Highlights

General

The focus area for this release is centralized management. Users seeking to do more from a centralized location and for the single-pane-of-glass experience for many of their routine workflows will find huge value in adopting the new features included with this release. It introduces the ability to configure a Central Management Console (CMC) as security assertion markup language (SAML) identity provider (IdP) directly from the user interface (UI). This helps users create, maintain, and manage identity information, and provide authentication services to applications. In addition, the functionalities in this release are designed to help solve problems in the categories below.

Zone configuration management

The Sensor scope concept has been introduced to the CMC. This enables CMC users to granularly define a targeted subset of downstream sensors for zone configurations.

A new Apply all zone configuration execution policy has been added. This allows for greater flexibility in managing zone configurations across sensors. This new policy enables all configured zones to take effect, whether they are created locally or upstream.

Zone configurations created at a local sensor can also be adjusted and managed from Vantage.

Important:

You must not use Vantage to alter sensor scope of zone configurations. As this will remove the local sensor’s ability to further configure those zone configurations.

Until now, sensors with upstream connections, and zone configuration synchronization policy that is set to Upstream only, hand their upstream sensor control over zone configurations. This resulted in only upstream sensors being able to manage zone configurations. With this release, mid-level CMCs, or CMCs with an upstream connection, can add new zone configurations. This enables hands-on users responsible for securing their organization to achieve their goals even when their CMCs must have upstream connections to Vantage or higher-level CMCs that compliance and regulation teams use.

Previously, naming conflicts between local and upstream zone configurations were handled by adding the name of the sensor where the zone configuration was created as a suffix to the zone configuration name. With this release, and the recent introduction of the Source concept for zone configurations, the need to add suffixes to zone configuration names, to differentiate them, and avoid naming conflicts across sensors, has been eliminated. All existing zone configuration names containing a suffix will remain unchanged. The Source field can now handle all future zone configuration naming disambiguation.

Backup schedules

CMC users can now manage backup schedules for all downstream sensors. Backups can be scheduled to take place once, or on a recurring basis. This functionality works together with Vantage, and therefore enables Vantage users to manage backup schedules that were originally configured locally at the sensor, or from a CMC.

Alert rules

Alert rules that CMC users configure can now also take advantage of the new Sensor Scope concept. This enables CMC users to granularly define a targeted subset of downstream sensors for alert rules.

In addition to the centralized management improvements, this release also includes a few key improvements to how the platforms gather asset information.

Asset discovery and monitoring improvements

We’re excited to introduce Discovery, a powerful new feature that enhances how devices are identified and understood on your network. While passive methods are essential for uncovering devices and gathering their attributes, Discovery complements these techniques by identifying devices that might otherwise go unnoticed.

This means that more devices are discovered, and a richer, more complete set of device attributes is gathered. With Discovery, you gain a deeper understanding of your network, enabling features like Asset Intelligence and Threat Intelligence to more effectively pinpoint device vulnerabilities, track lifecycle attributes, and identify relevant threats. Simply enable Discovery to uncover devices and elevate your network visibility and insights.

Cisco ISE data integration improvement

As part of this update, the Cisco ISE Smart Polling external strategy has been streamlined and moved to Data integration. This change is part of an ongoing effort to make the user experience more intuitive and efficient. During the upgrade, these items will be removed:

All existing Cisco ISE data integration configurations that have the enable asset flag set to false (inactive)
Inactive Smart Polling Cisco ISE plans

You can use a radio button to select one of these two items at a time:

Sending information to Cisco ISE
Enriching existing Nozomi Networks Operating System (N2OS) assets with data from Cisco ISE

Important:

It is important to avoid setting up both configurations simultaneously: one for sending and one for enriching assets. Since there is no built-in mechanism to reconcile data between these two actions, doing so could result in an infinite asset update loop, leading to data inconsistencies and system inefficiencies.

ServiceNow data integration improvement

The ServiceNow outbound data integration has been deprecated. To send assets and incidents to ServiceNow, we recommend that you use the Service Graph Connector for Nozomi Networks, which is available on the ServiceNow store. Additionally, all active Smart Polling ServiceNow plans have been migrated to the Data integration section, which can enrich local nodes with information retrieved from ServiceNow.

Final support for ESXi versions lower than 8.0

As announced with the release of N2OS 24.0.0, this release, the penultimate version of N2OS for 2024, is the last to support ESXi versions lower than 8.0. As previously stated, this means deployments of Nozomi Networks virtual machines are only eligible for support when they use the supported combinations of N2OS, ESXi, and virtual hardware versions, as shown below.

Supported versions:

N2OS < v24.6, Host ESXi v7.0, and virtual hardware version 17
N2OS ≥ v24.6, Host ESXi v8.0, and virtual hardware version ≥ 20

Unsupported versions:

N2OS < v24.6, Host ESXi > v7.0, and virtual hardware version > 17
N2OS ≥ v24.6, Host ESXi < v8.0, and virtual hardware version < 20

We strongly urge all customers to consider the supported software combinations listed above, and to plan the adoption of ESXi 8.0 accordingly.

Important:

Support for ESXi 7 will be officially dropped after this release.

Important:

Customers must continue to use N2OS ≤ 24.5 until they can adopt ESXi 8.0.

Important:

In accordance with the Nozomi Networks Support Policy, and ESXi vendor plans, support for ESXi 7 will end in January 2026. Customers must plan to adopt ESXi 8.0 before this time, or risk running an unsupported software combination.

Migration of SNMPv3 credentials

The Credentials manager can now store the needed password and other parameters that are required by Smart Polling to query SNMPv3 agents. When updating to this version, a migration task will be available to migrate this sensitive data from existing Smart Polling plans to the credentials manager. Until the migration task is run, the existing SNMPv3 plans will be ineffective. The migration task can be run from the Migration tasks in the Administration menu.