8.1.11 Release Notes
Release Date: 08 October 2025
Corrected Issues in Aviatrix Release 8.1.11
Issue | Description |
---|---|
AVX-66190 |
Resolved an issue where gateways logged repeated |
AVX-66781 |
Fixed an issue where OpenVPN Okta authentication did not support the new Okta Integrator Free Plan URL format ( |
Known Issues in Aviatrix Release 8.1.11
Issue | Description |
---|---|
AVX-53446 |
In some environments, security policy services may stop responding if configuration operations are cancelled due to timeouts or system slowness. When this happens, policy enforcement may get stuck and new configurations may fail until the gateway or service is restarted. Impact:
Workaround: Restart the affected service or reboot the gateway to restore normal functionality. Resolution Status: A fix is planned in a future release to make cancellation handling more resilient and prevent this issue. |
AVX-62003 |
Azure gateway image upgrades may fail when the Controller does not have the required Azure image subscription access. During the upgrade, the system deletes the existing gateway before validating subscription availability, which can result in gateway deletion without a replacement being created. This leaves dangling gateways in the Controller and can cause potential service outages. Impact:
Workaround: None. To avoid outages, ensure the Controller subscription includes access to the required Azure image before attempting upgrades. |
AVX-62299 |
When upgrading from Controller version 7.1 to 7.2 or 8.0, Spoke Gateways with routing through a Public Subnet Filtering (PSF) Gateway may fail to upgrade and become unreachable if the PSF Gateway has not been upgraded first. This issue affects AWS environments where Spoke Gateway route tables are configured to point to a PSF Gateway. To avoid this issue, follow the correct upgrade sequence:
|
AVX-62506 |
During a gateway software upgrade, traffic matching DCF WebGroup rules may be briefly dropped during the upgrade. This impacts both Layer 7 (HTTP/HTTPS) and Layer 4 traffic and occurs across all supported cloud providers (AWS, Azure, and GCP). The disruption typically lasts a few seconds but may vary depending on gateway load and policy complexity. Workaround: None Recommendations:
|
AVX-63224 |
In Controller release 8.0, gateway software upgrades take longer to complete compared to earlier versions. On average, the upgrade rate drops from approximately 14 gateways per minute in version 7.2 to approximately 11 gateways per minute in 8.0, which is an increase of about 20% in execution time. Affected Scenarios:
Impact: Only the upgrade duration is affected. Gateway functionality remains unaffected after a successful upgrade. Recommendations:
|
AVX-64447 |
Site2Cloud High Availability (HA) tunnels may not behave correctly when toggling between Active/Active and Active/Standby modes. Problem 1: When disabling Active/Active HA, the HA Gateway (HAGW) may retain metric 100 routes pointing to tunnel interfaces in the Gateway Route table, even though they should be removed. Problem 2: When enabling Active/Active HA from Active/Standby, the HA Gateway tunnel may not be properly enabled. This can result in missing routes despite the UI showing Active/Active status. Impact:
Workaround: If you encounter this issue, contact Aviatrix Support for assistance. |
AVX-64794 |
When Distributed Cloud Firewall (DCF) is enabled, policy-based Site-to-Cloud (S2C) traffic may be misclassified due to how the traffic flows through the gateway. This can lead to unintended blocking or incorrect policy enforcement. Workaround:
Impact:
|
AVX-64868 |
In some scenarios involving rapid VRRP state transitions, the keepalived VRRP state may not be reported accurately to the Controller. This can result in temporary discrepancies between the actual VRRP status and what is displayed in the Controller UI, leading to confusion and difficulties during troubleshooting. Workaround:
Impact:
|
AVX-65016 |
In some environments, the Firewall state may not recover from Unaccessible after the first vendor integration failure. This issue has been observed when integrating with third-party firewall vendors, leaving the gateway firewall state stuck even after the environment stabilizes. Impact:
Workaround: Contact Aviatrix Support for manual correction. |
AVX-66324 |
When using Distributed Cloud Firewall (DCF) Layer 7 rules with Smart Groups that contain tagged resources, no bell notifications appear when configuration issues potentially block traffic. This affects deployments where Smart Groups match resources by tags (such as AWS instance tags) rather than static IPs or CIDRs. Although traffic is enforced correctly, administrators may not be alerted to the problematic configuration. Affected Scenario:
Workaround:
Impact: Only affects notifications. Traffic enforcement continues to function as expected. |
AVX-66631 |
Transit gateways with large-scale tunnel deployments (1300+ tunnels) may experience extended traffic loss during image upgrades. Although the image upgrade completes successfully, traffic may remain down for several minutes afterward due to delayed tunnel reconfiguration. Workaround:
Impact:
|
AVX-67126 |
Dry-run validation may fail when upgrading the Controller from version 8.0.10 to 8.1.0 due to a gateway version mismatch error. This occurs when the upgrade path starts from 8.0.0, progresses to 8.0.10 successfully, but encounters a dry-run failure when proceeding to 8.1.0. |
AVX-68108 |
When upgrading the Controller from version 8.0.30 to 8.1.10, the UI may display a misleading "Service temporarily unavailable" error message immediately after the upgrade begins. This message can persist for 5–10 minutes but does not indicate upgrade failure. The upgrade continues normally in the background and the Controller becomes accessible again once the upgrade finishes. Impact:
Workaround:
|
AVX-68319 |
In some cases, the Controller UI may not display the kernel version for gateways, even though the correct version is present on the gateway itself. This typically affects environments with a large number of gateways (500+) that have gone through multiple upgrade cycles. Impact:
Workaround:
|
AVX-68561 |
In large-scale deployments with 1300+ gateways, enabling Distributed Cloud Firewall Site-to-Cloud (DCF S2C) can cause gateway configurations to become out of sync with the Controller. Even after disabling DCF S2C, the issue may persist and lead to elevated Controller resource usage. Impact:
Workaround:
|
AVX-68606 |
During software upgrades of Edge gateways from 8.1 to 8.1.10, services may restart as part of the upgrade process, which can cause temporary traffic disruption. Impact:
Workaround:
Recommendations:
|
AVX-68692 |
The Controller may fail to automatically restart gateways after a Controller power cycle or restart. This occurs because the auto-restart task scheduler does not resume properly after reboot, preventing the gateway auto-recovery function from working. Impact:
Affected Configuration:
Workaround:
|