IDENTITY-BASED MICROSEGMENTATION DOCUMENTATION

May 28, 2020

Resolved issues

  • #188: When host protection is enabled, the enforcer no longer allows traffic on port 65535 by default.
  • #193: The Compute suggestions button in the Suggest policies panel of the Platform pane now returns policy suggestions if you have some flows.
  • #222: Creating a network policy that allows a protected host to accept inbound TCP connections on port 22 no longer occasionally causes the host to accept inbound connections on all ports.

Known issues

  • #146: RHEL 8 and RHEL CoreOS 8 (used by OpenShift 4) have deprecated iptables in favor of nftables. Before installing Aporeto in these environments, you must enable iptables, such as via the following commands:

    modprobe ip_tables
modprobe iptable_nat

  • #1302: RHEL 8+ requires special configuration to work with the SSH access control feature. If you require this distribution, contact us for assistance.