What's New in 4.7.x
Features | Description | First IoT FND Release Support | Related Document or Section | ||||||
---|---|---|---|---|---|---|---|---|---|
Enhanced Tunnel Reprovisioning and DHCP Addresses |
The Tunnel Provisioning workflow has been modified so that DHCP addresses are released during decommissioning of the Field Area Router (FAR) device rather than during Tunnel Provisioning.
By default, tunnel creation and deletion will lock the Head-end Router (HER). However, if the optimizeTunnelProv property is set to ‘true’ either through CSV or cgms.properties, then tunnel creation and deletion will not lock the HER during the operation.
This change applies to the management of the following Cisco IOS and Cisco IOS XE Routers:
This change applies to the management of the following Cisco IOS XE Routers:
|
4.7.2-8 |
|||||||
Support Expired Cisco SUDI Certificate |
The expiration date for a limited number of Cisco Secure Unique Device Identifier (SUDI) certificates for a limited number of Internet of Things (IoT) products will expire on: Date of Manufacture plus 10 years or 2029-05-14, whichever is earlier. The following Cisco devices are affected by this change:
Devices with expired SUDI certificate will not have any authentication issues with FND from now on. |
4.7.1-60 |
|||||||
Improved Usability for File Management |
You can modify the width of the Open Issues column that displays for a Field Device when two or more open issues exist by selecting the column and moving the cursor to the left to minimize the size of the column. Additionally, this feature reduces the Open Issues display to a single line of content versus multiple lines and displays three periods (...) to indicate that additional content is available to view by expanding the column to the right. |
4.7.1-60 |
|||||||
Device Search Field added to the Device File Management page to Search for a Specific Router |
You can perform partial or full search for a router on the Upload File to Routers page using a router name such as:
|
4.7.1-60 |
|||||||
Number of Devices that Display on the Upload File to Routers Page Increased to 200 |
By default, a minimum of ten routers display. You can select up to 200 devices to display.
|
4.7.1-60 |
|||||||
Set Time Range and Page Preferences for Events |
On the Events tab for a device, you can define values for Time Range and Page View settings for a device type and apply those same settings to a device of the same type.
|
4.7.1-60 |
Set Time Range and Page View Preferences for Operations > Events |
||||||
New Browser Support for FND 4.7.1 |
Microsoft Edge browser Microsoft EdgeHTML:88.0.705.68 |
4.7.1-60 |
— |
||||||
Troubleshooting Page for On-Demand Statistics |
A new Troubleshooting tab is available for CG-MESH and IR500 endpoints on the Device Details page. This new page allows you to generate the following predefined system reports for the CG-MESH and IR500 endpoints: - All TLVs, Connectivity, General, Registration, and Routing. DEVICESFIELD DEVICES ENDPOINTTroubleshoot tab. |
4.7.0-100 |
|||||||
Itron Bridge Meter, ITRON30 Support and Management |
An Endpoint Operator can now manage Itron Bridge Meters (such as ITRON30) using IoT FND as a cg-mesh device type (METER-CGMESH). This meter was previously run in RFLAN mode. Only Root and Endpoint operators can see and perform the endpoint operations and scheduling for the channel notch feature. To manage an Itron Bridge Meter in cg-mesh node, an Endpoint Operator (RBAC) must convert the RFLAN meter to a cg-mesh device type and upgrade all CG-mesh firmware to CG-mesh 5.6.x. After successful registration, the channel notch settings (in the bootstrap config.bin file) should be pushed to all nodes by the Endpoint operator. Two new properties:
|
4.7.0-100 |
|||||||
Channel Notch Settings |
You can define up to four pairs of Notch Range Start and End Channels in the Channel Notch Settings page:
The above page only appears when the cgmesh.properties has the following setting: channelNotchSettingEnabled=true |
4.7.0-100 |
|||||||
Channel Notch Configuration page |
You can push and schedule the Channel Notch Configuration Settings in the following new page:
You can initiate the following two actions for those routers whose endpoints have been successfully updated with the channel notch configuration: (+) button on the router group displays the router name and the corresponding cg-mesh endpoints.
|
4.7.0-100 |
|||||||
ITRON30, IR500 and CG-Mesh Device Configuration |
On the page, you can now perform the additional actions at the Push Configuration tab page found in the right-pane:Select the Push ENDPOINT Re-Enrollment option in the drop-down menu on the page, along with the Certificate Re-enrollment Type. Supported certificate re-enrollment options are:
Messages are sent in unicast form.
Select Push Endpoint Re-enrollment |
4.7.0-100 |
|||||||
Endpoint Re-Enrollment Option for ITRON30 and IR500 Endpoints |
You can now re-enroll a certificate for cg-mesh endpoints by selecting the Re-Enrollment tab on the Device info page of the CGMESH and IR500 endpoints. When you click the Re-enrollment button on the cgmesh or IR500 device details page, it will open a popup window with three options. Select one of the certificates and click Submit. (left pane). Newly added endpoint appears on the Device Config page |
4.7.0-100 |
|||||||
DTLS Relay and Certificate Auto Renew Settings for ITRON30 and IR500 Endpoints |
New options are available on the Edit Configuration Template page.
