IP Fabric v7.11

Upgrade Version Policy

We support the following upgrade paths:

• The latest version in the previous major line → any version in the current major line (for example: 6.10.7 → 7.3.25).
• Any version in the current major line → any newer version in the current major line (for example: 7.0.15 → 7.3.25).
• An upgrade to 7.5 can be only performed from version 7.3.25 or newer.
• An upgrade to 7.11 can be only performed from version 7.5.14 or newer.

Clearing Browser Cache

After upgrading IP Fabric to a newer version, you should see the Your application has been updated and must be refreshed dialog in the main GUI.

It is usually sufficient to just click the Refresh button.

However, in case of issues with the main GUI or if you did not see the mentioned dialog, please force refresh your browser cache.

The key combination for doing this depends on your operating system. In your browser window with your IP Fabric appliance’s URL open, use one of the following key combinations:

• Windows: Ctrl + F5
• macOS: Command + Shift + R
• Linux: Ctrl + F5

This will only affect the browser cache for the IP Fabric appliance.

Known Issues

• Currently, there are no known issues in this version.

v7.11.3 (April 22^nd, 2026; GA)

SHA256 (ipfabric-update-7-11-3+0.tar.zst.sig) = 5f9194d39d1a6e50c482533514f3824bb4d718cf2dfb15682a487f75199ebbf7
MD5 (ipfabric-update-7-11-3+0.tar.zst.sig) = acf0f36321d621718b0b4e0c2c064d33
SHA256 (ipfabric-7-11-3+0.qcow2) = 2b01847501fcf04eef448b7d909360cfb0c15af57401f4d2aacdd4584e60d575
MD5 (ipfabric-7-11-3+0.qcow2) = ede05588fcd532c6f6fc0136a6223196
SHA256 (ipfabric-7-11-3+0.vmdk) = 6b864d7f12ec2b0e5e405a3a3a9b9c39bb3c62839d74c3c4f502a8d9ff7f77e5
MD5 (ipfabric-7-11-3+0.vmdk) = 6a080fda1323b2232bc27149ecae542f
SHA256 (ipfabric-7-11-3+0.vhdx.zst) = b1ca04f96aded1ad61760804c2ce1c6a137f5cc8c039901b68cc34d77808f607
MD5 (ipfabric-7-11-3+0.vhdx.zst) = a8ce23ffc0daf0219a68edc0192deef3
SHA256 (unsupported-ESXi6.7U2-ipfabric-7-11-3+0.ova) = bb6de5420ee07ba98bf443d66e2a81e8b5972d5103db88590463ae9f108ff74a
MD5 (unsupported-ESXi6.7U2-ipfabric-7-11-3+0.ova) = 11dcffe9d83b2e2a6679a3ef9291704f
SHA256 (unsupported-ESXi7.0-ipfabric-7-11-3+0.ova) = a7c4e79bc3817c825fa759c048b2150606ec64f8f271c4b71ba8310eb600a8c8
MD5 (unsupported-ESXi7.0-ipfabric-7-11-3+0.ova) = e9e224df26fff09c66564ea09b9d82d4
SHA256 (ESXi8.0-ipfabric-7-11-3+0.ova) = b49c9864c05e41367cf8a8b590f02096784274a07fc8dabbaa72ce193b80abb8
MD5 (ESXi8.0-ipfabric-7-11-3+0.ova) = 1848505fcab5ac5aee6ac0d7493f66e9

New Features

MCP Server – AI Assistant Integration

The new MCP Server enables seamless integration between IP Fabric and AI assistants (such as GitHub Copilot and Claude Desktop) via the Model Context Protocol (MCP). It allows AI assistants to query network data, analyze paths, and assess network health — see the full documentation to learn about its capabilities. The MCP Server is built into the IP Fabric appliance and can be enabled in Settings → Integration → MCP Server.

Cloud Load Balancers – SSL Certificate Visibility

IP Fabric now provides visibility into managed SSL/TLS certificates associated with supported cloud load balancers. Certificates are collected and displayed in a dedicated table at Technology → Security → SSL Certificates, with direct access from related load-balancing tables.

