Network Automation 7 0 5 ReleaseNotes PDF

NetMRI 7.0.
5 Release Notes
TABLE OF CONTENTS
INTRODUCTION .................................................................................................. 2
About NetMRI 7.0.x ........................................................................................................ 2
NEW FEATURES .................................................................................................. 2

NetMRI
NetMRI
NetMRI
NetMRI
NetMRI
7.0.5................................................................................................................. 2
7.0.4................................................................................................................. 2
7.0.3................................................................................................................. 3
7.0.2................................................................................................................. 3
7.0.1................................................................................................................. 3
Deprecated and Obsolete features ........................................................................... 5

Deprecated Features....................................................................................................... 5
Obsolete Features .......................................................................................................... 6
Planning for Deprecated and Obsolete Features ...................................................................... 6
DEVICE SUPPORT UPDATES .................................................................................... 6

LIMITATIONS OF 7.0.x SOFTWARE ....................................................................................... 7
UPGRADE GUIDELINES .......................................................................................... 8

Special Notes on Upgrading From pre-6.9.1 Releases (6.8.x) ...................................................... 8
Upgrading From 6.9.x ...................................................................................................... 8
Special Note on External Authentication/ Authorization Services ................................................. 8
Upgrade Sandbox Instances ............................................................................................... 8
OTHER REQUIREMENTS ......................................................................................... 9

Supported Browser Versions .............................................................................................. 9
Supported VMware Versions .............................................................................................. 9
TECHNICAL SUPPORT ........................................................................................... 9

RESOLVED ISSUES .............................................................................................. 10
Fixed/Improved in NetMRI Release 7.0.5 ............................................................................. 10
Fixed in NetMRI Release 7.0.1 .......................................................................................... 18
KNOWN ISSUES FOR NETMRI RELEASE 7.0.5 ................................................................ 22
2016 Infoblox Inc. All Rights Reserved. All registered trademarks are property of their respective owners.
P/N 400-0608-001
Page 1 of 23
4/14/2016
NetMRI 7.0.5 Release Notes

INTRODUCTION
This release note needs to start with a quick explanation. As many of our long-time customers know, the
product name started out as NetMRI. It later became Network Automation, because NetMRI was also a license
level. We are now reverting back to the original name, although it may take some time for the product to
completely revert. The product name has been changed back throughout the release notes, but has not yet
changed in the product UI, or the longer-lived documentation (e.g. the admin guide).
NetMRI 7.0.5 is an important update that provides performance improvements and fixes for customer-reported
issues. Customers running NetMRI 7.0.4 and earlier are encouraged to update their systems to this maintenance
release at the earliest opportunity.
NetMRI 7.0.5 is a cumulative release and includes all resolved issues from earlier 7.0.x releases. These Release
Notes are also cumulative, and list resolved issues from releases 7.0.[1-5], with a list of Open Issues as of the
7.0.5 Maintenance Release.
About NetMRI 7.0.x

NetMRI 7.0.x provides major feature additions, performance enhancements and security fixes to NetMRI systems
deployed in either standalone appliances or Operations Center modes.
All existing customers will find increased flexibility in device group management and network management
workflows. Operations Center customers will have greater stability at scale.
NetMRI 7.0.x provides new features, performance improvements and fixes for customer-reported issues,
including several security and performance and stability fixes. Customers running NetMRI 7.0.[1,2], 6.9.x, 6.8.x,
and earlier releases, are encouraged to update their systems. Customers upgrading from 6.8.x should start from
6.8.7 or 6.8.8, and must refer to the 6.9.4 release notes, pay special attention to the upgrade guidelines in
both sets of release notes (6.9.4 and 7.0.x), and review all feature changes, as there are numerous
considerations that must be taken into account.
As part of NetMRI 7.0.x, and all future releases, Infoblox conducts active penetration scanning. This is in
addition to the vulnerability scans conducted on previous releases. All reported and discovered SQL injection
vulnerabilities have been fixed. A number of other lower severity vulnerabilities have been found, and fixed, as
well. There are some remaining Cross Site Scripting and Cross-Site Request Forgery potential vulnerabilities
identified by our internal scan that will be addressed in upcoming releases. All vulnerabilities require an
authenticated user to initiate the action. No un-authenticated exploits exist to the limits of our testing ability.
The following sections describe the 7.0.x feature set improvements, additional device support, upgrade
guidelines, resolved issues, and known issues.
NEW FEATURES
This section describes new features for the current release.
NetMRI 7.0.5
No new features for this release.
NetMRI 7.0.4
P/N 400-0608-001
Page 2 of 23
4/14/2016

NetMRI 7.0.3
Sunset of SHA1 Signed Certificates
As the support for SHA1 certificates is being sunseted at the end of this year, all new certificates are generated
using SHA256. However, customers with existing certificates may want to update their existing ones.
Customers with self-signed certificates can refresh to the more secure setting. From the admin shell, run the
command: configure certificates https then select option 3 (Refresh self-signed certificate).
Customers with external certificates can re-run the Certificate Signing Request process from the admin shell to
generate a new CSR. That CSR will then need to go to the signing authority, and the resulting certificate
installed. Run the command: configure certificates https then selecting option 1 (Generate CSR).
Then follow the CSR process, and install the new certificate using option 2.
Should any issues be encountered in this process, the previous certificates can be restored from an archive file
from the admin shell. Run the command: restore <archive_name> -https_certs to restore the
original certificate.
New Device Functionality
NetMRI 7.0.3 now includes support for IOS-XE systems configured for VRF, and support for FortiGate devices
configured for VDOM.
Additional Information about Device Group Membership Logic
While not strictly new functionality, additional explanation of Device Group Logic is warranted. When evaluating
the group criteria, low-assurance (<20% Assurance) network devices are treated as end hosts and are not
processed at all (not even if the device is listed explicitly by IP address in the group criteria). The exception to
this handling is when the 'include end hosts and low-assurance devices' checkbox is selected. The checkbox was
previously available for both Basic and Extended device groups, but as of 7.0 was removed from Basic device
groups. The previous name of this checkbox was simply 'Include end hosts,' which may have contributed to the
confusion.
NetMRI 7.0.2
NetMRI 7.0.1
Blackout Periods
You can define recurring Blackout Periods during which discovery protocols and processes will not run. These
periods can be defined: globally across all networks; on specified discovery ranges; on device groups; or on
individual devices. Blackout periods prevent NetMRI from interacting with specified devices, device groups,
ranges or networks for any discovery or data collection task. A second blackout type, change blackout, restricts
NetMRI from device interaction via the CLI, preventing: logins; scheduled or run-now job executions; Telnet/SSH
proxy; and port control UI features. For information, see Defining Blackout Periods for Discovery Ranges and
Defining Discovery Blackout Periods in the NetMRI Administrators Guide.
Device Groups Enhancements
NetMRI 6.9 introduced two types of device groups: Basic and Extended, and limited the total number of
Extended groups to 50. In NetMRI 7.0.x you can create up to 375 groups, split between a limit of 125 Extended
and 250 Basic device groups. While the hard limit from NetMRI 6.9 has been raised, and scale testing has been
done at this level, there are many factors that impact performance (e.g. total load on the system, complexity
P/N 400-0608-001
Page 3 of 23
4/14/2016

