Release Notes
Supported Features
This release enables you to quarantine offending endpoints that are detected by the APIC/Secure Firewall Remediation Module, using APIC version 5.1(1h). For version 3.0 of the remediation module, the supported behavior when endpoints are quarantined is described in the following table:
|
VMware Distributed Virtual Switch (DVS) |
Bare metal |
|
|---|---|---|
|
Verified in IPS inline mode |
Yes |
Yes |
|
EPG bridge mode |
Yes |
Yes |
|
EPG routed mode |
No |
No |
|
Multiple IP to one MAC checking |
Yes |
Yes |
|
Create only an IP address filter uSeg attribute |
No |
No |
|
Create both an IP address filter and a MAC address filter uSeg attribute |
Yes |
Yes |
|
Quarantine source and destination endpoints |
Yes |
Yes |
|
Apply a predefined management contract to source and destination endpoints |
Yes |
Yes |
|
Allow traffic from a quarantined endpoint to an L3Out endpoint group |
Yes |
Yes |
|
Allow audit only |
Yes |
Yes |
|
Always allow traffic to critical servers |
Yes |
Yes |
Download and Install the APIC/Secure Firewall Remediation Module
Before you begin
Make sure you're using compatible versions as shown in the following table.
|
Remediation module version compatible with.... |
Management Center version |
APIC version |
|---|---|---|
|
3.0 |
7.0 and later |
5.1(1h) |
Procedure
| Step 1 |
Download the APIC/Secure Firewall Remediation Module (link to download) to a machine on which you'll connect to the management center. |
| Step 2 |
If you haven't done so already, log in to the management center. |
| Step 3 |
Click . |
| Step 4 |
In the Install a New Module section, click Browse. |
| Step 5 |
Follow the prompts to upload the remediation module. |
| Step 6 |
Click Install. |
| Step 7 |
When successfully installed, the APIC/Secure Firewall Remediation Module is displayed in the list of installed remediation modules:
|
Resolved Caveats
Version 3.0
There are no resolved caveats in the APIC/Secure Firewall Remediation Module version 3.0.
Open Caveats
Version 3.0
There are no open caveats in the APIC/Secure Firewall Remediation Module version3.0.
Resolved Enhancement Requests
Version 3.0
|
Link to issue |
Description |
|---|---|
|
Allow L3Out traffic to continue |
|
|
Support audit-only option |
Open Enhancement Requests
Version 3.0
There are no open enhancement requests in the APIC/Secure Firewall Remediation Module version 3.0.
Related Documentation
For additional information about the Cisco APIC/Secure Firewall Remediation Module, see the appropriate guide.
For additional information about the Cisco APIC and ACI, see APIC Documentation.
For information on using the Cisco Bug Search Tool (BST), submitting a service request, and gathering additional information, see the Support Case Manager.
Feedback