Skip to content

IP Fabric v6.5

Upgrade Version Policy

We support the following upgrade paths:

  • the latest version in the previous major line → any version in the current major line (for example
  • any version in the current major line → any newer version in the current major line (for example
  • the latest version in the current major line → any version in the next major line (for example

Clearing Browser Cache

To ensure the product works as intended, please force refresh your browser cache after each IP Fabric upgrade.

The key combination for doing this depends on your operating system. In your browser window with your IP Fabric appliance’s URL opened, use one of the following key combinations:

  • Windows: Ctrl + F5
  • macOS: Command + Shift + R
  • Linux: Ctrl + F5

This will only affect the browser cache for the IP Fabric appliance.

Upgrade Notices

  • During the update process, locked snapshots will be unloaded together with other snapshots and their lock will be preserved. Therefore, such snapshots won’t be deleted by snapshot retention.
  • Upgrade to 6.5 may break custom SSO integrations and will require a change to the /etc/ipf-dex.yaml file. Since the 6.3.2 release, we are omitting minor API version for SSO configuration, and only major version will need to be changed with the next major IP Fabric version. Simply replace the vX.Y string in this file with v6 and then run systemctl restart ipf-dex.

      - id: ipfabric
          - ""

    For more information, please refer to the SSO documentation. If you would like assistance, please contact your Solution Architect.

v6.5.2 (GA, December 04th, 2023)

SHA256 (ipfabric-update-6-5-2+0.tar.gz.sig) = f0f2a6404e106d5406f781d815ff59584b90077571b80d9aa0d7b584536deaab
MD5 (ipfabric-update-6-5-2+0.tar.gz.sig) = 829238ee70286b0fbf4a1c610772f847
SHA256 (ipfabric-6-5-2+0.qcow2) = b18b2dda87f0c80203928a4e774a0630c922bfd14a270315d013f352ae5f5775
MD5 (ipfabric-6-5-2+0.qcow2) = 6ffc5e209fdd364b071eed67a0edfa17
SHA256 (ipfabric-6-5-2+0.ova) = afb6dd08c4dfb8f727da05f3cf187ce86f31ce4a2bb792822d66c92060f77ec3
MD5 (ipfabric-6-5-2+0.ova) = 21b5634e141149deb607a84b89035c78

For the list of delivered tickets, please consult the Low-Level Release Notes for 6.5.2.

Bug Fixes

  • LDAP is now working with local authentication enabled

v6.5.1 (November 14th, 2023)

SHA256 (ipfabric-update-6-5-1+0.tar.gz.sig) = 8820b67b4931a0de27e39ec60785ba7821819c894a4e402b6155ca
MD5 (ipfabric-update-6-5-1+0.tar.gz.sig) = 626f42c20b106715daf233e5baceebff
SHA256 (ipfabric-6-5-1+0.qcow2) = e544d45da0a758daf05d053845de2500d16d12c9e2e34070e972421dc6fee163
MD5 (ipfabric-6-5-1+0.qcow2) = b419855b077a0e85791ca4275f22dfbf
SHA256 (ipfabric-6-5-1+0.ova) = cf6dd27630087154657bfd926fd8ea1b6fb2bdd6916ead77907012edcec9f122
MD5 (ipfabric-6-5-1+0.ova) = 1113c4c4ea684651414bfa307b0ca149

Important Product Changes


All secure (read “encrypted with OpenSSL”) connections made by IP Fabric have forced DEFAULT@SECLEVEL=0 to allow connections to devices with older OpenSSL versions (which leads to the use of ciphers that are now considered weak). This is just a temporary solution and will be removed in the future. We are working on a solution to allow OpenSSL to be configured by the user from the outside of the node.js process.

Known Issues

  • LDAP authentication is not working if local authentication is enabled
    • We are working on a fix. The hotfix is to disable local authentication ("enableLocalAuthentication": false). If you are interested in the hotfix, please contact IP Fabric Support.

Network Discovery

  • AWS – Support for Direct Connect Gateway (DXGW)
    • Added support for routing via Virtual Private Gateway (VGW). A Direct Connect Gateway can be associated either with Transit Gateways or Virtual Private Gateways (not both types at the same time).
    • DXGW partial routing table – based on allowed prefixes specified in Direct Connect Gateway Association. DXGW routing table is currently missing prefixes from on-premises routers.
    • L2/L3 interfaces name on TGWs and VGWs directing towards DXGW.
    • Renamed DCGW to DXGW
  • Check Point Gaia
    • Initial support for Identity Awareness (access-role objects) in security policies was added. See our documentation about how to set up management servers.
  • Cisco
    • Viptela – to prevent long discovery time, limit for OMP route API endpoints was added. The default value is 100. (see our documentation for more details)
    • Firepower – extend support to map policies assigned to device clusters.
  • F5 BIG-IP
    • End-to-End Path Lookup support was added for F5. Now you can see paths after load-balancing action to exact pool members.
  • Advanced settings for Vendor APIs
    • It is now possible to fine-tune maximum concurrent requests, maxCapacity, and refillRate for each Vendor API. For more details, see Vendors API - Advanced settings.
  • ARP Table
    • Only records retrieved from a particular operational command are shown. In previous versions, local interfaces addresses, which were generated by IP Fabric for diagram modeling, could be also visible.

Other Minor Changes

When a user uploads a snapshot archive, they are set as the creator of the snapshot (discarding the information about the original creator).

Experimental Features

Newly added features which need to be explicitly enabled in service files. If you are interested in trying them out, please contact our Support or Solution Architect team and we will gladly help you with enabling these features.

  • Cisco
    • FMC – FMC API has a bug which causes calling of /objects/icmpv4objects?expanded=true returning malformed data. We introduced a new feature flag USE_FMC_NONEXPANDED_ICMP_CALL which downloads ICMP objects definition 1 by 1.
    • ACI – fvTenant Cisco APIC endpoint can fail in some environments due to the size of response output. The USE_ACI_FVTENANT_ENDPOINT flag separates subclasses into single parameter requests.
  • Google Cloud Platform
    • Basic discovery support was added, still under development as firewall and NAT feature is not finished yet. Only VPC, cloud routers, subnets, routes, and instances are discovered. Might be problematic in E2E discovery. (ENABLE_DISCOVERY_DEVICES_GCP)
  • Stormshield
    • Basic discovery support was added as PoC and needs to be enabled manually. (ENABLE_DISCOVERY_DEVICES_STORMSHIELD)
  • Nokia SROS
    • Basic discovery support was added as PoC and needs to be enabled manually. (ENABLE_DISCOVERY_DEVICES_NOKIA)