of the group definitions, etc.). If the customer has a large number of extended groups (even below the
maximum allowable), and experiences performance issues, they may be required to convert extended groups to
basic, or to reduce the total number of groups, as part of correcting those problems. For information, see
Creating Device Groups in the NetMRI Administrators Guide.
The nested device groups feature enables you to create device groups that nest within larger group categories.
For example, the Routing device group could contain child device groups titled Cisco, Juniper and
Alcatel, each of which specifies its own regular expression to filter devices of the Routing type from a specific
vendor. You may create nested/child device groups up to six levels deep in the Device Group tree. For
information, see Creating Device Groups in the NetMRI Administrators Guide. Currently, updating a parent
group definition does not cause the child group to be recalculated this caveat will be addressed in a
maintenance release.
Device Groups also offer the flexibility to specify custom field data as matching information against custom field
identification values defined on individual devices. You specify custom field information in device groups
through the Device Group Criteria. Doing so, you can craft device groups that match specific types of
information, such as Business Units, operational function, and so on. For information, see Device Group Criteria
and Device Custom Fields in the NetMRI Administrators Guide.
External Authorization and Authentication
NetMRI 7.0.1 has expanded its external authentication support, and adds external authorization capabilities.
NetMRI adds LDAP to its supported protocols for external authentication.
NetMRI also substantially expands its AAA external server support by enabling administrative authorization
through LDAP, Active Directory, RADIUS and TACACS+ protocols. You can use external AAA services to control
user access to NetMRI features with the same user roles and privileges defined on the local NetMRI system.
NetMRI enables you to add new authentication and authorization servers, and assign remote user groups to
NetMRI user roles and Device Groups. For information, see NetMRI Authentication and Authorization in the
NetMRI Administrators Guide.
There are significant changes to the User API calls necessitated by the external authorization capability.
Customers calling User API functions as part of custom scripts will likely need to rewrite those scripts to use the
newer 3.0 API.
OpenSSL has been upgraded to 1.0.2, which will cause SSL handshaking to be done only using TLS 1.2. Systems
providing AAA over SSL must be able to respond to TLS 1.2. If the AAA servers are older systems that have not
been upgraded to support TLS 1.2 (released in 2008) then SSL will not work.
Network Device Interaction Improvements
NetMRI 7.0.1 enhances the CCS scripting/Job engine to support improved approaches for collecting device
configurations, improved prompt detection and error handling for regular expressions and for general error
detection. Changes in this area allow better definition of device properties to better avoid false-positives on
running-to-saved configuration comparisons, or false changes on running-to-running or saved-to-saved. More of
the definition of the device interaction is stored in the database, resulting in more stream-lined Device Support
Bundles.
Operations Center to Collector Improvements
NetMRI 7.0.1 further improves Operations Center communications between the central OC node and its
Collector appliances. Among the enhancements are: improved delivery of collected configurations and job
execution logs from Collector appliances to the Operations Center; improved stream processing for multiple
simultaneous updates from Collectors to the OC; improved exception handling; and improvements to job
logging.
P/N 400-0608-001
Page 4 of 23
4/14/2016

Additional Changes for 7.0.1 Release
Existing customers will see the following changes in their NetMRI deployment after an upgrade to Release 7.0.1:
A special setting has been added to Advanced Settings -> Configuration Management -> Config Syslog
Change Filter Username to provide special handling for configuration changes detected based on syslog
events. Up to five comma-separated user names can be defined in that setting. If a syslog event
matches one of those user-names, then it will bypass the configuration difference notifications and
policy triggers that would otherwise be invoked. This can be used in cases where an automated process
with a named automation user takes configuration actions such as bringing ports up and down, or
changing VLANs. In the case of frequent expected activity of this nature, the follow-on reporting of
change events often becomes overwhelming and unnecessary.
The ghosted/greyed out Security Control tab is removed. Customers with existing Security Control
feature licenses will retain their feature set. Documentation on this remains available through Infoblox
Support.
Specific VRF collection state information is added to the Device Viewer -> Settings & Status -> Device
Support -> under both the Data Collection and Device Support tabs.
A Device CLI Audit Log captures NetMRI CLI connections to network devices, including events from
processes such as config collection, credential collection, Job engine (including job approval identity),
and other CLI session connections. This is not exposed in the device viewer, or other readily available
form, but is available to support as a troubleshooting aide. This can be controlled under Advanced
Settings -> Notification with controls for disabling the logging (it is on by default), and the number of
days to retain the logs.
The API has been updated to version 3.0. Backwards compatibility has still been maintained wherever
possible, but there are some areas particularly for user administration that have been changed
significantly in this major release.
The NetMRI systems FQDN can be set within the advanced setting for use in Reports and Notifications.
Generated URLs in those documents will then use the FQDN, rather than IP address. This is useful if the
system is using https, and the certificate is registered only to the name.
Scripts that issue commands to devices can now override the expected response, changing it from the
expected prompt to something else temporarily. This is useful if the command issued results in a followon query, such as Are you sure (y/n)?
Deprecated and Obsolete features

This section describes features no longer supported in this release, or planned for removal in a future release.
These features are ones that have not been adopted by customers, or were for specific cases in the past. Since
NetMRI contains such a rich feature set, these items are being trimmed to ensure that the focus is placed on
improving features that are in use, and adding new features in areas where use cases are growing.
Deprecated Features
The following existing features are deprecated. Testing of these features was skipped during release
qualification. The code remains unchanged, but may be removed in a future release. Customer cases resulting
from bugs found in these features will be handled on a case-by-case basis, but in general, will not be acted
upon.
Remote Diagnostic Tool
Cisco Call Manager
Quality of Service test module
VoIP SLA test module
P/N 400-0608-001
Page 5 of 23
4/14/2016

Obsolete Features
The following existing features are obsolete. Testing of these features was skipped during release qualification.
Functionality and screens may be removed as of this release. Customer cases resulting from bugs found in these
features will not be acted upon, excepting significant circumstances.
Support for NetMRI 1102-A appliances these cannot be upgraded to 7.0.1
Archive restore from the GUI CLI restore was the primary/recommended, and remains.
Discovery Module License
Set Temp License for SDC and SPM
Network Analysis Events (already hidden by default)
Event Collector Analysis (already hidden by default)
Planning for Deprecated and Obsolete Features

The following features are candidates for becoming deprecated or obsolete in a subsequent release.
Standard + SPM license combination replaced by Full NetMRI license type.
TAE Module
HTTP connections limiting the system to HTTPS only
DEVICE SUPPORT UPDATES

The following devices are newly supported or updated for Release 7.0.5:
Cisco ISR4451 ISR4351, ISR4331Router v15.4(3)S1 (for the 4451) and v15.4(3)S2 for the others
Cisco ASA 5516-X Firewall v9.4(2)
Fortinet 140D Firewall v5.2.5
Fortinet fgt92D Firewall v5.2.4
Juniper EX4300 Switch-Router v14.1X53-D25.2
SEL SEL-3610 & SEL-3620 Console Server vR203
Alcatel 7210 SAS-M Switch-Router TiMOS-B-6.0.R6 and 7210 SAS-M24F2XP Switch-Router TiMOS-B-6.0.R6
Aruba AP225 WirelessAP 6.3.1.8-4.0.0.7
Cisco IPS4240 IPS 7.1(9)E4 IPS [Telnet collection only due to IPS SSH implementation limits]
Cisco Catalyst 4506e Switch-Router v12.2(54)SG1
MRV 906c Switch-Router v4.3.2
Cisco ASR5000, Router, v17.4.0
Cisco C6880xle, Switch-Router, v15.1(2)SY4a
Citrix Cloudbridge 3000 and 600, WOC, v7.2.3
Exinda 10862 and 8862, WOC, v6.4.6.3574
HP J9727A, Switch-Router, WB.15.14.0007
McAfee Sidewinder S3008, Firewall, v8.3.0
P/N 400-0608-001
Page 6 of 23
4/14/2016

Arista DCS-7150S24, Switch-Router, v4.13.5F
Arista DCS-7508, Switch-Router, v4.13.9.1M
Brocade ICX775048F, Switch-Router, v08.0.20T203
Citrix NSMPX-22000-10G, Load Balancer, vNS9.3, build 66.5nc
Crossbeam Systems X50, Firewall, v9.7.2
Alcatel OS6450-P48, Switch-Router, v6.6.3.520.R0
Arista vEOS, Switch-Router, v4.13.5F
Brocade 6510, Storage Appliance, v7.3.1
Brocade vdx6720, Switch-Router, v3.0.0b
Brocade vdx6720P24, Switch-Router, v3.0.0b
Brocade vdx6730P32, vdx6740, and vdx8770S4 Switch-Router, v4.1.2ac
Cisco C68xxVirtualSwitch, Switch-Router, v15.2(1)SY1
Citrix NSMPX-15000, NSSDX-18500, Load Balancer, v.NS10.1: Build 129.11.nc
HP J4865A, and J4887A Switch-Router, vG.07.117
HP J4899A, J4899B, J4899C, J4900A, J4900B, and J4900C Switch-Router, vH.10.113
Huawei s5700-28C-EI-24S, and s5700-28C-PWR-SI Switch-Router, v5.130
Huawei s5710-28C-PWR-EI, Switch-Router, v5.150
Added CLI Forwarding and SwitchPort collection support for Nexus 7k NX-OS 6.*
Added CLI port-channel collection for Cisco C68xxVirtualSwitch v15.2(1)SY1
Removed Disable paging command from F5 CLI collection, and increased timeout
Updated SwitchPort data collection support for Alcatel Lucent OS6400 and OS6450 models
Updated inventory data collection indicator to supported for Citrix devices except NSMPX-* models
LIMITATIONS OF 7.0.x SOFTWARE

