FAQs
What appliances will be supported to run cOS Core 14.00?
The following existing models will support cOS Core 14.00
- Clavister NetWall E10
- Clavister NetWall E20
- Clavister NetWall E80
- Clavister NetWall W20
- Clavister NetWall W30
- Clavister NetWall W40
- Clavister NetWall W50
- Virtual Appliances running the 32-bit image (VMware, Hyper-V, KVM).
The new appliances introduced 2021 will only support cOS Core 14.00 or later:
- Clavister NetWall 110
- Clavister NetWall 140
- Clavister NetWall 510
- Clavister NetWall 550
- Clavister NetWall 6200
- Clavister NetWall 6600
- Virtual Appliances running the 64-bit image (VMware, KVM).
Any appliance that is released after the release of cOS Core 14.00 will ONLY support cOS Core 14.00 or later.
Why will the new appliances only support cOS Core 14.00?
The new appliances will use a 64-bit version of cOS Core, this version is not possible to to downgrade to older versions as they are only available in 32-bit versions.
Is it difficult to upgrade from cOS Core 13.00 to 14.00?
No, it’s done in the same way as from 12.00 to 13.00 or upgrading from cOS Core 13.00.07 to 13.00.08. Remember to read the release notes for any version specific information.
Can the E or W-series appliances be upgraded to the 64-bit version of cOS Core 14.00?
No, appliances running the 32-bit firmware will not be possible to upgrade to the 64-bit version of cOS Core, also there is no real benefit as the E and W-series appliances are optimized for the 32-bit firmware.
What is the benefit of moving to 64-bit on the new appliances?
There are a number of benefits, mainly the possibility to use more memory, but also leverage new hardware features that is not available when using 32-bit.
Will there be differences between 32-bit and 64-bit cOS Core 14.00?
There is no visible difference between the two versions, except that the 64-bit version will be able to use more memory. Over a longer time period there might be diverging feature set on old appliances (running 32-bit) and new appliances (running 64-bit), where some features requiring 64-bit processing will only be available on newer appliances. But as long as possible Clavister will try to keep feature parity. There was a similar situtaion with cOS Core 12.00 where some features did not work on IXP-based platforms (Clavister E5 and E7) due to hardware limitations.
Is it complex to migrate from from a 32-bit appliances to a 64-bit appliance?
No, it’s not complex at all, it’s as easy as it was upgrading from Clavister E7 to Clavister NetWall E80.
How many vCPUs and memory does the different Virtual Appliances support?
| 32-bit Image (x86) | 64-bit Image (x86_64) | 64-bit Image (ARMv8) | Comment | |
|---|---|---|---|---|
| Number of vCPU Supported | ||||
| 1 vCPU |  | | | 32-bit image: The image will run in interrupt mode. 64-bit image: The image can run in either interrupt mode or polling mode (See below for details) |
| 2 vCPU | | | The image will run in polling mode. | |
| 3 vCPU | | The image will run in polling mode and use one vCPU for interface offloading. | ||
| Recommended Memory | ||||
| Min | 512 MB | 1 GB | 1 GB | cOS Core and run with less memory if needed, but this is the recommended minimum for normal operation. |
| Max | 4 GB | 16 GB | 16 GB | |
What is the difference between interrupt and polling mode in Virtual Appliances?
The main difference between interrupt and polling is that in interrupt, the device notifies the CPU that it requires attention while, in polling, the CPU continuously checks the status of the devices to find whether they require attention. In brief, an interrupt is asynchronous whereas polling is synchronous. This means that when running polling mode the CPU load on the VM will always be 100%.
Is the 64-bit version based on Linux?
From 14.00, cOS Core is using Linux as a boot loader when running 64-bit, Linux is used for memory management, file system access, etc, (same functions is provided by “Firewall Loader/FWLDr” in 32-bit cOS Core). The Clavister cOS Core is still directly using the network cards so no network traffic can reach the Linux subsystem.
Is the minimum recommended 2 or 3 vCPU’s for the 64-bit version?
While it is possible to run using only 1 vCPU it is recommended to use at least two as one vCPU will then be used by the Linux base system which is used for memory management, disk access and more. Using only 1 vCPU may result in packet latency as both cOS Core and the Linux base will share the same CPU.
