Support Knowledge Center

Release Note

Back to search

ExOS 6.4.6 Release Notes

Article Number: 000001755
Published: August 9, 2016
Categories: 6.4.x
Announcing ExOS 6.4.6

  • If you use DSCP values for filtering, please refer to D-03627 below for an important message.
  • All versions in 6.4.3, 6.4.4 and 6.4.5 are now able to upgrade to 6.4.6. 
  • Once you update to 6.4.6, you can ONLY update to 7.0.1 update 2 and later.
  • This release includes all changes from releases up to and including these update releases: 6.3.13, 6.4.3 Update 12 6.4.4 and 6.4.5.
  • No 32-bit images are provided. 6.4 will not be supported on 32 bit hardware
  • After upgrading and rebooting it is normal to see "No Data Available" on the graphs for a short period of time.
    • This is due to the processes starting up after the restart. When all the processes have restarted, data will show up again.
  • 2061, 4010, 4061, 6060, 6062, 8060, 8062, 10060, 10062, Virtual
Supported upgrade versions:
  • 6.0, 6.1, 6.3, 6.4
Link to download the update:
  • 64 bit image (6.4.6)
  • Image Size: 415,985,408 bytes
  • MD5: 5ac4929ea581a1a9320d4ecc6510d7db
  • If you are upgrading to ExOS 6.4 from ExOS 5.x or earlier:
    • This upgrade path is not supported. Please upgrade to ExOS 6.3 first.
  • When updating to 6.4 from a previous version, there is an upgrade of all the data stored on the appliance. This update process may take up to 24 hours depending on the amount of data stored on the appliance and the type of appliance. While this upgrade is happening, the charts will show "no data available". You can check the status of the data update on the Dashboard -> System page.
  • New images for the Virtual appliances are not available. To install a  new virtual appliance running 6.4.5, please first install 6.3.0 and upgrade  to 6.4.0. 
Major Features

Peak vs Average throughput on the Virtual Circuit PDF report and WUI (B-04098)
A new option has been added to the Virtual Circuit PDF report to provide a separate Peak vs Average Throughput report. This new graph displays two line graphs, one for the Peak throughput (maximum throughput seen in a 10 second sample) and the other is the throughput of traffic averaged over the time range (bytes seen during the sample period divided by the sample period duration). An option for this new graph is the scale on the Y axis. If the Y axis is requested in Kbps, then the Y axis will show the absolute throughput seen. If the Y axis is requested as a percent, then the Y axis will be 0 - 100%, where 100% represents the maximum bandwidth of the virtual circuit or circuit. If "All" is selected as the Virtual Circuit, then the peak vs average will be displayed for the circuit that. 
Updated Layer 7 Signatures (B-03952)
New Applications
  • MEGA
New Protocols
  • MS Exchange including subtype Outlook Web Access
  • Doook
  • vBulletin
Improved Signatures
  • BitTorrent
  • Edonkey
  • GoToMeeting
  • IMO
  • iPlayer
  • Jabber
    • Added subtype ‘encrypted’ to include encrypted traffic
  • L2TP
  • LoveFilm
  • Oscar
  • SIP
    • Added subtype for MPlus
  • Skype
  • Thunder
  • Ultrasurf: improved detection for Ultrasurf 14.03
  • Viber
    • Added file-transfer subtype

