diff --git a/docs/about_releases.mdx b/docs/about_releases.md
similarity index 93%
rename from docs/about_releases.mdx
rename to docs/about_releases.md
index 626498a15e..ff359e858e 100644
--- a/docs/about_releases.mdx
+++ b/docs/about_releases.md
@@ -3,9 +3,6 @@ title: List of Releases
sidebar_label: SSR Releases
---
-import { PesterDataTable } from "@site/src/components/PesterDataTable";
-import { columns, releases, moduleTests } from "./releases.table";
-
The SSR software follows a semantic versioning scheme. Semantic versioning is a simple scheme built around the `name-X.Y.Z-build-milestone` concept. `X` is incremented for every major release. A major release can be the introduction of major features or when backwards compatibility _may_ be broken. `Y` is a minor release with solely non-breaking feature additions. `Z` is designated for bug fixes in previous releases. `-build` is used to denote the incremental process of development until the culmination in the final release. `-milestone` can be one of `r1`, `r2`, `sts` or `lts`.
Starting with version `5.4.0` the `-build` will reflect the number of iterations the release candidate went through prior to release. The build number will never increment once the software has been released. The build number will be included in the release notes for the respective version.
@@ -39,7 +36,7 @@ However, issues resolved in `4.3.12`, which was released on 3/12/2021 are not ad
| Version | Initial GA Version | First Release Shipping Date | Latest GA Version | End of Engineering support | End of Support |
| -- | -- | -- | -- | -- | -- |
| Release 6.3 | [6.3.0](release_notes_128t_6.3.md#release-630-107r1) | September 30, 2024 | [6.3.4-r2](release_notes_128t_6.3.md#release-634-7r2) | March 26, 2026 | September 26, 2026 |
-| Release 6.2 | [6.2.0](release_notes_128t_6.2.md#release-620-39r1) | November 16, 2023 | [6.2.8-lts](release_notes_128t_6.2.md#release-628-10-lts) | September 6, 2026 | March 6, 2027 |
+| Release 6.2 | [6.2.0](release_notes_128t_6.2.md#release-620-39r1) | November 16, 2023 | [6.2.9-lts](release_notes_128t_6.2.md#release-629-5-lts) | September 6, 2026 | March 6, 2027 |
| Release 6.1 | [6.1.0](release_notes_128t_6.1.md#release-610-55r1) | April 14, 2023 | [6.1.13-lts](release_notes_128t_6.1.md#release-6113-7-lts) | July 14, 2025 | January 14, 2026 |
| Release 5.6 | [5.6.7](release_notes_128t_5.6.md#release-567-4) | March 16, 2023 | [5.6.17](release_notes_128t_5.6.md#release-5617-1) | June 16, 2024 | December 16, 2024 |
@@ -64,10 +61,3 @@ However, issues resolved in `4.3.12`, which was released on 3/12/2021 are not ad
Please refer to the [Software Support Policy](about_support_policy.md) page to understand the lifecycle of SSR releases.
-
-## All Releases - Limited, General Availability and Out of Support
-
-
diff --git a/docs/app_policy_hit_count.md b/docs/app_policy_hit_count.md
new file mode 100644
index 0000000000..5d4924aea3
--- /dev/null
+++ b/docs/app_policy_hit_count.md
@@ -0,0 +1,177 @@
+---
+title: Application Policy Hit Count
+sidebar_label: Application Policy Hit Count
+---
+
+Application Policy Hit Count (APHC) provides insight into the routing policies being referenced to direct traffic in your network operations; it reports which policies are being referenced ("hit") and how. These values are presented as metrics tracked per service, per tenant; where each tenant service combination could be "hit" in one of the following ways.
+
+| Count | Description |
+| ---- | ----------- |
+| Allowed | The session was allowed and created successfully. |
+| Failed | The session could not be created. |
+| Denied due to Access Policy | The packet was denied because an access policy explicitly disallows access. |
+| Denied due to URL Filtering | The session was created but was blocked once app classification was completed. |
+| Denied due to Local Service Definition | The session was allowed on another ingress router, but is denied here based on the rules of this router (relates to hierarchical services). |
+
+## How Does It Work?
+
+Application Policy Hit Count is enabled by default, tracking counts for all observed service and tenant combinations, including the `access policy denied` counters.
+
+The system maintains the current value in memory and will not provide a historical time series of the data. To prevent excessive consumption of memory resources, the device periodically removes combinations that are no longer being observed. Inactive tenant service combinations remain in the system for 30 to 60 minutes before being removed.
+
+## Configuration
+
+Counter configuration is flexible and can be enabled or disabled on individual routers, or across the whole authority. Counters can be configured to persist the policy hit count metrics, allowing them to be viewed as a time-series graph. The following configuration snippets show how each configure each option.
+
+### Disable APHC for the Authority
+
+```
+configure
+ authority
+ metrics
+ application-policy-hit-count-tracking
+ enabled false
+ exit
+ exit
+ exit
+exit
+```
+
+### Disable APHC for the Router
+
+```
+configure
+ authority
+ router
+ system
+ metrics
+ application-policy-hit-count-tracking disabled
+ exit
+ exit
+ exit
+ exit
+exit
+```
+
+### Disable APHC for the Authority but Enable for a Specific Router
+
+```
+configure
+ authority
+ metrics
+ application-policy-hit-count-tracking
+ enabled false
+ exit
+ exit
+ router
+ system
+ metrics
+ application-policy-hit-count-tracking enabled
+ exit
+ exit
+ exit
+ exit
+exit
+```
+
+### Clear Expiring Counts
+
+The cleanup of expired counters runs automatically every 30 minutes. However, in some situations it may be necessary to manually clear hit count entries. In this situation the following command is available:.
+
+`clear application-policy-hit-counts [force] [node ] {router | resource-group }`
+
+This command manually triggers the cleanup process. The execution does not change or prevent the scheduled cleanup run. However, executing the command twice will move cleanup forward by an hour and fully clear the policy hit count metrics.
+
+## Persist APHC Metrics
+
+Persistence can be configured using a metrics profile as described in the SSR Documentation. The example below show how to persist all hit count types for a specific service and tenant combination, using the `short` retention policy. It is a best practice to always use the shortest retention policy that satisfies your requirements.
+
+There are typically a significant number of APHC metrics active on a system. If persistence is necessary, select a small number of service tenant combinations to be persisted. Careless selection may overwhelm the stats infrastructure resulting in resource shortages.
+
+The following configurations are examples only; they should not be directly copied into another environment. Service, tenant, and router names must be replaced.
+
+### Authority Configuration
+
+```
+configure
+ authority
+ metrics-profile internet-policy-hit-counts
+ name internet-policy-hit-counts
+ metric /stats/application-policy-hit-count/allowed
+ id /stats/application-policy-hit-count/allowed
+ description "Allowed Hit Count"
+ exit
+ metric /stats/application-policy-hit-count/failed
+ id /stats/application-policy-hit-count/failed
+ description "Failed Hit Count"
+ exit
+ metric /stats/application-policy-hit-count/deny/policy-table
+ id /stats/application-policy-hit-count/deny/policy-table
+ description "Denied for Explicit Access Policy Hit Count"
+ exit
+ metric /stats/application-policy-hit-count/deny/local-service
+ id /stats/application-policy-hit-count/deny/local-service
+ description "Denied After Ingress Router Allowed Hit Count"
+ exit
+ metric /stats/application-policy-hit-count/deny/url-filtering
+ id /stats/application-policy-hit-count/deny/url-filtering
+ description "Denied For URL Filtering Hit count"
+ exit
+ filter service
+ parameter service
+ value internet
+ exit
+ filter tenant
+ parameter tenant
+ value engineering
+ exit
+ exit
+ exit
+exit
+```
+
+
+### Router Configuration
+
+```
+configure
+ authority
+ router
+ name
+ system
+ metrics
+ profile internet-policy-hit-counts
+ name internet-policy-hit-counts
+ retention short
+ exit
+ exit
+ exit
+ exit
+ exit
+exit
+```
+
+## Stats Output
+
+The hit count metrics can be accessed via the PCLI as shown. They provide a combination of services and tenants and show how traffic is allowed or blocked. In the example shown, we also see failures due to improperly configured services.
+
+```
+admin@westB.T207_West# show stats application-policy-hit-count node westA
+Wed 2025-01-08 18:59:28 UTC
+✔ Retrieving statistics...
+
+Highway Manager application policy hit count Stats
+--------------------------------------------------
+
+========= ======= ================= ================== =======
+ Metric Node Tenant Service Value
+========= ======= ================= ================== =======
+ allowed westA lan2-service 1
+ westA red lan2-service 1
+ westA red lan2-service 326
+ deleted westA lan2-service 1
+ failed westA 11
+ westA red 5841
+
+Completed in 0.06 seconds
+```
diff --git a/docs/cert_based_sec_encrpt.md b/docs/cert_based_sec_encrpt.md
new file mode 100644
index 0000000000..f4b5c91977
--- /dev/null
+++ b/docs/cert_based_sec_encrpt.md
@@ -0,0 +1,201 @@
+---
+title: Certificate-based Security Encryption
+sidebar_label: Certificate-based Security Encryption
+---
+#### Version History
+
+| Release | Modification |
+| ------- | --------------------------- |
+| 7.0.0 | Certificate-based Security Encryption support added. |
+
+Security is a critical component of SD-WAN products in today’s world. The effectiveness of any security strategy relies on the strength of the security algorithm and how related information is exchanged between participants.
