Overview
This article describes the Release Notes for ExOS 6.4.6.
Information
These are essential things to keep in mind regarding ExOS 6.4.6:
- If you use Differentiated Services Code Point (DSCP) values for filtering, refer to bug ID D-03627 in the Bug fixes and Minor Improvements section below for an important message.
- All versions in 6.4.3, 6.4.4, and 6.4.5 are now able to upgrade to 6.4.6.
- Once you upgrade to 6.4.6, you can only upgrade to 7.0.1 Update 2 and later.
- This release includes all changes from releases up to, and including, these update releases: 6.3.13, 6.4.3 Update 12, 6.4.4, and 6.4.5.
- No 32-bit images are provided. 6.4 will not be supported on 32-bit hardware.
- After upgrading and rebooting, it is normal to see the below message displayed in the graphs for a short period due to the processes starting up after the restart. When all the processes have restarted, data will show up again:
No Data Available
Platforms:
- 2061, 4010, 4061, 6060, 6062, 8060, 8062, 10060, 10062, Virtual.
Supported upgrade versions:
- 6.0, 6.1, 6.3, 6.4.
Link to download the update:
- Download Link
- Image Size: 415,985,408 bytes
- MD5: 5ac4929ea581a1a9320d4ecc6510d7db
IMPORTANT:
- If you are upgrading to ExOS 6.4 from ExOS 5.x or earlier, this upgrade path is not supported. Please upgrade to ExOS 6.3 first.
- When updating to 6.4 from a previous version, there is an upgrade of all the data stored on the appliance. This update process may take up to 24 hours, depending on the amount of data stored on the appliance and the type of appliance. While this upgrade is happening, the charts will show the below message. You can check the status of the data update by navigating to Dashboard > System.
No Data Available
- New images for virtual appliances are not available. To install a new virtual appliance running 6.4.5, please first install 6.3.0 and upgrade to 6.4.0.
Major Features
Peak vs. Average Throughput Report on the Virtual Circuit PDF Report and WUI (B-04098):
A new option has been added to the Virtual Circuit PDF report to provide a separate Peak vs. Average Throughput report. This new graph displays two line graphs, one for the peak throughput (maximum throughput observed in a 10-second sample), and the other is the throughput of traffic averaged over the time range (bytes observed during the sample period divided by the sample period duration). An option for this new graph is the scale on the Y-axis. If the Y-axis is requested in Kbps (kilobits per second), the Y-axis will show the total throughput observed. If the Y-axis is requested as a percentage, the Y-axis will be 0 - 100%, where 100% represents the maximum bandwidth of the Virtual Circuit. If All is selected as the Virtual Circuit, the Peak vs. Average Throughput report will be displayed for that circuit.
Updated Layer 7 Signatures:
B-03952
New Applications
- MEGA
New Protocols
- MS Exchange including subtype Outlook Web Access
- Doook
- vBulletin
Improved Signatures
- BitTorrent
- Edonkey
- GoToMeeting
- IMO
- iPlayer
- Jabber: added subtype 'encrypted' to include encrypted traffic.
- L2TP
- LoveFilm
- Oscar
- SIP: added subtype for MPlus.
- Skype
- Thunder
- Ultrasurf: improved detection for Ultrasurf 14.03
- Viber: added file-transfer subtype.
Bug fixes and Minor Improvements:
- [D-01710]: Fixed an issue where the bar graph on the Control page shows greater than 100% of the controlled rate. This was a display anomaly only. The traffic was still being controlled to the appropriate burst maximum.
-
[D-02908]: In a cluster environment with devices using WAN Memory (x800 licenses), the yellow strips and graphics indicating if the flow is local or remote were not consistent and accurate. This has been modified to be entirely consistent and accurate. As a result, new icons on the real-time conversation screen have been introduced to convey the proper information. The letter in the icon indicates if the flow entered the cluster on the local node or a remote node. The color of the icon indicates if the flow is being accelerated locally or remotely. If it is being accelerated locally, the background color will be yellow. Additionally:
- A green background L indicates that the flow is locally bridged and remotely accelerated, which means that the flow entered the cluster on the node that you are viewing, and it was passed to a different node in the cluster for acceleration processing.
- A brown background R indicates that the flow is remote bridged and remotely accelerated. NOTE: It does not mean that the same machine that is bridging the flow is also accelerating the flow.
- A yellow background L indicates that the flow is locally bridged and locally accelerated.
-
A yellow background R indicates that the flow is remote bridged and locally accelerated.
- [D-02960]: Improved the Optimizer startup time when the configuration has multiple policies (more than 1500).
- [D-02978]: Removed a duplicate email event for paging-high.
- [D-02991]: Fixed an issue that was preventing monitoring of Q-in-Q, or double VLAN-tagged traffic.
- [D-02997]: Addressed a UI (user interface) performance issue when the configuration has more than 2000 policies.
- [D-03028]: When using the latest Microsoft OS, some Server Message Block (SMB) traffic was being classified as NETBIOS traffic. This has been corrected.
- [D-03040]: The system disk was filling up with the URL logging data. This has been corrected.
