IP Fabric v6.6
Upgrade Version Policy
We support the following upgrade paths:
- The latest version in the previous major line → any version in the
current major line (for example,
5.0.2
→6.1.3
). - Any version in the current major line → any newer version in the current
major line (for example,
6.0.1
→6.2.3
). - The latest version in the current major line → any version in the
next major line (for example,
6.2.5
→7.1.3
).
Clearing Browser Cache
After upgrading IP Fabric to a newer version, you should see the Your
application has been updated and must be refreshed
dialog in the main GUI.
It is usually sufficient to just click the Refresh button.
However, in case of issues with the main GUI or if you did not see the mentioned dialog, please force refresh your browser cache.
The key combination for doing this depends on your operating system. In your browser window with your IP Fabric appliance’s URL open, use one of the following key combinations:
- Windows:
Ctrl
+F5
- macOS:
Command
+Shift
+R
- Linux:
Ctrl
+F5
This will only affect the browser cache for the IP Fabric appliance.
v6.6.3 (January 29th, 2024; GA)
SHA256 (ipfabric-update-6-6-3+0.tar.gz.sig) = 467a1a5147f9a061b070d3c04ad773ab8d4db85ccb3df55312fb50bac708b06c
MD5 (ipfabric-update-6-6-3+0.tar.gz.sig) = e9d275e4bb60dedd5d2c062a4e5f0847
SHA256 (ipfabric-6-6-3+0.qcow2) = c285d5e3ce51c90634d8b7fd8529e97a760ace2de25e087a3c616baf19d6b202
MD5 (ipfabric-6-6-3+0.qcow2) = 8cfe67f86af443bee7b1609bffbd6bc5
SHA256 (ipfabric-6-6-3+0.ova) = 7b351e5ce065d21f2665a54862d8b9a6894f442200a8a56c7d1c6bf756c8996c
MD5 (ipfabric-6-6-3+0.ova) = e52d04cfcde3d68bc768010785762249
Upgrade Notices
- During the update process, locked snapshots will be unloaded together with other snapshots and their lock will be preserved. Therefore, such snapshots won’t be deleted by snapshot retention.
-
Upgrade to
6.6
may break custom SSO integrations and will require a change to the/etc/ipf-dex.yaml
file. Since the6.3.2
release, we are omitting minor API version for SSO configuration, and only major version will need to be changed with the next major IP Fabric version. Simply replace thevX.Y
string in this file withv6
and then runsystemctl restart ipf-dex
.staticClients: - id: ipfabric redirectURIs: - "https://demo1.eu.ipfabric.io/api/vX/auth/external/azure"
For more information, please refer to the SSO documentation. If you would like assistance, please contact your Solution Architect.
Network Discovery
- Fortinet
- FortiGate – Added initial support for Aggregate IPsec tunnels with limited support in path-lookup – evaluation of security rules is not supported yet.
- Palo Alto
- PAN-OS – Added support for
- IP wildcard object in Zone Firewall.
- DHCP server.
- Discovery of Panorama in management and log collector modes.
- PAN-OS – Added support for
- Cisco
- FMC – Added support for Device Groups
- All families – Devices banners are now being parsed and stored in our tables. See Banner for more details.
- Arista
- EOS – Devices banners are now being parsed and stored in our tables. See Banner for more details.
- Palo Alto
- PAN-OS – Devices banners are now being parsed and stored in our tables. See Banner for more details.
Important Product Changes
- API-discovered devices are now available in the global Device Attributes settings via Serial number search autocomplete.
- A request to
POST /discovery/trigger-config-backup
now will return403 Forbidden
instead of404 Not Found
if an API-discovered devicesn
is provided as parameter. - API worker maximum memory usage is now limited to 8GB (instead of 4GB) to minimize possibility out of memory crash because of heavy calculations operations.
- Cisco FMC API client can detect refresh token expiration and re-authenticate when it happens.
- Only Force Point API client will repeat requests which failed with recoverable network errors (was previously enabled for all client). Configuration of number of requests, timeouts etc. is hard-coded as described in previous release notes. We are working on runtime configuration, which would enable tweaking those with IP Fabric Support assistance.
Experimental Features
Newly added features which need to be explicitly enabled in service files. If you are interested in trying them out, please contact our Support or Solution Architect team and we will gladly help you with enabling these features.
- Citrix ADC
- Basic discovery support was added as PoC and needs to be enabled manually
(
ENABLE_DISCOVERY_DEVICES_CITRIX
).
- Basic discovery support was added as PoC and needs to be enabled manually
(
Known Issues
State Refresh Issues in Discovery Snapshot
Section With Webhook Enabled
When a webhook is configured and enabled in Settings → Integration → Webhooks, a newly started discovery won’t show progress until you switch to another menu section (for example Dashboard) and back to Discovery Snapshot (or until you refresh the page).
With webhook – incorrect behavior | Without webhook – correct behavior |
---|---|
You may also encounter that after deleting a snapshot, it is still being shown
among Loaded/Unloaded Snapshots
until you switch to another menu section and
back (or until you refresh the page).
Network Analysis Report
Table Not Showing All Loaded Snapshots
Reports → Network Analysis Report should allow you to download Network
Analysis Report
documents for each loaded snapshot. However, on version 6.6
(and a few previous major releases), it does not show all loaded snapshots.
This will be addressed in the upcoming 6.7
release.
A workaround is to reboot the IP Fabric appliance or just restart the IP Fabric
API service (with sudo systemctl restart nimpee-api
).