Why does the 64-bit version require 3 vCPUs to enable poll-offloading?
See previous answer, since Poll-offloading requires a dedicated vCPU it would not be enough to allocate only two vCPU’s in order to enable this feature.
What are the criterias to run interrupt mode using 1 CPU Core on a 64 bit image?
Below is a small list of the requirements in order to run interrupt mode on 64 bit.
- A Virtual system.
- Only 1 CPU core allocated (so no poll-cores enabled).
- Advanced setting->Misc->"Interface Interrupt mode" must be set to Auto (default).
- The VIRT-IO interface driver is NOT used.
- Note: Interrupt mode is currently verified to work with the E1000E driver for VMware. Mixing e.g. VIRT-IO and E1000E will cause it to fall back to polling mode.
Which Virtual Appliance Image should I choose, 32-bit or 64-bit Virtual Appliance?
This depends on your need, if you need many small firewalls, using as little resources as possible you should select the 32-bit image, if you need high performance the 64-bit image with multiple vCPUs are abetter choice.
Related articles
Configuring L2TP/IPsec Server using PSK
11 Jan, 2023 ipsec core vpn
11 Jan, 2023 ipsec core vpn
Roaming IKEv2 tunnel setup in cOS Core with XCA CA and FreeRADIUS
10 Mar, 2023 core vpn ikev2 windows radius certificate
10 Mar, 2023 core vpn ikev2 windows radius certificate
Fetching IPs for cOS Core IP pools from a firewall's own DHCP server
24 Mar, 2023 core ipsec ippool dhcp
24 Mar, 2023 core ipsec ippool dhcp
How to approach FTPS (without opening too many ports)
22 Sep, 2021 core ftps sftp
22 Sep, 2021 core ftps sftp
IP blocked by IP reputation & IP reputation mechanics
23 Aug, 2022 core ipreputation
23 Aug, 2022 core ipreputation
Changed/deleted parameters in updated cOS Core licenses
17 Feb, 2023 license core
17 Feb, 2023 license core
cOS Core IP Policy usage recommendations
26 Apr, 2023 core rules
26 Apr, 2023 core rules
cOS Core TLS ALG setup using IP Policies
4 Apr, 2023 core tls alg https
4 Apr, 2023 core tls alg https
Configuring multiple networks behind the same interface
21 Oct, 2022 core arp routing
21 Oct, 2022 core arp routing
Setup of a Layer-3 bridge over IPsec in cOS Core
12 Apr, 2023 core proxyarp arp ipsec routing
12 Apr, 2023 core proxyarp arp ipsec routing
Moving configurations between dissimilar NetWall hardware
1 Feb, 2023 core wizard hardware migration netwall
1 Feb, 2023 core wizard hardware migration netwall
Does cOS Core have support for Microsoft Azure?
25 Nov, 2022 core hyperv azure
25 Nov, 2022 core hyperv azure
Problem with ARP towards Wi-FI Access Points
9 Dec, 2022 arp core
9 Dec, 2022 arp core
When are changes made with the firewall WebUI/CLI synchronized with InControl?
14 Nov, 2022 incontrol cli core webui
14 Nov, 2022 incontrol cli core webui
How to disable IP Reputation in cOS Core
21 Mar, 2023 core ipreputation log
21 Mar, 2023 core ipreputation log
Configuring public certificates in NetWall firewalls
23 Aug, 2022 core certificate oneconnect ipsec vpn
23 Aug, 2022 core certificate oneconnect ipsec vpn
cOS Core HA clusters in VMware with Promiscuous Mode
4 Apr, 2023 core vmware highavailability ha promiscuous
4 Apr, 2023 core vmware highavailability ha promiscuous
User Auth with Active Directory using cOS Core RADIUS/LDAP
24 Apr, 2023 core legacy activedirectory radius userauth
24 Apr, 2023 core legacy activedirectory radius userauth
Configure the Android OpenConnect client towards Clavister NetWall
23 Aug, 2022 sslvpn openconnect oneconnect android core
23 Aug, 2022 sslvpn openconnect oneconnect android core
CSPN (Clavister Service Provisioning Network) details for license & database updates
17 Nov, 2022 core license updates idp antivirus wcf ipreputation applicationcontrol
17 Nov, 2022 core license updates idp antivirus wcf ipreputation applicationcontrol
Why the setup Wizard in the WebUI is not always shown
19 Oct, 2022 core wizard setup
19 Oct, 2022 core wizard setup
Why does WireShark say that SNMPv3 traps sent from cOS Core are "snmpV2-trap"?