+
+The SSR uses a Public Key Infrastructure (PKI) to validate the installed certificates and the authenticity of devices within the network, as well as a peer-to-peer security key exchange between SSRs. The result is a design that creates maximum scale, avoids mid-network re-encryption, and provides the ability to rotate keys as required.
+
+## Certificate Management
+
+Certificate management is performed from the CLI using the commands and parameters provided in Configuration Commands and Parameters. The Certificate Signing Request Workflow is interactive, asking the user what they would like placed in the CSR. The following three validity checks take place upon importing a certificate:
+
+- Ensure that there is no private key accompanying the certificate. On 100 and 1000 series platforms the private key is parsed and validated against the matching private key on disk.
+
+- Parse the certificate and then validate it (dates/roles/other restrictions, etc.).
+
+- Check the certificate against the known revoked certificates (CRL).
+
+If the above three checks pass, then the private key and certificate are accepted and imported
+
+Long-lived Certificates are issued to every Juniper manufactured router by the Juniper Networks Certificate Authority. Use of the rekey feature requires that a certificate be provided during installation. The base certificate can be replaced during initial software installation, however all routers in a single authority MUST have certificates issued by the same certificate hierarchy. Otherwise, replacing a certificate may be done during a maintenance window.
+
+### Certificate Security
+
+The Certificate Revocation List (CRL) Manager handles the discovery, fetching, and periodic updates to CRLs. From this process a list of all known revoked certificates from all CRL sources is created, and the master list is published to disk.
+
+The following are some details of certificate security.
+
+- The Trusted Platform Module (TPM) stores the private key of the base certificate. The certificate and any keys are not included in any configuration.
+
+- Periodic revocation checks of the base certificate are performed based on the configuration defaults or user configured timelines.
+
+- When rekeying is enabled on a newly initialized router that does NOT have a valid, signed certificate, an alarm is generated. A valid certificate must be obtained from a Certificate Authority before valid secure communication can take place. When a valid certificate is present, the router will create an elliptic-curve public/private key pair (see [RFC8422]).
+
+- Contained within the SVR certificate is a router identifier, which must match the identifier of the router in the peer configuration. This router identifier is a UUID and guaranteed to be unique per node, even across RMAs.
+
+- The public key is used to create an X.509 certificate signing request (CSR) with the common name field set to the router's UUID. A certificate signing request is initiated through a secure connection to a configured Certificate Authority (CA). The CA digitally signs the CSR and returns it to the requesting router. Certificates and Public Keys are stored locally on each router in PEM format defined by RFC7468.
+
+## Certificate Revocation List
+
+Managing the Certificate Revocation List (CRL) includes the discovery, fetching, and periodic updates to CRLs using the configuration commands and parameters provided in Configuration Commands and Parameters. These parameters generate a list of all known valid and revoked certificates from all CRL sources and saves this information to disk. The CRL configuration parameters include:
+
+**There does not seem to be any commands directly associated with creating a CRL other than certificate-revocation url and polling-interval. If there are others, please provide pointers.**
+
+## Installing Certificates
+
+Installing a trusted CA certificate on the SSR uses the existing functionality as described in [Adding a Trusted Certificate](howto_trusted_ca_certificate.md).
+
+## Replace or Revoke a Certificate
+
+When a certificate is revoked, expired, or invalid, the SSR generates an alarm. Based upon the SSR configuration, it will either `fail-soft` (the default behavior) or `fail-hard`.
+
+Soft failure results in a notification that the certificate is no longer valid and that appropriate action must be taken.
+
+Hard failure results in the same notification, as well as the removal of all peering relationships. This stops the device from participating in SVR.
+
+The following sections describe the procedures for replacing and revoking certificates.
+
+### Expiring Certificate
+
+Expiring certificates will generate the following alarms.
+
+If a certificate expires within a month, a minor alarm is generated.
+If a certificate expires within a week, a major alarm is generated.
+If a certificate is expired or otherwise invalid, a critical alarm is generated.
+
+When a router's certificate is about to expire or needs to be replaced, a new certificate can be added to the system using the [installation procedure](howto_trusted_ca_certificate.md). Once the new certificate file has been loaded into the system, an event is triggered to restart the peer authentication procedure.
+
+### Compromised Certificate
+
+In the case of a compromised system or certificate, the certificate will be revoked.
+
+The router periodically checks the Certificate Revocation List (CRL) from existing certificate authority servers for any revocations, according to the interval defined in the configuration. If a revocation has taken place, the router takes the action defined in the configuration (fail-soft or fail-hard).
+
+## Peer Authentication
+
+Peer validation is done whenever a new certificate is added, or peer configuration has changed. When a certificate is received from a peer on multiple peer paths, a cached validation response is used. Validation is accomplished by verifying the routerID of its peer matches that of the certificate.
+
+The public key is sent by both routers on both pathways, but only needs to be validated one time for each router peer.
+
+When receiving a certificate from a peer router and performing validation, the receiving router must extract the peer router's public key and save it. This is used for validating the authenticity of any subsequent Peer Key/Rekey requests.
+
+## High Availability
+
+Each node of an HA pair manages its own unique certificate - certificates are not shared between nodes. Each node manages its own unique connection to its peers.
+
+When two nodes are configured as a redundant pair, each of the keys need to be exchanged between nodes. This is done to avoid rekeying on flow migration due to node failures. Keys can be safely exchanged between nodes as the HA sync interfaces are connected point to point over a SSH connection.
+
+## Configuration
+
+config certificate-revocation
+ - url blah.bla.com
+ - polling interval
+ - Frequency to fetch CRL
+ - units: hours
+ - range: 1-168
+ - default: 24
+ - backoff- interval: delay in seconds to apply to the polling-interval
+ - units: seconds
+ - type: uint32
+ - default: ?
+
+Peer Certificate Validation
+
+config peer-validation
+ - validate peering connections on this router
+ - values: true/false
+ - default: false
+
+
+## Troubleshooting
+
+Use the following information to help troublshoot certificate events or issues.
+
+### PCLI commands
+
+- `show certificate` - Show basic certificate information
+- `show certificate detail` - Show all OpenSSL details about the certificate
+- `show certificate crl` - Show basic information about the CRL (including source)
+
+### Audit Events/Logging
+
+Audit events and logs are generated for the following events:
+
+- Generate CSR
+
+```
+=======================================================================================================================================================
+ 2025-03-19T20:50:35.173Z Generated certificate signing request.
+=======================================================================================================================================================
+ Type: system.generate_csr
+ Node: test-1
+ Description: Generated CSR for: TestCertificate
+ Json Event Detail: {"name":"TestCertificate","common_name":"example.com","country_name":"US","state_province_name":"California","locality_name":"San
+ Francisco","organization_name":"ExampleOrg","organizational_unit_name":"IT","email_address":"admin@example.com","validity_period_days":365}
+ Permitted: True
+```
+
+- Import Certificate
+```
+======================================================================================================================================================================================================
+ 2025-03-26T21:22:43.108Z Ingested a certificate.
+======================================================================================================================================================================================================
+ Type: system.ingest_certificate
+ Node: test-1
+ Description: Ingested certificate: TestCertificate
+ Json Event Detail: {"purpose":"TLS Web Client
+ Authentication","common_name":"example.com","crl_urls":["http://10.27.34.42/crlfile.crl"],"certificate_authority":"N/A","fingerprint":"6D:C7:8E:48:4F:55:63:D9:AB:70:66:CD:29:4E:1C:37:CF:89:17:B0"}
+ Permitted: True
+```
+
+- Peer Certificate Validation
+
+(Need example)
+
+- CRL Update
+```
+========================================================================================================================================================================================================
+ 2025-03-07T20:59:50.736Z Updated certificate revocation list files.
+========================================================================================================================================================================================================
+ Type: system.crl_update
+ Node: t158-dut1.CONDUCTOR
+ Description: Updated CRL for issuer: endpoint
+ Json Event Detail: {"forced":false,"last_updated":"Oct 17 16:33:11 2024 GMT","next_update":"Oct 27 15:33:10 2024
+ GMT","crl_url":"http://10.27.39.143/testCrl.pem","size":14162,"total_entries":279,"added_entries":0,"removed_entries":0,"success":true,"certificate_authority":"/C=US/O=Google Trust Services/CN=WR2"}
+ Permitted: True
+```
+
+### Show Stats Commands
+
+#### Event Counters
+
+`show stats security CSR success`
+`show stats security CSR failure`
+`show stats security certificate import success`
+`show stats security certificate import failure`
+`show stats security CRL fetch success`
+`show stats security CRL fetch failure`
+`show stats security CRL ingestion success`
+`show stats security CRL ingestion failure `
+
+#### Certificate Event Counters
+
+`show stats security certificate expired`
+`show stats security certificate invalid`
+`show stats security certificate revoked`
+
+#### Peer Certificate Event Counters
+
+`show stats security peer certificate expired`
+`show stats security peer certificate invalid`
+`show stats security peer certificate revoked`
+
+
+
diff --git a/docs/config_forward_error_correction.md b/docs/config_forward_error_correction.md
index ddff7e0d2f..77d6d587b9 100644
--- a/docs/config_forward_error_correction.md
+++ b/docs/config_forward_error_correction.md
@@ -139,6 +139,46 @@ Forward Error Correction has the following limitations:
- Packet retransmission will not work when FEC is enabled.
