTTPs. When this happens UltraSurf no longer gets recognized as UltraSurf. As a result it starts to get through the Exinda blocking rules because it is no longer UltraSurf traffic. One work around for this behaviour is to throttle the traffic to some small trickle rather than block it outright. Another work around is to build a rule using the HTTPs common name.
- [D-01688] mapid: Encrypted connection detection is disabled if basic header marking enabled
- [D-01805] monitord: there is a situation where monitord will occasionally crash when an administrator logs into the appliance. This situation can be detected because the graphs on the dashboard page will show no data and then after refreshing the page, the data would be available again. This issue does not affect the operation of monitoring or processing the traffic through the appliance.
- [APP-7426] pre-population: NTLMv2 authentication for HTTP is not supported
- [APP-3275] monitoring: Graphs/tables show data for "last 60 minutes" show "this hour" in the drill-down reports.
- [APP-668] cli: command completion does not work for names with multiple words (that contain a space). e.g. show policy my policy