What’s New in the Aviatrix Controller?

The Aviatrix Controller UI will be deprecated in 2025. We recommend using CoPilot as your Aviatrix Management UI. Please contact your Account Representative for additional information.

The “Keep Alive via Firewall Lan Interface” option will be removed from the UI and enabled by default in a future Controller release. In preparation for that change, any newly launched FireNet resources will have “Keep Alive via Firewall LAN” (Keep Alive) enabled by default. You will not be able to disable the Keep Alive option. Existing FireNet resources should have “Keep Alive via Firewall LAN” set to enabled. Upgrades will be blocked if the Keep Alive option is disabled on any FireNet resources.

CloudN is not supported with any Aviatrix Controller releases that are based on the newer Linux OS. CloudN has been replaced with Aviatrix Edge. You must migrate CloudN Gateways to Aviatrix Edge before upgrading to 7.1.3958, 7.1.4105, 7.1.4139, 7.1.4183, or 7.2.4820 or later releases (newer Linux OS). For more information, contact your account team.

The “Keep Alive via Firewall Lan Interface” option will be removed from the UI and enabled by default in a future Controller release. In preparation for that change, any newly launched FireNet resources will have “Keep Alive via Firewall LAN” (Keep Alive) enabled by default. You will not be able to disable the Keep Alive option.

The new Controller and Gateway images shipped with the 7.1.3958 release include all previously released software patches. Therefore, you do not need to reapply the old software patches to Controllers and Gateways updated to this release. If any new software patches are released in the future, and if they apply to the new Controller and Gateway images, the documentation associated with that release will clearly identify the patches and provide instructions.

CloudN is not supported with any Aviatrix Controller releases that are based on the newer Linux OS. CloudN has been replaced with Aviatrix Edge. If you have CloudN gateways attached to your Controller and you want to upgrade to release 7.1.4105, you must migrate to Aviatrix Edge. For more information, contact your account team.

On the Aviatrix Edge Platform, after you have upgraded the image to the latest Aviatrix base image in 7.1.3958, you cannot roll back to the previous image.

As of Controller 7.1.1710, Distributed Cloud Firewall with WebGroups, configured in CoPilot, is the recommended method for configuring and implementing Egress Security.

Aviatrix strongly recommends migrating from Egress FQDN Filtering (Legacy) to Distributed Cloud Firewall to enforce Egress network security policy.

Controller version 7.1.4101 (older Linux OS) is the last version that supports CloudN. CloudN is being replaced with Aviatrix Edge. For more information, contact your account team.

If your Controller is running release 7.1.4101 or earlier, you will not be able to upgrade directly to 7.2 or later releases, when they become available. You will need to upgrade to release 7.1.4105 or a later 7.1 release before proceeding to any 7.2 releases.

As of Controller 7.1.1710, Distributed Cloud Firewall with WebGroups, configured in CoPilot, is the recommended method for configuring and implementing Egress Security.

Aviatrix strongly recommends migrating from Egress FQDN Filtering (Legacy) to Distributed Cloud Firewall to enforce Egress network security policy.

The new Controller and Gateway images shipped with the 7.1.3958 release include all previously released software patches. Therefore, you do not need to reapply the old software patches to Controllers and Gateways updated to this release. If any new software patches are released in the future, and if they apply to the new Controller and Gateway images, the documentation associated with that release will clearly identify the patches and provide instructions.

CloudN is not supported with any Aviatrix Controller releases that are based on the newer Linux OS. CloudN has been replaced with Aviatrix Edge. If you have CloudN gateways attached to your Controller and you want to upgrade to release 7.1.3958, you must migrate to Aviatrix Edge. For more information, contact your account team.

On the Aviatrix Edge Platform, after you have upgraded the image to the latest Aviatrix base image, you cannot roll back to the previous image.

As of Controller 7.1.1710, Distributed Cloud Firewall with WebGroups, configured in CoPilot, is the recommended method for configuring and implementing Egress Security.

Aviatrix strongly recommends migrating from Egress FQDN Filtering (Legacy) to Distributed Cloud Firewall to enforce Egress network security policy.