+## FEC Support on High Speed Ports
+
+The `fec-mode` feature provides compatibility with other devices (Dell, Broadcom, etc) that use optical ports, allowing you to set the port speed for these high speed optical ports. The feature is enabled on 100GB NIC ports at the device-interface level, and is an advanced or administrator only feature/command.
+
+The `fec-mode` is configured as `auto`, `baser`, `rs`, or `none`. For example:
+
+#### Configuration Example:
+
+```
+config
+ authority
+ router router-b
+ node node
+ device-interface xe-4-2
+ fec-mode baser
+
+
+ router router-b
+ node node
+ device-interface xe-4-3
+ fec-mode auto
+ exit
+ exit
+ exit
+exit
+
+
+admin@node.router-b# show config running flat | grep fec
+✔ Piping output...
+config authority router router-b node node device-interface xe-4-2 fec-mode baser
+config authority router router-b node node device-interface xe-4-3 fec-mode auto
+```
+
+If the switch speed and port speed do not match, the link will be reported as `down`.
+
+- Switch set to default (fec74); SSR port is `auto` or `baser` (fec74): fec74 on both ends; link is up
+- Set switch to fec108; SSR port is `auto` or `rs` (fec108): fec108 on both ends; link is up
+- Set switch to fec108; SSR port is `baser` (fec74): link is down
+- Set switch to fec74; SSR port is `rs` (fec108): link is down
+
## Troubleshooting
Metrics for FEC are categorized into success and failure counters. Use the following counters to help diagnose any issues that arise.
diff --git a/docs/config_password_security.md b/docs/config_password_security.md
new file mode 100644
index 0000000000..fa77716ac5
--- /dev/null
+++ b/docs/config_password_security.md
@@ -0,0 +1,39 @@
+---
+title: Password Security
+sidebar_label: Password Security
+---
+
+Password security is one of the first lines of defense for every organization, and Juniper recommends strong password security. For information on password requirements, see [Password Policies](config_password_policies.md).
+
+## Set a Password for the System Accounts
+
+Setting the password for the system accounts (`admin`, `root`, and `t128`) is performed during initialization from either the web interface, the conductor command line, or the interactive intializer. All system account passwords are set to the same value, preventing any of the account passwords from being overlooked.
+
+Create a password for the SSR system accounts. The password must be at least 9 characters long, contain at least 1 uppercase letter, at least 1 lowercase letter, at least 1 number, cannot contain the username in any form, and cannot repeat characters more than 3 times.
+
+### From the Web Interface
+
+From the Conductor Association screen, select PASSWORD, or PASSWORD HASH, and enter a password for the system accounts. Selecting PASSWORD HASH will generate a pre-salted sha512 hashed password using the text you enter.
+
+
+
+Click ASSOCIATE to assign the password to the `admin`, `root`, and `t128` user accounts.
+
+### From the Command Line
+
+Use the `initialize conductor` command to set the SSR system account passwords. The password must be at least 9 characters long, contain at least 1 uppercase letter, at least 1 lowercase letter, at least 1 number, cannot contain the username in any form, and cannot repeat characters more than 3 times.
+
+```
+admin@default.router# initialize conductor node-name c1 router-name conductor1
+Enter a password for the SSR 'admin', 't128' and 'root' users:
+Confirm:
+✔ Initializing...
+Device successfully initialized.
+
+admin@default.router#
+```
+You can also specify the `password-hash` argument to generate a pre-salted sha512 hashed password using the text you enter.
+
+:::note
+The root account will not be used for day-to-day access, but the root account password should be stored securely off-box so that it can be used for admin account recovery if required.
+:::
diff --git a/docs/initialize_u-iso_device.md b/docs/initialize_u-iso_device.md
index 7f4b68e269..8754edbfbb 100644
--- a/docs/initialize_u-iso_device.md
+++ b/docs/initialize_u-iso_device.md
@@ -31,21 +31,26 @@ Use the following process to initialize your device as a Conductor.
2. To initialize a standalone conductor, select **STANDALONE**. To initialize the first conductor of an HA pair, select **HA NODE 0**. Select the address type (DHCP or STATIC).
-:::note
-In an HA configuration, **HA NODE 0** must always be configured before HA NODE 1. Configuring Node 1 first prevents Node 0 from starting.
-:::
+ :::note
+ In an HA configuration, **HA NODE 0** must always be configured before HA NODE 1. Configuring Node 1 first prevents Node 0 from starting.
+ :::
-Enter the following information:
+ Enter the following information:
- - Conductor name
- - Node IP Address (Static)
- - Node Gateway (Static)
- - Interface Name (Static)
- - DNS Server address (Optional)
- - Artifactory username and password (if available)
+ - Conductor name
+ - Node IP Address (Static)
+ - Node Gateway (Static)
+ - Interface Name (Static)
+ - DNS Server address (Optional)
+ - Admin and system accounts password
+ - Artifactory username and password (if available)
+:::note
+Setting the password for the system accounts (`admin`, `root`, and `t128`) is performed during initialization from either the web interface or the conductor command line. All system account passwords are set to the same value.
+:::
+
3. Click **ASSOCIATE**
4. The device reboots and comes online as a Conductor.
@@ -57,9 +62,10 @@ Enter the following information:
- Node Gateway (Static)
- Interface Name (Static)
- DNS Server address (Optional)
+ - Admin and system account passwords
- Artifactory username and password (if available)
- 
+ 
5. Click **ASSOCIATE** when you have completed the required information. The device reboots and comes online as the second Conductor.
@@ -72,9 +78,9 @@ Use the following process to initialize your device as a Conductor-managed route
-2. Enter the router name and the associated Conductor IP address.
+2. Enter the router name, the associated Conductor IP address, and the Admin and system account passwords.
- 
+ 
3. Click **ASSOCIATE** when you have completed the required information.
diff --git a/docs/release_notes_128t_7.0.md b/docs/release_notes_128t_7.0.md
new file mode 100644
index 0000000000..3ae4428dcd
--- /dev/null
+++ b/docs/release_notes_128t_7.0.md
@@ -0,0 +1,86 @@
+---
+title: SSR 7.0 Release Notes
+sidebar_label: '7.0'
+---
+The SSR has moved away from the historical package-based delivery to an image-based delivery. As such, it is strongly suggested that you revisit your "standard" procedures for installation and upgrade of SSR Software.
+
+Beginning with SSR v6.3.0, the use of the interactive installer is not supported, or necessary. Software installation and upgrade upgrade activities are supported from the Web Interface or the Command Line Interface.
+
+### Installation from ISO
+
+When installing SSR V6.3.0 or newer on a new system, use the image-based ISO - identified by the filename prefix "SSR": `SSR-6.3.0-107.r1.el7.x86_64.ibu-v1.iso`. Installation documentation for the image-based process can be found in the [Image-based ISO Installation Overview](intro_installation_univ-iso.md).
+
+Offline mode conductor and router upgrades to image-based installations are detailed in the [Single-Version 6.3.0 Upgrade](upgrade_restricted_access.md#single-version-630-upgrade) instructions.
+
+
+### Upgrade Considerations
+
+:::important
+Before upgrading please review the [**Upgrade Considerations**](intro_upgrade_considerations.md) and the [**Rolling Back Software**](intro_rollback.md) pages. Several modifications have been made to the process for verifying configurations, which will impact existing configurations.
+:::
+
+**System Disk Considerations**
+
+As mentioned above, during the upgrade to an image-based installation, existing systems will go through a conversion process to support image-based delivery. This process involves resizing the existing disk partition to support writing a new disk image to the remaining disk space. As such, the usable disk space seen after this conversion will be approximately halved. The system will automatically detect if there is not enough usable disk space on the existing drive to support this partition resizing and, if so, will trigger an upgrade failure. Even if the conversion is succesful and the upgrade succeeds, users may note that the system is experiencing disk space alarms after the upgrade due to the reduction in overall capacity. It is suggested to remove unnecessary large files from systems before upgrading. Old saved tech-support-info archives (check for tar.gz or zip files in `/var/log/128technology`) and uploaded ISO images are frequent contributors to used disk space and should be manually deleted.
+
+In certain scenarios, existing cloud routers may have been installed from images that did not use LVM for partitions. For these systems, the automatic resizing of disk partitions will fail and they cannot be upgraded. It is suggested to rebuild these instances from the official [SSR BYOL](intro_installation_quickstart_byol_conductor_aws.md) image.
+
+When the conductor is initially upgraded to an image-based installation, it will be upgraded as a package-based system. This is because the system does not understand how to handle image-based delivery until it is running 6.3 software. Once the conductor is running 6.3 all router upgrades will be treated as image-based upgrades and any subsequent conductor upgrade will be treated as image-based. Therefore, it is possible that issues related to disk usage on conductor may not arise until a subsequent upgrade of the conductor beyond the initial step to 6.3.
