Secure Edge release notes

Updated
  • Updated on Mar 4, 2025
  • Published on Dec 6, 2024
  • 7 minute(s) read

This document provides information on the features, improvements, and known issues for this Secure Edge release.

  • None.

  • WAN protection - Clyde API hardening: We’ve hardened the Clyde API engine to run as an edge service, which allows for key system service updates without a NodeOS or node reboot. We’ve also added an API handler to validate existing Node configuration before applying netplan changes.

  • CLI rollback: We’ve improved the CLI rollback feature to help protect against faulty WAN configuration changes on a node. After three failed connection attempts, the node will revert to the previous WAN configuration. You can enable this feature on a per-node basis (contact Customer Support/DevOps).

  • Node memory spike mitigation: Previously, if a race condition continued on a node until it’s memory was saturated, the node would be unreachable and require a manual reboot. We’ve fixed this issue.

  • Node local UI (NodeOS): The new Node configuration web UI will be available on Node shipped after this upgrade (NodeOS 3386.1.50). This feature will not upgraded to currently in-service Nodes that also received a NodeOS upgrade.

  • Neeve branding: We’ve updated the Secure Edge Portal to reflect Neeve product branding: iNode to Node, Virtual Edge iNode to Virtual Node, Virtual iNode to Cloud Connector.

  • Nil

    The following cloud platforms are supported:

    • Amazon AWS

    • Microsoft Azure

    • VMware vSphere v6.x

    • Google Cloud

    3.1.1. Cloud Connector compute requirements

    2 vCPU, 2GB RAM, 10GB HDD, Public IP address

    1. WAN HA will not be available for nodes of model 2484v1. If WAN HA is required for this specific hardware version currently in service, you can request an RMA to swap to a 2484v2 Node.

    2. Nodes currently at NodeOS v3386.1.40 can apply this release, with no reboot required, to protect WAN configuration and memory spike (as listed in 2.2 Enhancements). However, these Nodes cannot have multiNIC mode enabled. If you want to enable multiNIC mode on these nodes, you must upgrade the NodeOS to v3386.1.50, which requires a reboot.

    3. The CLI rollback feature is not supported for nodes with WAN HA configured.

    4. On rebooting a node it could take approximately 5 minutes after the reboot for the node status to be updated to Alive in the Secure Edge Portal.

    5. When connecting nodes from the Secure Edge Portal the first time, both nodes should be in the Alive status.

    6. While launching Cloud Connector in Microsoft Azure, uploading the VHD file might take a long time depending on your network connection.

    7. When representational network is used and there is ongoing traffic between the Edge Node network and an Cloud Connector network, the ongoing traffic is not resumed after rebooting either node.

    8. When many Edge Node networks are connected to one Cloud Connector network, for Inter Remote Network Traffic to work the Default Destination should be set to the remote Cloud Connector network.

    9. If the Default Destination is set to a remote network and there is ongoing traffic from local network to Internet, changing Default Destination to WAN Network will drop the Internet traffic unless the ongoing traffic is restarted.

    10. Volume created for SkySpark license is required to have a filename with extension ".props".

    11. If Proxy is configured on a Cloud Connector, connecting the Cloud Connector network to an Edge Node network will fail unless Port Forwarding is enabled on the Proxy Server.

    12. When Standalone Mode is activated for a node from the Secure Edge Portal, the node needs to be ALIVE for at least one minute for the change to take effect.

    13. If the public IP address of a node changes, connection to the remote network, if any, will automatically disconnect and reconnect.

    14. The maximum size of the downloaded Service logs is limited to 10 MB.

    15. If the Default Destination is set to a remote network, you should configure public DNS servers as the DNS servers for your services.

    16. When using Node CLI, if you configure a static IP address for the node Ethernet uplink interface but don’t configure a name server, the node may become unreachable until you configure a name server.

    17. Editing a Secret requires the Service to be restarted to take effect.

    18. Service addressing can be set only when adding the network and can not be changed later by editing the network.

    19. If the Default Destination is set to WAN Network, outbound traffic from the local network destined to Internet or LAN will not match any custom security policy applied to the local network.

