Identity-Based Microsegmentation Guide
LAST UPDATED: October 8, 2021

5.0.8

May 4, 2021

What’s new

This release introduces configurable data retention settings. To learn more, refer to Modifying data retention defaults.

Resolved issues

  • CNS-1616: The Advanced on-premise install procedure no longer omits the following important settings from the CONF file: ENFORCERD_PERSIST_CREDENTIALS=true, CNS_AGENT_TOKEN=$TOKEN, and CNS_AGENT_ENFORCER_FIRST_INSTALL_VERSION=. Please uninstall and reinstall your enforcers using the updated documentation. Should you fail to do so, your enforcers will be unable to register with the Microsegmentation Console after shutting down and restarting.

  • CNS-2151: The Microsegmentation Console TUF repository now includes all 5.x enforcer builds.

Known issues

  • CNS-153: When using relative time values with apoctl, the values must be in relation to Pacific Standard Time (PST). For example, if you are in France and want to retrieve the last five minues of flow logs, you could use -9h5m. Another workaround for this issue is to use absolute time values.

  • CNS-1343: The enforcer fails to program external networks that use the ! operator on Red Hat Enterprise Linux 6.

  • CNS-1356: You must use an enforcer profile to manually add the URL of the Microsegmentation Console API to as an excluded network for Red Hat Enterprise Linux 6 hosts. Failing to do so before installing the enforcer causes a complete lack of access to the host.

  • CNS-1651: The enforcer fails to recover after a third party removes some of its iptables rules.

  • CNS-1730: Traffic to the domain in an external network occasionally goes to Somewhere instead.

  • CNS-1733: Deselecting Show policed flows in the Platform pane produces unexpected results.

  • CNS-1755: Fonts in the web interface vanish on external monitors with a devicePixelRatio of 1.25.

Deprecation notices

A future release will remove support for the following. Please plan accordingly.

  • CoreOS, Oracle Enterprise Linux (OEL), and Red Hat Enterprise Linux (RHEL) 6: upgrade to CoreOS/OEL/RHEL 7 or later.
  • Host services: migrate to external networks and network rulesets.
  • Namespace Editor role: If you have any API authorizations using this role, migrate them to the Namespace Administrator role. We will remove the Namespace Editor role in a future release.