If your Controller is running release 7.1.3956 or earlier, you will not be able to upgrade directly to 7.2 or later releases, when they become available. You will need to upgrade to release 7.1.3958 or a later 7.1 release before proceeding to any 7.2 releases.

Controller version 7.1.4101 (older Linux OS) will be the last version that supports CloudN. CloudN is being replaced with Aviatrix Edge. For more information, contact your account team.

As of Controller 7.1.1710, Distributed Cloud Firewall with WebGroups, configured in CoPilot, is the recommended method for configuring and implementing Egress Security.

Aviatrix strongly recommends migrating from Egress FQDN Filtering (Legacy) to Distributed Cloud Firewall to enforce Egress network security policy.

If you have logging configurations enabled in Controller for the following external log servers, the out-of-the box logging services for these external log servers were deprecated in previous Controller releases and are removed in Controller 7.1.1710:

You cannot upgrade to Controller 7.1.1710 until you have disabled these deprecated logging configurations.

To disable the deprecated logging configurations:

As of Controller 7.1.1710, Distributed Cloud Firewall with WebGroups, configured in CoPilot, is the recommended method for configuring and implementing Egress Security.

Aviatrix strongly recommends migrating from Egress FQDN Filtering (Legacy) to Distributed Cloud Firewall to enforce Egress network security policy.

When creating a Distributed Firewalling rule, you can enable Intrusion Detection, and TLS Decryption.

If Intrusion Detection is enabled, traffic is inspected for threats.

If Intrusion Detection and TLS Decryption are both enabled, the decrypted data is examined for intrusions.

For more information, click here.

This release enables support for Aviatrix Secure Edge Gateway to be deployed via a turnkey solution from Aviatrix by leveraging an appliance wherein appliance onboarding and orchestration is driven from the Cloud. Deployment of the Edge gateway is via a zero touch provisioning model. The solution enables a seamless management and configuration model from Cloud to edge. This functionality requires Controller software version 7.1.1710 or later. For more information on Aviatrix Secure Edge, see here.

Aviatrix Edge Gateway can be used to terminate VLANs on the Edge Gateway. This also includes VRRP support. This can be used leveraging Aviatrix Edge platform on a device with secure edge gateway acting as a LAN side router. This functionality requires Controller software version 7.1.1710 or later.

Aviatrix Secure Edge at a customer on-premises location can be used as a LAN side Gateway with VLANs and this now enables cloud to Edge segmentation model, where segmentation domains and corresponding policies allow customers to define isolation across CSP VPCs and VNETs to onpremises networks and viceversa. This functionality requires Controller software version 7.1.1710 or later.

Aviatrix Secure Edge in Equinix Network Edge platform now supports setting up private virtual connections from Aviatrix Secure Edge to CSPs such as AWS, Azure, GCP and OCI and use BGP for peering to the CSP private connections (for example, Direct Connect, Express Route, Interconnect). This functionality requires 7.1.1710 Controller release.

Aviatrix Secure Edge now supports L4 firewall capabilities where CIDR and IP addresses can be used along with ports and protocols to define policies for granular traffic control.

Edge in Equinix is only a single Gateway per site in this release.

Edge on ESXi/KVM is untested in Controller version 7.1.1710. For Edge on ESXI/KVM self managed environments, please use Controller version 6.8 , 6.9 or 7.1.

The Controller release 7.1.1710 supports two active/active Gateways when deployed in on-premises.

You can now use WebGroups when defining distributed firewalling rules in the CoPilot > Security > Distributed Firewalling page. WebGroups define Domains and URLs into a group which can be used into the DFW Rules as a matching condition for the Rule action to be enforced.

This functionality requires Controller software version 7.1.1710 or later.

If you have Controller version 7.1.1710 or later, you can perform Security Group orchestration for VPC/VNets that have Intra VPC/VNet enabled. See the CoPilot > Security > Distributed Firewalling > Settings tab.

You can view the Intra VPC/VNet configuration in the Topology map and see how many VPC/VNets have Intra VPC/VNet enabled.

For more information about CoPilot Features, see What’s New in CoPilot.