16.0 Changelog: Difference between revisions

From Edge Threat Management Wiki - Arista
Jump to navigationJump to search
No edit summary
(6 intermediate revisions by the same user not shown)
Line 1: Line 1:
= Overview =
= Overview =
16.0 adds WireGuard VPN and UEFI installation ability as well as many small improvements and fixes.


= Features =
16.0 is a major new release containing new the new WireGuard VPN application, UEFI support, and many improvements and bug fixes.
* WireGuard VPN service.
* UEFI installation on most modern BIOS platforms.
* Custom block page for Threat Prevention.
* Log retention configuration.


= Bug Fixes=
= WireGuard =
* Change IPsec config without a restart.
 
* Change config for OpenVPN without a restart
WireGuard is a VPN alternative to OpenVPN that is much easier to configure and deploy.  It can be used in both site-to-site environents as well as roaming environments. 
* Exporting JSON content columns issues
 
* L2TP local directory auth fails after deleting IPsec tunnels  
== Roaming ==
* Export database vs. export grid
 
* Removing remote server from OpenVPN does not close connection
In Roaming environments, creating a new tunnel is as simple as providing a Description.  The public key will be automatically generated and after saving tunnel information, the gear icon under the Remote Client column will show configuration in either QR code or WireGuard configuration.  Many table and phone WireGuard application implementations can scan the QR code to configure their tunnel.
 
== Monitoring ==
 
Similar to IPSec, tunnel monitoring will if a connection is down and can restart the tunnel.
 
= UEFI =
 
You can now install NGFW on UEFI for most modern BIOS platforms.
 
= IPSec =
 
== Failover ==
With WAN Failover, you can now specify an Active Wan interface.  If selected, when WAN failover falls over, it will reconnect using the new IP address.  When the WAN falls back, the previous IP address.
 
= General VPN Improvements =
 
== Restarting Tunnels ==
 
Tunnels for WireGuard, OpenVPN, IPSec no longer restart the entire services, only the specific tunnels enabled, disabled, or modifed.
 
== Automatic LAN configuration ==
 
If a tunnel matches exactly the non-WAN configuration for interfaces, if you make a change to an interface (such as to add an alias), changes will be propagated to WireGuard, OpenVPN, and IPSec tunnels.
 
= Threat Prevention =
 
== Lookup ==
 
The Lookup now allows you to specify Source/Destination for the IP address or URL to better clarify the difference between results that can occur between client addresses and destination addresses.
 
== Custom Page ==
 
You can now specify a custom page for Threat Prevention blocks.
 
= Other =
* Numerous performance improvements have been made to reporting and HTTP traffic processing.
* Admin UI now operates on applicable interface aliases.
* SSL Inspector now supports TLS 1.3.
* Under Config, System, the new Logs tab allows you to better control disk space used by logs by specifying retention.
* Report retention can now be configured at an hourly resolution.
* Event reports can now export what is displayed or the entire table.
* Web event reports now have the host field before the URI field.
* Remote syslog events are no longer cut off at a certain size limit.
* Disk space now uses a more accurate calucation.
* Exporting JSON content columns issues has been fixed.
* L2TP local directory auth fails after deleting IPsec tunnels has been fixed.
* Removing remote server from OpenVPN does not close connection has been fixed.

Revision as of 19:25, 21 September 2020

Overview

16.0 is a major new release containing new the new WireGuard VPN application, UEFI support, and many improvements and bug fixes.

WireGuard

WireGuard is a VPN alternative to OpenVPN that is much easier to configure and deploy. It can be used in both site-to-site environents as well as roaming environments.

Roaming

In Roaming environments, creating a new tunnel is as simple as providing a Description. The public key will be automatically generated and after saving tunnel information, the gear icon under the Remote Client column will show configuration in either QR code or WireGuard configuration. Many table and phone WireGuard application implementations can scan the QR code to configure their tunnel.

Monitoring

Similar to IPSec, tunnel monitoring will if a connection is down and can restart the tunnel.

UEFI

You can now install NGFW on UEFI for most modern BIOS platforms.

IPSec

Failover

With WAN Failover, you can now specify an Active Wan interface. If selected, when WAN failover falls over, it will reconnect using the new IP address. When the WAN falls back, the previous IP address.

General VPN Improvements

Restarting Tunnels

Tunnels for WireGuard, OpenVPN, IPSec no longer restart the entire services, only the specific tunnels enabled, disabled, or modifed.

Automatic LAN configuration

If a tunnel matches exactly the non-WAN configuration for interfaces, if you make a change to an interface (such as to add an alias), changes will be propagated to WireGuard, OpenVPN, and IPSec tunnels.

Threat Prevention

Lookup

The Lookup now allows you to specify Source/Destination for the IP address or URL to better clarify the difference between results that can occur between client addresses and destination addresses.

Custom Page

You can now specify a custom page for Threat Prevention blocks.

Other

  • Numerous performance improvements have been made to reporting and HTTP traffic processing.
  • Admin UI now operates on applicable interface aliases.
  • SSL Inspector now supports TLS 1.3.
  • Under Config, System, the new Logs tab allows you to better control disk space used by logs by specifying retention.
  • Report retention can now be configured at an hourly resolution.
  • Event reports can now export what is displayed or the entire table.
  • Web event reports now have the host field before the URI field.
  • Remote syslog events are no longer cut off at a certain size limit.
  • Disk space now uses a more accurate calucation.
  • Exporting JSON content columns issues has been fixed.
  • L2TP local directory auth fails after deleting IPsec tunnels has been fixed.
  • Removing remote server from OpenVPN does not close connection has been fixed.