Previous Release Notes For 2023

These prior release notes describe the new features, enhancements, resolved limitations, and known limitations for CloudSecure in previous 2023 releases.

Illumio CloudSecure is an agentless SaaS solution that provides visibility into your AWS and Azure network flows to define Zero Trust Segmentation policies in the public cloud, with the following features:

  • Multi-cloud coverage
  • Fast breach containment
  • Ease of use
  • Low total cost of ownership

For questions, please reach out to cloudsecureproduct@illumio.com.

What's New in This Release - December 14th, 2023

The following new features are available in the December 14th, 2023 release:

No. Feature Category Feature List
1. Application

  • CloudSecure automatically resynchronizes pending applications with any resource changes. This means you can add or drop a cloud tag in such a way that it applies to an additional resource, and CloudSecure will automatically re-synchronize the application to include the new resource.

  • CloudSecure lets you edit application definitions
2. Policy

  • CloudSecure allows users to specify all services for the destination service when writing rules

  • CloudSecure allows users to specify 'Any' (0.0.0.0/0 and ::/0) for the source or destination IP address when writing rules
3. Visualization CloudSecure now features a tiled dashboard, which displays Traffic statistics
4. Inventory

CloudSecure now has context-based search for inventory-based filters, such as the ones on these pages:

  • Inventory list page

  • Traffic list page

  • Map page

  • Application inventory page

  • Application traffic page

Resolved Issues in CloudSecure

  • Inventory returning deleted resources when filtering by tags (C-2250)
    When users queried inventory by tags, the query returned deleted resources that had one of the tags assigned to it. This meant that it would appear in the Inventory list. When querying inventory by that deleted resource's `resource_id,` the response was empty as expected. This issue is resolved.

  • sgpolicyenforcement svc fails to enforce all-svc rules in AWS SG (C-2232)
    An Illumio AWS security group service encountered errors when attempting to enforce rules covering all services. This issue is resolved.

  • Getting logged out after login (C-2198)
    Illumio was not properly pruning sessions, which occasionally resulted in users getting logged out involuntarily. This issue is resolved.

  • Running the CloudFormation Template (CFT) in AWS does not work (C-2255, C-2079)
    Illumio created the flow stack when users ran the template, but the link did not open in a new window. If the user clicked "Download," nothing would happen. This issue is resolved.

  • Application used in Ruleset was allowed to be deleted (C-1607)
    Users were allowed to delete applications even if they were part of a ruleset. This issue is resolved. A message now displays telling the user that the application is currently used by ruleset, and blocks application removal.

  • Empty destinations shown in flow log page (C-1275)
    In the flow log list page, empty destinations were shown for AWS accounts. This affected giving permission for S3 buckets. This issue is resolved.

Known Issues in CloudSecure

UI Components

  • Azure data is truncated and unable to create a deployment (C-1405)
    Because Azure has long cpid's, UI is truncating the cipd so a user can't find the correct object when creating a deployment stack.

Functionality

  • Issue with relationships building in sync with cloudsync new resource events (C-2168)
    The resource resync for applications created using VPC and subnet may not work.
  • Policy not removed after removing rules (C-1878)
    When the user removed rules from a policy, the security group rules were not updated after exceeding the limit on security groups.
  • All previous deleted apps are showing up in policy creation (C-1487)
    Applications that were previously created and removed are showing up in application policy creation.
  • Azure VM instances does not contain public IPs required for policy (C-1219)
    Currently, policy generated for Azure resources only contains private IP addresses. Azure VM instances do not contain public IPs required for policy.

Known Limitations in CloudSecure

Functionality

  • Application sometimes gets mapped to the wrong deployment's env label (C-1257)
    The resources have multiple cloud tags, the tag in the application definition label doesn't align with the one used in the environment label.
  • The application definition isn't showing the deployment if the deployment is added afterward (C-1118)
    Deployment stacks need to be created before Application Definition.
  • Policy not applied to resources aside from Azure VMs/ AWS EC2s (C-1114)
    CloudSecure discovers many resources in inventory, but policy can only be written on Azure Virtual Machines/AWS EC2 instances.
  • Competing application definition (multiple app-def using same tags) (C-1095)
    CloudSecure allows users to create multiple application definition with the same rules, i.e., same set of tags can be shared for two applications.

What's New in This Release - December 11th, 2023

The following new features are available in the December 11th, 2023:

No. Feature Category Feature List
1. Application

CloudSecure automatically resynchronizes pending applications with any resource changes. This means you can change a tag in such a way that it applies to an additional resource, and CloudSecure will automatically re-synchronize the application to include the new resource.
2. Policy

  • CloudSecure allows users to specify all services for the destination service when writing rules.

  • CloudSecure allows users to specify 'Any' (0.0.0.0/0 and ::/0) for the source or destination IP address when writing rules.