Bug fixes and minor improvements:
  • [D-01710] Fixed an issue where the bar graph on the Control page shows greater than 100% of the controlled rate. This was a display anomaly only. The traffic was still being controlled to the appropriate burst maximum.
  • [D-02908] In a cluster environment with devices using Wan Memory (x800 licenses), the yellow strips and the graphics indicating if the flow is local or remote was not consistent and accurate. This has been modified to be completely consistent and accurate. As a result, new icons on the real-time conversation screen have been introduced to convey the proper information. The letter in the icon indicates if the flow entered the cluster on the local node or a remote node. The colour of the icon indicates if the flow is being accelerated locally or remotely. If it is being accelerated locally, the background colour will be yellow.
    • A green background L  indicates that the flow is locally bridged and remotely accelerated. This means that the flow entered the cluster on the node that you are viewing and was passed to a different node in the cluster for acceleration processing.
    • A brown background R indicates that the flow is remote bridged and remotely accelerated. Note that it doesn't mean that the same machine that is bridging the flow is also accelerating the flow.
    • A yellow background L indicates that the flow is locally bridged and locally accelerated.
    • A yellow background R indicates that the flow is remote bridged and locally accelerated.
  • [D-02960] Improved the optimizer startup time when the configuration has lots of policies (more than 1500).
  • [D-02978] Removed a duplicate email event for paging-high.
  • [D-02991] Fixed an issue that was preventing monitoring of Q-in-Q, or double VLAN tagged, traffic.
  • [D-02997] Addressed a UI performance issue when the configuration has more than 2000 policies.
  • [D-03028] When using the latest Microsoft Operating systems, some SMB traffic was being classified as NETBIOS traffic. This has been corrected.
  • [D-03040] The system disk was filling up with the URL logging data. This has been corrected.
  • [D-03050] Added missing CLI configuration for scheduling PDF reports directly from monitoring pages. Now when scheduling PDF reports directly from a monitoring page, the details of these reports is accurately captured in the CLI configuration. You can now use the following command to schedule the reports. The URL parameter is the URL of the monitoring page to schedule:
    • report pdf NAME custom-url URL
  • [D-03096] Fixed a bug where the internal process mysql_syncd would crash when using custom application definitions.
  • [D-03098] Fixed an issue that prevented the display of the Control graph after renaming a Virtual Circuit
  • [D-03172] Fixed an issue where the Hosts PDF report could show the wrong data for Internal hosts. The pie chart was correct but the corresponding table was showing external hosts.
  • [D-03173] Fixed a memory leak when the cluster link gets congested and information can not be shared between cluster members in a timely manner.
  • [D-03178] Fixed an issue where the system would restart unexpectedly when in a cluster doing acceleration.
  • [D-03198] Upgraded OpenSSL to v1.0.1e-16.14. This OpenSSL version covers the following vulnerabilities:
    • CVE-2010-5298 - possible use of memory after free
    • CVE-2014-0195 - buffer overflow via invalid DTLS fragment
    • CVE-2014-0198 - possible NULL pointer dereference
    • CVE-2014-0221 - DoS from invalid DTLS handshake packet
    • CVE-2014-0224 - SSL/TLS MITM vulnerability
    • CVE-2014-3470 - client-side DoS when using anonymous ECDH
  • [D-03219] All conversions from kbps to Mbps and Mbps to Gbps are now 1000 base where in the past they were 1024 base. The result of this will be that if you have policies based on 1024, you will now see that the reporting will say that you are allowing 1.024Mbps instead of 1.0Mbps that would have been displayed in the past. The industry accepted conversation from kbps to Mbps and Mbps to Gbps per second is 1Mbps = 1000kbps. This change makes the Exinda monitoring align better with other monitoring tools you may have in your network.
  • [D-03275] fixed an issue where the diagnostic tool kdump was not working in 6.4.5 and 7.0.1. The diagnostic tool works again. Use this tool only as directed by Exinda's TAC team
  • [D-03285] When manufacturing a machine with a version after 6.4.2, the Anonymous proxy URL was incorrect. This resulted in [D-02222] and the work around listed for that bug. The root cause has been fixed and the Anonymous proxy URL is always correct now during upgrades and manufacturing.
  • [D-03298] Fixed an issue that prevented SMB pre-population from working. With 6.4.5 and 7.0.1 the SMB pre-population jobs were failing.
  • [D-03357] Fixed an issue where WCCP would suffer from poor performance due to retransmissions.
  • [D-03449] Fixed an issue where port ranges stopped working in application objects after an update to 6.4.5 or 7.0.1.
  • [D-03451] Fixed an issue with acceleration where UDP packets that were VLAN tagged and needed to be fragmented were being sent corrupted.
  • [D-03521] Fixed an issue where multi-per-vc queuing mode did not distribute the shaping queues properly after an upgrade to 6.4.5 and 7.0.1. The result is that multi-per-vc did not provide the proper shaping.
  • [D-03571] Patched the version of BASH used within the product to fix the vulnerability for ShellShock. CESA-2014:1306, CVE-2104-6271, CVE-2014-7169. See this note on our support forum about our not being susceptible:
  • [D-03602] Added the ability to configure the VLAN that the IPMI will listen to. This new configuration is on the IPMI tab and allowed enabling VLAN support and specifying the VLAN ID.
  • [D-03627] IMPORTANT: this change represents a change of behaviour. If you are doing DSCP filtering, your rules may need to be updated. On previous releases, DSCP 0 was used to match all DSCP values (it was a wild card). Now, DSCP 0 matches traffic that only has DSCP value of zero (some people consider this unmarked traffic). This will allow you to mark traffic that was previously unmarked while letting traffic that was already marked fall into another rule. As of this version you should interpret DSCP 0, when used in a filter, as meaning all traffic that has only DSCP mark 0 or no explicit DSCP mark.
  • [D-03649] Fixed an issue with SMB acceleration that could lead to memory exhaustion. The issue involved incorrectly locked files that aren't cached (such as the Zone file in Windows). This would manifest itself in transfers that appear to hang at 0% or 99% complete. 
  • [B-04347] Disabled the use of SSLv3 on all services that use SSL. This is a respond to the recently reported POODLE vulnerability of SSLv3. (CVE-2014-3566) More information can be found here:

Known Issues:
  • [D-02199] When an acceleration HA cluster is configured and the traffic being accelerated is located on a VLAN and has a VLAN tag, the traffic will not flow through the HA cluster properly. This issue is currently being investigated and a fix is expected soon.
  • [D-01777] snmp: after a period of repeatedly querying the following sensors, the WUI will appear to be locked up and various processes within the appliance will crash. This will eventually repair itself. system health/cpu alarm, system health/disk alarm, system health/ram alarm, system health/nic alarm. The work around is to not query these SNMP values.
  • [D-01921] Under some circumstances Microsoft Lync traffic will be classified as MSN traffic.