8 Sep, 2020 snmp core wireshark
8 Sep, 2020 snmp core wireshark
Getting totals for triggering cOS Core IP rule set entries
16 Mar, 2023 core incontrol statistics rules
16 Mar, 2023 core incontrol statistics rules
Swapping NetWall Ethernet interfaces using "Set interface Ethernet"
30 Mar, 2022 core ethernet netwall coscore
30 Mar, 2022 core ethernet netwall coscore
Closing existing sessions when cOS Core schedules trigger
2 May, 2023 core rules schedule applicationcontrol
2 May, 2023 core rules schedule applicationcontrol
Using Stateless IP Policies in cOS Core
4 Apr, 2023 core stateless connections
4 Apr, 2023 core stateless connections
Certificate problem using SSL VPN together with MacOS version 11.1 and up
2 Feb, 2021 core sslvpn macos certificate
2 Feb, 2021 core sslvpn macos certificate
cOS Core LDAP auth issues with Microsoft AD servers
11 Apr, 2023 ldap core authentication radius
11 Apr, 2023 ldap core authentication radius
Changing only the destination port, not the network using an IP Policy
26 Jan, 2023 core rules transpose
26 Jan, 2023 core rules transpose
How to use the same network on both sides of an IPsec tunnel
23 Nov, 2022 core ipsec
23 Nov, 2022 core ipsec
Server cluster generates UnsolicitedARPReplies in log (Gratuitous/GARP)
19 Feb, 2021 core arp
19 Feb, 2021 core arp
Using PCAP packet capture in cOS Core
7 Sep, 2022 core cli pcap netwall pcapdump
7 Sep, 2022 core cli pcap netwall pcapdump
Adjusting advanced cluster settings on larger installations
23 Aug, 2022 core ha cluster
23 Aug, 2022 core ha cluster
cOS Core L2TP server setup with Windows Server CA certificates
21 Feb, 2023 ipsec certificate windows ca core
21 Feb, 2023 ipsec certificate windows ca core
What happens when a NetWall license expires?
17 Oct, 2022 core license
17 Oct, 2022 core license
Problem with auto-created Core routes
22 Mar, 2021 core ipsec routing
22 Mar, 2021 core ipsec routing
HA: disallowed_on_sync_iface log events with rule=HA_RestrictSyncIf for Reverse ARP, RARP, and IGMP
23 Aug, 2022 vmware log ha rarp arp core
23 Aug, 2022 vmware log ha rarp arp core
Setting up OSPF with IPsec in cOS Core
13 Apr, 2023 core routing ospf ipsec
13 Apr, 2023 core routing ospf ipsec
Where can I find the Clavister MIB?
24 Nov, 2022 core snmp
24 Nov, 2022 core snmp
A trusted webpage blocked by IP reputation
22 Jan, 2021 core ipreputation
22 Jan, 2021 core ipreputation
Placing HA cluster nodes in different physical locations
15 Apr, 2021 core brokenlink cluster
15 Apr, 2021 core brokenlink cluster
Using "all-nets" as source/destination network in IPsec tunnels
17 Jun, 2021 core ipsec routing
17 Jun, 2021 core ipsec routing
Gratuitous ARP and the CLI command "ifstat -restart <iface>"
23 Aug, 2022 core arp garp
23 Aug, 2022 core arp garp
Using public keys for cOS Core SSH management without username/password
16 Feb, 2023 core ssh sshpublickey management
16 Feb, 2023 core ssh sshpublickey management
Could not open outbound connection?
