Release Notes

Major changes for CMG, HSG, HSA, and UA.

• HSA / UA
  • A package in the last base image caused conflict with the PBR feature and caused MWAN and PBR not to work properly. This package is removed. Both PBR and MWAN are working as expected.
  • MWAN can now support static WAN IP and static default routes. Previously MWAN only works when WAN links are using DHCP (auto learned default routes as well). This limitation is fixed.
  • Fixed MWAN tracking for the VLAN interface. Previously if the WAN port is a VLAN interface (configured using one of the switchport), the tracking will fail, because by default ping from the VLAN interface will fail. This is now fixed.
  • Disabled ARP for wwan interface by default. Previously when we use wwan0 or wwan1 as nexthop (eg. ip route 0.0.0.0/0 nexthop wwan0), it may not work for some ISP sim cards. Because some ISP networks may not respond to ARP requests from a 4G/5G connection. Disabling ARP by default for the wwan interface works across all scenarios.

• SD-WAN route redistribution changed from using IPACL (ip access-list) to prefixacl (ip prefix-list). The syntax is also simplified to allow network/prefix entry (eg. 10.1.1.1/24) instead of having to calculate and enter a wildcard mask. The respective mfusion orchestration GUI is also changed to have a separate section “Advertised Network” (previously it was under the OSPF setting). It’s reported that sometimes the routes are not redistributed/injected (due to base image differences), the current workaround is to configure it as an OSPF network (however, this only works for directly connected networks, not for redistributing static routes). In our next release, we’re changing to replace OSPF with BGP as the control protocol and this known issue will be fixed.

• Developed a new tracking daemon. This new daemon makes it possible to track VPN tunnel and PBR routes in seconds instead of previously in minutes. Use ? to check the exact syntax changes. In our next release, we will apply this enhancement to VRRP host tracking, static route tracking, and hotspot tracking, etc.

• Changed HSG hotspot DHCP. Previously the hotspot client-dhcp-server was configured under the hotspot instance setting, which is now removed. Please use the interface dhcp-server instead. There’s no need to configure DHCP under hotspot instances now.

• Many other bug fixes and internal processes optimization.

Major changes for mfusion orchestrator.

• Added ability to view deeper operating status and execute troubleshooting commands, which was only possible through CLI (eg. show running-config, show ip route, ping, traceroute, etc)

• Added “Resync Config” feature. Usually, the orchestrator config will merge with the local CLI config, which may not always be desirable. This option allows the orchestrator to push mfusion config to completely overwrite host CLI. Another use case is to apply a default template to the host and “resync config” to the host (it’s similar to CLI “write erase”).

• Simplified MWAN GUI configuration. Previously we needed to set mwan-group at each participating interface. Now all MWAN configurations are standardized to the “Multi-WAN” menu.

• Enhanced Policy-based Routing configuration. Application matching and next-hop set are now on one menu. No need to separately configure “firewall-set” for packet marking.

• Many back-end enhancements and bugfixes, eg. DNAT bugfix, CLI compiler enhancements, etc.