Inbound TFTP/HTTP File Transfers from VRF-Aware Devices
NetMRI provides Config Template and Rollback features, in which the involved devices initiate the file transfer
connections. Due to the adoption of Network Views in 6.9.x, a device that starts a connection to NetMRI needs
to specify the interface it has present in the correct network view. However, this is not consistently possible on
supported VRF-aware devices. WORKAROUND: TFTP/HTTP file transfers on VRF-aware devices will work when
the NetMRI manages the device on the devices default VRF; when the devices Management IP address is on an
interface in the devices default VRF (such as (default)IOS for Cisco IOS, default for Nexus and master for
JunOS). If NetMRI cannot reach the VRF-aware device through the devices default VRF, this feature will not be
available.
SNMP Credentials in Juniper VRFs
For discovery and periodic polling on Juniper devices through an interface that is not in the Juniper default VRF
(master), the query must use a special default@credential format. This setting assumes that users do not
have management interfaces in a VRF. Hence, the SNMP credentials for VRF-aware Juniper devices must use
syntax similar to: @vrfsnmp. Enter these values for SNMP credentials under Settings icon > Setup >
Credentials > SNMP v1/v2c tab. (When querying VRF-aware Juniper devices via an interface that is in the
default VRF, a plain community string can be used without the @ character.)
P/N 400-0608-001
Page 7 of 23
4/14/2016

UPGRADE GUIDELINES
NetMRI 1102-A appliances do not support 7.0.x releases and cannot be upgraded to 7.0.x.
NetMRI systems (standalone or Operation Center) can be upgraded to 7.0.x starting from the following versions:
6.8.x (however testing has only been from 6.8.7 and 6.8.8), and 6.9.x.
The upgrade image file is ib_network_automation-v7.0.5.83982.gpg.
Data collection is shut down on Operations Centers during the 7.0.x upgrade. In Operations Center Controller-toCollector communications, all collected network data passes from the Collector to the Controller through a
tunnel connection. Tunnel connections are shut down during upgrades to 7.0.x releases.
Special Notes on Upgrading From pre-6.9.1 Releases (6.8.x)

While the upgrade can be performed from any version of 6.8.x, it is strongly recommended that the customer
start from 6.8.7 or 6.8.8 as there are significant changes in those releases, and that was the starting point for
testing.
Because there are very significant changes between 6.8 and 6.9, introducing configurations in support of VRF,
customers must read and follow the upgrade instructions in the 6.9.4 Release Notes. Those instructions are not
repeated here, but are still relevant in a 6.8- > 7.0 upgrade.
Upgrading From 6.9.x

You can directly apply the NetMRI 7.0.x upgrade to systems running NetMRI 6.9.x.
For customers with systems that do not connect to the Internet/AutoUpdate server, you will need to download
the upgrade image file and SCP it to the admin users directory on the appliance. Then run the standard
AutoUpdate utility from the NetMRI Admin Shell to perform the 7.0.x upgrade.
Special Note on External Authentication/ Authorization Services

If using external authentication over SSL, ensure it supports TLS 1.2, prior to upgrading NetMRI. A hotfix to
work around authentication servers that do not support TLS 1.2 is available, but not recommended.
Upgrade Sandbox Instances

Ensure that Sandboxes (either Local or Remote) are fully and properly upgraded (to the starting release version)
prior to starting an upgrade. If the sandbox is in an incorrect state prior to a follow-on upgrade, this may create
issues that are difficult to diagnose.
Local sandbox instances for NetMRI will be automatically upgraded.
Remote Sandbox instances (e.g., Sandbox instances on a VM server) must be manually upgraded using
the sandbox reset command from the admin shell. See the topics Using the NetMRI Sandbox and
Setting Up a Remote Sandbox in the online Help for more information.
P/N 400-0608-001
Page 8 of 23
4/14/2016

OTHER REQUIREMENTS
Supported Browser Versions
Infoblox supports the following Web browser versions as of this release:
OS
Microsoft Windows 7
Browser
Microsoft Internet Explorer 11.x

Mozilla Firefox 38.x
Google Chrome 46.x
Microsoft Windows 8.1
Microsoft Internet Explorer 11.x

Google Chrome 46.x
Red Hat Enterprise Linux 6.x

Google Chrome 46.x
Apple Mac OS X 10.10
Safari 7.1, 8.0
The unsupported browser warning has been removed. There may be the occasional display issues as these
browsers go through their rapid release cycle; however we expect enough compatibility in their coding that it
doesnt make sense to highlight the version difference in red during every login.
When viewing NetMRI, set the screen resolution of your monitor as follows:
Minimum resolution: 1024x768
Recommended resolution: 1280x800 or better
Supported VMware Versions

Infoblox offers NetMRI in a virtual machine version. The following VMware releases support NetMRI 7.0.1 VM
operation:
ESXi 5.0x and ESXi 5.1x
VMware Workstation 10.0
Fusion 7.1 on Mac OSX 10.9 (NetMRI Standalone mode only)
TECHNICAL SUPPORT
Product Support
Infoblox technical support contact information:

Telephone: 1-888-463-6259 (toll-free, U.S. and Canada); EMEA, +32 3 2590440; +1-408-986-4000, ext. 1
E-mail: support@infoblox.com
Web: https://support.infoblox.com
Documentation
Download the latest documentation from the Infoblox Support page: https://support.infoblox.com/app/docs.
Training
Training information is available at: https://training.infoblox.com.
P/N 400-0608-001
Page 9 of 23
4/14/2016

RESOLVED ISSUES
The following issues were reported in previous NetMRI releases and resolved in this Release.
Fixed/Improved in NetMRI Release 7.0.5

NETMRI-27211 Do not use HSRP IP data from Nexus switches for further discovery, due to Nexus bug.
NETMRI-27170 Allow starting of new jobs without blocking by locked job related tables.
NETMRI-27123 Correctly exit from F5 devices without the "quitexit" syntax error.
NETMRI-27121 - Add device properties used in SNMP Engine ID to Discovery Diag.
NETMRI-27110 - Add config noise filter for Juniper EX series switches in virtual chassis mode.
NETMRI-27109 Correct Issue Group Settings by Device Groups: DeviceGroupID was always set to 0
NETMRI-27104 - Do not get virtual host auth info for protocols that are disabled.
NETMRI-27103 - Assign NeighborID in SwitchFwd associateNeighbors when IP Address is learned.
NETMRI-27094 Use entPhysicalName for chassis info when entPhysicalClass is not provided.
NETMRI-27090 Correct slow query in Device/InfraDevice consolidator.
NETMRI-27089 - Add config noise filter for Cisco WLC "rogue adhoc alert" messages.
NETMRI-27088 - Improve logging for snmpEngineID debug.
NETMRI-27079 Correct log flooding: "localhost xinetd[1234]: 1 descriptors still set".
NETMRI-27072 - Reading of @issue_trigs/@policy_trigs/@ifmap_trigs must be done in an exclusive manner
NETMRI-27070 - Add log of disk space usage in archive code before creating the final tar file.
NETMRI-27063 - Change process count for Extended Data Scavenger from 5 to 1.
NETMRI-27060 - Change default criteria for Downstream Hub or Switch Issue from 1 to 2.
NETMRI-27016 - Add config noise filter for Juniper SRXs that configured as clusters.
NETMRI-26984 - Juniper lower layer interface should not display a Vlan.
NETMRI-26969 Handle Juniper switches that do not support jnxExVlanTag.
NETMRI-26968 Add a config noise filter for Fortinet configs, removing last login related timestamps.
NETMRI-26962 - Add 'The flash device is in use by another task.' as a transient error in ConfigErrorHandler.pl.
NETMRI-26950 Correct situation where config Search against All Devices returns "Internal Error."
NETMRI-26945 - Remove erroneous help message from Device Viewer > Settings & Status > General Settings
NETMRI-26939 Handle situation where an F5 devices has a prompt longer than 80 chars/
NETMRI-26938 Do not generate PROC020 if collection is disabled.
NETMRI-26918 - Watchdog needs to detect situation with 0 rabbit mq consumers.
NETMRI-26899 - Fix $pagingCmd and $no_pagingCmd for Cisco WOC.
NETMRI-26897 Correct handling of sequence of CIDR configurations that could leave a device undiscoverable.
NETMRI-26896 - Deleting Device using GUI may leave bad Discovery Settings.
NETMRI-26895 Handle situation where device_group_name includes a # symbol.
P/N 400-0608-001
Page 10 of 23
4/14/2016

