This release enables support for Aviatrix Secure Edge Gateway to be deployed via a turnkey solution from Aviatrix by leveraging an appliance wherein appliance onboarding and orchestration is driven from the Cloud. Deployment of the Edge gateway is via a zero touch provisioning model. The solution enables a seamless management and configuration model from Cloud to edge. This functionality requires Controller software version 7.1.1710 or later.

Aviatrix Edge Gateway can be used to terminate VLANs on the Edge Gateway. This also includes VRRP support. This can be used leveraging Aviatrix Edge platform on a device with secure edge gateway acting as a LAN side router. This functionality requires Controller software version 7.1.1710 or later.

Aviatrix Secure Edge at a customer on-premise location can be used as a LAN side Gateway with VLANs and this now enables cloud to Edge segmentation model, where segmentation domains and corresponding policies allow customers to define isolation across CSP VPCs and VNETs to onpremises networks and viceversa. This functionality requires Controller software version 7.1.1710 or later.

Aviatrix Secure Edge in Equinix Network Edge platform now supports setting up private virtual connections from Aviatrix Secure Edge to CSPs such as AWS, Azure, GCP and OCI and use BGP for peering to the CSP private connections (for example, Direct Connect, Express Route, Interconnect). This functionality requires 7.1.1710 Controller release.

Aviatrix Secure Edge now supports L4 firewall capabilities where CIDR and IP addresses can be used along with ports and protocols to define policies for granular traffic control.

Edge in Equinix is only a single Gateway per site in this release.

Edge on ESXi/KVM is untested in Controller version 7.1.1710. For Edge on ESXI/KVM self managed environments, please use Controller version 6.8 , 6.9 or 7.1.

The Controller release 7.1.1710 supports two active/active Gateways when deployed in on-premises.

The CoPilot > Troubleshoot > Cloud Routes page has an updated layout and improved format for tables and search controls.

For ThreatIQ alerts, additional information is now included for both email and webhook alert notification channels.

New pages were added to CoPilot for these functional areas:

You can now use the CoPilot > AirSpace > Edge page to create edge high availability (HA) gateways.

This functionality requires Controller software version 7.1.1710 or later.

You can now use WebGroups (Preview feature) when defining Distributed Firewalling (DFW) rules in the CoPilot > Security > Distributed Firewalling page. WebGroups define Domains and URLs into a group which can be used into the DFW Rules as a matching condition for the Rule action to be enforced.

This functionality requires Controller software version 7.1.1710 or later.

If you have Controller version 7.1.1710 or later, you can perform Security Group orchestration for VPC/VNets that have Intra VPC/VNet enabled. See the CoPilot > Security > Distributed Firewalling > Settings tab.

You can view the Intra VPC/VNet configuration in the Topology map and see how many VPC/VNets have Intra VPC/VNet enabled.

You can now attach a Spoke Gateway to a FireNet Gateway while creating or editing the FireNet Gateway in the CoPilot > Security > FireNet page.

If you have CoPilot 3.10.0 and Controller version 7.1.1710 or later, the following decryption CA certificate functions are available as a preview feature:

In CoPilot > Security > Distributed Firewalling > Settings > Decryption CA Certificate:

When using a Controller version earlier than 7.1.1710, you can download the Aviatrix CA certificate for use in your environment but other functions (described above) are not available.

Global Spoke for GCP is a preview feature available in CoPilot 3.10.0.

Global Spoke for GCP creates regional awareness between the VPC and Aviatrix gateways allowing you to restrict spoke gateway traffic to transit gateways in the same region as the spoke gateway. Without global VPC, communications between spokes over transit in the same region are routed outside the region. Regional awareness is achieved by appending regional network tags to virtual machines and adding regional routes to the gateways in the routing table using tags. You can configure the method of appending the network tags in the CoPilot > AirSpace > Gateways > Settings page. For more information, see GCP Global VPC Routing.

WebGroups are used in Distributed Firewalling rules. WebGroups define Domains and URLs into a group which can be used into the DFW Rules as a matching condition for the Rule action to be enforced.