Resolved Issues in CloudSecure

  • sgpolicyenforcement svc fails to enforce all-svc rules in AWS SG (C-2232)
    An Illumio AWS security group service encountered errors when attempting to enforce rules covering all services. This issue is resolved.
  • Getting logged out after login (C-2198)
    Illumio was not properly pruning sessions, which occasionally resulted in users getting logged out involuntarily. This issue is resolved.
  • Running the CloudFormation Template (CFT) in AWS does not work (C-2255, C-2079)
    Illumio created the flow stack when users ran the template, but the link did not open in a new window. If the user clicked "Download," nothing would happen. This issue is resolved.
  • Application used in Ruleset was allowed to be deleted (C-1607)
    Users were allowed to delete applications even if they were part of a ruleset. This issue is resolved. A message now displays telling the user that the application is currently used by ruleset, and blocks application removal.
  • Empty destinations shown in flow log page (C-1275)
    In the flow log list page, empty destinations were shown for AWS accounts. This affected giving permission for S3 buckets. This issue is resolved.

Known Issues in CloudSecure

UI Components

  • Azure data is truncated and unable to create a deployment (C-1405)
    Because Azure has long cpid's, UI is truncating the cipd so a user can't find the correct object when creating a deployment stack.

  • Application policies last modified by should show username, not email (C-1060)
    Application policies 'last modified by' should show username, not email.

Functionality

  • Policy not removed after removing rules (C-1878)
    When the user removed rules from a policy, the security group rules were not updated after exceeding the limit on security groups.
  • All previous deleted apps are showing up in policy creation (C-1487)
    Applications that were previously created and removed are showing up in application policy creation.
  • Azure VM instances does not contain public IPs required for policy (C-1219)
    Currently, policy generated for Azure resources only contains private IP addresses. Azure VM instances do not contain public IPs required for policy.

Known Limitations in CloudSecure

Functionality

  • Application sometimes gets mapped to the wrong deployment's env label (C-1257)
    The resources have multiple cloud tags, the tag in the application definition label doesn't align with the one used in the environment label.
  • The application definition isn't showing the deployment if the deployment is added afterward (C-1118)
    Deployment stacks need to be created before Application Definition.
  • Policy not applied to resources aside from Azure VMs/ AWS EC2s (C-1114)
    CloudSecure discovers many resources in inventory, but policy can only be written on Azure Virtual Machines/AWS EC2 instances.
  • Competing application definition (multiple app-def using same tags) (C-1095)
    CloudSecure allows users to create multiple application definition with the same rules, i.e., same set of tags can be shared for two applications.

What's New in This Release - December 4th, 2023

The following new features are available in the December 4th, 2023 release:

No. Feature Category Feature List
1. Cloud Map View

Illumio remembers your map browse sequence for your browser session. (Note that refreshing the page may cause Illumio to forget your map browse sequence.)
2. Label Creation Easier navigation for cloud tag to label mapping.

Resolved Issues in CloudSecure

  • Unable to approve applications with multiple deployments (C-2077)
    If an application discovered two or more deployments, and Illumio approved the first one (success), then approving the second one failed. This issue is resolved.
  • Empty applications match to resources (C-2046)
    If an application contained no tags, VNets, or subnets, the application would match to all resources instead of none. This issue is resolved.
  • Resource sync doesn't sync associated labels (C-2045)
    Associated labels were not captured when synchronizing an application's resources during cloudsync events. This issue is resolved.

  • All protocols not handled properly in some AWS SG cases (C-2011)
    When computing the intersection of deny rules with allow rules in AWS SG, Illumio did not correctly handle the case where the allow rule has all protocols and the deny rule has a specific protocol. This issue is resolved.

Known Issues in CloudSecure

UI Components

  • Azure data is truncated and unable to create a deployment (C-1405)
    Because Azure has long cpid's, UI is truncating the cipd so a user can't find the correct object when creating a deployment stack.
  • Application policies last modified by should show username, not email (C-1060)
    Application policies 'last modified by' should show username, not email.

Functionality

  • All previous deleted apps are showing up in policy creation (C-1487)
    Applications that were previously created and removed are showing up in application policy creation.
  • Azure VM instances does not contain public IPs required for policy (C-1219)
    Currently, policy generated for Azure resources only contains private IP addresses. Azure VM instances do not contain public IPs required for policy.

Known Limitations in CloudSecure

  • Application sometimes gets mapped to the wrong deployment's env label (C-1257)
    The resources have multiple cloud tags, the tag in the application definition label doesn't align with the one used in the environment label.

  • The application definition isn't showing the deployment if the deployment is added afterward (C-1118)
    Deployment stacks need to be created before Application Definition.

  • Policy not applied to resources aside from Azure VMs/ AWS EC2s (C-1114)
    CloudSecure discovers many resources in inventory, but policy can only be written on Azure Virtual Machines/AWS EC2 instances.

  • Competing application definition (multiple app-def using same tags) (C-1095)
    CloudSecure allows users to create multiple application definition with the same rules, i.e., same set of tags can be shared for two applications.