9 Mar, 2021 core ping connections
9 Mar, 2021 core ping connections
Configure Linux OpenConnect towards Clavister NetWall
5 Mar, 2021 sslvpn openconnect oneconnect linux core
5 Mar, 2021 sslvpn openconnect oneconnect linux core
Troubleshoot firewall MTU issues using Wireshark
4 Apr, 2023 core pcap pcapdump wireshark
4 Apr, 2023 core pcap pcapdump wireshark
Configuring SSL-VPN / OneConnect server on secondary Firewall IP address
8 Apr, 2021 core sslvpn oneconnect interfaces arp
8 Apr, 2021 core sslvpn oneconnect interfaces arp
Identical NetWall routes causing network access loss after upgrade or restart
30 Nov, 2022 core routing
30 Nov, 2022 core routing
Using /31 network masks in cOS Core (RFC-3021)
1 Jun, 2022 core routing management
1 Jun, 2022 core routing management
Setting up cOS Core as an L2TP/IPsec client
8 Mar, 2023 core l2tp ipsec
8 Mar, 2023 core l2tp ipsec
Can blacklist timeouts (TTL,lifetime) for "Scanner Protection" or "Botnet Blocking" be changed or increased?
8 Sep, 2020 core ipreputation blacklist threatprevention
8 Sep, 2020 core ipreputation blacklist threatprevention
LogOpenFails and no_new_conn_for_this_packet log events.
23 Jun, 2021 core connections
23 Jun, 2021 core connections
Device initiated InControl management of NetWall HA clusters with a single public IP
31 Mar, 2022 incontrol core netcon netwall ha cluster coscore
31 Mar, 2022 incontrol core netcon netwall ha cluster coscore
Configuring a Captive Portal in cOS Core
12 Apr, 2023 howto core authenticator authentication webauth captive
12 Apr, 2023 howto core authenticator authentication webauth captive
cOS Core Lan to Lan IPsec tunnel setup with PSK
20 Feb, 2023 core vpn ipsec
20 Feb, 2023 core vpn ipsec
Allowing BGP messaging between cOS Core interfaces
25 Nov, 2022 core routing bgp
25 Nov, 2022 core routing bgp
Installing a SECaaS License on Virtual NetWall Firewalls
13 May, 2022 core license
13 May, 2022 core license
Using Multicast DNS with cOS Core
24 May, 2021 core howto mdns multicast transparentmode airprint igmp dns
24 May, 2021 core howto mdns multicast transparentmode airprint igmp dns
IPsec license usage calculation
14 Apr, 2021 core license ipsec
14 Apr, 2021 core license ipsec
Does IPsecBeforeRules trigger before Access rules?
8 Sep, 2020 core ipsec rules access
8 Sep, 2020 core ipsec rules access
Example setup script for x86 cOS Core under KVM
26 May, 2021 kvm core arm x86
26 May, 2021 kvm core arm x86
Split tunneling in cOS Core with Windows L2TP/IPsec clients
29 Mar, 2023 ipsec core windows vpn l2tp
29 Mar, 2023 ipsec core windows vpn l2tp
Is it possible to change the Ethernet Ringsize buffers on Hyper-V?
25 Jan, 2022 core ethernet settings
25 Jan, 2022 core ethernet settings
The TCP Window Scale Log Event
15 Nov, 2022 tcp log core
15 Nov, 2022 tcp log core
Do cOS Core loopback interfaces count towards license traffic limits?