+
+**Offline-Mode: Upgrading 6.3.x Conductor Deployments to 6.3.x+**
+
+An issue has been identified that may be observed in conductor deployments running version 6.3.x software, when attempting to upgrade from one 6.3.x patch release to another. This results in the message, “SSR firmware upgrade failed for the local node: SSR upgrade failed after reboot”. To work around this, run `request system software upgrade installation-service` from the command line of the Conductor, after importing the image-based ISO. Once complete, perform the full system upgrade from the Web-interface. This issue will be resolved in a future release.
+
+**Offline-Mode: Onboarding Routers Running older SSR Software to a 6.3.x Conductor**
+
+We have identified an issue when onboarding SSR routers installed with older versions of software (such as 5.4.4) to Conductors running 6.3.x, when running in offline-mode. In some cases, certain software packages are not available to be installed during onboarding. To work around this issue, import the **package-based** (the "128T" prefixed) ISO for the current conductor version onto the conductor. This provides the necessary software packages to complete the onboarding process. This issue will be resolved in a future release.
+
+## Release 7.0.0-63r1
+
+**Release Date:** July 10, 2025
+
+### New Features
+
+- **I95-22432 Conductor Management IPv6:** All router to conductor communication along with management protocols (ssh, radius, syslog, snmp, web gui/api) now support IPv6. However in an IPv6 managed node, devices must be running the same IP version. For example, in an IPv6 HA configuration, both Conductors must be running IPv6.
+------
+- **I95-29382 Certificate-based Security Encryption for SVR:** Introduces a new peer-to-peer, certificate-based key exchange mechanism to the SVR protocol. This key exchange avoids mid-network re-encryption, provides the ability to rotate keys as required, and supports all deployment scenarios. The security rekeying mechanism is configured at the Authority, and requires that all routers and conductors be running the same version of software that supports this capability. The existing security key exchange mechanisms continue to exist and will be supported during the transition to the new model. The two security approaches cannot coexist at the same time within an authority. See [Certificate-based Security Encryption](cert_based_sec_encrpt.md) for more information.
+------
+- **I95-52924 NIC Driver FEC Support:** Support has been added to configure optical FEC for SFPs.
+------
+- **I95-53993 Display LLDP Neighbors:** A CLI command to output neighbors discovered through LLDP has been added.
+------
+- **I95-57454 Management traffic over SVR (in-band management):** Router to Conductor communication is supported over SVR with the use of [rekey](svr-ztna.md#peer-key-and-key-rotation).
+------
+- **I95-58635 Source Peer added to output of `show session by-id`:** Added information to the output of `show session by-id`, making it easier to troubleshoot sessions.
+------
+- **I95-59239 Application Policy Hit Counter:** [Application Policy Hit Count (APHC)](app_policy_hit_count.md) provides insight into the routing policies being referenced to direct traffic in your network operations; it reports which policies are being referenced ("hit") and how. These values are presented as metrics tracked per service, per tenant; where each tenant service combination could be "hit" in one of the following ways.
+
+| Count | Description |
+| ---- | ----------- |
+| Allowed | The session was allowed and created successfully. |
+| Failed | The session could not be created. |
+| Denied due to Access Policy | The packet was denied because an access policy explicitly disallows access. |
+| Denied due to URL Filtering | The session was created was blocked once app classification was completed. |
+| Denied due to Local Service Definition | The session was allowed on another ingress router, but is denied here based on the rules of this router (relates to hierarchical services). |
+------
+- **I95-59634 Allow Highway lockup detection to be disabled:** Added a `local.init` override for disabling datapath lockup detector mechanism.
+
+```
+ "datapath": {
+ "lockupDetectionEnabled": true/false
+ },
+```
+------
+- **I95-59758 Interactive Initializer updates all system account passwords:** Interactive initialization now changes the `admin`, `t128` and `root` user passwords to the same value. The initialization preference file has the fields, `t128-password`, `root-password`, and `admin-password`, to set password hashes for each user, respectively.
+------
+- **I95-59996 GUI Initialization sets passwords for all system accounts:** GUI initialization now changes the `admin`, `t128` and `root` user passwords to the same value. See [Password Security](config_password_security.md) for additional information.
+------
+- **I95-60041 `initialize conductor` command sets password for all system accounts:** The system accounts `admin`, `t128` and `root` are simultaneously set to the provided password hash, ensuring default passwords are not used.
+------
+- **I95-60220 SSR OS Upgrade:** SSR OS distribution has been upgraded to Oracle Linux 9.
+------
+- **WAN-2284 Critical IDP Profile:** A new **Critical** attack list profile that is more lightweight has been added to reduce the commit/policy change times.
+------
+- **WAN-3834 Remove Private AS for BGP Neighbor:**
+
+### Resolved Issues
diff --git a/docs/releases.table.js b/docs/releases.table.js
deleted file mode 100644
index f11a156ebe..0000000000
--- a/docs/releases.table.js
+++ /dev/null
@@ -1,773 +0,0 @@
-import React from "react";
-import useBaseUrl from '@docusaurus/useBaseUrl';
-
-// ----------------------------------------------------------------------------
-// Please respect chronological release date order when adding new entries.
-// New entries should be placed at the top.
-// ----------------------------------------------------------------------------
-export const releases = [
- {
- version: '6.1.13',
- url: '/docs/release_notes_128t_6.1#release-6113-7-lts',
- releaseDate: 'February 25, 2025',
- },
- {
- version: '6.3.4',
- url: '/docs/release_notes_128t_6.3#release-634-7r2',
- releaseDate: 'February 21, 2025',
- },
- {
- version: '6.2.8',
- url: '/docs/release_notes_128t_6.2#release-628-10-lts',
- releaseDate: 'January 30, 2025',
- },
- {
- version: '5.6.17',
- url:'/docs/release_notes_128t_5.6#release-5617-1',
- releaseDate: 'January 30, 2025',
- },
- {
- version: '6.1.12',
- url: '/docs/release_notes_128t_6.1#release-6112-12-lts',
- releaseDate: 'January 16, 2025',
- },
- {
- version: '6.3.3',
- url: '/docs/release_notes_128t_6.3#release-633-40r2',
- releaseDate: 'January 9, 2025',
- },
- {
- version: '5.6.16',
- url:'/docs/release_notes_128t_5.6#release-5616-16',
- releaseDate: 'November 25, 2024',
- },
- {
- version: '6.1.11',
- url: '/docs/release_notes_128t_6.1#release-6111-5-lts',
- releaseDate: 'October 17, 2024',
- },
- {
- version: '6.2.7',
- url: '/docs/release_notes_128t_6.2#release-627-4-sts',
- releaseDate: 'October 3, 2024',
- },
- {
- version: '6.3.0',
- url: '/docs/release_notes_128t_6.3#release-630-107r1',
- releaseDate: 'September 30, 2024',
- },
- {
- version: '6.2.6',
- url: '/docs/release_notes_128t_6.2#release-626-15-sts',
- releaseDate: 'September 6, 2024',
- },
- {
- version: '6.1.10',
- url: '/docs/release_notes_128t_6.1#release-6110-8-lts',
- releaseDate: 'August 22, 2024',
- },
- {
- version: '5.6.15',
- url: '/docs/release_notes_128t_5.6#release-5615-1',
- releaseDate: 'June 27, 2024',
- },
- {
- version: '6.1.9',
- url: '/docs/release_notes_128t_6.1#release-619-2-lts',
- releaseDate: 'June 27, 2024',
- },
- {
- version: '6.2.5',
- url: '/docs/release_notes_128t_6.2#release-625-5r2',
- releaseDate: 'June 6, 2024',
- },
- {
- version: '5.6.14',
- url: '/docs/release_notes_128t_5.6#release-5614-7',
