May 28, 2021
Complete installation preflight checks
We’ve rolled all the preflight checks together to ensure that the target enforcer meets the necessary requirements before installing.
- Time synchronization with Microsegmentation Console
- Supported operating system
Reporting of IP address resolution
The enforcer now reports the IP address that a fully qualified domain names resolved to. You can find this data in Network Security > Logs > DNS Lookup Logs. You may need to manually add the field ResolvedIPs as a column.
Automatic creation of cloud API authorization
After onboarding a cloud account to Prisma Cloud, we automatically create an API authorization that enforcers can use to authenticate to the Microsegmentation Console.
You can view the automatically created API authorizations in the Network Security > Namespaces > Authorizations pane of the web interface.
They have the name Authorization for auto-registration of enforcer and are disabled by default.
For AWS instances, we recommend specifying an IAM role attached to the target host with read-only access to tags (
ec2:DescribeTags) before enabling the authorization.
Easier retrieval of enforcer logs
You can now put an enforcer into debug mode from the web interface and use the provided command to collect its logs.
- CNS-906: Occasional failures to automatically refresh the flow logs no longer occur.
CNS-153: When using relative time values with
apoctl, the values must be in relation to Pacific Standard Time (PST). For example, if you are in France and want to retrieve the last five minues of flow logs, you could use
-9h5m. Another workaround for this issue is to use absolute time values.
CNS-1730: Traffic to the domain in an external network occasionally goes to
Namespace Editor role: If you have any API authorizations using this role, migrate them to the Namespace Administrator role. We will remove the Namespace Editor role in a future release.
Host services: If you are using host services, migrate to external networks and network rulesets. We will remove host services in a future release.