R81.10 Jumbo Hotfix Accumulator take #110 has been released today

Had some issues in R81.10 lab and this jumbo fixed it...woot woot : - )

i just this saturday patched our mds to take 109 to have with latest management fixed and on sunday you release take 110 with another big batch of improvements.. 

@Martin_Valenta ...well, it is brand new though, so give it some time : - )

Still patiently waiting for PRJ-46251. 🙂

@CaseyB Not sure what issue that is, but definitely not included.

Andy

@the_rock It has to do with VPN encryption domains.

Using "Encryption Domain Per community" feature overrides Encryption Domain for other communities (c...

Ah I see. Well, maybe it will be included in next jumbo, hopefully.

Andy

Woo hoo!  Looks like at long last, the IPS Bypass Under Load feature will actually be usable and not result in IPS being disabled essentially all the time on a modern gateway:

PRJ-46941,
TPP-3290

Threat Prevention

UPDATE: IPS bypass triggers will now be activated based on the average CPU load exceeding the high threshold, as opposed to the previous implementation, where a single CPU load triggered the bypass. The change will result in more effective security measures without unnecessary bypasses.

Wow....thats a lot of fixes in one release 🙂     I hope that it goes GA soon so I get less pushback when trying to update production 😉

Agree with @Timothy_Hall  last post here.....the IPS bypass looks like it can actually be used now 😉

Really happy to see this fix included and going to try to update my home lab this week:

******

PRJ-44745,
PMTR-90616

VSX

Virtual System's interfaces may be missing when running the Clish command "show/save configuration".

*****

Does anyone know if that same limitation exists today in R81.20 or is that something coming in a future release....especially with R81.20 going 'recommended' yesterday 🙂

Allowing to tag rules and sections is a welcome addition.

@Scottc98 Yes, IPS bypass feature, finally good news about it : - )

@Scottc98 The VSX limitation listed shouldn't be relevant in R81.20 to my knowledge.

Thanks @Chris_Atkinson  

That was truly an annoying discovery of the interfaces missing so 100% want that back before going to prod.

Anyone know if the IPS bypass 'fix' is already included in R81.20?   Don't want to assume but also don't see it listed in any current or future R81.20 jumbo release notes.  

@Scottc98 Personally, I would be surprised if it was not included...but, lets someone from CP confirm officially.

Andy

CaseyB, regarding PRJ-46251, we are aware of the issue and actively working to resolve it as quickly as possible. Once the fix is completed, we will deliver it to both MT and all the relevant JHFs.

Good news @Shayst10 

@Shayst10 - Thank you for the update, much appreciated! Are you able to elaborate on the process anymore? I ask because according to sk170857 there is a hotfix available for the issue, but it is not yet included in the JHF. Are hotfixes coded differently and need to be re-written to qualify to be included in a JHF or is it just a matter of vetting the code to verify it can be in a JHF with no issues? Or something else entirely?

I find it odd that people even have issue described in  sk170857. I did this even back in R80.40 version and never had a problem. Never happened in R81.10 or R81.20

Andy

@Scottc98 

Regarding your question on IPS bypass fix, it will be released as part of our next R81.20 Jumbo. 

Regards

Merav

Thanks for update @MeravAlon 

Regarding the IPS bypass, VSX is not mentioned. I have asked our diamond engineer, but could you elaborate here for all to know.

Will IPS be bypassed per Virtual System or is this not supported?

/Henrik