Release Notes
2.12.0.0.x Major Release (TBD - EOL: TBD + 24 months)
What’s New in this Release
NFO Security Update
This security update includes the following:
Implement NFO Central feature
NFO Central utilizes a custom, dynamic load balancing algorithm to distribute incoming traffic. The system continuously monitors real-time data, such as flow rate by exporter, to determine the least loaded NFO peer and automatically rebalance traffic distribution. This rebalancing is also triggered instantly when nodes join or leave the cluster.
Customer Request/Ticket numbers: NFC-12131
Improved Device Statistics
The system now collects and displays Input Packets (Total and Rate) per device under the Status -> Statistics -> Devices screen. This new, granular metric provides deeper visibility into network flow activity and is a foundational step for implementing rate-based load balancing
Customer Request/Ticket numbers: NFC-12122
Improved MDT Input Configuration
Enhanced validation for MDT input settings and watch lists, including checks for MDT TLS configuration ID uniqueness, valid certificate/key file access, and correct network interface address/port settings.
Customer Request/Ticket numbers: NFC-12134
SNMP Polling Rules
We've added a powerful new feature that allows you to create custom rules for filtering SNMP polling data. You can now define conditions using logical and comparison operators to report on only the most critical interfaces or devices, significantly reducing the load in large-scale environments.
Customer Request/Ticket numbers: NFC-11995
Improved Auto-discovery
When credentials are not specified for a subnet, devices will be polled using all configured credentials.
Customer Request/Ticket numbers: NFC-12079
Added SNMP sysObjectID to Default OIDs
The default SNMP polling OIDs now include sysObjectID, providing enhanced device identification and compatibility.
Customer Request/Ticket numbers: NFC-11996
Splunk HEC output: added channel identifier
Added a channel identifier for Splunk HEC outputs, now with support for indexer acknowledgment.
Customer Request/Ticket numbers: NFC-11915
Enhanced NFO stability
Improved Quality of Service (QoS) mechanisms to prevent out-of-memory (OOM) situations and ensure more stable performance under heavy load.
Customer Request/Ticket numbers: NFC-12105
Improved Kafka output configuration
Customer Request/Ticket numbers: NFC-11213
2.11.3.0.49 Maintenance Release (July 31, 2025 - EOL: July 31, 2027)
What’s New in this Release
NFO Security Update
This security update includes the following:
- Upgrade OpenSSL and crypto libraries to version 3.x
Customer Request/Ticket numbers: NFC-11919
Added support for Model Driven Telemetry (MDT) input (Preview)
Introduced support for Model Driven Telemetry (MDT) input, enabling more granular and real-time network visibility.
Customer Request/Ticket numbers: NFC-11922, NFC-12008
Improved Auto-discovery feature
We have significantly enhanced our Auto-discovery feature to include an automatic and rule-based device classification system. Previously, the feature could discover devices and their basic properties. Now, it can also automatically classify them, allowing you to create and manage device groups more efficiently. This new functionality streamlines the onboarding of new devices and ensures consistent policy application across your network.
Key Features:
- Automatic Device Classification: Auto-discovery now automatically assigns devices to a default group based on SNMP SysObjectID and other identifying attributes.
- Rule-Based Device Grouping: Create your own custom rules to automatically classify and assign discovered devices to specific groups based on criteria you define. This allows for tailored configurations and reporting for different segments of your network.
- Enhanced Usability: This improvement reduces manual effort and simplifies the management of large-scale network environments.
Customer Request/Ticket numbers: NFC-11979, NFC-12012, NFC-12050
Splunk HEC output: add channel identifier
Customer Request/Ticket numbers: NFC-11915
Added support for Cisco SD-WAN IPFIX fields (including options)
Added support for Cisco SD-WAN IPFIX fields (including options), providing deeper visibility into SD-WAN traffic.
Customer Request/Ticket numbers: NFC-11169
Add Archive and Restore Configuration
Introduced Archive and Restore Configuration, allowing you to easily back up and restore your NFO settings.
