Announcing ExOS 6.4.2
Notes:
Bug fixes and minor improvements:
Known Issues:
Notes:
- This release includes all changes from 6.3.13 6.4, and 6.4.2
- No 32-bit images are provided. 6.4 will not be supported on 32 bit hardware
- After upgrading and rebooting it is normal to see "No Data Available" on the graphs for a short period of time.
- This is due to the processes starting up after the restart. When all the processes have restarted, data will show up again.
- 2061, 4010, 4061, 6060, 6062, 8060, 8062, 10060, 10062, Virtual
- 6.0, 6.1, 6.3, 6.4
- 64 bit image (6.4.2 Update 3)
- Image Size: 419560593 Bytes
- MD5: 9e050ccc9f27d2d1e21da5a51acdb3d5
- If you have been in contact with Customer Support regarding the timestamp issue (See [B-02093]), this release fixes the issue, even if you have previously implemented the work around.
- If you are upgrading to ExOS 6.4 from ExOS 5.x or earlier:
- This upgrade path is not supported. Please upgrade to ExOS 6.3 first.
- When updating to 6.4 from a previous version, there is an upgrade of all the data stored on the appliance. This update process may take up to 24 hours depending on the amount of data stored on the appliance and the type of appliance. While this upgrade is happening, the charts will show "no data available". You can check the status of the data update on the Dashboard -> System page.
- Hostnames can now be used in the configuration where IP addresses were only possible in the past [B-02218,B-02223,B-02220,B-02222,B-02221,B-02216,B-02217]
- The following configuration items now take hostnames instead of just IP addresses:
- NTP server
- Syslog server
- LDAP server
- TACACS+ server
- Radius server
- HTTP Proxy server
- SNMP Trap sink
- The following configuration items now take hostnames instead of just IP addresses:
- Releases are following a new naming convention [B-02032]
- The new naming convention is documented on the Exinda support forum. https://support.exinda.com/topic/exinda-release-labelling
- Updated Layer 7 Signatures [B-01483]
- New Applications:
- Burner (Voice)
- enLegion (Instant Messaging)
- Flickr (Social Networking)
- Friendster (Social Networking)
- Instagram (Social Networking)
- Live.com (Mail)
- Lovefilm (streaming)
- SugarSync (Instant Messaging)
- TigerText (Instant Messaging)
- Vibe (Instant Messaging)
- Voxer (Instant Messaging)
- Wickr (Instant Messaging)
- New protocols:
- Demand5
- Channel4oD
- FIX
- Hi5
- Hotmail
- ITV
- Lotus Notes
- Netflow
- Oracle DB
- Orkut
- Poison Ivy
- RSVP (Layer 4 protocol)
- Soribada
- Zoho Work Online
- New subtypes:
- Demand5
- web
- stream
- ITV
- web
- stream
- MSN
- webchat
- Yahoo
- webmail
- Demand5
- New subtypes for the 'application' signature:
- burner
- enlegion
- flickr
- friendster
- live_com
- lovefilm
- sugarsync
- tigertext
- vibe
- voxer
- wickr
- Improved signatures:
- bit (BitTorrent)
- dns (DNS)
- directconnect (DirectConnect)
- msn (MSN)
- gnu (Gnutella)
- GTalk
- http (HTTP)
- imesh (iMesh)
- irc (IRC)
- mute (Mute)
- mypeople (MyPeople)
- netflix (Netflix)
- jabber/opennimbuzz (Nimbuzz)
- openvpn (OpenVPN)
- oscar (Oscar / ICQ)
- paltalk (Paltalk)
- pando (Pando)
- pplive (PPLive)
- ppstream (PPStream)
- qqlive (QQLive)
- radius (RADIUS)
- scydo (Scydo)
- skype (Skype)
- spdy, ssl/spdy (SPDY)
- tango (Tango)
- teamviewer (TeamViewer)
- thunder (WebThunder)
- ultrasurf (UltraSurf)
- uusee (UUSee)
- viber (Viber)
- wapwsp (WAP)
- webex (Webex)
- whatsapp (WhatsApp)
- Windows Azure
- Improved subtypes for the 'application' signature:
- facebook (Facebook)
- gmail (GMail)
- hotmail_webmail (Hotmail)
- icloud (iCloud)
- twitter (Twitter)
- youtube (YouTube)
- Improved capabilities:
- BitTorrent
- Fixed issue which caused that plain BitTorrent flows to get excluded if just one subscriber side was tracked.
- Added new subtype 'µTorrent';
- new detection patterns for QBitTorrent, Halite, µTorrent, Deluge, Transmission, Vuze; improved asymmetric detection
- YouTube
- Complete website traffic is now marked as Youtube
- SIP
- Fixed SIP detection for flows with custom URLs
- Teredo
- Fixed Teredo tunnel decapsulation
- New Applications:
- Added support for new expansion cards for the 4010 platform [B-02449]
- Support has been added for a new 4 port 1Gbps Copper expansion module and a 2 port 1Gbps Fibre expansion module for the 4010 platform. The installation instructions can be found at this URL: http://www.exinda.com/downloads/4010-options-card.pdf
- Added support for IPv6 address as the next hop in Policy Based Routing (PBR) [B-02460]
- An IPv6 address may now be specified as the Next Hop address on the System-> Setup-> IP Addresses screen. Once you select PBR as the interface type, you are able to enter an IPv4 or an IPv6 address for the next hop in the PBR routing chain.
- Added Scheduling of Hourly PDF Reports [B-02162]
- When scheduling PDF reports, you can now select that these reports be generated hourly.