Supported platforms:

• Azure — Application Gateway (L7 regional load balancer)
• AWS — Application Load Balancer, Network Load Balancer

This helps security and network teams inventory certificates, identify expiring or expired certificates, and improve their overall security posture.

Do Not Forget to Update Cloud IAM Policies

To collect SSL/TLS certificate information for cloud load balancers, the required IAM policies must be updated on both supported platforms.

Azure If Azure Key Vault access is configured with role-based access control, update the Azure IAM policy to grant the permissions required to collect certificate data.

Download the updated policy here.

AWS If you are using AWS API discovery, update your IAM policy to include AWS Certificate Manager (ACM) permissions so IP Fabric can retrieve SSL/TLS certificate details associated with load balancers and other AWS services.

• Users of the Simplified policy must update to: IAM-policy-IPF_simplified_7.11_or_newer.json

• Users of a previous Granular policy version must update to: IAM-policy-IPF_7.11-full.json

For more details, see AWS API Configuration – Required IAM Policy.

Improvements

• Improved the stability and reduced the memory footprint of the syslogWorker (responsible for ingesting data into Configuration Management) and of all remaining discovery workers.
• Improved discovery logging by replacing the logging library for discovery workers. This resolved missing logs and memory leaks due to logging issues.

Path Lookup

• We extended path lookup support to redirect traffic to an Azure VM after transit. The implementation currently supports only a single destination IP address. Support for a destination subnet will be added in the future. For now, traffic to a subnet destination is dropped.

Vendor Support and Improvements

• GCP

  • Added support for classic VPN gateways.
  • Added support for dynamic routes exchanged over VPC Peering.

  New GCP Permission Required

  The compute.networks.listPeeringRoutes permission must be added to your GCP IAM role to enable this feature.

• Azure

  • Added support for ExpressRoute circuits in Virtual WAN.
  • Improved routing for Azure VPN and ExpressRoute gateways (Virtual Hub).
  • Added BGP support for Azure VPN Gateway (Virtual Hub).

  Do Not Forget to Update Azure IAM Policy

  The IAM policy must be updated to grant the necessary permissions for collecting VPN Gateway routes, BGP peer details, and Virtual Hub routing intent information.

  You can download the new policy here.

• AWS
  • Updated IAM policies to include AWS Certificate Manager (ACM) permissions required for SSL/TLS certificate discovery.

• Meraki
  • SD-WAN
    • Added support for Meraki SD-WAN (AutoVPN).
    • SD-WAN connections are now listed in Technology → SD-WAN → Meraki.
    • Meraki SD-WAN links are now shown in both the Network Diagram and Path Lookup.
    • This enhancement improves visibility and troubleshooting of Meraki SD-WAN connectivity in IP Fabric.
  • IPsec
    • Added support for Meraki IPsec tunnels.
    • All configured tunnels are listed in Technology → Security → IPsec.
    • Path Lookup and routing information currently support only statically configured routes for IPsec; BGP is not yet supported.
    • IPsec tunnels are now shown in both the Network Diagram and Path Lookup.

• D-Link
  • Added support for basic discovery of D-Link DGS-1250 family switches. See Feature Matrix for more details.
  • Covered features include:
    • Platform & system: init, device information
    • Configuration
    • Interfaces: Layer 2 interfaces, Layer 3 interfaces, port-channel
    • Network data: ARP, MAC table, LLDP
    • Routing & switching: routing table, STP, VLAN
    • Management: AAA, DNS client, NTP, SNMP, logging

Miscellaneous

• The Feature Flag ENABLE_ACI_SERVICEGRAPHS_ENDPOINTS has been removed, and endpoints related to service graphs are now always downloaded.

Topology Calculation Technical Changes

• Network topology calculation has been relocated from the tasker process to a dedicated topology calculation job running within the API process. This change was implemented for technical and architectural reasons and lays the foundation for upcoming advanced product features.
• Topology calculation logs are now clearly distinguishable from general tasker process logs through the addition of a dedicated label prefix: [topology-calculation].