- releaseDate: 'May 14, 2024',
- },
- {
- version: '6.1.8',
- url: '/docs/release_notes_128t_6.1#release-618-15-lts',
- releaseDate: 'May 3, 2024',
- },
- {
- version: '6.2.4',
- url: '/docs/release_notes_128t_6.2#release-624-14r2',
- releaseDate: 'March 29, 2024',
- },
- {
- version: '5.5.12',
- url: '/docs/release_notes_128t_5.5#release-5512-9',
- releaseDate: 'February 22, 2024',
- },
- {
- version: '6.1.7',
- url: '/docs/release_notes_128t_6.1#release-617-3-lts',
- releaseDate: 'February 17, 2024',
- },
- {
- version: '5.6.13',
- url: '/docs/release_notes_128t_5.6#release-5613-7',
- releaseDate: 'January 30, 2024',
- },
- {
- version: '6.1.6',
- url: '/docs/release_notes_128t_6.1#release-616-7-lts',
- releaseDate: 'January 2, 2024',
- },
- {
- version: '6.2.3',
- url: '/docs/release_notes_128t_6.2#release-623-14r2',
- releaseDate: 'December 15, 2023',
- },
- {
- version: '6.2.0',
- url: '/docs/release_notes_128t_6.2#release-620-39r1',
- releaseDate: 'November 16, 2023',
- },
- {
- version: '5.6.12',
- url: '/docs/release_notes_128t_5.6#release-5612-1',
- releaseDate: 'October 20, 2023',
- },
- {
- version: '5.6.11',
- url: '/docs/release_notes_128t_5.6#release-5611-4',
- releaseDate: 'October 2, 2023',
- },
- {
- version: '6.1.5',
- url: '/docs/release_notes_128t_6.1#release-615-14-lts',
- releaseDate: 'September 22, 2023',
- },
- {
- version: '5.6.10',
- url: '/docs/release_notes_128t_5.6#release-5610-6',
- releaseDate: 'August 29, 2023',
- },
- {
- version: '5.5.11',
- url: '/docs/release_notes_128t_5.5#release-5511-4',
- releaseDate: 'August 21, 2023',
- },
- {
- version: '5.5.10',
- url: '/docs/release_notes_128t_5.5#release-5510-6',
- releaseDate: 'July 31, 2023',
- },
- {
- version: '5.6.9',
- url: '/docs/release_notes_128t_5.6#release-569-3',
- releaseDate: 'July 19, 2023',
- },
- {
- version: '6.1.4',
- url: '/docs/release_notes_128t_6.1#release-614-23r2',
- releaseDate: 'July 14, 2023',
- },
- {
- version: '5.5.9',
- url: '/docs/release_notes_128t_5.5#release-559-4',
- releaseDate: 'June 2, 2023',
- },
- {
- version: '5.6.8',
- url: '/docs/release_notes_128t_5.6#release-568-9',
- releaseDate: 'May 25, 2023',
- },
- {
- version: '6.1.3',
- url: '/docs/release_notes_128t_6.1#release-613-4r1',
- releaseDate: 'May 22, 2023',
- },
- {
- version: '6.1.2',
- url: '/docs/release_notes_128t_6.1#release-612-7r1',
- releaseDate: 'May 12, 2023',
- },
- {
- version: '6.0.10',
- url: '/docs/release_notes_128t_6.0#release-6010-5',
- releaseDate: 'May 12, 2023',
- },
- {
- version: '6.1.1',
- url: '/docs/release_notes_128t_6.1#release-611-6r1',
- releaseDate: 'April 28, 2023',
- },
- {
- version: '6.1.0',
- url: '/docs/release_notes_128t_6.1#release-610-55r1',
- releaseDate: 'April 14, 2023',
- },
- {
- version: '6.0.9',
- url: '/docs/release_notes_128t_6.0#release-609-3',
- releaseDate: 'April 3, 2023',
- },
- {
- version: '5.6.7',
- url: '/docs/release_notes_128t_5.6#release-567-4',
- releaseDate: 'March 16, 2023',
- },
- {
- version: '6.0.8',
- url: '/docs/release_notes_128t_6.0#release-608-20',
- releaseDate: 'March 7, 2023',
- },
- {
- version: '5.5.8',
- url: '/docs/release_notes_128t_5.5#release-558-7',
- releaseDate: 'February 1, 2023',
- },
- {
- version: '5.6.6',
- url: '/docs/release_notes_128t_5.6#release-566-7',
- releaseDate: 'January 18, 2023',
- },
- {
- version: '5.4.11',
- url: '/docs/release_notes_128t_5.4#release-5411-4',
- releaseDate: 'December 30, 2022',
- },
- {
- version: '5.6.5',
- url: '/docs/release_notes_128t_5.6#release-565-5',
- releaseDate: 'December 28, 2022',
- },
- {
- version: '6.0.7',
- url: '/docs/release_notes_128t_6.0#release-607-8',
- releaseDate: 'December 5, 2022',
- },
- {
- version: '5.4.10',
- url: '/docs/release_notes_128t_5.4#release-5410-3',
- releaseDate: 'November 23, 2022',
- },
- {
- version: '5.6.4',
- url: '/docs/release_notes_128t_5.6#release-564-3',
- releaseDate: 'November 18, 2022',
- },
- {
- version: '5.5.7',
- url: '/docs/release_notes_128t_5.5#release-557-3',
- releaseDate: 'November 15, 2022',
- },
- {
- version: '5.6.3',
- url: '/docs/release_notes_128t_5.6#release-563-6',
- releaseDate: 'November 7, 2022',
- },
- {
- version: '5.4.9',
- url: '/docs/release_notes_128t_5.4#release-549-7',
- releaseDate: 'November 9, 2022',
- },
- {
- version: '5.5.6',
- url: '/docs/release_notes_128t_5.5#release-556-2',
- releaseDate: 'October 21, 2022',
- },
- {
- version: '6.0.5',
- url: '/docs/release_notes_128t_6.0#release-605-17',
- releaseDate: 'October 14, 2022',
- },
- {
- version: '5.4.8',
- url: '/docs/release_notes_128t_5.4#release-548-8',
- releaseDate: 'October 11, 2022',
- },
- {
- version: '5.6.2',
- url: '/docs/release_notes_128t_5.6#release-562-7',
- releaseDate: 'October 4, 2022',
- },
- {
- version: '5.5.5',
- url: '/docs/release_notes_128t_5.5#release-555-3',
- releaseDate: 'September 23, 2022',
- },
- {
- version: '5.5.4',
- url: '/docs/release_notes_128t_5.5#release-554-8',
- releaseDate: 'September 19, 2022',
- },
- {
- version: '6.0.4',
- url: '/docs/release_notes_128t_6.0#release-604-11',
- releaseDate: 'September 12, 2022',
- },
- {
- version: '6.0.2',
- url: '/docs/release_notes_128t_6.0#release-602-8',
- releaseDate: 'August 16, 2022',
- },
- {
- version: '6.0.1',
- url: '/docs/release_notes_128t_6.0#release-601-12',
- releaseDate: 'August 15, 2022',
- },
- {
- version: '5.5.3',
- url: '/docs/release_notes_128t_5.5#release-553-4',
- releaseDate: 'August 19, 2022',
- },
- {
- version: '5.4.7',
- url: '/docs/release_notes_128t_5.4#release-547-7',
- releaseDate: 'August 4, 2022',
- },
- {
- version: '5.6.1',
- url: '/docs/release_notes_128t_5.6#release-561-18',
- releaseDate: 'August 1, 2022',
- },
- {
- version: '6.0.0',
- url: '/docs/release_notes_128t_6.0#release-600-56',
- releaseDate: 'July 18, 2022',
- },
- {
- version: '5.2.4',
- url: '/docs/release_notes_128t_5.2#release-524-1',
- releaseDate: 'July 7, 2022',
- },
- {
- version: '5.5.2',
- url: '/docs/release_notes_128t_5.5#release-552-5',
- releaseDate: 'June 30, 2022',
- },
- {
- version: '5.4.6',
- url: '/docs/release_notes_128t_5.4#release-546-9',
- releaseDate: 'June 28, 2022',
- },
- {
- version: '5.5.1',
- url: '/docs/release_notes_128t_5.5#release-551-6',
- releaseDate: 'June 1, 2022',
- },
- {
- version: '5.6.0',
- url: '/docs/release_notes_128t_5.6',
- releaseDate: 'May 20, 2022',
- },
- {
- version: '5.2.3',
- url: '/docs/release_notes_128t_5.2#release-523',
- releaseDate: 'May 20, 2022',
- },
- {
- version: '5.4.5',
- url: '/docs/release_notes_128t_5.4#release-545-8',
- releaseDate: 'May 11, 2022',
- },
- {
- version: '5.1.9',
- url: '/docs/release_notes_128t_5.1#release-519-1',
- releaseDate: 'March 16, 2022',
- },
- {
- version: '5.5.0',
- url: '/docs/release_notes_128t_5.5',
- releaseDate: 'March 7, 2022',
- },
- {
- version: '5.4.4',
- url: '/docs/release_notes_128t_5.4#release-544-9',
- releaseDate: 'February 18, 2022',
- },
- {
- version: '5.4.3',
- url: '/docs/release_notes_128t_5.4#release-543-8',
- releaseDate: 'January 27, 2022',
- },
- {
- version: '5.1.8',
- url: '/docs/release_notes_128t_5.1#release-518',
- releaseDate: 'January 18, 2022',
- },
- {
- version: '5.4.2',
- url: '/docs/release_notes_128t_5.4#release-542-5',
- releaseDate: 'December 22, 2021',
- },
- {
- version: '5.1.7',
- url: '/docs/release_notes_128t_5.1#release-517',
- releaseDate: 'December 9, 2021',
- },
- {
- version: '5.4.1',
- url: '/docs/release_notes_128t_5.4#release-541-4',
- releaseDate: 'November 23, 2021',
- },
- {
- version: '5.4.0',
- url: '/docs/release_notes_128t_5.4#release-540-104',
- releaseDate: 'November 18, 2021',
- },
- {
- version: '5.1.6',
- url: '/docs/release_notes_128t_5.1#release-516',
- releaseDate: 'October 27, 2021',
- },
- {
- version: '4.5.11',
- url: '/docs/release_notes_128t_4.5#release-4511',
- releaseDate: 'September 7, 2021',
- },
- {
- version: '5.2.2',
- url: '/docs/release_notes_128t_5.2#release-522',
- releaseDate: 'August 24, 2021',
- },
- {
- version: '5.1.5',
