Cisco Secure Workload Release Notes
Release 3.6.1.17
This document describes the new features, caveats, and limitations for Cisco Secure Workload software, release 3.6.1.17.
This document describes the features, bug fixes and any behavior changes for the Cisco Secure Workload software patch release 3.6.1.17. This patch is associated with the Cisco Secure Workload software major release 3.6.1.5. Details of the major release can be found here - https://www.cisco.com/c/en/us/td/docs/security/workload_security/secure_workload/release-notes/csw_rn_3_6_1_5.html
Release Notes are sometimes updated with new information about restrictions and caveats. See the following website for the most recent version of this document:
https://www.cisco.com/c/en/us/support/security/tetration/products-release-notes-list.html
The following table shows the online change history for this document.
Date |
Description |
Feb 14, 2022 |
Release 3.6.1.17 became available. |
Feb 16, 2022 |
Updated the Enhancements section. |
May 16, 2022 |
Added CSCwb83818, CSCwb80090, and CSCwb86649 to the open caveats list. |
Contents
This document includes the following sections:
■ Caveats
This section lists the new and changed features in this release and includes the following topics:
■ No new software features in this patch release
Enhancements
■ Secure Workload can now ingest flow logs from an S3 bucket associated with any account, if the AWS user account credentials provided during connector creation have access to both the VPC flow logs and the S3 bucket.
Changes in Behavior
■ Secure Workload agent installer will now permit installation on any minor Linux distribution release where the major release is supported. Support for Linux minor releases is now extended through support of the corresponding major release. Supported operating system versions are documented on the Platform Information page on Cisco.com.
Updated Operating System Version Support
■ Linux:
● CentOS-6.1 or later
● CentOS-7.x
● CentOS-8.x
● Red Hat Enterprise Linux-6.1 or later
● Red Hat Enterprise Linux-7.x
● Red Hat Enterprise Linux-8.x
● Oracle Linux Server-6.1 or later
● Oracle Linux Server-7.x
● Oracle Linux Server-8.x
● SUSE Linux-11.2 or later
● SUSE Linux-12.x
● SUSE Linux-15.x
■ Linux on IBM Z:
● Red Hat Enterprise Linux-7.3 or later
● Red Hat Enterprise Linux-8.2 or later
● SUSE Linux-12.4 or later
● SUSE Linux-15.x
■ Container host OS version for policy enforcement:
● Red Hat Enterprise Linux Release 7.1 or later
● CentOS Release-7.1 or later
New Operating System Support
■ Windows Server (64-bit):
● Windows Storage Server 2012R2 Standard
● Windows Storage Server 2012R2 Workgroup
● Windows Storage Server 2012R2 Essential
● Windows Storage Server 2016 Standard
● Windows Storage Server 2016 Workgroup
● Windows Server 2022 Standard
● Windows Server 2022 Datacenter
● Windows Server 2022 Essential
■ Windows VDI desktop Client:
● Microsoft Windows 10 Enterprise LTSC 2019
● Microsoft Windows 10 Enterprise LTSC 2021
● Microsoft Windows 11 Enterprise
● Microsoft Windows 11 Home
● Microsoft Windows 11 Pro
This section contains lists of open and resolved caveats, as well as known behaviors.
The following table lists the open caveats in this release. Click a bug ID to access Cisco’s Bug Search Tool to see additional information about that bug.
Bug ID |
Description |
Conversation Mode: Short lived non TCP flows in conversation mode can have client server flipped |
|
Conversation Mode: 39RU cluster may not support 50k sensors when enforcement is enabled. |
|
FMC-CSW orchestrator: CSW pushes ipv6 hop by hop if protocol is set to any |
|
AWS Flow Logs: Policies Analysis with AWS Flow logs doesn’t work. |
|
Federation/DBR: Unable to determine status of sensor migration from source cluster |
|
Flow Learned Inventories build up from uni-dir flows in Conversation mode |
|
Enforcement agent depends on Windows Firewall Service when enforcement mode is WFP |
|
Clock Drift Observed on Windows Server 2008 R2 with Cisco Secure Workload Agent |
|
ERSPAN sensor running in server with 40Gbps links, only receives 100Kpps |
Resolved Caveats
The following table lists the resolved caveats in this release. Click a bug ID to access Cisco’s Bug Search Tool to see additional information about that bug.
