Highlights

Critical issue resolved in version 24.4.1

Issue: a critical issue affecting systems with a Guardian-to-Central Management Console (CMC) architecture and under heavy traffic monitoring load was identified in Nozomi Networks Operating System (N2OS) version 24.4.0. The issue causes abnormal resource consumption and the restart of the IDS process within Guardian leading to the temporary inhibition of its intrusion detection capabilities.

Impact: The IDS process is going to be automatically restarted when a failure occurs; if this issue continues multiple resets of the IDS process will happen throughout the day, resulting in a fragmented monitoring of the target system. This is an important issue to resolve, and it is strongly recommended that sensors are updated to version 24.4.1 to ensure a continuous monitoring of the target system.

Root cause analysis and resolution details: We observed a deadlock on Guardian when the CMC executed a configuration merging task. Under heavy system load, memory cleanup, which is handled by an asynchronous task, sometimes lost priority, causing this issue. In version 24.4.1, we’ve prioritized the memory cleanup task and enhanced memory management and node counting for all-in-one AIO CMCs, significantly improving system stability.

Affected N2OS versions: Known affected versions include:

• 23.4.1
• 24.0.0
• 24.1.0
• 24.2.0
• 24.3.0
• 24.3.1
• 24.4.0

Resolution: Once a system is updated to N2OS 24.4.1 the issue is resolved without the need for further manual intervention.