Bug fixes and minor improvements:
- 6.4.2 Update 3
- [D-02239] Edge Cache: YouTube recently made some changes to their service that cause Edge Cache to fail to load some but not all YouTube videos. The symptoms are YouTube videos stopping after approximately 20 seconds of playback. This release fixes the issue such that YouTube is again cached and played back properly
- [D-02178] Caching Apple Updates stopped working earlier when Apple started to use a new HTTP header to try to avoid having their updates cached. This release addresses this change and starts to cache Apple Updates once again.
- 6.4.2 Update 2
- [B-02733, D-01872] fixed an issue where multi-cast traffic was only being bridged when there was an explicit muti-cast consumer.
- [B-03011, D-02050] Fixed an acceleration and monitoring issue for certain deployment where accelerated traffic from a branch terminates at the HQ appliances and the traffic then passes to a router that sends it back to the HQ exinda appliance on its way to the internet. This deployment situation is now fully supported.
- [D-02075] Fixed an issue where the clear CLI command for application_groups was not clearing the group properly and prevented loading a working configuration from one appliance into another appliance.
- [B-03017,B-02461, B-02459, B-02458, B-02456] Updated Various Layer 7 Signatures
- New Protocols
- Iperf
- LINE
- M+
- New Applications
- ActiveSync
- Google Talk
- VEOHTV
- SAP
- YouPorn
- eBay
- PornHub
- SpiderOak
- ADrive
- Youku
- Amazon Shop
- Yelp
- RenRen
- MyMusic Taiwan
- Improved Detections
- iPlayer
- Netflix
- Skype
- World of Warcraft
- ISAKMP/ IPSEC
- FaceTime
- TOR
- HTTP/MPEG
- Ultrasurf
- Oscar
- 6.4.2 Update 1
- [B-02720] Added support for EX-NEM62-G4BP and EX-NEM62-G6BP network expansion cards
- [B-02729] Added new application objects for BlackBerry Messenger and Yahoo IM. These applications are now part of the IM Application Group
- [B-02730] Added new application objects for BlackBerry Mail and Yahoo WebMail. These applications are now part of the Mail Application Group
- [D-01917] Twitter is now using twimg.com and twitter.com using the SPDY protocol. The appliance has been updated to recognize this traffic.
- 6.4.2
- [D-01469] VLAN tag rewriting through policy rules does not rewrite the tag.
- [D-01595] When UltraSurf is being blocked, it looks for another transport mechanism to use to get through the Exinda. One of the mechanisms that is used is HTTPs. When this happens UltraSurf no longer gets recognized as UltraSurf. As a result it starts to get through the Exinda blocking rules because it is no longer UltraSurf traffic.
- [D-01656] When accelerating traffic to or from a FreeBSD based system, the timestamps of the TCP packets will not be updated in a manner that is acceptable to FreeBSD. This causes FreeBSD to reject the packets, resulting in slow traffic between the FreeBSD system and the client or server it is communicating to. There is a work around. Please contact Support at www.exinda.com/Support for assistance with the work around.
- [D-01766] multi-queue: fixed a situation where a policy would allow up to 15% more data than configured when using multi-queue mode. The policy now correctly enforces the bandwidth cap.
- [D-01769] When monitoring on a SPAN / MIRROR port of a switch, internal to internal traffic is now displayed and accounted for. Traffic flowing from the lower IP to the higher IP will be classified as outbound traffic. Traffic flowing from the higher IP to the lower IP will be considered as inbound traffic.
- [D-01805] monitoring: fixed a situation where the system dashboard graphs would be empty on login. This happened when logging into the appliance after a long period of not being logged in and would fix itself within 1 minute of logging in and refreshing the page.
- [D-01832] When a policy for SMB is set to accelerate using 'Compression' reduction in Optimizer-> Policies, there may be a delay before new connections begin passing traffic and subsequently provide low throughput
- [D-01845] pdf reports: under some circumstances when creating a PDF report for subnets, the PDF report will label each subnet with the subnet name of the first subnet in the list. The resulting data is the correct data for each subnet, but the label is that of the first subnet for each subnet reported on.
- [D-01857] When SMB2 feature is enabled for acceleration under System-> Optimization-> SMB, smb1 connections between windows XP/Windows Server 2003 would fail. This has been fixed.
- [D-01896,D-01891] When accelerating SMB under System-> Optimization-> SMB, renaming a file on a remote share can cause the Exinda to report high CPU usage and randomly fail additional new connections. This has been fixed.
Known Issues:
- [D-01654] When using a very large number of policies, the appliance will occasionally be seen to use a high amount of CPU when a change to the policy is made. Under extreme circumstances the appliance WUI may appear to lock up.
- [D-01777] snmp: after a period of repeatedly querying the following sensors, the WUI will appear to be locked up and various processes within the appliance will crash. This will eventually repair itself.
- system health/cpu alarm, system health/disk alarm, system health/ram alarm, system health/nic alarm.
- The work around is to not query these SNMP values.
- [D-01819] The appliance is currently limited to having 15 Dynamic Virtual Circuits. If you create a 16th DVC, the optimizer will give you an error and will not start.
- [D-01876] With SMB acceleration enabled, the Exinda Appliance can cause the Dell Kace K1000 to fail. The work around is to create a network object defining the Dell Kace server and create a specific rule for Dell Kace traffic that does not accelerate the traffic.
- [D-01898] While creating a baseline for an Application Performance Score, the appliance will continually update the appliance configuration with the new values. This will result in the configuration being marked as not saved.
- [D-01921] Under some circumstances Microsoft Lync traffic will be classified as MSN traffic.
- [APP-7426] pre-population: NTLMv2 authentication for HTTP is not supported
- [APP-3275] monitoring: Graphs/tables show data for "last 60 minutes" show "this hour" in the drill-down reports.
- [APP-668] cli: command completion does not work for names with multiple words (that contain a space). e.g. show policy my policy