Skip to main content

Release Notes

version 2.5.2 (2023-03-16)

  • change of base OS from Ubuntu 18.04 to Ubuntu 20.04
The CIS Ubuntu Linux 20.04 LTS Benchmark v1.1.0 Level 2 - Server report is available upon request by contacting support. The image scored 215/219. An explanation will be attached for the unmet 4.

version 2.5.1 (2023-01-29)

  • External IPs can now be pinned to specific deployments. If the value of a DiscrimiNAT instance VM label discriminat matches the label-key & value of an External IP, that External IP will be preferred for self-attaching. Fallback behaviour remains to self-attaching any allocated but unassociated External IPs with the label-key discriminat set to any value.
  • Terraform module updated to support custom deployment IDs (see variable custom_deployment_id), to optionally override the randomly generated ones. This allows fine-grained control over naming and can also be used for matching allocated External IPs to a specific fleet of DiscrimiNAT instances.
  • replaced google-fluentd with ops-agent. Ops Agent requires the Monitoring Metric Writer predefined role to be added to the service account. See our Service Account page for more details.

version 2.4.2 (2022-10-05)

  • added support for Network Tags in Cloud Composer v2 GKE Clusters
  • improved audit (config) logging for subnets
  • improved connection handling for very short lived TLS connections with specific server-side implementations (such as Envoy Proxy)

version 2.4.1 (2022-05-05)

  • fixed an excessive retries issue with automatic config building where the service account's role allowed querying of Service Projects but the Host Project did not have shared VPC setup enabled
  • fixed a sporadic connection reset issue, that emitted unexpected response in the logs, and which only occurred in the see-thru monitoring mode while connecting to a destination at very high latency

version 2.4.0 (2022-03-13)

  • new warning message in config logs when a connection test to an FQDN, carried out by discrimiNAT itself, in any allowlist fails
  • serverless support introduced; VPC connectors from Cloud Functions etc. will have their outbound traffic filtered
  • added support for self-attaching an allocated External IP
  • change of one of the default scopes, when the service account is not overridden,from compute-ro to compute-rw; this is to support self-assignment of labelled external IPs
  • discrimiNAT's own instance ID added to every log line under the key instance, indicating which instance the log line was emitted from
  • updated TLS ECH draft extension identifiers

version 2.3.0 (2021-11-02)

  • added support for shared VPC; now Service Projects can use a discrimiNAT instance deployed in their Host Project

version 2.2.0 (2021-08-31)

  • see-thru mode introduced; build allowlists super-quick by putting a Firewall Rule in monitor mode first
  • improved handling for a large number of FQDNs in the allowlists
  • full bypass hook added; please reach out to support for instructions on this
  • updated TLS ECH draft extension identifiers

version 2.0.5 (2021-05-03)

  • restricted firewall rule scanning to the same VPC as discrimiNAT firewall was deployed in

version 2.0.4 (2021-04-03)

version 2.0.3 (2020-11-05)

  • v2 launch
  • completely new architecture addressing the potential for mismatch of IPs addresses as looked up by a protected workload from the VPC resolver and as looked up by the discrimiNAT firewall
  • rewritten in Rust

version 20200529 (2020-05-29)

available on request; v1 is now deprecated; please upgrade to v2

version 20200524 (2020-05-24)

available on request; v1 is now deprecated; please upgrade to v2

version 20200516 (2020-05-16)

available on request; v1 is now deprecated; please upgrade to v2

version 20191207 (2019-12-07)

available on request; v1 is now deprecated; please upgrade to v2

version 20191107 (2019-11-07)

  • v1 launch