NETMRI-26894 Add a config noise filter for Fortinet devices for password hash values.
NETMRI-26890 - Send "exit" for Alcatel devices during Config collection.
NETMRI-26888 Show VLAN information in DV-Switch-VLANs section for several device models.
NETMRI-26887 - Better validate Timestamp & TimePeriod on input.
NETMRI-26886 - Allow /32 routes, only exclude if the next hop is the same as the destination.
NETMRI-26868 - Correct VDOM detection to avoid sending "unknown" commands to Fortinet devices.
NETMRI-26865 - Custom fields of type 'Device' should be available in all NE Summary grids in 'Device' section.
NETMRI-26864 Correct Scriptxmld handling for invalid ip address inputs.
NETMRI-26823 - Update Net SNMP module to ignore the oid during processing when there is duplicate entry.
NETMRI-26818 Protect against possibility of CVE-2015-7547 Stack-based buffer overflow in getaddrinfo.
NETMRI-26816 Correct Ruggedcom config collection failure due to improper 'Enter' sending.
NETMRI-26815 Correct Juniper VRF Route processing wrongly parses IPv4 route as an IPv6 route.
NETMRI-26810 Correct data churn for ifConfig xxxx: ifTrunkStatus,ifLinkAggrIndex (SwitchPortFwd churn).
NETMRI-26792 - Remove duplicate unique index creation from SPMEndNotHostsPresent-12-18.sql.
NETMRI-26790 - Exclude fabricpath entries from forwarding collection.
NETMRI-26783 - Enable Config collection for Ruggedcom RS416 as Console Server.
NETMRI-26771 Exclude duplicate IP Addresses from IPAM Sync output.
NETMRI-26770 - Prevent topology mapping of neighbors of non-switches on ports connected to switches.
NETMRI-26768 - Lower the privilege to switch_port_admin for
Api::DevicesController#port_control_protocol_preference
NETMRI-26759 - NetMRI::SSH::scpCopy is obsoleted, NetMRI::SecureChannel::sendFiles should be used instead.
NETMRI-26757 - Fix sql error in InventoryObject.
NETMRI-26741 - Increase SNMP max message size from 1472 to 2800.
NETMRI-26739 - Extend inclusion of Forwarding Entries for excluding Neighbors from 24 hours to 14 days.
NETMRI-26729 - Encode HTML entities for HTML display in CCS_Runtime.
NETMRI-26726 - Add cli inventory data support for SEL SEL-3610 and SEL-3620 vR203 Console Server devices.
NETMRI-26717 Execute a write memory in Nexus port control script to save changes.
NETMRI-26706 - Reuse previous DeviceIDs for End-hosts when they can be associated over time.
NETMRI-26701 Better handle IPv4 vs IPv6 in the Device Viewer ping/traceroute tools.
NETMRI-26691 - Properly map Port-Channel interfaces to a short name.
NETMRI-26690 Correct Fortinet VDOM: CLI interaction to remove a bad prompt regex.
NETMRI-26669 - InfraDevice consolidator should not assume ConfigRevision values begin with '1.'
NETMRI-26668 Properly honor manual typing of a device.
NETMRI-26648 - Disable offers of public key authentication for SSH connections to all devices.
NETMRI-26645 - NetMRI::Notification::Processor must ensure Advanced Settings are available.
P/N 400-0608-001
Page 11 of 23
4/14/2016

NETMRI-26624 Restore the controls 'Date' and 'Period' to the Config Search form (accidently removed in 7.0.1)
NETMRI-26602 - Enable syslog forwarding to sandbox.
NETMRI-26589 - Fix a string handling conversion within for ScriptXml::AssignElement.
NETMRI-26577 - Add "Unable to verify password" message to CCSDeviceError for HP devices.
NETMRI-26563 Remove the consistently false positive "future ifLastChange" system alerts.
NETMRI-26560 - Allow for specification of alternate names in CSRs.
NETMRI-26552 Ensure NetMRI::Util::DeviceLog methods can only be called with complete data.
NETMRI-26390 Clearly label SPM data types in Custom Reports as SPM data.
NETMRI-26194 Ensure API handling of Admin account is consistent with GUI handling.
NETMRI-26064 Remove duplicate entries in session log.
NETMRI-25796 Allow SNMPwalk collection to continue if message size exceeds the buffer maxMsgSize.
NETMRI-25747 Handle race condition during credential guessing that was causing guessing failures.
NETMRI-25494 - Use portIfIndex when dot1dBasePortIfIndex is not available
NETMRI-25465 Protect Api::JobsController against a condition where the JobProcess does not exist.
NETMRI-25086 Type Motorola Wireless AP's using a better approach.
NETMRI-25033 Allow the selection of Basic Device Groups for bulk-exporting device configuration files.
NETMRI-24359 - Add logging to ExtendedDataScavenger.pl.
NETMRI-24248 Accommodate JUNOSs new format for "show ethernet-switching interface INTERFACE brief."
NETMRI-23985 Log the failure reason for any failed subscription file confirmation.
NETMRI-23495 - Adding port channels data support via CLI for Cisco Nexus CN77-C7706, C7710, C7716, NX-OS
6.2(6a) devices.
NETMRI-22695 Correct situation where NetMRI Public Key Authentication offer was causing audit log spam.

NETMRI-26614 Correct IPAM Sync failure which can occur due to unknown Subnet error.
NETMRI-26531 - Remove SPMEndHostsPresent table version 19 duplicate upgrade.
NETMRI-26502 Add VRF data collection support for Nexus 5K SwVer 7.2(0)N1(1).
NETMRI-26493 Generate Results from Custom Reports Using Internet Explorer 11/
NETMRI-26448 Collect un-truncated Configurations from certain Fortigate devices.
NETMRI-26440 Handle SPM End Hosts consolidator error for full tmpPerf table.
NETMRI-26438 Correct order of logging for IPAM Sync failure.
NETMRI-26425 Speed up SQL queries in Subnet code for Virtual Network joins.
NETMRI-26415 Do not escape special characters in username when using SSH.
NETMRI-26393 Correct SQL error in VlanObject for VTPDomain.
NETMRI-26382 Include /32 interface IPs as SubnetMembers.
NETMRI-26375 Honor DNS name priority in Network Insight.
P/N 400-0608-001
Page 12 of 23
4/14/2016

