Cisco Secure Workload Release Notes
Release 3.6.1.36
This document describes the new features, caveats, and limitations for Cisco Secure Workload software, release 3.6.1.36.
This document describes the features, bug fixes and any behavior changes for the Cisco Secure Workload software patch release 3.6.1.36. This patch is associated with the Cisco Secure Workload software major release 3.6.1.5. Details of the major release can be found here - https://www.cisco.com/c/en/us/td/docs/security/workload_security/secure_workload/release-notes/csw_rn_3_6_1_5.html.
Release Notes are sometimes updated with new information about restrictions and caveats. See the following website for the most recent version of this document:
https://www.cisco.com/c/en/us/support/security/tetration/products-release-notes-list.html
The following table shows the online change history for this document.
Date |
Description |
May 26, 2022 |
Release 3.6.1.36 became available. |
Contents
This document includes the following sections:
■ Caveats
This section lists the new and changed features in this release and includes the following topics:
■ Inventory upload: A new “Merge” option is available on the “Inventory Upload” page.
■ Infoblox External orchestrator: You can now choose between different types of DNS record (A-record, AAAA-record, network-record and/or host-record.)
■ Support for Kubernetes inventory in “ADM clustering” and “Scope suggestion”.
■ VDI deployments: A new –goldenImage flag for installation script and MSI installer now allows agent installation on Windows Golden Virtual Machine, so that agents will run on replicated VMs once the hostname changes. (Agent software will never run on the golden VM, even when VM boots for maintenance or upgrades.)
Enhancements
■ FMC External Orchestrator: Support for enforcement per FMC Domain. You can now enable/disable enforcement on an FMC Domain by selecting the domain name while configuring the external orchestrator.
■ Segmentation policy for Windows now allows you to enter a list of users or user groups in the process level control section, in addition to just a single user name.
■ Users can now specify inventory labels when creating the installer script. All the agents installed via the script will automatically be tagged with such labels. The feature is supported only on Linux and Windows workloads deployments.
Changes in Behavior
New Agents’ Operating System Support
■ AIX 7.3
■ AlmaLinux 8.x
■ Rocky Linux 8.x
Ingest Appliances
■ AnyConnect Appliance now supports IPFIX V5 template
Agents
■ Agents on Windows beyond 2008R2 now use NPCAP version 1.55
This section contains lists of open and resolved caveats, as well as known behaviors.
The following table lists the open caveats in this release. Click a bug ID to access Cisco’s Bug Search Tool to see additional information about that bug.
Bug ID |
Description |
Conversation Mode: 39RU cluster may not support 50k sensors when enforcement is enabled. |
|
FMC-CSW orchestrator: CSW pushes ipv6 hop by hop if protocol is set to any |
|
AWS Flow Logs: Policies Analysis with AWS Flow logs doesn’t work. |
|
Clock Drift Observed on Windows Server 2008 R2 with Cisco Secure Workload Agent |
|
License Count Inaccurate |
Resolved Caveats
The following table lists the resolved caveats in this release. Click a bug ID to access Cisco’s Bug Search Tool to see additional information about that bug.
Table 3 Resolved Caveats
Bug ID |
Description
|
namenode switchover script may fail to wait for namenode to start |
|
DNS external orchestrator failing on zone transfer |
|
ISE connector unable to process multiple memberOf attributes when integrated with LDAP |
|
Add option for ServiceNow configuration to choose Scripted API’s only if required and change the minimum required role for SNOW integration to cmdb_read. |
|
http proxy enable in 3.6 without port breaks appserver iptables template |
|
Services for AgentContainers and HelmCharts failing after patch upgrade. |
|
|
Federation/DBR: Unable to determine status of sensor migration from source cluster
|
Conversation Mode: Short lived non TCP flows in conversation mode can have client server flipped |
|
EHN: Tet Agent installation should provides information the agent type details during installation |
|
ENH - NPCAP version upgrade to latest 1.5 |
|
Tetration incompatible with Rocky Linux 8 |
|
Secure Workload enforcement agent may incorrectly summarize IPv6 subnets |
|
Site DNS resolvers config change may fail |
|
Enforcement agent depends on Windows Firewall Service when enforcement mode is WFP |
|
ERSPAN sensor running in server with 40Gbps links, only receives 100Kpps |
|
Log rotation broken for noisy.log on appserver virtual machines |
■ See the Cisco Secure Workload software major release 3.6.1.5 release notes -https://www.cisco.com/c/en/us/td/docs/security/workload_security/secure_workload/release-notes/csw_rn_3_6_1_5.html.
Compatibility Information
For detailed compatibility information, please refer to the Platform Information page on Cisco.com.
Usage Guidelines
■ See the Cisco Secure Workload software major release 3.6.1.5 release notes - https://www.cisco.com/c/en/us/td/docs/security/workload_security/secure_workload/release-notes/csw_rn_3_6_1_5.html.
Verified Scalability Limits
The following tables provide the scalability limits for Cisco Secure Workload (39-RU), Cisco Secure Workload M (8-RU), and Cisco Secure Workload Cloud:
Table 5 Scalability Limits for Cisco Secure Workload (39-RU)
Configurable Option |
Scale |
Number of workloads |
Up to 25,000 (VM or bare-metal) Up to 50,000 (2x) when all the sensors are in conversation mode. |
Flow features per second |
Up to 2 million |
Number of hardware agent enabled Cisco Nexus 9000 series switches |
Up to 100 (deprecated) |
Note: Supported scale will always be based on which ever parameter reaches the limit first
Table 6 Scalability Limits for Cisco Secure Workload M (8-RU)
Configurable Option |
Scale |
Number of workloads |
Up to 5,000 (VM or bare-metal) Up to 10,000 (2x) when all the sensors are in conversation mode. |
Flow features per second |
Up to 500,000 |
Number of hardware agent enabled Cisco Nexus 9000 series switches |
Up to 100 (deprecated) |
Note: Supported scale will always be based on which ever parameter reaches the limit first
Table 7 Scalability Limits for Cisco Secure Workload Virtual (VMWare ESXi)
Configurable Option |
Scale |
Number of workloads |
Up to 1,000 (VM or bare-metal) |
Flow features per second |
Up to 70,000 |
Number of hardware agent enabled Cisco Nexus 9000 series switches |
Not supported |
Note: Supported scale will always be based on whichever parameter reaches the limit first.
The Cisco Secure Workload documentation can be accessed from the following websites:
Cisco Secure Workload Platform Datasheet: http://www.cisco.com/c/en/us/products/collateral/data-center-analytics/tetration-analytics/datasheet-c78-737256.html
Secure Workload Documentation: https://www.cisco.com/c/en/us/support/security/tetration/series.html#~tab-documents
Table 8 Installation Documentation
Document |
Description |
Cisco Secure Workload Cluster |
Describes the physical configuration, site preparation, and cabling of a single- and dual-rack installation for Cisco Secure Workload (39-RU) platform and Cisco Secure Workload M (8-RU). |
Cisco Secure Workload Virtual Deployment Guide |
Describes the deployment of Cisco Secure Workload virtual appliances (formerly known as Tetration-V).
|
Cisco Secure Workload Upgrade Guide |
Document Link: NOTE: As a best practice, it’s always recommended to patch a cluster to the latest available patch version before performing a major version upgrade. |
Latest Threat Data Sources |
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.
© 2022 Cisco Systems, Inc. All rights reserved.