Customer Request/Ticket numbers: NFC-11997
Improved Splunk HEC output
- Introduced support for multiple Splunk HEC outputs to a single IP/port, facilitating the routing of various NFO data types to distinct Splunk indexes.
- NFO now supports Splunk HEC output in JSON format, for improved data ingestion.
Customer Request/Ticket numbers: NFC-11933, NFC-11978
Improved SNMP v3 Trap Handling
We've made SNMP v3 trap handling much simpler. Now, NFO automatically handles device EngineIDs when encrypted SNMP v3 traps are received. This means you no longer need to create separate credentials for each device, significantly streamlining your setup.
Customer Request/Ticket numbers: NFC-12011
NFO License Manager to report SNMP polling blocks
The NFO License Manager now includes reporting on SNMP polling blocks, helping you manage your licensed capacity more effectively.
Customer Request/Ticket numbers: NFC-12000
Usability improvments
- Explanations for Auto-discovery steps
- External Data Feeder for NFO page - EDFN selection in case of multiple EDFNs are configured
- Added upload button to EDFN Agent configuration lists
- Added Clear and reset buttons to EDFN agent settings
Customer Request/Ticket numbers: NFC-12050, NFC-11989, NFC-12013, NFC-12042
What’s Been Fixed in this Release
Auto-discovery: SNMP v3 is Not Processed Correctly (Intermittent)
Customer Request/Ticket numbers: NFC-12076
Upload yaml OID Set with New Device Group Name is not Allowed
Now when yaml OID set is uploaded with a new Device Group name, this Group is automatically added.
Customer Request/Ticket numbers: NFC-11992
2.11.2.0.32 Maintenance Release (April 30, 2025 - EOL: April 30, 2027)
What’s New in this Release
NFO Security Update
This security update includes the following:
- JRE 11.0.27 (CVE-2025-21587)
- Json-smart 2.5.2 (CVE-2024-57699)
Customer Request/Ticket numbers: NFC-11919
Added support for Open Telemetry (OTel) output
Customer Request/Ticket numbers: NFC-11811
Redesigned SNMP device group assigments
Customer Request/Ticket numbers: NFC-11941
Sending NFO/EDFN internal logs to syslog server or Splunk HEC
Customer Request/Ticket numbers: NFC-11926
Improved NFO Output Preview
Customer Request/Ticket numbers: NFC-11929
Option to fix out of sequence timestamps in NFv5 and IPFIX
Customer Request/Ticket numbers: NFC-11948
Usability improvments
- GUI for installations with multiple EDFNs
Customer Request/Ticket numbers: NFC-11972
2.11.1.1.1 Hotfix Release (March 9, 2025)
What’s New in this Release
SNMP Custom OID Sets Monitor bug fix
Download the Module set:
Instructions how yo apply the fix
2.11.1.0.70 Maintenence Release (February 10, 2025 - EOL: February 10, 2027)
What’s New in this Release
NFO Security Update
This security update includes the following:
- Apache Tomcat 9.0.98
- JRE 11.0.25
- Implemented Cross-Site Request Forgery (CSRF) protection
Customer Request/Ticket numbers: NFC-10410
Improved performance for Linux 9
Customer Request/Ticket numbers: NFC-11837
Added support of IPv6 exp_ip sampling
Customer Request/Ticket numbers: NFC-11264
Improved performance for AWS S3 output
Customer Request/Ticket numbers: NFC-11337
Implement Preview output feature
Customer Request/Ticket numbers: NFC-11840, NFC-11805
Added support for post-NAT IP addresses in Network Conversations Module
Customer Request/Ticket numbers: NFC-11863
Changed default in Network Conversations Module
Changed default to report bi-directional conversations
Customer Request/Ticket numbers: NFC-11830
Improve Auto-discovery feature
- Added connections based on next_hop
- Added connections IEEE 802.1D devices
- Allow to enable/disable auto-disovery
Customer Request/Ticket numbers: NFC-11871, NFC-11838, NFC-11855
Implement exclusion list for port consolidation
In the list of known server destination port numbers, allow marking which server application ports should be processed with client ports reported.
