Identity-Based Microsegmentation Guide
LAST UPDATED: October 8, 2021

June 11, 2021

What’s new

Tag Prefix Defaults

The number of Tag Prefixes which can be defined is finite (30). We’ve changed the Tag Prefix defaults to allow for more customization to a customer’s requirements. The new Tag Prefix defaults are listed below.

  • $controller=
  • $id=
  • $identity=
  • $image=
  • $name=
  • $namespace=
  • $type=
  • @org:cloudaccount=
  • @org:group=
  • @org:kubernetes=
  • @org:tenant=
  • externalnetwork:name=
  • app=

Duplicate option in the UI

You can now duplicate objects in the UI such as Rulesets and Network List.
This can be helpful if you want to move an object from one level in the heirarchy to another.

Resolved issues

  • CNS-2334: Fixed the subscription sidebar bug that prevents microsegmentation activation.

  • CNS-2287: Inbound UDP traffic to Linux hosts not adhering to the expected default allow action for a Processing Unit.

  • CNS-2277: Already connected enforcers show disconnected if the repo is unavailable.

Known issues

  • CNS-2263: Traffic from Network list object are sometimes rejected with drop reason “missing token”.

  • CNS-2259: App dependency map fails to load when the time interval is greater than 12hrs.

  • CNS-1730: Traffic to the domain in an external network occasionally goes to Somewhere instead.

Deprecation notices

  • Namespace Editor role: If you have any API authorizations using this role, migrate them to the Namespace Administrator role. We will remove the Namespace Editor role in a future release.

  • Host services: If you are using host services, migrate to external networks and network rulesets. We will remove host services in a future release.