- url: '/docs/release_notes_128t_5.1#release-515',
- releaseDate: 'August 13, 2021',
- },
- {
- version: '5.3.0',
- url: '/docs/release_notes_128t_5.3#release-53',
- releaseDate: 'August 6, 2021',
- },
- {
- version: '5.2.1',
- url: '/docs/release_notes_128t_5.2#release-521',
- releaseDate: 'July 20, 2021',
- },
- {
- version: '5.1.4',
- url: '/docs/release_notes_128t_5.1#release-514',
- releaseDate: 'July 7, 2021',
- },
- {
- version: '4.5.10',
- url: '/docs/release_notes_128t_4.5#release-4510',
- releaseDate: 'June 8, 2021',
- },
- {
- version: '4.5.9',
- url: '/docs/release_notes_128t_4.5#release-459',
- releaseDate: 'May 20, 2021 ',
- },
- {
- version: '5.1.3',
- url: '/docs/release_notes_128t_5.1#release-513',
- releaseDate: 'May 17, 2021',
- },
- {
- version: '5.2.0',
- url: '/docs/release_notes_128t_5.2#release-5.2',
- releaseDate: 'May 10, 2021',
- },
- {
- version: '5.1.2',
- url: '/docs/release_notes_128t_5.1#release-512',
- releaseDate: 'April 30, 2021',
- },
- {
- version: '4.5.8',
- url: '/docs/release_notes_128t_4.5#release-458',
- releaseDate: 'April 28, 2021',
- },
- {
- version: '5.1.1',
- url: '/docs/release_notes_128t_5.1#release-511',
- releaseDate: 'April 12, 2021',
- },
- {
- version: '5.0.1',
- url: '/docs/release_notes_128t_5.0#release-501',
- releaseDate: 'April 12, 2021',
- },
- {
- version: '4.5.7',
- url: '/docs/release_notes_128t_4.5#release-457',
- releaseDate: 'April 12, 2021',
- },
- {
- version: '4.5.6',
- url: '/docs/release_notes_128t_4.5#release-456',
- releaseDate: 'March 26, 2021',
- },
- {
- version: '5.1.0',
- url: '/docs/release_notes_128t_5.1#release-5.1',
- releaseDate: 'March 15, 2021',
- },
- {
- version: '4.3.12',
- url: '/docs/release_notes_128t_4.3#release-4311',
- releaseDate: 'March 12, 2021 ',
- },
- {
- version: '4.5.5',
- url: '/docs/release_notes_128t_4.5#release-455',
- releaseDate: 'February 10, 2021',
- },
- {
- version: '5.0.0',
- url: '/docs/release_notes_128t_5.0#release-5.0',
- releaseDate: 'December 18, 2020',
- },
- {
- version: '4.5.4',
- url: '/docs/release_notes_128t_4.5#release-454',
- releaseDate: 'December 16, 2020',
- },
- {
- version: '4.5.3',
- url: '/docs/release_notes_128t_4.5#release-453',
- releaseDate: 'November 25, 2020',
- },
- {
- version: '4.2.9',
- url: '/docs/release_notes_128t_4.2#release-429',
- releaseDate: 'November 20, 2020',
- },
- {
- version: '4.3.11',
- url: '/docs/release_notes_128t_4.3#release-4311',
- releaseDate: 'November 13, 2020',
- },
- {
- version: '4.3.10',
- url: '/docs/release_notes_128t_4.3#release-4310',
- releaseDate: 'October 20, 2020',
- },
- {
- version: '4.5.2',
- url: '/docs/release_notes_128t_4.5#release-452',
- releaseDate: 'October 13, 2020',
- },
- {
- version: '4.5.1',
- url: '/docs/release_notes_128t_4.5#release-451',
- releaseDate: 'September 16, 2020',
- },
- {
- version: '4.4.2',
- url: '/docs/release_notes_128t_4.3#release-442',
- releaseDate: 'September 3, 2020',
- },
- {
- version: '4.3.9',
- url: '/docs/release_notes_128t_4.3#release-439',
- releaseDate: 'August 12, 2020',
- },
- {
- version: '4.5.0',
- url: '/docs/release_notes_128t_4.5#release-450',
- releaseDate: 'July 23, 2020',
- },
- {
- version: '4.4.1',
- url: '/docs/release_notes_128t_4.3#release-441',
- releaseDate: 'July 10, 2020',
- },
- {
- version: '4.3.8',
- url: '/docs/release_notes_128t_4.3#release-438',
- releaseDate: 'June 26, 2020',
- },
- {
- version: '4.3.7',
- url: '/docs/release_notes_128t_4.3#release-437',
- releaseDate: 'June 9, 2020',
- },
- {
- version: '4.2.8',
- url: '/docs/release_notes_128t_4.2#release-428',
- releaseDate: 'June 5, 2020',
- },
- {
- version: '4.3.6',
- url: '/docs/release_notes_128t_4.3#release-436',
- releaseDate: 'May 28, 2020',
- },
- {
- version: '4.1.10',
- url: '/docs/release_notes_128t_4.1#release-4110',
- releaseDate: 'May 28, 2020',
- },
- {
- version: '4.3.5',
- url: '/docs/release_notes_128t_4.3#release-435',
- releaseDate: 'May 22, 2020',
- },
- {
- version: '4.4.0',
- url: '/docs/release_notes_128t_4.4#release-440',
- releaseDate: 'May 19, 2020',
- },
- {
- version: '4.3.4',
- url: '/docs/release_notes_128t_4.3#release-434',
- releaseDate: 'May 1, 2020',
- },
- {
- version: '4.2.7',
- url: '/docs/release_notes_128t_4.2#release-427',
- releaseDate: 'May 1, 2020',
- },
- {
- version: '4.1.9',
- url: '/docs/release_notes_128t_4.1#release-419',
- releaseDate: 'May 1, 2020',
- },
- {
- version: '4.3.3',
- url: '/docs/release_notes_128t_4.3#release-433',
- releaseDate: 'April 12, 2020',
- },
- {
- version: '4.3.2',
- url: '/docs/release_notes_128t_4.3#release-432',
- releaseDate: 'April 10, 2020',
- },
- {
- version: '4.2.6',
- url: '/docs/release_notes_128t_4.2#release-426',
- releaseDate: 'April 8, 2020',
- },
- {
- version: '4.2.5',
- url: '/docs/release_notes_128t_4.2#release-425',
- releaseDate: 'March 26, 2020',
- },
- {
- version: '4.3.1',
- url: '/docs/release_notes_128t_4.3#release-431',
- releaseDate: 'March 6, 2020 ',
- },
- {
- version: '4.1.8',
- url: '/docs/release_notes_128t_4.1#release-418',
- releaseDate: 'Februray 28, 2020',
- },
- {
- version: '4.2.4',
- url: '/docs/release_notes_128t_4.2#release-424',
- releaseDate: 'February 14, 2020',
- },
- {
- version: '4.3.0',
- url: '/docs/release_notes_128t_4.3#release-430',
- releaseDate: 'February 8, 2020',
- },
- {
- version: '4.2.3',
- url: '/docs/release_notes_128t_4.2#release-423',
- releaseDate: 'January 27, 2020',
- },
- {
- version: '4.1.7',
- url: '/docs/release_notes_128t_4.1#release-417',
- releaseDate: 'January 8, 2020',
- },
- {
- version: '4.2.2',
- url: '/docs/release_notes_128t_4.2#release-422',
- releaseDate: 'December 20, 2019',
- },
- {
- version: '4.2.1',
- url: '/docs/release_notes_128t_4.2#release-421',
- releaseDate: 'December 13, 2019',
- },
- {
- version: '4.1.6',
- url: '/docs/release_notes_128t_4.1#release-416',
- releaseDate: 'December 6, 2019',
- },
- {
- version: '4.2.0',
- url: '/docs/release_notes_128t_4.2#release-420',
- releaseDate: 'November 21, 2019',
- },
- {
- version: '4.1.5',
- url: '/docs/release_notes_128t_4.1#release-415',
- releaseDate: 'July 24, 2019',
- },
- {
- version: '4.1.4',
- url: '/docs/release_notes_128t_4.1#release-414',
- releaseDate: 'June 9, 2019',
- },
- {
- version: '4.1.3',
- url: '/docs/release_notes_128t_4.1#release-413',
- releaseDate: 'April 26, 2019',
- },
- {
- version: '4.1.2',
- url: '/docs/release_notes_128t_4.1#release-412',
- releaseDate: 'April 16, 2019',
- },
- {
- version: '4.1.1',
- url: '/docs/release_notes_128t_4.1#release-411',
- releaseDate: 'March 5, 2019',
- },
- {
- version: '4.1.0',
- url: '/docs/release_notes_128t_4.1#release-410',
- releaseDate: 'February 7, 2019',
- },
- {
- version: '4.0.1',
- url: '/docs/release_notes_128t_4.0#release-401',
- releaseDate: 'January 22, 2019',
- },
- {
- version: '4.0.0',
- url: '',
- releaseDate: 'December 18, 2018',
- },
- {
- version: '3.2.8',
- url: '',
- releaseDate: 'November 12, 2018',
- },
-];
-
-// ----------------------------------------------------------------------------
-// PesterDataTable column definition
-// ----------------------------------------------------------------------------
-export const columns = [
- {
- Header: "Version",
- accessor: "version",
- className: "pester-data-table left",
- Cell: ({ cell: { value }, row: { original } }) => (
-
- {value}
-
- ),
- },
- {
- Header: "Release Date",
- accessor: "releaseDate",
- className: "pester-data-table left",
- sortType: DateSort
- },
-];
-
-function DateSort(a, b)
-{
- var a1 = new Date(a).getTime();
- var b1 = new Date(b).getTime();
- if(a1 security-key-management > peer-key-retransmit-interval`. If there is no response after the time defined by `authority > security-key-management > peer-key-timeout`, the peer path is declared invalid and removed from service. Once the peer is taken out of service due to key timeout, it will continue to send rekey attempts at the `peer-key-timeout intervals`, or upon interface state change.
