InControl configuration patches for devices

Sometimes, we might discover previous releases of InControl have generated incorrect configurations to devices. In order to fix the issues, newer releases of InControl unavoidably have to make some changes to devices. We call the changes as “configuration patches”. Below are a list of the patches.

By default, they are applied to devices automatically. You may review the setting “Auto apply configuration patches to devices” under Organization Settings.

Patch ID Description
P20190130001 Fixed “CLI SSH & Console” setting under “Device Web Admin Management”
P20190130002 Fixed “Terminate Sessions on Link Recovery” setting in “Outbound Policy” rules
P20190131001 Fixed unlimited or missing “Web Session Timeout” time under “Device Web Admin Management” > “General”
P20190131002 Fixed “PepVPN / OSPF / BGP / RIPv2 Routes” order under “Outbound Policy” when the default rule is “Auto” and PepVPN Management is enabled.
P20190131003 Fixed read-only user’s password when “shared password for all devices” is chosen on “Device Web Admin Management” > “General”
P20190222001 Fixed: the NAT setting in PepVPN profiles was always disabled unless the “Untagged VLAN” was selected as the “Hub VLAN” and its DHCP service was enabled.
P20190304001 Fixed: failed in applying client MAC address based access control on Wi-Fi AP’s SSID
P20190306001 Fixed: a few extended DHCP options were not applied to devices in the correct format
P20190306002 Fixed: “Send all traffic to hub” option didn’t generate the additional settings necessary to send all traffic to the DR hub in case of primary hub failure.
P20190306003 Removes an unnecessary configuration tag when “Security” is set to “HTTP” under “Device Web Admin Management” > “Peplink Balance/ Pepwave MAX / Peplink FusionHub Specific”.
P20190414001 Fixes duplicate PepVPN link configuration identifiers. Duplicated identifiers will interfere with PepVPN link establishment.
P20190430001 Removes some unnecessary captive portal settings for devices with no “logout kick” support.
P20190430002 Fixed: Passthrough domains order for captive portal was not consistent
P20190503001 Fixed: “Discover Nearby Networks” in Radio Settings may not be applied correctly
P20190530001 Fixed: “VLAN management” visibility in Firmware 7.1.0 or below
P20190618001 Fixes handling of “Suppress Endpoint IP’s” in PepVPN management
P20190619001 Fixed: For devices that hit a firmware bug, InControl 2 may remove their reserved IP addresses in device-managed DHCP server settings.
P20190725001 Removes redundant LACP settings from the configuration
P20190725002 Fixes the shared key setting of SSID’s where the key is configured to be ‘Last 8 octets of LAN MAC address’
P20190808001 Fixed: web admin user name setting missed from the configuration
P20190816001 Fixed: an invalid WPA PSK value is set when ‘Open - No Encryption’ mode is selected
P20190916001 Fixed: Missing firewall log = ‘no’ if firewall log is disabled
P20190916002 Fixed: RSSI threshold setting on 5GHz band of AP One was not effective.
P20190916003 Fixed: When a PepVPN endpoint has a DDNS name defined, the hub site will not receive the endpoint’s IP addresses but DDNS name only. This will reduce unnecessary PepVPN connection interruptions upon any endpoint IP address changes.
P20190923001 Fixed configuration when all Wi-Fi AP channels are selected
P20190927001 Fixed: Removes unused configuration settings
P20191008007 Fixed: Repairs invalid latency-cutoff related settings

Hi Michael, I currently have two HD Max devices showing that they need Patch P20190130002 and I2C won’t apply configs until the patch is loaded. Despite every effort under the sun for days, I’ve been wholly unable to get the patches to apply. They need to be ‘online’ and once they are I tell them yes go apply the patch and nothing happens (after being online for >15 hours as noted by I2C). Any suggestions?

@tobrien I just ran into this myself and managed to find a resolution. Hoping it will help you out as well.

I added 2 devices to group A. Before applying the patches, I moved the devices to group B where
the patches would not load to the routers. I tried factory resets, removing the devices from IC2 and adding back to group B, and it seemed nothing was working. On a hunch, I moved them back to group A, applied the patches and they took almost immediately. Now I’ve moved back to group B and things are going smoothly.


The patch application issue should have been fixed. Please try to apply them again. Sorry for any inconvenience.

@Michael - Thank you sir, I will let you know how it goes. Of our two unit we had one that we had to send out for use. For the second…

@Topher - Thanks for your insight. On one of our two units after many hours of troubleshooting we did something that sounds pretty similar to what you describe. We moved the units around and found that setting it in an group with no bulk config seemed to ‘clear it’ and then we could apply whatever patches that it needed. Interestingly, when we moved it back to the original group, the block re-appeared, but when we deleted the bulk config in that group it took the patch and then we could re-apply the bulk config. Really we did a lot of things so we’re not sure of the one or set of things that did it, so nice to see our experience was similar to yours!

@Michael Thanks! Do you have any details on what the issue was and what could have been affected?

When we were fixing a configuration lock issue with bulk configurations, we mistakenly caused configuration patches not to be pushed to devices that have a bulk configuration applied. The group-level “auto apply patches” preference was ignored. Patches were not applied automatically. So a yellow text label is shown on the top of group-level pages. A shield icon is shown next to the affected devices. Users saw no effect when applying the patches manually.

1 Like

Thanks for the details!

Hello,Could please share more details about the short-term effects when the patch is applied? For example, Wan interfaces didn’t work for about 5 minutes when I applied for patch number P20190130002.
Thank you

The patch P20190130002 fixes a configuration bug introduced in previous versions of InControl in configuring the “Terminate Sessions on Link Recovery” setting in Outbound Policy rules. The patch does not affect WAN interfaces.