11 Apr, 2023 core loopback license
11 Apr, 2023 core loopback license
Packet drops due to TCP Sequence numbers ("tcp_seqno_too_high" or "tcp_seqno_too_low")
6 Jul, 2021 core stream tcpsequence sequence stateless
6 Jul, 2021 core stream tcpsequence sequence stateless
Examining the WCF cache using "httpalg –wcfcache"
15 Nov, 2022 core cli
15 Nov, 2022 core cli
Problem with threshold rules and whitelist
2 Nov, 2022 core threshold
2 Nov, 2022 core threshold
Clavister SFP/SFP+ module compatibility
11 Apr, 2021 core sfp gbic hardware
11 Apr, 2021 core sfp gbic hardware
How do i set up a OneConnect VPN tunnel in cOS core
23 Aug, 2022 core oneconnect
23 Aug, 2022 core oneconnect
Changing the certificate used by the OneConnect client/server
28 Nov, 2022 core configuration oneconnect
28 Nov, 2022 core configuration oneconnect
Looking up a URL's category online for cOS Core Web Content Filtering
8 Mar, 2023 core wcf
8 Mar, 2023 core wcf
Connecting to IPsec endpoints from behind a NetWall firewall
5 Apr, 2023 ipsec core
5 Apr, 2023 ipsec core
How to adjust RX and TX ring sizes (queue lengths) of Ethernet interfaces
28 Oct, 2020 core howto ethernet packetloss cpu
28 Oct, 2020 core howto ethernet packetloss cpu
Avoiding cOS Core HA interruptions during configuration deployment
20 Feb, 2023 ha core idp cli cluster antivirus configuration
20 Feb, 2023 ha core idp cli cluster antivirus configuration
Running cOS Core 14.00 on M1 based Apple Devices with QEMU
24 Nov, 2021 core arm kvm
24 Nov, 2021 core arm kvm
Details about the cOS Core WebUI memory log (memlog)
27 Mar, 2023 core log webui memlog
27 Mar, 2023 core log webui memlog
Changing the certificate used by cOS Core's SSL VPN client/server
25 Nov, 2022 core configuration sslvpn management
25 Nov, 2022 core configuration sslvpn management
Automatically stop active PCAPdump or Logsnoop in the CLI
7 Dec, 2022 pcapdump log cli core logsnoop
7 Dec, 2022 pcapdump log cli core logsnoop
Using Clavister OneConnect Classic SSL VPN client towards the OneConnect server
29 Jun, 2021 core oneconnect
29 Jun, 2021 core oneconnect
Troubleshooting IPsec tunnels (IKEv1)
7 Dec, 2022 ipsec ike troubleshoot core
7 Dec, 2022 ipsec ike troubleshoot core
Why some log category ID's are missing
23 May, 2022 core log logreceiver
23 May, 2022 core log logreceiver
IPsec: Does cOS Core support Pseudo-Random Functions (PRFs) according to RFC-4868?
14 Dec, 2022 core ipsec
14 Dec, 2022 core ipsec
Forward traffic to a second ISP using Virtual Routing or Policy Based Routing
23 Aug, 2022 howto core pbr routing netwall isp
23 Aug, 2022 howto core pbr routing netwall isp
Group membership in FreeRADIUS with cOS Core
6 Apr, 2023 core radius authentication
6 Apr, 2023 core radius authentication
NetWall virtual firewall creation under KVM on ARM
20 May, 2021 kvm core arm coscore netwall
20 May, 2021 kvm core arm coscore netwall
cOS Core Application Control with Peer to Peer applications
27 Mar, 2023 applicationcontrol core
27 Mar, 2023 applicationcontrol core
Allowing Traceroute to and through cOS Core
23 Aug, 2022 core behaviour icmp ping traceroute
23 Aug, 2022 core behaviour icmp ping traceroute
cOS Core IKEv2 tunnel setup with certificates for iOS clients
5 Apr, 2023 core nps ipsec radius legacy
5 Apr, 2023 core nps ipsec radius legacy
How to exclude the default route (all-nets) from being exported to/from OSPF process
15 Dec, 2022 core routing ospf
15 Dec, 2022 core routing ospf
IKEv2 roaming VPN in cOS Core without client certificate installation
14 Mar, 2023 core ipsec vpn ikev2 certificate
14 Mar, 2023 core ipsec vpn ikev2 certificate
cOS Core DNS query forwarding from internal clients
11 Apr, 2023 core dns
11 Apr, 2023 core dns
Tips & tricks on how to troubleshoot problems related to high CPU load
7 Nov, 2022 core cpu troubleshoot
7 Nov, 2022 core cpu troubleshoot
QoS / Traffic Shaping: Will cOS Core alter DiffServ tagging?