+
+### Requirements
+
+SSR-7.0.0 is required on all devices participating in the SVR ZTNA. Any SSR running an older version of software that does not support this functionality will cause traffic to fail between those peers. In these cases, events will be generated when peering fails to establish.
+
+## Configuration
+
+Configuration is performed on the conductor, at the Authority level, on a per router basis. To accept the default values for enhanced security key management:
+
+1. Set `enhanced-security-key-management` to `true`;
+
+```
+config
+
+ authority
+ enhanced-security-key-management true
+```
+2. Configure a `peering-common-name` on each router. In a secure environment, the router name should never be sent between routers as plaintext in BFD messages. The `peering-common-name` is an alias that identifies the router and is configured at the router level. When `enhanced-security-key-management` is configured, it is integrated into the auto-generated adjacencies list for the peers of the router from the neighborhood configuration.
+
+```
+ router combo-east
+ name combo-east
+ peering-common-name second-fake-alias-2
+ location usa
+ description "router 1"
+ inter-node-security internal
+```
+
+#### Rekeying (Key Rotation) Atttributes and Default Values
+
+| Configuration Attributes | Description |
+| --- | --- |
+| key-exchange-algorithm | Configure Key Exchange Algorithm |
+| payload-key-rekey-interval | Hours between payload security key regeneration. Range is 1-720, or never. Default is 24 hours. |
+| peer-key-rekey-interval | Hours between security key regeneration for peer routers. Range is 1-720, or never. Default is 24 hours. |
+| peer-key-retransmit-interval | Seconds between security key retransmission for peer routers, when peer key establishment has not been acknowledged. Range is 5-3600. Default is 30 seconds. |
+| peer-key-timeout | Seconds before security key retransmission timeout for peer routers, when peer key establishment has not been acknowledged. Default is 3600 seconds. |
+
+In cases where you want to manually force key rotation on the routers, you can use the `security metadata-key regenerate` command to tell the active node to immediately regenerate the metadata key with an incremented rekey index. The active node will push the new metadata key to the peer node and highway process.
+
+#### Sample Default Configuration:
+
+```
+config
+
+ authority
+ enhanced-security-key-management true
+
+
+
+ router RTR_EAST_CONDUCTOR
+ name RTR_EAST_CONDUCTOR
+
+ node conductor-east-1
+ name conductor-east-1
+ exit
+ exit
+
+ router combo-east
+ name combo-east
+ peering-common-name second-fake-alias-2
+ location usa
+ description "router 1"
+ inter-node-security internal
+
+
+
+ router combo-west
+ name combo-west
+ peering-common-name second-fake-alias-3
+ location usa
+ inter-node-security internal
+```
+### Real World Configuration
+
+What is a reasonable set of values that a customer would actually configure to truly utilize key rotation in a production environment, that would provide true security?
+
+## Troubleshooting
+
+
+
diff --git a/sidebars-orig.js b/sidebars-orig.js
new file mode 100644
index 0000000000..ec60dbe2d3
--- /dev/null
+++ b/sidebars-orig.js
@@ -0,0 +1,489 @@
+module.exports = {
+ "docs": {
+ "About": [
+ "about_128t",
+ "about_svr_savings",
+ "about_releases",
+ "about_support_policy",
+ "about_supported_platforms",
+ "about_certified_platforms",
+ "about_security_policy",
+ "CONTRIBUTING",
+ ],
+ "Introduction": [
+ "intro_getting_started",
+ ],
+ "Deployment Considerations": [
+ "intro_system_reqs",
+ "config_firewall_ports",
+ ],
+ "SSR Common Criteria Install and Configuration": [
+ "cc_fips_titlepage",
+ "cc_fips_intro",
+ "cc_fips_compliance_guidelines",
+ "cc_fips_ssr_security_scope",
+ "cc_fips_secure_deliver",
+ "cc_fips_intro_installation",
+ "cc_fips_downloading_iso",
+ "cc_fips_conductor_install",
+ "cc_fips_otp_router_install",
+ "cc_fips_install_quickstart_otpiso",
+ "cc_fips_router_install",
+ "cc_fips_access_mgmt",
+ "cc_fips_config_ntp_auth",
+ "cc_fips_config_password_policies",
+ "cc_fips_config_audit_event",
+ "cc_fips_sec_firewall_filtering",
+ "cc_fips_banners",
+ "cc_fips_software_upgrades",
+ "cc_fips_appendix",
+ ],
+ "Upgrading the SSR": [
+ "intro_upgrade_considerations",
+ "intro_upgrading",
+ "upgrade_ibu_conductor",
+ "upgrade_router",
+ "upgrade_restricted_access",
+ "upgrade_legacy",
+ "intro_rollback",
+ ],
+ "Installation Overview": [
+ "intro_installation",
+
+ ],
+ "RMA Workflows": [
+ "rma_wan_assurance",
+ ],
+ "SSR Universal ISO Installation": [
+ "intro_installation_univ-iso",
+ "install_univ_iso",
+ "initialize_u-iso_device",
+ "initialize_u-iso_adv_workflow",
+ ],
+ "Cloud / Hypervisor Installations": [
+ "supported_cloud_platforms",
+ "install_vmware_config",
+ "intro_initialize_HA_conductor",
+ {
+ "type": "category",
+ "label": "Installing In AWS",
+ "items": [
+ "intro_installation_quickstart_aws",
+ "intro_installation_quickstart_mist_aws",
+ "intro_installation_quickstart_byol_conductor_aws",
+ "intro_installation_quickstart_byol_mist_aws",
+ ],
+ },
+ {
+ "type": "category",
+ "label": "Installing In Azure",
+ "items": [
+ "intro_installation_azure",
+ "intro_installation_azure_mist",
+ "intro_installation_byol_azure_conductor",
+ "intro_installation_byol_azure_mist",
+ ],
+ },
+ ],
+ "Legacy Install Information": [
+ "intro_installation_legacy",
+ "intro_downloading_iso",
+ "intro_creating_bootable_usb",
+ {
+ "type": "category",
+ "label": "Conductor Installation",
+ "items": [
+ "install_conductor_overview",
+ "bcp_conductor_deployment",
+ "single_conductor_install",
+ "ha_conductor_install",
+ "single_conductor_config",
+ "conductor_upgrade",
+ "howto_conductor_migration",
+ ],
+ },
+ {
+ "type": "category",
+ "label": "Router Installation",
+ "items": [
+ "intro_installation_bootable_media",
+ "intro_basic_router_config",
+ "intro_otp_iso_install",
+ "intro_install_quickstart_otpiso",
+ "onboard_ssr_to_conductor",
+ "onboard_ssr_device_otp",
+ "howto_router_migration",
+ ],
+ },
+ {
+ "type": "category",
+ "label": "Image-Based Installation",
+ "items": [
+ "intro_installation_image",
+ ],
+ },
+ {
+ "type": "category",
+ "label": "Appendix",
+ "items": [
+ "intro_installation_installer",
+ "install_qcow2_deployment",
+ "legacy_OTP_install",
+ ],
+ },
+ ],
+ "Concepts": [
+ "concepts_application_discovery",
+ "concepts_EthOverSVR",
+ "concepts_ha_theoryofoperation",
+ "concepts_interface_types",
+ "concepts_kni",
+ "concepts_linux_host_networking",
+ "concepts_learning_VRF_routes",
+ "concepts_network_planes",
+ "concepts_metadata",
+ "concepts_metrics",
+ "concepts_machine_communication",
+ "concepts_pcli",
+ "concepts_session_timer",
+ "concepts_waypoint_ports",
+ "concepts_monitoring",
+ "concepts_glossary",
+ ],
+ "Understanding the Forwarding Information Base": [
+ "concepts_fib",
+ "concepts_fib_construction",
+ "concepts_fib_design",
+ "bcp_fib_design",
+ "ts_fib",
+ ],
+ "WAN Assurance": [
+ "wan_overview",
+ "hdwr_ssr_device_port_layout",
+ {
+ "type": "category",
+ "label": "WAN Assurance Quick Start",
+ "items": [
+ "wan_assurance_ssr120_quickstart",
+ "wan_assurance_ssr130_quickstart",
+ "wan_assurance_ssr1200_quickstart",
+ "wan_assurance_ssr1300_quickstart",
+ "wan_assurance_ssr1400_quickstart",
+ "wan_assurance_ssr1500_quickstart",
+ "intro_wa_quickstart_3_templates",
+ "intro_wa_quickstart_4_siteassign",
