Introduction

AirWave 8.3.0.3 introduces support for AP-675, AP-677, AP-679, and AP-605H access points. For more information, see the AirWave Supported Infrastructure Devices document.

This release expands the SNMPv3 Auth Protocol options on Controllers running HPE Aruba Networking Wireless Operating System 8.12.0.0. Alongside existing capabilities, users now have access to SHA-224, SHA-256, SHA-384, and SHA-512, accessible via the Device Setup > Add > Add Device and Device Communications section of the WebUI page. This enhancement provides stronger security, compliance with standards, future-proofing against evolving threats, and seamless interoperability.

This release introduces the capability to apply STIGs settings directly from the AirWave AMPCLI. This enhancement ensures that our deployment of RHEL8 adheres to security standards, strengthening the security posture of the platform. This update includes:

Users can now apply STIGs for RHEL8 via the AMP CLI under the Security > Apply STIGs settings. This application enforces Linux level security configurations that are crucial for maintaining compliance with standardized security guidelines.

Operational security: By enforcing STIG rules, AirWaveensures that the underlying Linux system is secured against vulnerabilities, with settings adjusted to optimize security for a production environment.

DTLS has been hardened to comply with FIPS standards. This change does not impact end users in non-FIPS mode. FIPs mode specific changes include:

Default settings: DTLSv1.0 is disabled by default to comply with FIPS.

New AMPCLI command: Users can enable or disable DTLSv1.0 via the new command: Security > Enable/Disable DTLSv1.0.

This release introduces the Enable Message-Authenticator option for enhanced security in RADIUS authentication using the PAP method. The Message-Authenticator validation is disabled by default. When enabled, it enhances security by incorporating the Message-Authenticator attribute into RADIUS authentication requests and responses. This attribute checks the integrity and authenticity of communications. If a RADIUS response fails to include a valid Message-Authenticator, or if the attribute is incorrect, the response is rejected, and the user's login attempt is denied. Users can enable the feature in AMP Setup > Authentication > RADIUS Configuration > Enable Message-Authentication.

This release introduces added support for the SNMPv3 Auth Protocol and the SNMPv3 Privacy Protocol on AOS-CX Switches. Accessible via the Device Setup > Add > Add Device and Device Communications section of the WebUI page. The SNMPv3 Auth Protocol now encompasses SHA-224, SHA-256, SHA-384, and SHA-512 options, while the SNMPv3 Privacy Protocol introduces AES-192 and AES-256 encryption choices.

The PostgreSQL database now automatically upgrades from version 11.5 to version 15.4. This enhancement ensures better performance, enhanced security, improved stability and introduces new features such as parallel query execution, enhancements to partitioning, and additional support for SQL syntax.

An upgrade for the HTTPD library to version 2.4.37, along with an updated mod_perl library is now supported, enhancing compatibility with RHEL8.

This release introduces support for 6300, 6400, 6100-R9Y04A, and 6000-R9Y03A CX Switches. For more information, see the AirWave Supported Infrastructure Devices document.