Customer Request/Ticket numbers: NFC-11285
Added Azure VNet flow logs support
Customer Request/Ticket numbers: NFC-11648
Improve NFO license manager
Allow to exclude peer nodes from production usage count
Customer Request/Ticket numbers: NFC-11696
Improve SNMP service and Auto-discovery
Customer Request/Ticket numbers: NFC-11786
Improve NFO Status page and troubleshooting
Customer Request/Ticket numbers: NFC-11809, NFC-11810, NFC-11828, NFC-11833, NFC-11882,
Improve NFO upgrade procedure
Restore server.cfg file after upgrade
Customer Request/Ticket numbers: NFC-11786
What’s Been Fixed in this Release
TFS registration error occurs intermittently in NFO server for sFlow data
Customer Request/Ticket numbers: NFC-11308
The server drops TFS due to duplicate template registration within 10-second interval
Customer Request/Ticket numbers: NFC-11820
Modified NFO server.cfg file incorrectly synchronized with config DB
Customer Request/Ticket numbers: NFC-11850
Missing VNet exporter names for Microsoft Azure Flow Logs input
Customer Request/Ticket numbers: NFC-11867
2.11.0.0.95 Major Release (September 30, 2024 - EOL: September 30, 2026)
What’s New in this Release
Implemented automatic device discovery using SNMP polling, streamlining network monitoring setup
Customer Request/Ticket numbers: NFC-11588
Implemented NFO output filtering based on Module id (nfc_id)
Customer Request/Ticket numbers: NFC-11703
Okta SSO
Customer Request/Ticket numbers: NFC-11700
Implement EDFN agent for OpenCTI
Customer Request/Ticket numbers: NFC-10641
Implement EDFN agent for Cisco ACI Bridge Domain enrichment
Customer Request/Ticket numbers: NFC-10434
Added support for username reported by Palo Alto Networks, Cisco AVC, and IPFIX element 371
Customer Request/Ticket numbers: NFC-11707
Added Support for nexthop, allowing for detailed visualization of network traffic routing paths
Customer Request/Ticket numbers: NFC-11630
Added Support for NetScaler IPFIX elements: AppName, RTT, and TCP retransmits
Customer Request/Ticket numbers: NFC-11167
Implemented "Catch all" in Repeater filters
Customer Request/Ticket numbers: NFC-11391
Performance improvement
Customer Request/Ticket numbers: NFC-11668
What’s Been Fixed in this Release
vCenter agent generates records with duplicate MAC addresses and zero IP addresses
Customer Request/Ticket numbers: NFC-11780
AWS S3 output: Some Syslog generated files missing the header row
Customer Request/Ticket numbers: NFC-11725
2.10.2.0.88 Maintenance Release (April 24, 2024 - EOL: April 24, 2026)
What’s New in this Release
NFO Security Update
This security update includes the following:
- Apache Tomcat 9.0.88
- JRE 11.0.23
Added Support for Oracle Cloud Infrastructure (OCI)
Customer Request/Ticket numbers: NFC-11422, NFC-11449
Added support for IPv6 in Security Threat Lists in Network Conversations Module
Customer Request/Ticket numbers: NFC-11296
Implemented Azure Logs Ingestion API (as Data Collector API will be deprecated)
Customer Request/Ticket numbers: NFC-11448
Added support for Original Flow Data and NetFlow Recorder to AWS S3 output
Customer Request/Ticket numbers: NFC-11197
Improved EDFN Agento to support AWS/Azure/GCP/OCI public IP ranges
Customer Request/Ticket numbers: NFC-11461
Added support for IPv6 in SNMP Polling and Traps
Customer Request/Ticket numbers: NFC-11481
Added support of SNMP Polling Configuration via YAML Packages
Customer Request/Ticket numbers: NFC-11554
Added ifHighSpeed OID to SNMP Polling
Customer Request/Ticket numbers: NFC-11486
Added new SNMP OIDs to interface_mon Set
Customer Request/Ticket numbers: NFC-11491
Performance Improvements
Customer Request/Ticket numbers: NFC-11318, NFC-11543
Various Usability Improvments
Customer Request/Ticket numbers: NFC-11469, NFC-11478, NFC-11480, NFC-11544, NFC-11575, NFC-11611
2.10.1.3.2 Hotfix Release (February 9, 2024)
What’s New in this Release
NFO Security Update
This security update addresses the following vulnerabilities:
- Apache Tomcat 9.0.85 (CVE-2023-46589, CVE-2023-42795, CVE-2023-44487)
- JRE 11.0.22 (the latest version)
Downloads:
2.10.1.0.23 Maintenance Release (September 30, 2023 - EOL: September 30, 2025)
What’s New in this Release
NFO Security Update
This security update addresses the following vulnerabilities:
- Apache Tomcat 9.0.80 (CVE-2023-41080, CVE-2023-34981)
Improved SNMP Polling Statistics
Add SNMP polling requests queue length and the number of unresponsive devices to Status page.
