Current Release Notes

These release notes describe the new features, enhancements, resolved limitations, and known limitations for CloudSecure in this release.

Illumio CloudSecure is an agentless SaaS solution that provides visibility into your AWS and Azure network flows to define Zero Trust Segmentation policies in the public cloud, with the following features:

Multi-cloud coverage
Fast breach containment
Ease of use
Low total cost of ownership

For questions, please reach out to cloudsecureproduct@illumio.com.

What's New in This Release

The following new features are available in this release:

No.	Feature Category	Feature List
1.	Visualization	Cloud, Region, and Account are now available as filterable categories in the Traffic page Beta Advanced Filter mode. See Traffic. This resource is now visible on the Inventory page, and appears on the Cloud Map page as an attached resource for EC2 Instances and ElasticLoadBalancingV2 Load Balancers: AWS: ElasticLoadBalancingV2 Target Group See Inventory Supported Resources and Cloud Map Supported Resources.
2.	Deployments	You can now edit your deployments. See Define a Deployment.

No.

Feature Category

Feature List

Visualization

Cloud, Region, and Account are now available as filterable categories in the Traffic page Beta Advanced Filter mode. See Traffic.
This resource is now visible on the Inventory page, and appears on the Cloud Map page as an attached resource for EC2 Instances and ElasticLoadBalancingV2 Load Balancers:
- AWS:
  - ElasticLoadBalancingV2 Target Group

Inventory Supported Resources

Cloud Map Supported Resources

Deployments

You can now edit your deployments. See Define a Deployment.

Resolved Limitations in CloudSecure

Traffic flow filter by status not working as expected (C-3566, C-3686)
Users navigating the Cloud Map sometimes also saw denied traffic included on a node Details page despite filtering for allowed traffic.
Error onboarding Azure Flow Logs (C-2890)
Users would sometimes get an error when onboarding Azure flow logs due to CloudSecure not understanding that flow log destination access was already granted.
No description in Azure "Forbidden" onboarding message (C-2023)
When encountering an Azure onboarding error message, users did not get sufficient information to readily resolve the problem.

Known Limitations in CloudSecure

AWS PaaS resources may not have ENI (C-3265)
CloudSecure uses DNS lookup on the fully qualified domain name to get the elastic network interface relationships, which is not guaranteed to get a match. The potentially affected AWS resources are RDS DBInstances, RDS DBClusters, ElasticLoadBalancingV2 load balancers, MemoryDB clusters, ElastiCache for Redis clusters, and Redshift clusters.
Error shown when users attempt to add an existing user to their account (C-3083)
When a user tries to add existing users to their existing CloudSecure account, CloudSecure correctly prevents the action, but does not issue an error message. For example, if a customer has one live CloudSecure account and also one trial account, trying to add an existing trial user to the live account will silently fail.
Middle, right, or control click to open in new tab do not work (C-2398)
Middle click, right click, and control click sometimes do not open the specific desired CloudSecure tab.
Application sometimes gets mapped to the wrong deployment's env label (C-1257)
The resources have multiple cloud tags, the tag in the application definition label doesn't align with the one used in the environment label.
Competing application definition (multiple app-def using same tags) (C-1095)
CloudSecure allows users to create multiple application definition with the same rules, i.e., same set of tags can be shared for two applications.