browse
On Monday, November 2, 2020, Cisco Umbrella will release Virtual Appliance (VA) version 2.8.5 to the stage track.
On Thursday, November 5, 2020, Cisco Umbrella will release Virtual Appliance (VA) version 2.8.5 to the first wave of the production track.
On Wednesday, November 11, 2020, Cisco Umbrella will release Virtual Appliance (VA) version 2.8.5 to the second and third wave of the production track.
On Tuesday, December 1, 2020, Cisco Umbrella will release Virtual Appliance (VA) version 2.8.5 to the final wave of the production track.
This is a patch release and will not cause the VA to restart.
Customer VAs may upgrade over a period of days as opposed to consecutively upgrading one after another. To receive this upgrade, ensure that your firewall is configured to enable access to disthost.umbrella.com.
As a reminder, two VAs must be configured in order to upgrade automatically during these windows.
In accordance with Cisco policy, a list of open source software modules used in the VA is attached to these release notes. It contains licenses and notices for open source software used in this product.
IMPORTANT NOTE: For future upgrades to work seamlessly, please ensure that your VAs are able to access cisco.com in addition the other access pre-requisites mentioned in the documentation.
CHANGE SUMMARY (2.8.4 to 2.8.5)
- Enables validation of future upgrades that will be digitally signed.
CHANGE SUMMARY (2.8.3 to 2.8.4)
- Changes in the VA to allow for postponing the auto-upgrade functionality by up to 90 days. This feature will be announced separately once the related changes to the Umbrella dashboard are complete.
- Addresses issue where SNMP response time by the VA was inconsistent - VA will now respond to SNMP get requests within 20 seconds.
CHANGE SUMMARY (2.7.10 to 2.8.3)
All changes listed in the sections below.
CHANGE SUMMARY (2.8.2 to 2.8.3)
- On VA upgrade, if the standard Umbrella resolvers (208.67.220.220 and 208.67.222.222) are detected to be unreachable, VA will automatically switch to using the alternate resolvers (208.67.220.222 and 208.67.222.220).
- Addresses issue where enabling Anycast was overwriting previous Anycast configurations.
- Addresses case where VA returns SERVFAIL for internal domains if local DNS server returns a response with the SOA Resource Record in the GLUE section instead of the AUTH section.
CHANGE SUMMARY (2.8.1 to 2.8.2)
- DNSSEC: When enabled, VA preserves the DO bit from incoming queries in queries that it forwards to Umbrella or the local DNS server. This needs to be explicitly enabled using the config va dnssec enable command.
- Addresses issue where Netmask ordering was broken in previous version
- Addresses issue where SNMP monitoring was occasionally stopped automatically
- Encryption between Umbrella Chromebook Client/Umbrella Android Client and the VA can now be configured using a certificate chain on the VA and importing only the root certificate of the chain on the Chromebook/Android device. Note: The Umbrella AD Connector does not currently support this feature. Support will be added in an upcoming release.
CHANGE SUMMARY (2.7.10 to 2.8.1)
- Dual-stack (IPv4/v6) support:
- VA can now be configured with an IPv6 address and can receive incoming queries on both IPv4 and IPv6.
- The VA tries to receive an IPv6 address over DHCP by default. If this does not succeed, admin can configure a static IPv6 address.
- Local DNS servers can be configured with an IPv4 or IPv6 address.
- Internal IPv6 address of source endpoints making the DNS query will be displayed in Umbrella dashboard reporting.
- The VA does not receive IPv6 - AD user mappings from the Connector currently. So AD user reporting and AD policy will not work for endpoints that have only IPv6 addresses.
- By default, the VA forwards DNS queries for external domains to the Umbrella IPv4 resolvers. The VA can be configured to send DNS queries to Umbrella IPv6 resolvers instead.
- Communication to other external endpoints (api.opendns.com, disthost.umbrella.com, s.tunnels.ironport.com) will be over IPv4 only.
- IPv6 address for VA cannot be configured in the dual-NIC mode.
- Configuration of IPv6 Anycast address is not supported.
- Configuration of IPv6 NTP servers is not supported.
-
The VA will by default send DNS queries only to the standard DNS resolvers (208.67.220.220 and 208.67.222.222) and will no longer send DNS queries to the alternate Umbrella DNS resolvers (208.67.222.220 and 208.67.220.222). This change has been done to enhance the VA performance.
-
Option to specify the Umbrella resolvers to be used (Standard Umbrella resolvers, US-only Umbrella resolvers, alternate Umbrella resolvers, standard Umbrella IPv6 resolvers, US-only Umbrella IPv6 resolvers)
- Issue around removing NTP server is addressed
- Dynamic disk size of VA increased to 20 MB so that an additional resize step is not required for new VA deployments on Nutanix
- VM Hardware version on VMware changed to version 9 in line with the VMware security advisory
- VA now sends a BGP Update message to the router with withdrawn routes during a scheduled upgrade or reboot.
- Addresses issue where the internal IP in the EDNS field in inbound DNS requests received from Infoblox was not getting propagated to Umbrella in the outbound DNS request.
PREVIOUS RELEASE SCHEDULE (VERSION 2.8)
On October 6, 2020, Cisco Umbrella released Virtual Appliance (VA) version 2.8.4 to the final wave of the production track.
On September 30, 2020, Cisco Umbrella released Virtual Appliance (VA) version 2.8.4 to the second and third wave of the production track.
On September 28, 2020, Cisco Umbrella released Virtual Appliance (VA) version 2.8.4 to the first wave of the production track.
On September 22, 2020, Cisco Umbrella released Virtual Appliance (VA) version 2.8.4 to the stage track.
On August 3, 2020, Cisco Umbrella released Virtual Appliance (VA) version 2.8.3 to the final wave of the production track.
On July 7, 2020, Cisco Umbrella released Virtual Appliance (VA) version 2.8.3 to the second and third wave of the production track.
On June 30, 2020, Cisco Umbrella released Virtual Appliance (VA) version 2.8.3 to the first wave of the production track.
On June 25, 2020, Cisco Umbrella released Virtual Appliance (VA) version 2.8.3 to the stage track.
On June 15, 2020, Cisco Umbrella released Virtual Appliance (VA) version 2.8.2 to the stage track.
On April 16, 2020, Cisco Umbrella released Virtual Appliance (VA) version 2.8.1 to the stage track.