    20. In the hardware monitoring, the Power supply status and its temperature is not reported.

    21. When configuring timezone settings for the container, application container packager has to ensure that "tzdata" and "date" packages are installed in the container image to take effect.

    22. When configuring timezone settings for the container, please add the label "_iotium_core_service=true" to the Core services to ensure they aren't affected by container time zone setting. Services without "_iotium_core_service=true" label will be restarted and will come up with the container timezone that is configured.

    23. When configuring a proxy for the Virtual Edge on GCP, the public IP displayed in the Node details page in the Secure Edge Portal is that of the proxy IP.

    24. Firewall rules cannot be applied for the Inter Traffic Routing within an Edge Node.

    25. One-Arm mode is not supported with Multi NIC

    26. Intense scan report shows offline hosts also.

    27. Scan status is updated after 3 mins.

    28. TAN Routing  is not supported for dynamic TAN

    1. When upgrading certain nodes to version 3386.1.50, the CLI’s show interface wan will show as dynamic, even if the node has a statically configured IP. This is only a display issue: the node will retain its statically configured IP after the upgrade. This only applies to nodes flashed in 3045.0.5 and upgraded to 3201.0.(13,14,15), that you are then upgrading to version 3386.1.50.

      As a workaround, call the set wan api with same IP again from Orch.api.

    2. If no service log has been generated in the last 24 hours, the Service Logs window in the Secure Edge Portal will not show any logs even if there are logs generated earlier.

    3. When you edit a running Service and change its image, until the Service restarts after pulling the new image the node reports wrong status for the service.

    4. When you try to view or download service logs, a 504 timeout error may be thrown if there are multiple services writing logs frequently and the node uplink connection is slow. This is typically temporary; please retry after some time.

    5. When you use the Node CLI and configure a name server, node uses this name server in addition to the DHCP server provided name servers if any.

    6. Metrics graph does not show any break, if node loses management connectivity for a moment.

    7. Metrics graph and interface traffic rate on Node details page will take few minutes to display after provisioning the node.

    8. If the Edge Node network uses Representational network, traffic from a routed segment behind the Cloud Connector is not routed to the Edge Node network.

    9. If the Edge Node network uses Representational network, traffic from the Cloud Connector network is not routed to a routed segment behind the Edge Node network.

    10. Static routes to allow remote networks will not work if static routes with Representational Network is configured.

    11. When you reboot a node with numerous services, depending on your Edge Node hardware it may take several minutes for the services to come back up.

    12. In a node cluster if all the candidates in the master election have the same priority, the candidate with the highest IP address may not always be elected as the master.

    13. In a node cluster with the NTP core service deployed as a singleton, services running on the backup nodes don't synchronize time with the NTP service.

    14. The list of configured time servers and the server node is currently synchronized to is not available in the Secure Edge Portal for nodes with debian distro.

    15. In a node cluster with a singleton service in UNKNOWN state because of an error condition, the message from the container is not available in the Secure Edge Portal.

    16. When you create a dynamic Edge Node network, you will need to edit the network to connect to a remote network.

    17. Node conversion to cluster is not supported if dynamic addressing mode TAN networks exists in the node.

    18. Threat Intelligence enable/disable is not logged in activity log.

    19. Parent org dashboard may not show the threats detected in child org.

    20. Bulk User create/edit will be performed in the organization of the logged in user.

    21. Threat detected in child org is not consolidated in parent org's dashboard.

    22. Device Discovery enable/disable is not audited.

    23. Node’s location will be plotted randomly when an invalid address is entered.

    24. Device Discover is not supported in cluster

    25. Scan report of a scan config will be deleted when the scan config is deleted.

    26. Bacnet information is not available in downloaded report.

    27. Device discovery config is not allowed for 10 mins from TAN network edit.

    28. SSO org login or page navigation will throw error sometimes, need page refresh to load the page.

    29. Console connection to Edge Node will not work via an interface, when multinic is enabled and TAN network is created for that Interface.

    See the release notes archives for earlier versions.