Add unresponsive devices to NFO internal logs (nfo_audit.log).
Customer Request/Ticket numbers: NFC-11362, NFC-10408
Improved Error Logging for AWS S3 Output
Customer Request/Ticket numbers: NFC-11401
Improved Format for Original NetFlow Data Output
Customer Request/Ticket numbers: NFC-11412
Improved Formatting of Output Syslog and JSON Messages
Add an option to include nfo_hostname as key-value pair to Syslog output.
Customer Request/Ticket numbers: NFC-11374
2.10.0.1.6 Security Update Security update (July 24, 2023)
What’s New in this Release
NFO Security Update
This security update addresses the following vulnerabilities:
- OpenJDK (CVE-2023-22049, CVE-2023-22036, CVE-2023-22006)
EDFN
- AsyncHttpClient 2.12.3 (was dependent on old Netty version 3.x, CVE-2021-21290, CVE-2020-11612)
- Okta SDK 8.2.5 (no vulnerabilities, but it depends on SnakeYAML)
- SnakeYAML 2.0 (CVE-2022-41854, CVE-2022-1471)
NFO
- OpenSearch client 2.8.0 (no vulnerabilities, but it depends on SnakeYAML)
- Azure Identity 1.9.2 (no vulnerabilities, but it depends on Json-smart)
- Json-smart 2.4.10 (CVE-2023-1370)
Downloads:
2.10.0.0.140 Major Release (June 30, 2023 - EOL: June 30, 2025)
What’s New in this Release
NFO Security Update
Updated Java, Tomcat, and other libraries to the latest available security release.
Customer Request/Ticket numbers: NFC-10xxx
Implemented Support for Full IPv6 Network
Implemented support for NetFlow exporters with IPv6 addresses. Now NFO can be deployed in networks with 100% IPv6.