-
[D-03050]: Added missing CLI (command-line interface) configuration for scheduling PDF reports directly from monitoring pages. Now, when scheduling PDF reports directly from a monitoring page, the details of these reports are accurately captured in the CLI configuration. You can now use the below command to schedule the reports. The URL parameter is the URL of the monitoring page to schedule:
report pdf NAME custom-url URL
- [D-03096]: Fixed a bug where the internal process mysql_syncd would crash when using custom application definitions.
- [D-03098]: Fixed an issue that prevented the display of the Control graph after renaming a Virtual Circuit.
- [D-03172]: Fixed an issue where the Hosts PDF report could show the wrong data for internal hosts. The pie chart was correct, but the corresponding table was showing external hosts.
- [D-03173]: Fixed a memory leak when the cluster link gets congested and information can not be shared between cluster members promptly.
- [D-03178]: Fixed an issue where the system would restart unexpectedly when in a cluster doing acceleration.
-
[D-03198]: Upgraded OpenSSL to v1.0.1e-16.14. This OpenSSL version covers the following vulnerabilities:
- CVE-2010-5298 - Possible use of memory after free.
- CVE-2014-0195 - Buffer overflow via invalid DTLS fragment.
- CVE-2014-0198 - Possible NULL pointer dereference.
- CVE-2014-0221 - DoS from invalid DTLS handshake packet.
- CVE-2014-0224 - SSL/TLS MITM vulnerability.
-
CVE-2014-3470 - Client-side DoS when using anonymous ECDH.
- [D-03219]: All conversions from Kbps to Mbps and Mbps to Gbps are now 1000 base, while in the past, they were 1024 base. As a result, if you have policies based on 1024, you will now see the report indicating that you are allowing 1.024Mbps instead of 1.0Mbps that would have been displayed in the past. The industry accepted conversation from Kbps to Mbps and Mbps to Gbps per second is 1Mbps = 1000kbps. This change makes the Exinda monitoring align better with other monitoring tools you may have in your network.
- [D-03275]: Fixed an issue where the diagnostic tool 'kdump' was not working in 6.4.5 and 7.0.1. The diagnostic tool works again. Use this tool only as directed by Exinda's Support team.
- [D-03285]: When manufacturing a machine with a version after 6.4.2, the Anonymous proxy URL was incorrect. This resulted in [D-02222] and the workaround listed for that bug. The root cause has been fixed, and the Anonymous proxy URL is always correct now during upgrades and manufacturing.
- [D-03298]: Fixed an issue that prevented SMB pre-population from working. With 6.4.5 and 7.0.1, the SMB pre-population jobs were failing.
- [D-03357]: Fixed an issue where Web Cache Communication Protocol (WCCP) would suffer from poor performance due to retransmissions.
- [D-03449]: Fixed an issue where port ranges stopped working in application objects after an update to 6.4.5 or 7.0.1.
- [D-03451]: Fixed an issue with acceleration where UDP packets that were VLAN-tagged and needed to be fragmented were being sent corrupted.
- [D-03521]: Fixed an issue where multi-per-vc queuing mode did not distribute the shaping queues properly after an upgrade to 6.4.5 and 7.0.1. The result is that multi-per-vc did not provide proper shaping.
- [D-03571]: Patched the version of BASH used within the product to fix the vulnerability for ShellShock. CESA-2014:1306, CVE-2104-6271, CVE-2014-7169. See this note on our support forum about our not being susceptible.
- [D-03602]: Added the ability to configure the VLAN that the IPMI will listen to. This new configuration is on the IPMI tab and allowed enabling VLAN support and specifying the VLAN ID.
- [D-03627]: Important: this represents a change of behavior. If you are doing DSCP filtering, your rules may need to be updated. On previous releases, DSCP 0 was used to match all DSCP values (similar to a wildcard). Now, DSCP 0 matches traffic that only has a DSCP value of zero (unmarked traffic). This will allow you to mark traffic that was previously unmarked while letting traffic that was already marked fall into another rule. As of this version you should interpret DSCP 0, when used in a filter, as meaning all traffic that has only DSCP 0 or no explicit DSCP mark.
- [D-03649]: Fixed an issue with SMB acceleration that could lead to memory exhaustion. The issue involved incorrectly locked files that are not cached (such as the Zone file in Windows). This would manifest itself in transfers that appear to hang at 0% or 99% complete.
- [B-04347]: Disabled the use of SSLv3 on all services that use SSL. This is a response to the recently reported POODLE vulnerability (CVE-2014-3566) of SSLv3.
Known Issues:
- [D-02199]: When an acceleration HA (high availability) cluster is configured and the traffic being accelerated is located on a VLAN with a VLAN tag, the traffic will not flow through the HA cluster properly. This issue is currently being investigated, and a fix is expected soon.
- [D-01777]: After a period of repeatedly querying the following sensors, the UI will appear to be locked up, and various processes within the appliance will crash. This will eventually repair itself. The workaround is not to query these SNMP values.
- [D-01921]: Under some circumstances, Microsoft Lync traffic will be classified as MSN traffic.