On Tuesday, September 22, 2020, Cisco Umbrella will release Virtual Appliance (VA) version 2.8.4 to the stage track.
This is a patch release and will not cause the VA to restart.
Customer VAs may upgrade over a period of days as opposed to consecutively upgrading one after another. To receive this upgrade, ensure that your firewall is configured to enable access to disthost.umbrella.com.
As a reminder, two VAs must be configured in order to upgrade automatically during these windows.
CHANGE SUMMARY (2.8.3 to 2.8.4)
Changes in the VA to allow for postponing the auto-upgrade functionality by up to 90 days. This feature will be announced separately once the related changes to the Umbrella dashboard are complete.
CHANGE SUMMARY (2.7.10 to 2.8.3)
All changes listed in the sections below.
CHANGE SUMMARY (2.8.2 to 2.8.3)
- On VA upgrade, if the standard Umbrella resolvers (220.127.116.11 and 18.104.22.168) are detected to be unreachable, VA will automatically switch to using the alternate resolvers (22.214.171.124 and 126.96.36.199).
- Addresses issue where enabling Anycast was overwriting previous Anycast configurations.
- Addresses case where VA returns SERVFAIL for internal domains if local DNS server returns a response with the SOA Resource Record in the GLUE section instead of the AUTH section.
CHANGE SUMMARY (2.8.1 to 2.8.2)
- DNSSEC: When enabled, VA preserves the DO bit from incoming queries in queries that it forwards to Umbrella or the local DNS server. This needs to be explicitly enabled using the config va dnssec enable command.
- Addresses issue where Netmask ordering was broken in previous version
- Addresses issue where SNMP monitoring was occasionally stopped automatically
- Encryption between Umbrella Chromebook Client/Umbrella Android Client and the VA can now be configured using a certificate chain on the VA and importing only the root certificate of the chain on the Chromebook/Android device. Note: The Umbrella AD Connector does not currently support this feature. Support will be added in an upcoming release.
CHANGE SUMMARY (2.7.10 to 2.8.1)
- Dual-stack (IPv4/v6) support:
- VA can now be configured with an IPv6 address and can receive incoming queries on both IPv4 and IPv6.
- The VA tries to receive an IPv6 address over DHCP by default. If this does not succeed, admin can configure a static IPv6 address.
- Local DNS servers can be configured with an IPv4 or IPv6 address.
- Internal IPv6 address of source endpoints making the DNS query will be displayed in Umbrella dashboard reporting.
- The VA does not receive IPv6 - AD user mappings from the Connector currently. So AD user reporting and AD policy will not work for endpoints that have only IPv6 addresses.
- By default, the VA forwards DNS queries for external domains to the Umbrella IPv4 resolvers. The VA can be configured to send DNS queries to Umbrella IPv6 resolvers instead.
- Communication to other external endpoints (api.opendns.com, disthost.umbrella.com, s.tunnels.ironport.com) will be over IPv4 only.
- IPv6 address for VA cannot be configured in the dual-NIC mode.
- Configuration of IPv6 Anycast address is not supported.
- Configuration of IPv6 NTP servers is not supported.
The VA will by default send DNS queries only to the standard DNS resolvers (188.8.131.52 and 184.108.40.206) and will no longer send DNS queries to the alternate Umbrella DNS resolvers (220.127.116.11 and 18.104.22.168). This change has been done to enhance the VA performance.
Option to specify the Umbrella resolvers to be used (Standard Umbrella resolvers, US-only Umbrella resolvers, alternate Umbrella resolvers, standard Umbrella IPv6 resolvers, US-only Umbrella IPv6 resolvers)
- Issue around removing NTP server is addressed
- Dynamic disk size of VA increased to 20 MB so that an additional resize step is not required for new VA deployments on Nutanix
- VM Hardware version on VMware changed to version 9 in line with the VMware security advisory
- VA now sends a BGP Update message to the router with withdrawn routes during a scheduled upgrade or reboot.
- Addresses issue where the internal IP in the EDNS field in inbound DNS requests received from Infoblox was not getting propagated to Umbrella in the outbound DNS request.
PREVIOUS RELEASE SCHEDULE (VERSION 2.8)
On August 3, 2020, Cisco Umbrella released Virtual Appliance (VA) version 2.8.3 to the final wave of the production track.
On July 7, 2020, Cisco Umbrella released Virtual Appliance (VA) version 2.8.3 to the second and third wave of the production track.
On June 30, 2020, Cisco Umbrella released Virtual Appliance (VA) version 2.8.3 to the first wave of the production track.
On June 25, 2020, Cisco Umbrella released Virtual Appliance (VA) version 2.8.3 to the stage track.
On June 15, 2020, Cisco Umbrella released Virtual Appliance (VA) version 2.8.2 to the stage track.
On April 16, 2020, Cisco Umbrella released Virtual Appliance (VA) version 2.8.1 to the stage track.