VMware

vCloud Networking and Security 5.1.2 Release Notes

vCloud Networking and Security 5.1.2 | 20 DEC 2012 | Build 943471

What's in the Release Notes

The release notes cover the following topics:

What's New

  • New REST APIs to configure port and source/destination IP and MAC addresses to be ignored by the flow parser as well as code for using the configured information and drop flow packets matching the given criteria.
    The APIs are as follows:
    GET https:///api/2.1/app/flow/config
    POST https:///api/2.1/app/flow/config
    Request Body:
    <?xml version="1.0" encoding="UTF-8"?>
    <FlowConfiguration>
     <ignorePort>138</ignorePort>
     <ignorePort>37</ignorePort>
     <ignoreSourceIP>255.255.255.255</ignoreSourceIP>
     <ignoreDestIP>255.255.255.255</ignoreDestIP>
     <ignoreSourceMAC>FF:FF:FF:FF:FF:FF</ignoreSourceMAC>
     <ignoreDestMAC>FF:FF:FF:FF:FF:FF</ignoreDestMAC>
    </FlowConfiguration<
  • VXLAN virtual wires visible in vCenter inventory in the Networks view. Clicking on this node displays all VXLAN virtual wires. Clicking the name of a VXLAN virtual wire displays the Firewall, Spoofguard, Services, and Grouping tabs.
  • vShield Edge redeploy enhancements:If a vShield Edge virtual machine is moved in the vCenter inventory and the resource pool/cluster on which the vShield Edge was initially installed is no longer accessible, then vShield Edge is deployed in the existing resource pool/cluster in which the vShield Edge virtual machine is currently placed. In this case, the placement parameters are different from those specified during vShield Edge install or appliance configuration. When the original resource pool/cluster is available again, a subsequent redeploys restores the vShield Edge in the original resource pool/cluster. Sufficient memory and CPU must be available in the current resource pool/cluster where vShield Edge is present.
  • vCloud Networking and Security 5.1.2 and vShield Endpoint 5.1.2 will be used to gain Common Criteria and FIPS certification.

System Requirements and Installation

For information about system requirements and installation instructions, see the vShield Installation and Upgrade Guide.

Known Issues

The following known issues have been discovered through rigorous testing and will help you understand some behavior you might encounter in this release.

The known issues are grouped as follows:

vShield Manager Issues

vShield Manager upgrade fails with an error
When vShield Manager has been upgraded from 4.1 to 5.0 to 5.1, vShield Manager fails to connect to the vCenter Server and the UI displays an Internal Server Error.
Workaround: Re-enter the vCenter Server credentials. If connectivity is not restored, reboot the vShield Manager.

vShield Manager fills the /common directory very fast
vShield Manager filled 20% of the /common directory in 30 minutes.
Workaround: If DRS is enabled, you must add at least two hosts from the same cluster in a dvSwitch.

vShield App Issues

If the vCenter Server becomes unavailable during the vShield App upgrade process, the upgrade fails and the Update link is not available
See Update link not available during vShield App upgrade.

vShield Edge Issues

Additional steps to install SSL VPN client on Mountain Lion
Cannot install the SSL VPN client on the Mountain Lion operating system.
Workaround: Mountain Lion does not allow you to install the SSL VPN client since it is unsigned. CONTROL-click on the installer to proceed.

Cannot configure different certificates for two different features
Cannot configure different certificates for two different features. For example, you cannot use certificate a for IPsec and certificate b for SSL VPN.
Workaround: Use the same certificate for both features and then change the certificate for one of the features.

Resolved Issues

The following issues have been resolved in the 5.1.2 release.

  • vShield Manager does not purge audit logs
  • vShield Manager does not purge older logs, which takes up disk space.

  • vShield Manager does not allow routes overlapping with vnic addresses for static routing
  • In static routing, addition of routes for same subnet as the directly connected ones is not allowed. But addition of overlapping routes is allowed.

  • Cannot upload RSA configuration file through REST API call
  • Cannot configure RSA authorization server through REST API call.

  • Role base access problems for vShield Edge
  • vshieldAdmin user role can now install, upgrade, and delete vShield Edge, and edit interface and HA configuration.

  • vShield App displays error while installing VIB
  • Overlaying files due to conflicting script file name and directory caused vShield App to display an error when installing a VIB. Scripts in the /VIB directory have been moved to the /VIB/vshield/ directory.

  • Changing the priority of AutoPlumbed rules must be allowed from vShield Manager UI
  • You can now add rules with a precedence higher than the auto plumbed internal rules.