NETMRI-26363 Parse OSPF and BGP routes from Cisco Nexus VRF CLI output.
NETMRI-26348 Handle importCCS.pl interrupted by a reboot to avoid errors in Issue Details viewer.
NETMRI-26333 Wrap Cisco ipv6 VRF commands in SKIPERROR: 1.
NETMRI-26325 Add logging of processes with high memory usage.
NETMRI-26310 Log Rabbit MQ channel hogs.
NETMRI-26300 Properly validate top_ten_type for DetectedChanges charts
NETMRI-26299 Correct GUI hangs when attempting to edit a Device Group in Chrome or Firefox
NETMRI-26297 Collect F5 configurations avoid all empty configuration
NETMRI-26295 Correct checkVersionSuperiorOrEqual:Invalid version parameter check should not be fatal.
NETMRI-26293 Add debug log of SNMP version and table batch size during Data Engine collection.
NETMRI-26282 Remove memory leak in Syslog Processor.
NETMRI-26281 Hide Nested Device Groups on the main selector for restricted users.
NETMRI-26274 Correct Basic Device Group disabling settings and causing devices to become unlicensed
NETMRI-26266 Correct typos in 7.0.1 Device Support list for Huawei devices.
NETMRI-26265 Do not reset data when oid_size is changed.
NETMRI-26255 Allow Cisco 2960 devices to progress past 72% / "stuck type assurance."
NETMRI-26254 Handle Device Group Ranks in netmri.DeviceGroupSettings with larger range.
NETMRI-26248 Fork DNS Processor parent to prevent memory leaks.
NETMRI-26227 Fix CDP consolidator remote InterfaceID calculation when interface does not have an address.
NETMRI-26225 Add Role(s) should not allow unchecked child device groups for nested groups.
NETMRI-26224 Make device model check case independent for Nexus 5000.
NETMRI-26205 Allow export of all configurations when the export is initiated by user.
NETMRI-26197 Properly sort Scripts by name in ScriptsController#list.
NETMRI-26188 Display correct reason for Issue DeviceRestartReport rather than 'unknown' when possible.
NETMRI-26185 Provide complete device report for Config Change Audit Details when a DeviceID is specified.
NETMRI-26172 Correct F5 related SSH session exit handling to not leave stale SSH sessions (F5 memory leak).
NETMRI-26156 Make CDP and LLDP Neighbors visible in Device Viewer for some Virtual devices.
NETMRI-26104 Do not collect CiscoCallMgrObject data if VoipSupport is not enabled.
NETMRI-26065 Update Nortel configuration collection script to run the latest command (versions > v6.3.*).
NETMRI-26058 Mask certain aspects of configuration changes for Aruba WAP's to avoid false-positives.
NETMRI-25876 Correct certain Network Analysis/Issues with no Title.
NETMRI-25804 Add no_paging support for VDOM devices to enable configuration collection on Fortigate 1000C.
NETMRI-25669 Extend the admin password expiration on archive restore, avoiding immediate lockout.
NETMRI-25667 Positively log completion of Archive restore.
NETMRI-23602 Ensure Issue Details viewer keeps device group context when selected for a cleared issue.
P/N 400-0608-001
Page 13 of 23
4/14/2016

NETMRI-26116 Change Job Grouping in UI to eliminate chance of re-running incorrect job.
NETMRI-26100 Correct Incorrect Device Group Member Counts.
NETMRI-26084 Fix item from earlier Security Report that was only fixed on new-install.
NETMRI-26074 Correct InfraDevice consolidator to drop invalid records.
NETMRI-26050 Allow CLI Credential Test to working when password starts with a +.
NETMRI-26026 Reports running against unintended Device Group (group automatically selected by default).
NETMRI-26023 Make pruning of /var/local/netmri/joblogs/ logs less aggressive.
NETMRI-25926 Reset settings for reserved Device Groups when customer has incorrectly set them.
NETMRI-25921 Remove redundant rows in SPM EndHost tables due to NeighborIPNumeric null values.
NETMRI-25913 Clean up Network Type usage in GUI hints.
NETMRI-25912 Trigger router Interface Down issue for 'lowerLayerDown'
NETMRI-25848 Detect Arista enablePrompt while doing "doLogin"/
NETMRI-25836 Do not chmod 644 custom job logs to avoid certain script failure situations.
NETMRI-25829 Improve logic for detecting neighbor changes.
NETMRI-25827 Display un-truncated Model names in 'Config Change Audit Summary Report'.
NETMRI-25824 Treat any failure within a group as a whole group failure in the PCI Compliance Report.
NETMRI-25807 Remove settings_import from published API spec.
NETMRI-25794 Eliminated duplicate entries in session.log on OC systems.
NETMRI-25786 Improve Riverbed config collection.
NETMRI-25773 Do not use ARP entries to determine HSRP device type.
NETMRI-25770 Evaluate adjacent variables in CCS Action-Commands without intervening space correctly.
NETMRI-25723 Disable SQL optimizations for Device Groups regexps
NETMRI-25708 Fix issue with including Forwarding Entries for previous 24 hours when excluding Neighbors
NETMRI-25707 Correct hang with Sandbox rpm updates when Script_Perl is disabled.
NETMRI-25704 Check licenses before upgrading sandbox packages.
NETMRI-25703 Correct errors when importing bad mibs.
NETMRI-25702 Add unique BatchID key to netmri.ccsBatchHasScript so that all jobs display.
NETMRI-25685 Remove "unset console page" command in Netscreen.pm to eliminate config Collection lockups.
NETMRI-25683 SDC: Allow Cisco ASA firewall running 9.3 to work as if it were 9.1.2.
NETMRI-25678 Provide VRF data Collection support for Cisco Nexus N77c7710
NETMRI-25668 Log start of Discovery Engine.
NETMRI-25655 Do not use an API call within authKasai.pl to update user info avoiding GUI lockups.
NETMRI-25654 Fix slow SQL query in GetDevicePropertyGroups.sql.
NETMRI-25652 Improve the 'Include End Hosts' checkbox label wording in Device Group settings dialog.
P/N 400-0608-001
Page 14 of 23
4/14/2016

NETMRI-25650 Correct order of paging commends on Huawei devices so that config collection succeeds.
NETMRI-25648 Correct the job_specification_id when re-running an errored scheduled job.
NETMRI-25638 Correct PruneDatas silent failure which can cause storage warnings.
NETMRI-25631 Update Nortel config collection to support the device with spaces in device prompt.
NETMRI-25627, NETMRI-25484 Include Entries for previous 24 hours when calculating Downstream Switches.
NETMRI-25625 Properly handle H3C devices using doEnableMode.
NETMRI-25612 Update openssl configs to use the sha256 default.
NETMRI-25610 Add Device MAC Address to Discovery Diag.
NETMRI-25601 Log admin shell session ID to help track admin CLI sessions.
NETMRI-25584 Keep FindIt search page from loading forever.
NETMRI-25537 Relax Data Engine watchdog check to reduce false positive health warnings.
NETMRI-25515 Handle port control jobs consistently.
NETMRI-25508 Add Syslog filter toggle for DHCPACK messages.
NETMRI-25501 Set device model blank for RuggedCom RS900G.
NETMRI-25500 Handle unusual version of oe694-' for Cisco WAAS devices.
NETMRI-25481 Trigger Bare Metal Provisioning when MAC changes and sysname is autoconfig
NETMRI-25478 Remove error pop-up in Config Management > Config Search > Select All > Execute Command.
NETMRI-25476 Correct Nortel BayStack login failure after upgrade to 7.0.
NETMRI-25466 Correct Perl script errors at /usr/local/share/perl5/NetMRI/Util/DeviceLog.pm line 248.
NETMRI-25464 NetMRI_Easy.pm should not to try to close CliConnections if they are not opened.
NETMRI-25463 Add Device Group filter to Topology Viewer API call for Link Discovery Protocols
NETMRI-25459 Update NetMRI F5 config collection code to send tmsh command for F5 6400 v10.2.1.
NETMRI-25457 Fix incorrect smart_ping_sweep_ind in discovery_settings table.
NETMRI-25456 Modify CCS file to enable config collection on Brocade Switches.
NETMRI-25442 Add Virtual Network ID to Discovery Diag ARP/Route Info.
NETMRI-25437 Ignore error "Unable to connect" on Cisco Firewalls.
NETMRI-25435 Add deviceCliAudit.log to Standard Log package.
NETMRI-25416 Allow the filtering "between" operator to allow values less than 0.01.
NETMRI-25382 Handle Stale "Policy Violation" issue in Subscription > Add Notifications
NETMRI-25345 Correct occasional partial collection of Citrix CloudBridge configs.
NETMRI-25344 Correct unknown command execution on Citrix CloudBridge makes the job fail.
NETMRI-25149 Provide separate module for Juniper SwitchPort processing.
NETMRI-25146 Update VirtualNetwork API controller to have assign/unassign methods.
NETMRI-25072 Improve live viewer handling for broadcast performance monitoring.
NETMRI-25005 Standardize escaping of special characters between Config template modes.
P/N 400-0608-001
Page 15 of 23
4/14/2016

NETMRI-25002 Follow-up: Adjust the logic for "Config Running Not Saved" issue.
NETMRI-24987 Update RuggedCom device config collection support to handle prompt like content in config.
NETMRI-24940 Do not restart httpd when running AutoUpdate.
NETMRI-24882 Properly handle HTTPS only mode with reports.
NETMRI-24880 Update command to get device running config from CheckPoint devices.
NETMRI-24638 Improve ssh handling of Citrix Cloudbridge devices.
NETMRI-24426 Correct SQL error in F5Object data collection.
NETMRI-23669 Allow regeneration of https certs w/ existing signed certs.
NETMRI-21778 Add certificate reset option to admin cli + admin restore certs.
NETMRI-7053 Provide un-truncated model names in the 'Change audit summary report'.

