12.1. Release 4.2¶
We now provide offline licenses. With this, connection to our licensing server is no longer needed.
There is no longer a separate logging interface. Now you must use data interfaces to send logs. For example, if previously you had four interfaces in the VM: virtual interface for management, virtual interface for logging, and two physical PCI-passthrough interfaces for data, now you will have only three interfaces: one a virtual interface for management and two physical PCI-passthrough interfaces for data and logging.
The typical way to configure logging without spending the whole physical interface on it is to use separate VLAN and VRF for logging traffic, for example:
vrf nat-log ! interface if0.100 vrf nat-log ip address 10.0.0.1/24 ! nat log server 0 type netflow ip 10.0.0.2 port 2055 vrf nat-log nat log type session enable nat log enable
With the configuration above, you have a separate virtual interface with VLAN tag 100 for sending logs. This interface is in a separate VRF named “nat-log” to prevent routing collisions with the default VRF where customer traffic is routed.
Additionally, there is now a possibility to configure and use multiple logging servers simultaneously. Therefore, you need to specify a server ID when configuring it. For example, if you had the configuration line
nat log server type syslog ip 18.104.22.168 port 514you must change it to
nat log server 0 type syslog ip 22.214.171.124 port 514. And you may configure additional log servers, even using a different protocol, if you need to, for example,
nat log server 1 type ipfix ip 126.96.36.199 port 4739.
12.1.2. New Features¶
BFD (Bidirectional Forwarding Detection) protocol support.
Ability to send logs to multiple servers.
Mellanox 100 GbE NICs support.
On-the-fly reconfiguration of pools (add/remove IPs).
TCP implementation complied with RFC 7857.
Added ICMP errors sending (NAT is visible in traceroute now).
Random public IP selection on session creation.
Autocomplete and search in CLI.
Changed logging format (all log types now have VRF field and syslog compatibility with RFC 5424).