6 Feb, 2023 core trafficshaping pipes tcp
6 Feb, 2023 core trafficshaping pipes tcp
Configuring cOS Core Intrusion Detection and Prevention (IDP)
5 May, 2023 core idp
5 May, 2023 core idp
"Disabling IPsec tunnel..." warning when deploying a configuration change
23 Aug, 2022 core ipsec license memory
23 Aug, 2022 core ipsec license memory
PuTTY to local console connection using a pipe with cOS Core under Hyper-V
19 Apr, 2023 core hyperv serial console log
19 Apr, 2023 core hyperv serial console log
The meaning of the Default_Access_Rule log entry
7 Nov, 2022 core arp log routing
7 Nov, 2022 core arp log routing
Tunneling IPv6 over IPv4 networks using cOS Core IPsec
15 Mar, 2023 core ipsec ipv6
15 Mar, 2023 core ipsec ipv6
Transparent mode & L2TPv3 unavailable in cOS Core HA clusters
17 Feb, 2023 core ha cluster transparentmode l2tpv3
17 Feb, 2023 core ha cluster transparentmode l2tpv3
Connecting firewalls to equipment that runs in active-active mode
18 Nov, 2022 core cluster
18 Nov, 2022 core cluster
How to setup a simple cloud-init environment for testing
30 Nov, 2020 howto core cloud-init dhcp
30 Nov, 2020 howto core cloud-init dhcp
Protecting against the Apache Log4j exploit
15 Dec, 2021 core idp ipreputation log4j
15 Dec, 2021 core idp ipreputation log4j
How does Clavisters version numbering system work?
28 Nov, 2022 core stream
28 Nov, 2022 core stream
What is a "zombie" connection?
24 Mar, 2021 core connections
24 Mar, 2021 core connections
Managing NetWall HA clusters over the Internet using one public IP
21 Jun, 2022 core ha hacluster netwall coscore slb
21 Jun, 2022 core ha hacluster netwall coscore slb
Allowing RIPv2 traffic between cOS Core interfaces
6 Apr, 2023 core ripv2 routing
6 Apr, 2023 core ripv2 routing
Assigning additional IPs to cOS Core Ethernet interfaces
7 May, 2021 core ethernet vlan arp garp
7 May, 2021 core ethernet vlan arp garp
Roaming Windows IKEv2 setup with NetWall as CA server
2 Dec, 2022 netwall ikev2 windows certificate vpn core
2 Dec, 2022 netwall ikev2 windows certificate vpn core
Troubleshooting cOS Core rules/routes with ping simulation
17 Mar, 2023 core routing rules ping icmp cli
17 Mar, 2023 core routing rules ping icmp cli
Allowing Path MTU discovery in cOS Core
10 Oct, 2022 core mtu netwall mtudiscovery
10 Oct, 2022 core mtu netwall mtudiscovery
Freeing up more memory in the Firewall
23 Aug, 2022 core connections ipsec memory
23 Aug, 2022 core connections ipsec memory
Removing/changing the cOS Core local console password
14 Mar, 2023 core console
14 Mar, 2023 core console
Is Statless (FwdFast) faster than a normal IP policy?
27 Jan, 2021 core stateless routing brokenlink
27 Jan, 2021 core stateless routing brokenlink
Unexpected tcp flags SYN from originator during state FIN_RCVD
5 May, 2023 core tcp
5 May, 2023 core tcp
cOS Core High Availability Cluster troubleshooting
23 Feb, 2023 core troubleshoot cluster ha
23 Feb, 2023 core troubleshoot cluster ha
Route failover with IPsec tunnels in cOS Core
13 Feb, 2023 ipsec core routing failover
13 Feb, 2023 ipsec core routing failover
Non-alphanumeric character problem in cOS Core HTTPPoster
13 Feb, 2023 core url httpposter
13 Feb, 2023 core url httpposter
Public network transparency using cOS Core Proxy ARP instead of subnetting
18 Apr, 2023 core routing transparentmode proxyarp
18 Apr, 2023 core routing transparentmode proxyarp
Configure the OpenConnect-GUI client towards Clavister NetWall
23 Aug, 2022 sslvpn openconnect oneconnect macos windows linux core
23 Aug, 2022 sslvpn openconnect oneconnect macos windows linux core
How to disable the read-only flag for InControl inherited objects
8 Jul, 2021 incontrol domains core
8 Jul, 2021 incontrol domains core
Radius vs LDAP for authentication
21 Nov, 2022 radius ldap authentication core
21 Nov, 2022 radius ldap authentication core
Split tunneling with cOS Core L2TP/IPsec using an MS DHCP server
28 Mar, 2023 dhcp ipsec core
28 Mar, 2023 dhcp ipsec core