Various In addition to the external agencies and companies that provided reports of security issues corrected
in 7.0.1 there was one other company not listed. An XSS requiring authenticated access was identified from an
earlier release, and corrected in 7.0.1, but the credit for the find was inadvertently omitted.
Fortinets FortiGuard Labs
NETMRI-25450 Correctly drop/clean-up ARP entries collected as part of VRF data collection.
NETMRI-25433 Correct logging output for CCS debug.
NETMRI-25422 Update SPM End Hosts Present timestamp with end-host in a discovery range
NETMRI-25420 Improve query performance for SPM End Hosts VLAN change.
NETMRI-25415 Correctly send quit command to log out of F5 devices.
NETMRI-25383 Populate Scheduled Jobs in UI from different table, handling cases with jobs over 30 days old.
NETMRI-25352 Declutter log message file.
NETMRI-25346 Improve query performance for topology calculations.
NETMRI-25340 Validate the Syslog recipient address properly in the UI.
NETMRI-25334 Populate VLAN correctly when discovering SPM End Hosts without an IP address.
NETMRI-25308 Restrict access to Cisco Command tool for users with View: Non Sensitive privilege (and not
higher level).
NETMRI-25199 OC: Javascript did not keep correct Object ID integer.
NETMRI-25197 NetMRI did not return HTTP status 503 during Weekly Maintenance.
NETMRI-25174 Send syslog information when multiple syslog servers are defined.
NETMRI-25147 API call to assign VRFs failed with Argument list too long error.
NETMRI-25138 Prune stale entries from Virtual Device Context in certain scenarios.
NETMRI-25110 Feature added to allow background processing of an Update when no .GPG file was provided
the autoupdate command.
NETMRI-25108 Prune syslog log files more aggressively.
NETMRI-25103 Use proper ContextName for firewalls and load balancers.
P/N 400-0608-001
Page 16 of 23
4/14/2016

NETMRI-25097 Added disk usage report to admin shell.
NETMRI-25096 Do not launch Bare Metal Provisioning job without discovering MAC.
NETMRI-25093 Correct race condition between VRF collection and consolidation.
NETMRI-25092 Prevent switches with 72% assurance from counting against Downstream Switch Counts.
NETMRI-25091 Properly handle IOS-XE version string.
NETMRI-25074 Do not exclude ifHighSpeed from collection based on SNMP version.
NETMRI-25069 Correct issue that could cause DSB to be partially transferred from OC to collector.
NETMRI-25068 Log checksum to UpdateHistory.log when running the diag command.
NETMRI-25059 Correct race condition that could cause triggered jobs to run twice.
NETMRI-25058 Add error logging for certain files.
NETMRI-25054 Handle BNT Switch routers that have now corrected a previous SNMP bug.
NETMRI-25049 Enable two way certificate validation for external authentication servers.
NETMRI-25032 Add additional logging for Factory Reset.
NETMRI-25025 Enable health checks on OCs without collectors (possible when it is in hot standby).
NETMRI-25018 Correct licensing code to respect device rank order for determining which network devices to
license.
NETMRI-25015 Correct situation where policy rule against config cannot be competed in the UI.
NETMRI-25002 Issue Config Running Not Saved Issue showed incorrect Time Difference values.
NETMRI-25001 Job Viewer > Files.zip could be missing or could contain wrong data. Unzipped files remained
correct.
NETMRI-24995 Correct issues with memory data collection for some Juniper devices.
NETMRI-24985 Correct issue with importing OID definitions in some situations.
NETMRI-24966 Handle cases where some Cisco devices truncate long host names in configure terminal.
NETMRI-24964 Change handling of Nexus 5K 5.2(1)N1(8b) and other versions as Cisco has corrected
CSCui46891.
NETMRI-24955 Remove hashed passwords in F5 collected configs while comparing them to detect changes.
NETMRI-24954 Allow configuration collection on Nortel ERS device configured with read-only access.
NETMRI-24937 MultiNet OC device settings could be modified after an upgrade.
NETMRI-24924 Child device groups did not get updated when their parent device group was changed.
NETMRI-24909 Correct issue with ARP/Route CLI collection for Cisco Cat6509
NETMRI-24793, NETMRI-25173 Allow enabling/disabling of Performance & Environmental at the group level.
NETMRI-24692 Add debugging information for config collection during Discover Now
NETMRI-24637 Add CLI routing table collection for Cisco IOS-XR.
NETMRI-24248 - While attempting to assign a VLAN to an interface, NetMRI was unable to detect the current
assigned VLAN due to a newer output format of the JunOS command show ethernet-switching
interface <interface> brief.
P/N 400-0608-001
Page 17 of 23
4/14/2016

NETMRI-23850 Update API documentation for Credentials#snmp_test and Credentials#cli_test.
NETMRI-23439 Expose Chassis Serial Number via CCS.
NETMRI-22740, NETMRI-22025 VLANID values were incorrectly reported for Multi-VLAN Access interfaces.
NETMRI-21943 Special characters were not escaped in CLI usernames.
NETMRI-21563 SNMP Credential Guessing needed to gracefully handle noSuchName errors, in cases where an
otherwise valid response contained an OID response with no such name.
NETMRI-21483 In Operations Center, using a Perl script to define static Discovery Settings with a custom field
could change the UnitID of target devices discovery settings under Settings -> Setup -> Discovery Settings.
Fixed in NetMRI Release 7.0.1

Various Several vulnerabilities (SQL injection, XSS, CSRF) have been identified that could potentially be
exploited by Authorized/Authenticated users. NetMRI 7.0 has undergone extensive rework to close the identified
issues, as well as additional Penetration testing to expose, and then correct, any other potential issues.
All externally and internally discovered SQL injections have been corrected.
All externally discovered XSS vulnerabilities have been corrected.
Some internally discovered XSS and CSRF issues still exist, and are being addressed during the NetMRI
7.0 maintenance cycle. All of these require an authenticated account in order to attempt the exploit.
Security reports from the following individuals and agencies/companies were instrumental in this effort:
Giuseppe-Diego Gianni of NCIA/CS-NCIRC TC (NATO)
Ozkan Aziz, Paul Bradley, and George Christopoulos of VISA, UK
Travis Emmert of Salesforce.com
NETMRI-24975 System Health grid was blank on Operations Center with no collectors (warm standby-mode).
NETMRI-24962 OC: Improved reboot protection during weekly maintenance.
NETMRI-24936 Requested to maintain a copy of the root diagnostic during a Factory Reset.
NETMRI-24903 Nortel ERS-88xx series belonged to different Config Collection Filter-Action block.
NETMRI-24893 - Failure to start CCS collectors caused Comm Requests & Jobs to remain pending.
NETMRI-24881 Upgrade failed in Reports.sql.
NETMRI-24855 Perl Jobs did not send "exit" command to explicitly end CLI sessions to Fortinet devices.
NETMRI-24838 Added CLI forwarding and SwitchPort collection support for Nexus 7k NX-OS 6.*
NETMRI-24835 - Riverbed config collection experienced error when finding Not Found string in config file.
NETMRI-24825 - Request to include DeviceIP and timestamp into filename when exporting SNMP/CLI Credentials
table to CSV file.
NETMRI-24813 - Long Running Queries occurred in Discover Now output.
NETMRI-24799 - Nortel/Avaya ERS-5650-TD-PWR Config Collection issues.
NETMRI-24794 Appliance experienced occasional instability due to incorrect setting during kernel upgrade.
NETMRI-24768 - Collector started skipjack service after trying to stop it.
NETMRI-24767 Feature added to add CLI collection support for inventory data.
NETMRI-24760 OC: Remnants of DB/Config archiving system and checks need to be removed from collectors.
NETMRI-24748 Feature added to increase config collection timeout for Riverbed Steelhead devices.
P/N 400-0608-001
Page 18 of 23
4/14/2016