.
|
4.7.0-100 |
|||||||
Certificate Information page for Gateway IR500 Endpoints |
The following certificate information is reported for IR500 endpoints managed by IoT FND on the Certificate Info page (right-pane):
. |
4.7.0-100 |
|||||||
New Device Events for Gateway IR500 Endpoints |
Name of new events supported:
. |
4.7.0-100 |
|||||||
Audit Trail for Re-Enrollment for Gateway-IR500 Endpoints |
The following new Operation will be recorded for Re-Enrollment of the Group:
|
4.7.0-100 |
|||||||
Wi-SUN Configuration for IR500 and Itron30 |
|
4.7.0-100 |
|||||||
TLS Version Settings for Default-cgmesh Endpoints |
The available settings for the TLS version are:
. |
4.7.0-100 |
|||||||
Mesh Wi-SUN 1.x Power Outage Notifications (PON) and Power Restoration Notifications (PRN) for IR510 |
This feature is supported on IR510 from Mesh Release 6.2 and onward. IR510 can send the WiSUN Outage and Restoration notification when running in WiSUN mode.
|
4.7.0-100 |
|||||||
Mesh 6.3: Configure Rate Limits for LoWPAN interfaces and IR5xx Ethernet Interfaces and meters (ITRON30, CGREF3) to Defend Against Denial of Service (DoS) Attacks |
You can define a Default Access Control List (ACL) Profile for each protocol (UDP, TCP, ICMP) to control the rate of the traffic sent or received. The rate limit is set in kbits/unit. A configuration push will fail if the rate exceeds the configured limit.
|
4.7.0-100 |
|||||||
Interface ACL Settings for Lowpan in the Config Push Template |
You can now define an ACL rule in the configuration profile for Lowpan interfaces as well as define rate limits for lowpan interfaces.
|
4.7.0-100 |
Create, Delete, Rename, or Clone any Profile at the Config Profiles Page |
||||||
ACL Deny Messages |
A new section on the Device Details page for IR510, IR529 and IR530, shows ITRON30 and CGREF3 meters, displays ACL Deny Message Detail for LoWPAN Interfaces.
|
4.7.0-100 |
Create, Delete, Rename, or Clone any Profile at the Config Profiles Page |
||||||
Bandwidth Efficient Software Transfer (BEST) |
When updating an existing installed software base for IR510, IR530, IR509, IR529 and CGMESH (Itron, CGEREF2, CGEREF3) devices, you have the option to upload only the new FND 4.7 software updates, rather than the full image, by using bspatch and bsdiff version 4.3. The platform image on IR510, IR509, IR530, IR529 and CGMESH (ITRON, CGEREF2, CGEREF3) must be running Mesh 6.3 or greater for this feature to work. To make use of this feature in the FND 4.7 user interface at the Install Patch option on that page before you select the Upload Image button. page of your system, you must enable the feature by checking the
|
4.7.0-100 |
Uploading a Firmware Image to a Resilient Mesh Endpoint (RME) Group | ||||||
Enforcing Wi-SUN Firmware Upgrade Rules |
All endpoints in the subnet that are moved to Wi-SUN mode must have a mesh firmware software version of Mesh 6.3 or greater. IoT FND 4.7 will not allow a software upgrade to proceed if the mesh firmware software version requirement is not met. Additionally, you will not be able to downgrade endpoints from a Wi-SUN firmware version to a non-Wi-SUN version. Pop-up messages will appear when an invalid firmware upload or scheduled firmware upload is detected.
|
4.7.0-100 |
— |
||||||
Management of Cisco Wireless Gateway for LoRAWAN (IXM), Release 2.1.0.1 |
IoT FND now manages the following IXM components:
Prerequisite to managing the IXM: Add the following property to cgms.properties and set it to ‘true’ and restart the FND service:
|
4.7.0-100 |
|||||||
Oracle 19C Support |
FND 4.7.0 Oracle OVA will have Oracle19C installed in the virtual machine. |
4.7.0-100 |
IoT Field Network Director Oracle Upgrade from 18c to 19c |
||||||
Update LDevID for Greenfield and Brownfield deployment |
FND now has tcl scripts, autorenewal_update.tcl, which activates the CLIs, and LDevID-update.tcl, which does file manipulation to update the new certificate information in the before-* config files whenever the LDevID certificate is renewed.
Formerly, when a FAR device renewed its LDevID certificate, the before-* config files were not updated with the new certificate information. As a result, if FND rolled back a FAR device because of a new tunnel or device config push, then the FAR device would reload with its previous certificate information which might have been expired at that time and break any communication with FND.
|
4.7.1-60 |
|||||||
Setup and Configuration for an Enrollment over Secure Transport End-to-End Solution |
FND provides the capability to integrate Enrollment over Secure Transport (EST) certificate enrollment for clients over security transport within your network. EST is based on public-private key exchange. Currently, this feature is supported only on IR510 and IR530. The EST service is located between a Certification Authority (CA) and a client. EST uses Hypertext Transfer Protocol (HTTP) to provide an authenticated and authorized channel for Simple Public Key Infrastructure (PKI) Requests and Responses. EST also operates with the following protocols and authentication methods:
|
4.7.0-100 |