Customer Request/Ticket numbers: NFC-9998, NFC-9999, NFC-11278
Implemented Integration with Okta for User Identity Enrichment
Customer Request/Ticket numbers: NFC-11007
Added NFO Output to Microsoft Azure Log Analytics Workspace
Implemented new NFO Output Type - Azure Log Analytics Workspace (Azure Monitor, Sentinel)
Customer Request/Ticket numbers: NFC-11110
Added NFO Output to Microsoft Azure Blob Storage
Implemented new NFO Output Type - Azure Blob Storage
Customer Request/Ticket numbers: NFC-11151
AWS OpenSearch Output Upgrade
Upgrade OpenSearch library from 1.3 to 2.4
Customer Request/Ticket numbers: NFC-11181
Implemented NFO License Master
Customer Request/Ticket numbers: NFC-11139, NFC-11240
Implemented NFO Additional NFO Troubleshooting Features
Added NFv9/IPFIX templates logging
Customer Request/Ticket numbers: NFC-11183
Improved NFO Output Performance to AWS S3 Buckets
Customer Request/Ticket numbers: NFC-11191
Improved Microsoft AD Integration
Allow multiple user groups configuration
Customer Request/Ticket numbers: NFC-11292
Improved Integration with AlienVault (AT&T Cybersecurity)
Implement an option to use Pulses with malicious domains
Customer Request/Ticket numbers: NFC-11304
Improved Security in NFO Clouds Input/Output Configuration
Customer Request/Ticket numbers: NFC-11192, NFC-11201, NFC-11204, NFC-11205
Improved NFO Status Page Reporting
Customer Request/Ticket numbers: NFC-11234
Improved Output Dictionary
Added support for NFO Output dictionary in various Modules. Fixed JSON output reporting numeric fields as numbers
Customer Request/Ticket numbers: NFC-11142
What’s Been Fixed in this Release
[Module 1006x] Report client port when it is disabled
Customer Request/Ticket numbers: NFC-11132, NFC-11176
Known Issues
[Module 20062] S3 output failed with "no access" error code
Linux RHEL is not affected. For other Linux OSs, you can fix the issue using the following workaround:
Make a symbolic link /etc/pki/tls/certs/ca-bundle.crt to the certificates bundle (For example, on Ubuntu 20.04.5 LTS to the /etc/ssl/certs/ca-certificates.crt)
sudo ln -s /etc/ssl/certs/ca-certificates.crt /etc/pki/tls/certs/ca-bundle.crt
2.9.1.3.7 Security update (April 24, 2023)
What’s New in this Release
NFO Security Update
This security update fixes the following vulnerabilities:
-
Apache Commons Text 1.10.0 or a later version (CVE-2022-42889)
-
Apache Commons FileUpload (CVE-2023-24998)
-
Kafka client updated to 3.4.0 (CVE-2022-34917)
-
OpenSearch client updated to 2.6.0 (CVE-2023-23612)
-
HSQLDB (CVE-2022-41853)
-
FasterXML jackson-databind (CVE-2022-42003, CVE-2022-42004)
-
OpenJDK (CVE-2023-21930, CVE-2023-21937, CVE-2023-21938, CVE-2023-21939, CVE-2023-21954, CVE-2023-21967, CVE-2023-21968)
Downloads:
2.9.1.2.3 Hotfix Release (November 14, 2022)
What’s New in this Release
NFO Security Update
NetFlow Optimizer Is Not Impacted by OpenSSL 3.0 Vulnerabilities (CVE-2022-3602 and CVE-2022-3786).
NetFlow Logic is aware of these vulnerabilities and has completed verification that these issues do not affect our products or services. No customer action is required.
Bug fix in Network Conversations Module
When parameter "Enable (1) or disable (0) generating end of conversation events" is set to 0, inactive sessions are not removed by timeout, and in-memory DB can eat memory.
Customer Request/Ticket numbers: NFC-11127
Implement additional status values in Network Conversations Module
Add Forwarding Status reported by Cisco routers:
- action=U for forwardingStatus 00 (unknown)
- action=F for forwardingStatus 01 (forwarded)
- action=D for forwardingStatus 10 (dropped)
- action=C for forwardingStatus 11 (consumed)
Customer Request/Ticket numbers: NFC-11122
Performance improvements
Customer Request/Ticket numbers: NFC-11156
Downloads:
2.9.1.0.79 Maintenance Release (August 9, 2022 - EOL: August 9, 2024)
What’s New in this Release
NFO Security Update
Updated Java, Tomcat, and other libraries to the latest available security release.