NETMRI-24738 - Disabling "Collect Performance and Environmental data" at the Group Level un-licenses
devices.
NETMRI-24711 Appliance showed incorrect alignment of VDISK-Partitioning of NetMRI VDK.
NETMRI-24707 - SQL syntax errors could occur in Discovery log file.
NETMRI-24666 - Long running SPM query could fill the appliance disk drive.
NETMRI-24656 - Requested to save original pagination in running config.
NETMRI-24655 System archived the database on a collector as part of an upgrade.
NETMRI-24642 - Nexus 1000v was not affected by CSCui46891 and should poll normally, regardless of version.
NETMRI-24634 - NetMRI not collecting Performance information for fiber channel interfaces for Cisco DSC9124,
Switch, 5.0(7).
NETMRI-24626 Skipjack shutdown could cause NetMRI to lose track of VRF assignments made to devices.
NETMRI-24617 - IPAM sync that took longer than 2 hours to run could prune most records.
NETMRI-24589 - Increase look-back time for DetectedChanges in NetMRI::Notification::Processor to the number
of non-archive partitions.
NETMRI-24587 - Added feature to add logging of Factory Reset events to UpdateHistory.log.
NETMRI-24569 - Archive restore output is misleading about when tables are being restored.
NETMRI-24563 - Added feature to prevent switches with 72% assurance from counting against
DownstreamSwitchCount in neighbor calculations.
NETMRI-24542 - Failed Config Collection caused unassigned VRFs on device.
NETMRI-24539 - Cisco Nexus ForwardingObject collection via CLI should not collect SwitchPortObject via SNMP.
NETMRI-24535 - Last Seen date in SPM for Cisco cat4510rpluse, IOS-XE 03.04.00.SG not regularly updated.
NETMRI-24527 NetMRI collected extraneous config files from Alcatel OmniSwitch 6450P48 devices.
NETMRI-24521 - Devices that are only discovered through DNS or Path Collector as Routers, but without SNMP
credentials, remained permanently at 72% assurance.
NETMRI-24473 NetMRI attempted to establish SNMPv2 connection when SNMPv3 credentials were guessed
after reset.
NETMRI-24460 - NetMRI only collected and displayed 3000 routes (though route limit was set to 9K).
NETMRI-24393 - NetMRI did not use the Management IP address chosen in the Device Viewer.
NETMRI-24183 - Manually overriding the device license did not work for non-network devices.
NETMRI-24110 Possible misleading information appeared for Config Running Not Saved Issue.
NETMRI-24030 Requested to remove "The job may also specify its own expiry duration" statement from Admin
Guide.
NETMRI-23964 Requested to document the difference between Policy Compliance pie chart and Policy
Compliance tab results.
NETMRI-23945 Issues occurred during Collector upgrades to 6.9.2.
NETMRI-23900 NetMRI sent the command "modify cli paging disable" to F5 devices.
NETMRI-23898 The Device Viewer -> Router -> Route Table page reports 0.0.0.0 as a valid next hop.
NETMRI-23607 Pagination prompts were embedded in config text for some HP devices.
P/N 400-0608-001
Page 19 of 23
4/14/2016

NETMRI-23549 - Adding a Static IP did not allow system to delete a given device or its discovered data (gets
rediscovered immediately).
NETMRI-23501 Added feature to add FQDN to the list of Advanced Settings, for use in Reports and Notification
HTTPS links, instead of the appliances Management IP.
NETMRI-23452 getconfigstatus method of ConfigRevision API model gave a blank value for last collected
timestamp.
NETMRI-23451 Requested to update documentation to show use of NMAP and clarify use of Ping Sweep and
Smart Ping Sweep.
NETMRI-23428 Text became invisible when angle brackets were used around text in columns fields under
Config Management -> Job Management -> Lists.
NETMRI-23415 Upgrade did not honor customers setting for CLI credential order priority of credentials
needed to be reset after the upgrade.
NETMRI23381 Feature added to allow for increased number of device groups.
NETMRI-23114 In the Issue Viewer, if search returned more than one page, selecting the whole result via
select all ... items resulted in an unfiltered list.
NETMRI-23081 - Device Viewer -> Network Analysis -> Performance -> CPU Statistics shows
"$CpuChart0.respData" error instead of CPU Statistics.
NETMRI23074 Feature added to prevent Master OC licensing on a Collector appliance.
NETMRI-22991 Feature added to validate CSR inputs in admin shell.
NETMRI-22984 Job Viewer incorrectly processed some requests.
NETMRI-22858 Perl scheduled jobs were not executed on DB-restored units.
NETMRI-22820 Config Templates with quote mark characters were not compatible on HP Switches.
NETMRI-22754 Feature added to audit NetMRI SSH connections to devices through the Device CLI Audit Log.
NETMRI-22582 Feature added to require user to provide current password when changing their account
password.
NETMRI-22500 Network Explorer -> Discovery: SC chicklet showed OK status with old timestamp when S field
showed failed status.
NETMRI-22570 Could not select all interfaces on a device or for a device group when creating a report on
Interface History data.
NETMRI-22096 - Discovery method of Devices API stated all outputs were Booleans.
NETMRI-21262 API calls made from a job were executed as the system admin user.
NETMRI-21062 - Feature added for VRF data collection into the Device Support -> Data Collection and Device
Support -> Device Support tabs for the Device Viewer.
NETMRI-20802 OC: Jobs remaining in Pending after job Success is reported.
NETMRI-20577 OC/Collector health monitoring would not detect a down Collector when VPN tunnel was still
established, even when the Collector was no longer processing.
NETMRI-20365 Scheduled database archives could intermittently stop working.
NETMRI-20328 - Cisco Nexus 7010 v6.0 SNMP data collection obtains different results from SNMP walk.
NETMRI-20283 If credentials were manually entered for a device, CLI credential guessing did not consider
them for bulk multi-select discovery.
P/N 400-0608-001
Page 20 of 23
4/14/2016

NETMRI-20250 When jobs were sent to a collector and the collector was down or went down before job
completion, the jobs could remain in varying states of completion without ever finishing.
NETMRI-19883 - API call returned no data when .csv format was requested for SPM end hosts grid.
NETMRI-19653 Removal of message displayed during Discover Now operation.
NETMRI-19502 - Added feature to skip Last Commit: line in Juniper configurations.
NETMRI-19229 The sandbox configure command did not correctly change the IP address of the Local
Sandbox.
NETMRI-19200 Script Names should not accept a character length of greater than 80 characters.
NETMRI-18066 The Job Details Viewer logs did not show any information for skipped state jobs when a device
was unlicensed or unmanaged, or when CLI credentials were not guessed.
NETMRI-17060 Reports including the Device Timestamp = Month setting could give unexpected results.
NETMRI-16655 The chart from selecting Network Analysis -> Issues by device with historic chart did not
correctly display daily values.
NETMRI-11964 Requested to allow CCS and Perl scripts to override current prompt regular expression on a per
send_command basis.
NETMRI-10152 - Factory reset did not return NetworkTypes in the config to the default.
NETMRI-10146 Issue Viewer: Last Seen Time Stamp showed current date and Time even when selecting the
previous dates for Interface Not Stable issue.
P/N 400-0608-001
Page 21 of 23
4/14/2016
Network Automation 7.0.3 Release Notes

