What you show is correct --- Previous version of firmware used "Blacklisting" and the release notes for 8.9.0.0 also note in this version it's been changed to DENYLISTING.
DENYLISTING formerly known as BLACKLISTING -- changed both within the SSID settings and the configuration/security sections of the firmware.
Seemingly a minor name change -- However.....
What happens is if you upgrade to 8.9.0.0, whatever you had under the former blacklisting table is removed. Also, when you attempt to re-add them, they're not saved. Thus effectively removing blacklisting/DENYLISTING as a working security option.
I need to do another test, but it seems also that because of this change that if you had enabled BLACKLISTING on the older firmware, that this setting too is removed!
So --- new name for same function (not a huge deal -- caught in release notes)....removal of anything with "BLACKLISTING" instead of converting it to the newly named function. Removed from being enabled in SSID configuration, entries removed under configuration/security, and inability to put them back in and save them.
In short -- it appears that BLACKLISTING, now known as DENYLISTING is totally broken in 8.9.0.0..... I wouldn't recommend moving to this version for production if you need that function to satisfy a security need.
------------------------------
Bryan Tetlow
------------------------------
Original Message:
Sent: Sep 02, 2021 10:49 PM
From: Ariya Parsamanesh
Subject: Instant 8.9.0 is released
where do you see "blacklist" under the SSID configuration?
i see the correct denylisting.
------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba.
Original Message:
Sent: Sep 02, 2021 04:25 PM
From: Bryan Tetlow
Subject: Instant 8.9.0 is released
I find that in 8.9.0.0 that "blacklist" is not "denylist". I also find that it appears to be broken!
Note also that where you had entries in the former blacklist, they get removed when you upgrade to this version.
Even when blacklisting (denylisting) is enabled properly on SSID, your entries into the denylist visually appear until you save them, then they disappear!
Unclear if they're really stored but just not visible.
This release will likely get a quick update to 8.9.0.1 in short order I would think. Like any other of the x.x.0.0 releases -- don't go there unless you have no choice until the next update for it comes out. Don't roll into production lest you get unexpected surprises. (my opinion, and my practice) -- small test first! Then another one, then a slightly larger one before going live... The updates seem to be coming out much too quickly to get properly tested in-house and so WE become the testing group!
------------------------------
Bryan Tetlow
Original Message:
Sent: Aug 26, 2021 09:53 PM
From: Ariya Parsamanesh
Subject: Instant 8.9.0 is released
here are the highlights of firmware 8.9.0.0 Release
- New AP hardware platform
- Software solution enhancements
- Zero Wait DFS for FCC
- IoT-Add DRT support for BLE and 802.15.4
- IoT-Azure IoT Hub Integration Ph 2
- IoT Radio Tx Power/Antenna Gain configurable
- IoT-Customizable payload for APB beacons
- Increase AM AP neighbor table for APs
- Instant Platform Enhancements
- Custom Certificate provisioning for AP1X from Central/Airwave
- Reboot AP automatically when Config pushed from Central
- Enhance EST to support Radsec/AP1x certs on Instant
- TLS 1.2 by default in Webserver on Instant
- Layer 3 DHCP Relay on Instant
- Add beacon-rate knobs in WLAN SSID profiles
- DDNS enhancement to include PTR records
- IAP failover to backup Airwave based on connectivity
- Update IAP-VPN display in controllers
- Fallback to Local Management Credentials only when Server times out
------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba.
------------------------------