3. Other features and improvements

3.1. Performance

Sensor performance was improved with a dynamic resource allocation at the first boot and a better flow distribution during the capture.


3.2. Pairing process of the sensor

The command `unpair` is now available to remove all pairing configuration from the sensor.


3.3. Business data deletion

The command `system delete-data` is now available to remove all business data from the sensor.


3.4. `show status` command

Additional information is available with the command `system delete-data` :

 Gcap FQDN         : gcap.gatewatcher.com
 Version           : 2.5.4.0
 Overall status    : Running
 Tunnel            : Up
 Detection Engine  : Up and running
 Configuration     : Complete

 Gcap name             : gcap
 Domain name           : gatewatcher.com
 Tunnel interface      : 192.168.2.2
 Management interface  : 192.168.1.2
 Gcenter version       : 2.5.3.103
 Gcenter IP            : 192.168.2.3
 Paired on Gcenter     : Yes
 Monitoring interfaces : mon0,mon2,mon4,monvirt

   © Copyright GATEWATCHER ...
```

3.5. System update

The GCap probe operating system and the kernel have been updated.


3.6. Compatibility mode

A new compatibility mode is available for supporting GCenter v2.5.3.103.


3.7. IPSec connection

The configuration of IPsec service was optimized to improve the connection reliability between GCap and GCenter.


3.8. Visualization of the configuraiton in the CLI

All « show » commands are available when the detection engine is up.


3.9. Deprecated commands and features

3.9.1. High-availability

High-availability feature was removed from this release.
To implement a redundant architecture, contact Gatewatcher Technical Support.

3.9.2. Sigflow: local rules

Local rules are no longer supported.


3.9.3. Creation of techsupport file

The creation of techsupport file must be exclusively performed with an non-interactive SSH session:

  • From a Linux workstation:
    `ssh -t setup@GCapX show tech-support large > /tmp/tech-supp-GCapX`
  • From a Windows workstation:
    `ssh -t setup@GCapX "show tech-support large" > C:\Temp\tech-supp-GCap`

3.9.4. Removed commands

The following orders have been removed:

  • The command `set advanced-configuration packet-filter` to configure local XDP filters
    The configuration of XDP filters must be exclusively performed on GCenter
  • The command `show advanced-configuration cpu-config` to display CPU configuration

  • The command `show/set advanced-configuration interfaces-names` to display or configure the interface name

  • The command `show/set advanced-configuration load-balancing` to display or configure the loadbalancing for capture interface

  • The command `show/set advanced-configuration local-rules` to display or configure the local rules

  • The command `show advanced-configuration memory-settings` to display the memory configuration of detection engine

  • The command `system reload-drivers` to reload the drivers of network cards

  • The command `show/set clusters` to display or configure the cluster interfaces
    The configuration of cluster interfaces must be performed with the command `set interfaces [interface-name] assign-role capture-cluster`.
  • The command `gui` to enter in the graphical configuration menu

  • The command `show/set setup-mode` to display or configurer de default mode for the configuration interface

  • The command `show configuration` to display Sigflow configuration

  • The command `show logs` to display log files

The commands related to service management:

  • `services start/stop/show {eve-generation|eve-upload|file-extraction|file-upload|filter-fileinfo|local-alerts|eve-compress}`