KNOWN ISSUES FOR NETMRI RELEASE 7.0.5
The following items are notable bugs or potential improvements found by Infoblox, or reported by customers.
These are candidates for future maintenance or major releases. For information on specific tickets, please
contact support.
NETMRI-26557 Email notifications for some issues are sent multiple times once per each device component.
NETMRI-24981 For jobs of enormous size (e.g. 26000 devices) a lag occurred between when the job
completed, and when the job detail files for each device became available.
NETMRI-24806 - Device Viewer: include device's IP into filename when exporting data to CSV file.
NETMRI-24505 - Issues with CDS Download Tool related API calls, including the
get_extended_vendor_discovery_data call.
NETMRI-24292 - Routes not being successfully stored on NetMRI from Nexus 7K running v5.2.
NETMRI-24118 As an aid to troubleshooting, Switch Port Management collection settings need to be added to
the standard Logs package.
NETMRI-24079 - System Health DATZ001 alerts, indicating Collector appliances are in the wrong time zone,
appearing although the OC and all Collectors are configured in the same time zone and are using the same NTP
server.
NETMRI-23754 CLI Credentials page can appear as blank when multiple UsernameSecure/Password Secure
NULL entries exist.
NETMRI-23725 After creating Custom Fields of type "Date," they are subsequently displayed as "Date Time"
values having "00:00:00" as the time.
NETMRI-23435 Time Zone and NTP settings need to be synchronized to the local sandbox.
NETMRI-23425 - 'Configure server' does not allow specifying DNS servers per interface must be done via the UI.
NETMRI-22986 - Deleting a script results in no longer being able to view the job viewer for all jobs associated
with the script.
NETMRI-22570 Cannot select all interfaces on a device or for a device group when creating a report on
Interface History data.
NETMRI-22527 - Exporting a built-in HTML report to PDF where the content is divided into multiple pages, the
PDF retains the HTML page numbering.
NETMRI-22489 Applies only when multiple scan interfaces are being used in the deployment. In cases where a
hostname is specified under Tools -> Device -> Ping/Traceroute, the hostname is always resolved against the
DNS server of the MGMT interface, regardless of which Network View is selected. For systems with multiple scan
interfaces, this may result in incorrect or unexpected resolution if the MGMT interface DNS does not have an
entry for the host name, or if an entry exists that refers to another device on the MGMT network.
NETMRI-22455 Issue Subscription generates an incorrect SNMP Trap issue.
NETMRI-22454 Invalid JobID value in API Job_Update call causes no new jobs to be created or scheduled.
NETMRI-22446 After upgrading a single-network Operations Center to 6.9, the Network View name in the grids
may be different than the Network View name in the Settings -> Network Views table, showing the View name
as the network name of the Operations Center. This value is incorrect; the correct Network View name appears
in other locations in the NetMRI UI, including in Network Explorer -> Discovery. WORKAROUND: Open the
Settings -> Network Views page and re-name the network view to the correct value. After doing so, the Network
View names will be in sync.
P/N 400-0608-000
Page 22 of 23
4/14/2016
Network Automation 7.0.3 Release Notes

NETMRI-21890 Unable to Resync the collector settings from the GUI due to password de-synchronization.
NETMRI-21815 Running maintenance from admin CLI will be killed if the SSH session is dropped
NETMRI-21232 Network Explorer -> Discovery does not honor User Role settings.
NETMRI-20739 When a user swapped out a collector, powered off the old collector and registered the new
collector appliance, and the old appliance was later turned back on, it continued data collection (both
appliances performed data collection on the same devices) and generated backpressure messages to the OC.
NETMRI-20682 Device Group Counts in GUI may be incorrect due to devices expiring or being rediscovered.
NETMRI-20033 NetMRI displaying error message while running 30 days built in reports
NETMRI-20004 Fingerprint data causing incorrect Device Type assignment.
NETMRI-19796 Typing Cisco ASR 1000 as HSRP device prevents device discovery.
NETMRI-19741 Perl Job shown as running on Operations Center did not run.
NETMRI-19706 Remote Sandbox displayed 'Net-SNMP' as Vendor information under NetMRI.
NETMRI-19687 Upgrading from 6.7.3 may produce a "Lost connection to MySQL server during query" message.
NETMRI-19298 FindIT does not indicate where Neighbor Data comes from, which can cause confusion in the
Device Viewer.
NETMRI-18689 DISA v8 rules are listed, but not implemented for severity Info and below.
NETMRI-17798 NetMRI DNS entry is seen in local firewall. WORKAROUND: Ensure that configuring NetMRI and
changing DNS Servers correctly updates the DNS Server entries in /etc/resolv.conf on the Sandbox.
NETMRI-17796 Running a Discover Now on a single IP address sometimes incurs an excessive time to complete.
NETMRI-17779 LOGIN_FAILED message on Cisco 2960 switches when NetMRI attempts CLI authentication.
NETMRI-17648 Occasional HTTP 503 error messages when trying to view reports.
NETMRI-16120 View Members action menu option on an Operation Centers Settings -> Collectors and Groups > Groups table is disabled for non-Admin accounts. The option still works for the system admin.
NETMRI-14925 NetMRI login to Cisco devices running IOS-XR firmware logging 'Terminal type not supported
messages.
NETMRI-13970 Unable to deploy Custom Issue Help Files.
NETMRI-10778 If data synchronized with NIOS IPAM is not from very recent network discovery, IPAM may
declare false conflicts.
P/N 400-0608-000
Page 23 of 23
4/14/2016

Network Automation 7 0 5 ReleaseNotes PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Network Automation 7 0 5 ReleaseNotes PDF

Uploaded by

Copyright:

Available Formats

NetMRI 7.0.

NEW FEATURES .................................................................................................. 2

Deprecated and Obsolete features ........................................................................... 5

DEVICE SUPPORT UPDATES .................................................................................... 6

UPGRADE GUIDELINES .......................................................................................... 8

OTHER REQUIREMENTS ......................................................................................... 9

TECHNICAL SUPPORT ........................................................................................... 9

KNOWN ISSUES FOR NETMRI RELEASE 7.0.5 ................................................................ 22

NetMRI 7.0.5 Release Notes

About NetMRI 7.0.x

NetMRI 7.0.5 Release Notes

NetMRI 7.0.5 Release Notes

NetMRI 7.0.5 Release Notes

Deprecated and Obsolete features

Remote Diagnostic Tool

Cisco Call Manager

Quality of Service test module

VoIP SLA test module

NetMRI 7.0.5 Release Notes

Support for NetMRI 1102-A appliances these cannot be upgraded to 7.0.1

Discovery Module License

Set Temp License for SDC and SPM

Network Analysis Events (already hidden by default)

Event Collector Analysis (already hidden by default)

Planning for Deprecated and Obsolete Features

Standard + SPM license combination replaced by Full NetMRI license type.

HTTP connections limiting the system to HTTPS only

DEVICE SUPPORT UPDATES

Cisco ASA 5516-X Firewall v9.4(2)

Fortinet 140D Firewall v5.2.5

Fortinet fgt92D Firewall v5.2.4

Juniper EX4300 Switch-Router v14.1X53-D25.2

SEL SEL-3610 & SEL-3620 Console Server vR203

Aruba AP225 WirelessAP 6.3.1.8-4.0.0.7

Cisco Catalyst 4506e Switch-Router v12.2(54)SG1

MRV 906c Switch-Router v4.3.2

Cisco ASR5000, Router, v17.4.0

Cisco C6880xle, Switch-Router, v15.1(2)SY4a

Citrix Cloudbridge 3000 and 600, WOC, v7.2.3

Exinda 10862 and 8862, WOC, v6.4.6.3574

HP J9727A, Switch-Router, WB.15.14.0007

McAfee Sidewinder S3008, Firewall, v8.3.0

NetMRI 7.0.5 Release Notes

Arista DCS-7150S24, Switch-Router, v4.13.5F

Arista DCS-7508, Switch-Router, v4.13.9.1M

Brocade ICX775048F, Switch-Router, v08.0.20T203

Citrix NSMPX-22000-10G, Load Balancer, vNS9.3, build 66.5nc

Crossbeam Systems X50, Firewall, v9.7.2

Alcatel OS6450-P48, Switch-Router, v6.6.3.520.R0

Arista vEOS, Switch-Router, v4.13.5F

Brocade 6510, Storage Appliance, v7.3.1

Brocade vdx6720, Switch-Router, v3.0.0b

Brocade vdx6720P24, Switch-Router, v3.0.0b

Brocade vdx6730P32, vdx6740, and vdx8770S4 Switch-Router, v4.1.2ac

Cisco C68xxVirtualSwitch, Switch-Router, v15.2(1)SY1

Citrix NSMPX-15000, NSSDX-18500, Load Balancer, v.NS10.1: Build 129.11.nc

HP J4865A, and J4887A Switch-Router, vG.07.117

HP J4899A, J4899B, J4899C, J4900A, J4900B, and J4900C Switch-Router, vH.10.113

Huawei s5700-28C-EI-24S, and s5700-28C-PWR-SI Switch-Router, v5.130

Huawei s5710-28C-PWR-EI, Switch-Router, v5.150

Added CLI port-channel collection for Cisco C68xxVirtualSwitch v15.2(1)SY1

LIMITATIONS OF 7.0.x SOFTWARE

NetMRI 7.0.5 Release Notes