CloudPassage Halo: 10 May 2012 Release

The 10 May 2012 release of CloudPassage® Halo® includes changes to the CloudPassage Daily Status emails, changes to the registration confirmation email, and a variety of minor bug fixes and UI enhancements, including a version specification for the ICMP service for Windows firewall.

Changes to hidden DNS firewall rules

Whenever you create a firewall policy in the Halo Portal, Halo adds a set of basic firewall rules that are required for the Daemon to operate. These rules are “hidden”—they do not appear in the Portal and you cannot edit them, although you can view them if you export the firewall policy.

Enhancements have been made to DNS-related hidden firewall rules to improve security for servers that communicate with name servers and for DNS clients and servers themselves.

Support added for multiple IP addresses per server

When you include a server group as a source in a firewall rule, Halo behavior has been to include, for each server, only the IP address that its daemon uses when communicating with the Halo Grid. With this release, all IP addresses of all interfaces used by the server are included.

Improved functionality for Windows firewall rules

Previously, it was possible to create an IP zone with a host address value of, which would cause installation of a Windows firewall containing that IP zone to fail. With this release, Halo changes existing IP zone addresses of that value to “ANY” if they are applied to a Windows firewall policy, and it prevents the user from creating a new IP zone that includes that address.

Handling duplicate names for IP zones and network interfaces

It has been possible to create an IP zone or network interface with a given name, and then—while creating a firewall rule—create another IP zone or interface with the same name. To enforce uniqueness of names, Halo no longer permits a newly created zone or interface to have the same name as an existing one.

Improved support for custom ICMP firewall rules

Halo now supports, and where necessary creates corresponding outbound rules for, custom ICMP types ping (icmp/8), timestamp (icmp/13), and address_mask (icmp/17) services. Also supported is icmp/all, which includes all three types.

Stay up to date

Get the latest news and tips on protecting critical business assets.

Related Posts