Table 3 Resolved Caveats
Bug ID |
Description
|
Reflect the NIC Teaming version compatibility matrix in Sensor Deployment documentation |
|
Agent fails to register when using a vmware VDI instant clone (Windows10 w/ enforcement) |
|
Need alerts when new workloads are seen for the first time |
|
Add Tetration agent support for Windows 10 Enterprise LTSC |
|
ENH: Tetration Agent support for Windows Storage Server 2012R2/ Storage Server 2016 |
|
Describe the differences between Strong Ciphers Enabled option set True or False. |
|
Enforcement Agent stats for CPU overhead metric on workload profile page are reported incorrectly |
|
ENH : Deep Visibility Sensor to regularly poll windows registry update Tetration with new UBR |
|
Tetration SSH keys not synced between Primary and secondary sites for cluster in federation |
|
ADM failing after 4 hours when admFlowDb batches are too large. |
|
Tetration Vulnerabilities Site, Output Issues |
|
ADM generates policies for un-established TCP flows when agents are in conversation mode |
|
ADM generates polices with provider port set as 0 in conversation mode |
|
3.6(1.5) agent installation script cannot install 3.5(1.x) agent packages on Windows host |
|
Agent upgrade on RHEL 8.2 VM's is failing with Reason: No PGP signature |
|
Error - Upgrade to 3.6.1.5 failed with site_enable_strong_ciphers_sensor_vip undefined |
|
After reconfiguring the listening of ingest connector, the connector gets in inactive state. |
|
FabricPath is not displayed correctly in scenario with two ACI fabric connected to Tetration Cluster |
|
Error opening Workload profile page of Sensors with locale name containing non utf-8 characters |
|
F5 external orchestrator improperly handles services marked with all protocols |
|
Windows agent shows inactive after upgrade to 3.6.1.5 while using proxy with internal only DNS |
|
ADM Job Failing after upgrade to 3.6.1.5 for Workspaces using Provided service requests |
■ Refer to Cisco Secure Workload software major release 3.6.1.5 release notes - https://www.cisco.com/c/en/us/td/docs/security/workload_security/secure_workload/release-notes/csw_rn_3_6_1_5.html.
Compatibility Information
For detailed compatibility information, please refer to the Platform Information page on Cisco.com.
Usage Guidelines
■ Refer to Cisco Secure Workload software major release 3.6.1.5 release notes - https://www.cisco.com/c/en/us/td/docs/security/workload_security/secure_workload/release-notes/csw_rn_3_6_1_5.html.
Verified Scalability Limits
The following tables provide the scalability limits for Cisco Secure Workload (39-RU), Cisco Secure Workload M (8-RU), and Cisco Secure Workload Cloud:
Table 5 Scalability Limits for Cisco Secure Workload (39-RU)
Configurable Option |
Scale |
Number of workloads |
Up to 25,000 (VM or bare-metal) Up to 50,000 (2x) when all the sensors are in conversation mode. |
Flow features per second |
Up to 2 million |
Number of hardware agent enabled Cisco Nexus 9000 series switches |
Up to 100 (deprecated) |
Note: Supported scale will always be based on which ever parameter reaches the limit first
Table 6 Scalability Limits for Cisco Secure Workload M (8-RU)
Configurable Option |
Scale |
Number of workloads |
Up to 5,000 (VM or bare-metal) Up to 10,000 (2x) when all the sensors are in conversation mode. |
Flow features per second |
Up to 500,000 |
Number of hardware agent enabled Cisco Nexus 9000 series switches |
Up to 100 (deprecated) |
Note: Supported scale will always be based on which ever parameter reaches the limit first
Table 7 Scalability Limits for Cisco Secure Workload Virtual (VMWare ESXi)
Configurable Option |
Scale |
Number of workloads |
Up to 1,000 (VM or bare-metal) |
Flow features per second |
Up to 70,000 |
Number of hardware agent enabled Cisco Nexus 9000 series switches |
Not supported |
Note: Supported scale will always be based on whichever parameter reaches the limit first.
The Cisco Secure Workload documentation can be accessed from the following websites:
Cisco Secure Workload Platform Datasheet: http://www.cisco.com/c/en/us/products/collateral/data-center-analytics/tetration-analytics/datasheet-c78-737256.html
Secure Workload Documentation: https://www.cisco.com/c/en/us/support/security/tetration/series.html#~tab-documents
Table 8 Installation Documentation
Document |
Description |
Cisco Secure Workload Cluster |
Describes the physical configuration, site preparation, and cabling of a single- and dual-rack installation for Cisco Secure Workload (39-RU) platform and Cisco Secure Workload M (8-RU). |
Cisco Secure Workload Virtual Deployment Guide |
Describes the deployment of Cisco Secure Workload virtual appliances (formerly known as Tetration-V).
|
Cisco Secure Workload Upgrade Guide |
Document Link: NOTE: As a best practice, it’s always recommended to patch a cluster to the latest available patch version before performing a major version upgrade. |
Latest Threat Data Sources |
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.
© 2022 Cisco Systems, Inc. All rights reserved.