JRE: zulu11.58.15-ca-jre11.0.16
tomcat: 9.0.65
spring: 5.3.22
spring-security: 5.7.2
log4j: 2.18.0
Customer Request/Ticket numbers: NFC-11071
Added NFO Output to AWS S3 Buckets
Implemented new NFO Output Type - AWS S3
Customer Request/Ticket numbers: NFC-10354
Added NFO Output to Kafka
Implemented new NFO Output Type - Kafka
Customer Request/Ticket numbers: NFC-10461
Added NFO Output to OpenSearch
Implemented new NFO Output Type - OpenSearch (e.g. Amazon OpenSearch Service)
Customer Request/Ticket numbers: NFC-10468
Added NFO Output to disk
Implemented new NFO Output Type - Disk
Customer Request/Ticket numbers: NFC-10486
Implemented Integration with AT&T Cybersecurity
Impleemented integration with Alienvault OTX Pulses. For more information on Alienvault OTX, visit https://cybersecurity.att.com/documentation/usm-appliance/otx/about-otx.htm
Customer Request/Ticket numbers: NFC-11032
Improved Output Dictionary
Added support for NFO Output dictionary in various Modules
Customer Request/Ticket numbers: NFC-10396
Improved Support for Multiple EDFNs Instalation
Added ability to enable / disabled EDFN agents in NFO GUI
Customer Request/Ticket numbers: NFC-11076
Added New Features in Network Conversation Module
- Added an option not to report state=E events to further reduce output volume
- Improved security functionality by always reporting communications with malicious hosts, even if they don't make it to Top N
- Added integration with MaxMind to enrich data with Autonomous System Number
- Improved integration with Microsoft AD for user identity enrichment
Customer Request/Ticket numbers: NFC-10487, NFC-10494, NFC-10996, NFC-11072
Deprecate 'Known Threat Feeds hosts' in Security Module
Deprecate integration with 'Known Threat Feeds hosts' (Module 10053) as it is no longer supported by 3rd party vendor
Customer Request/Ticket numbers: NFC-10997
Downloads:
2.9.0.1.2 Security Update (April 15, 2022)
What’s New in this Release
NFO Security Update
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. See https://nvd.nist.gov/vuln/detail/CVE-2022-22965 for details.
Downloads:
Customer Request/Ticket numbers: NFC-10476
2.9.0.0.189 Major Release (March 25, 2022 - EOL: March 25, 2024)
What’s New in this Release
NFO Security Update
Updated Java and Tomcat to the latest available security release.
Customer Request/Ticket numbers: NFC-10453
Added New Features in Network Conversation Module
- Added support for additional Azure and Google Cloud fields
- Added User Identity (integrations with Microsoft AD, Microsoft Entra ID, Login/Logout via syslog)
- Added Application enrichment
- Added Reputation enrichment
- Added option not to report denied flows
- Added integration with VMware vCenter
- Add TOS and AS fields
- Implemented Application collector
- Added GeoIP enrichment
- Added SNMP enrichment
- Added support for Cisco ACI (Bridge domains, Tenants)
- Improved output to AWS S3 destination
- Performance and usability improvments
Customer Request/Ticket numbers: NFC-10126, NFC-10127, NFC-10128, NFC-10194, NFC-10195, NFC-10197, NFC-10222, NFC-10224, NFC-10233, NFC-10236, NFC-10253, NFC-10254, NFC-10267, NFC-10350, etc.
Added NFO Output using Splunk HEC
Added ability to configure NFO output using Splunk HEC
Customer Request/Ticket numbers: NFC-10250
Added NFO Output to Splunk Observability Cloud
Added ability to configure NFO output to Splunk Observability Cloud (aka SignalFX)
Customer Request/Ticket numbers: NFC-10299
Implemented Output Dictionary
Added ability to override field names in syslog key=value or JSON data elements
Customer Request/Ticket numbers: NFC-10322
Implemented New sFlow formats
Implemented new sFlow formats per https://sflow.org/developers/structures.php
Customer Request/Ticket numbers: NFC-10351
Improved SNMP Polling
Implemented better handling of devices not replying to SNMP polling
Customer Request/Ticket numbers: NFC-10170, NFC-10321
Support Cisco ACI
Implemented support for Cisco ACI fields
Customer Request/Ticket numbers: NFC-10406
Various Usability Improvments
Various cosmetic changes and usability improvments
Customer Request/Ticket numbers: NFC-10218, NFC-10320, NFC-10389