Updates in upcoming releases

Important changes in future releases that might require additional steps or planning during upgrade.

Changes to the license expiration process

The current method of communicating license status within the security system user interface (UI) lacks clarity for some users, and the expiration behavior itself does not adhere to industry standards. In a future version, not earlier than 24.3.0, we are implementing changes to the license expiration process aimed at improving clarity and alignment with industry best practices. These changes will affect how license expiration status is communicated within the Nozomi Networks Operating System (N2OS) interface.

Future Behavior

  • When your license is more than three months away from expiration, no status indicators will be displayed in the UI
  • Within three months of expiration, a status indicator will indicate that your license is Expiring. Additionally, the notification on the Updates and Licenses page will show your license status as Expiring along with the expiration date
  • When the expiration date is reached, a banner message and a status indicator will indicate that your license is Expired, accompanied by a message indicating whether you are in the grace period
  • Once the grace period is over, your security system will cease its main functions, allowing users access only to historical data

Additional Information

  • We will proactively reach out to customers to initiate discussions on license renewals before any expiration messages show
  • We advise against waiting for license expiration warnings to begin the process of procuring new licenses

If you have any questions or concerns, please contact your Nozomi Networks representative.

Consolidation of data concerning MITRE ATT&CK®

N2OS exposes MITRE ATT&CK® related information in the alert properties mitre_attack_for_ics and mitre_attack_enterprise. The same information is also included in the legacy alert fields mitre_attack_techniques and mitre_attack_tactics, and in the legacy alert property mitre_attack/techniques. These legacy fields and properties are now deprecated and will be removed in a future version of N2OS.

Deprecation warning for ESXi versions lower than 8.0

The last version of N2OS released in 2024 and all versions after that will not support ESXi versions lower than 8.0. No deployments of Nozomi Networks virtual machines will be eligible for support unless they leverage the right ESXi and Nozomi Networks version combination as listed below regardless of being new deployments or upgrades of existing deployments:
  • N2OS v25.x, Host ESXi v8.0, and virtual hardware version 20, or higher
  • Penultimate version of N2OS v24.x released in 2024, Host ESXi v7.0, and virtual hardware version 17
Additional information:
  • The last minor release of N2OS in 2024 will include an internal component version that will not be officially supported by VMWare virtual machine hardware version < 20.
  • Official support for the internal component's current version ends January 2026; We are then forced to upgrade it by the end of 2024 to be able to provide our customers with one year of fixes - without falling out of vendor's support.
  • Support for ESXi 7 will be dropped and migration to ESXi 8 is required by the end of 2024; We urge customers to prepare for implementing all required measures to run N2OS on ESXi 8 by the end of 2024.

Guardian and CMC reports

Starting with N2OS 24.3.0, it will no longer be possible to export portable document format (PDF) reports that contain a network graph. This is because of an internal component that will no longer be maintained.

Deprecation warning for /data UFS Filesystem support

Starting from N2OS v25.0.0, N2OS will no longer support using the UFS filesystem for /data. The only supported filesystem for /data will be ZFS. Therefore, upgrades attempts to upgrade sensors using the UFS filesystem for /data to N2OS v25.x will be blocked.

To facilitate N2OS upgrades, it is necessary to upgrade the sensor to the latest N2OS v24.x version, perform a full backup, execute the n2os-datafactoryreset, and then proceed with the restoration process.

Refer to the official Nozomi Networks documentation for more information regarding the backup, restore, and n2os-datafactoryreset procedures. Ensure a backup is downloaded from the sensor and saved on safe storage.

For virtual machine sensors: the Add a secondary disk to a virtual machine procedure can be used to move /data from the UFS filesystem to the ZFS. Follow Do a full backup from a shell console and ensure a backup is downloaded from the sensor and saved on safe storage. Make sure the needed space is available on the destination disk. The procedure may take a long time depending on the virtual infrastructure hardware, its speed, and the size of the /data folder. Interrupting the procedure can cause damage to the virtual machine and data loss.

Customers must refrain from performing the above procedures on sensors that are not within the supported versions and must always upgrade the sensors following the supported update path.

Consolidation of Smart Polling database structure

Starting with N2OS 24.3.0, the field connection_established of the sp_node_executions query source will be removed. Its usage is to be replaced with the field connection_state, which contains more detailed information about the outcome of a Smart Polling execution.