+ ],
+ },
+ {
+ "type": "category",
+ "label": "Whitebox Adoption",
+ "items": [
+ "wan_staging",
+ "hdwr_whitebox_port_layout",
+ "wan_onboarding_whitebox",
+ "wan_telemetry_site_assign",
+ ]
+ },
+ {
+ "type": "category",
+ "label": "Cloud Telemetry for a Conductor-Managed SSR",
+ "items": [
+ "config_wan_assurance",
+ "wan_telemetry_features",
+ "wan_telemetry_troubleshooting",
+ ],
+ },
+ ],
+ "Administration": [
+ {
+ "type": "category",
+ "label": "Configuration",
+ "items": [
+ "config_basics",
+ "config_templates",
+ "config_asset_connection_resiliency",
+ "config_session_recovery",
+ "config_dscp_steering",
+ "config_dscp_preservation",
+ "config_vrf_learning",
+ "config_audit_event",
+ "config_dns_proxy",
+ "config_forward_error_correction",
+ "config_management_over_forwarding",
+ "config_domain-based_web_filter",
+ "config_application_steering",
+ "config_EthoSVR",
+ "config_EthoSVR_activestandby",
+ "config_flow_perf_mon",
+ "config_gre_tunnel",
+ "config_in-memory_metrics",
+ "config_rate_limiting",
+ "config_RBAC",
+ "config_service_health",
+ "config_snmp",
+ "howto_config_snmp",
+ "config_snmp_metrics",
+ "config_static_hostname_mapping",
+ "config_tenants",
+ "config_transport_encryption",
+ ],
+ },
+ {
+ "type": "category",
+ "label": "Application Identification",
+ "items": [
+ "concepts_appid",
+ "config_app_ident",
+ "how_to_use_app_summary",
+ "app_policy_hit_count",
+ ],
+ },
+ {
+ "type": "category",
+ "label": "Optimizing Routing Protocols",
+ "items": [
+ "howto_tune_bfd",
+ "config_session_optimization",
+ "config_bgp",
+ "config_vrf_route_leaking",
+ "config_ospf",
+ "config_bfd",
+ "config_multicast",
+ "config_lacp",
+ "config_dhcp",
+ ],
+ },
+ {
+ "type": "category",
+ "label": "Network Address Translation (NAT)",
+ "items": [
+ "config_source-dest_nat",
+ "config_static_nat",
+ "config_dnat",
+ "config_nat_pools",
+ "ts_nat_troubleshooting",
+ ],
+ },
+ {
+ "type": "category",
+ "label": "High Availability",
+ "items": [
+ "config_ha",
+ "config_dual_router_ha",
+ "config_ha_vrrp",
+ "config_non_forwarding_ha_interfaces",
+ "config_adding_interfaces_to_ha_team",
+ "config_transition_standalone_to_ha",
+ ],
+ },
+ {
+ "type": "category",
+ "label": "Traffic Engineering",
+ "items": [
+ "concepts_traf_eng",
+ "bcp_per-adjacency_traffic_engineering",
+ "config_te_net_intf",
+ "config_dev_intf_traf_eng",
+ ]
+ },
+ {
+ "type": "category",
+ "label": "Access Management and Authentication",
+ "items": [
+ "config_access_mgmt",
+ "config_ldap",
+ "config_radius",
+ "config_radsec",
+ "config_syslog_tls",
+ "config_webserver_certs",
+ "config_password_security",
+ "config_password_policies",
+ "howto_reset_user_password",
+ ],
+ },
+ {
+ "type": "category",
+ "label": "NTP",
+ "items": [
+ "config_ntp_auth",
+ ],
+ },
+ {
+ "type": "category",
+ "label": "Security",
+ "items": [
+ "sec_adaptive_encrypt",
+ "sec_firewall_filtering",
+ "sec_security_policy",
+ "sec_hardening_guidelines",
+ "sec-usb-security",
+ "sec-disable-console-output",
+ "cert_based_sec_encrpt",
+ ],
+ },
+ {
+ "type": "category",
+ "label": "Intrusion Detection and Prevention",
+ "items": [
+ "concepts_ssr_idp",
+ "config_idp",
+ "ts_idp",
+ "sec-config-antivirus",
+ ],
+ },
+ {
+ "type": "category",
+ "label": "How To",
+ "items": [
+ "howto_update_bios",
+ "how_to_local_config_override",
+ "howto_extend_gui_nav",
+ "howto_lte",
+ "config_bfd_tunnel",
+ "howto_config_PPPoE",
+ "howto_pppoe_vlan",
+ "howto_ms365",
+ "howto_trusted_ca_certificate",
+ ],
+ },
+ {
+ "type": "category",
+ "label": "Troubleshooting",
+ "items": [
+ "ts_applications",
+ "ts_ap_duplicate_assets",
+ "ts_ap_salt_minion",
+ "ts_cpu_spikes",
+ "ts_connecting_to_routers",
+ "ts_forwarding_resource_pools",
+ "ts_logs",
+ "ts_mac_uniqueness",
+ "ts_packet_capture",
+ "ts_serial_console_tsing",
+ "ts_session_processing",
+ "ts_t1_troubleshooting",
+ "ts_traceroute",
+ "ts_troubleshooting_vrf",
+ ],
+ },
+ ],
+ "Events": [
+ "events_overview",
+ "events_alarms",
+ "events_events",
+ "config_alarm_suppression",
+ "howto_maintenance_mode",
+ ],
+ "Best Practices": [
+ "bcp_sdwan_design_guide",
+ "bcp_per-adjacency_traffic_engineering",
+ "bcp_att_avpn_configuration",
+ "bcp_using_128T_as_ntp_server",
+ "bcp_dhcp_relay_overview",
+ "bcp_qos_msft_expressroute",
+ "bcp_lte_peering",
+ "bcp_monitoring_headends",
+ "bcp_salt_pillars",
+ "bcp_service_and_service_policy_design",
+ "bcp_service-policy_defaults",
+ "bcp_tenants",
+ ],
+ "CLI and Element Reference": [
+ "cli_reference",
+ "config_command_guide",
+ "config_reference_guide",
+ "cli_stats_reference",
+ "intro_rest_graphql_apis",
+ ],
+ "Installer/Initializer Reference": [
+ "installer_cli_reference",
+ "installer_preferences",
+ "initializer_cli_reference",
+ "initializer_preferences",
+ ],
+ "Plugins": [
+ "plugin_intro",
+ "plugin_bgp_community_services",
+ "plugin_cloud_ha",
+ "plugin_dns_app_id",
+ "plugin_dns_cache",
+ "plugin_gre",
+ "plugin_ha_sync_redundancy",
+ "plugin_http_probe",
+ "plugin_icmp_reachability_detection",
+ "plugin_ipsec_client",
+ "plugin_loopback_static_routes",
+ "plugin_m800_watchdog",
+ "plugin_monitoring_agent",
+ "plugin_mosh",
+ "plugin_set_hostname",
+ "plugin_sip_alg",
+ "plugin_wireguard",
+ "plugin_kni_namespace_scripts",
+ ],
+ "Release Notes": [
+ {
+ "type": "category",
+ "label": "SSR",
+ "items": [
+ "release_notes_128t_7.0",
+ "release_notes_128t_6.3",
+ "release_notes_128t_6.2",
+ "release_notes_128t_6.1",
+ "release_notes_128t_6.0",
+ "release_notes_128t_5.6",
+ "release_notes_128t_5.5",
+ "release_notes_128t_5.4",
+ "release_notes_128t_5.3",
+ "release_notes_128t_5.2",
+ "release_notes_128t_5.1",
+ "release_notes_128t_5.0",
+ "release_notes_128t_4.5",
+ "release_notes_128t_4.4",
+ "release_notes_128t_4.3",
+ "release_notes_128t_4.2",
+ "release_notes_128t_4.1",
+ "release_notes_128t_4.0",
+ ],
+ },
+ {
+ "type": "category",
+ "label": "SSR Installer",
+ "items": [
+ "release_notes_128t_installer_3.2",
+ "release_notes_128t_installer_3.1",
+ "release_notes_128t_installer_3.0",
+ "release_notes_128t_installer_2.7",
+ "release_notes_128t_installer_2.6",
+ "release_notes_128t_installer_2.5",
+ "release_notes_128t_installer_2.4",
+ "release_notes_128t_installer_2.3",
+ "release_notes_128t_installer_2.2",
+ "release_notes_128t_installer_2.1",
+ ],
+ },
+ {
+ "type": "category",
+ "label": "WAN Assurance",
+ "items": [
+ "release_notes_wan_assurance_plugin_3.10",
+ "release_notes_wan_assurance_plugin_3.9",
+ "release_notes_wan_assurance_plugin_3.8",
+ "release_notes_wan_assurance_plugin_3.7",
+ "release_notes_wan_assurance_plugin_3.6",
+ "release_notes_wan_assurance_plugin_3.5",
+ "release_notes_wan_assurance_plugin_3.4",
+ "release_notes_wan_assurance_plugin_3.3"
+ ]
+ },
+ {
+ "type": "category",
+ "label": "BYOL Cloud Images",
+ "items": [
+ "release_notes_byol_2.0",
+ "release_notes_byol"
+ ]
+ }
+ ],
+ },
+};
diff --git a/sidebars.js b/sidebars.js
index 5c9ee187aa..a429d7e03a 100644
--- a/sidebars.js
+++ b/sidebars.js
@@ -13,6 +13,7 @@ module.exports = {
"type": "category",
"label": "SSR",
"items": [
+ "release_notes_128t_7.0",
"release_notes_128t_6.3",
"release_notes_128t_6.2",
"release_notes_128t_6.1",
@@ -237,6 +238,7 @@ module.exports = {
"concepts_appid",
"config_app_ident",
"how_to_use_app_summary",
+ "app_policy_hit_count",
],
},
{
@@ -346,6 +348,7 @@ module.exports = {
"config_syslog_tls",
"config_webserver_certs",
"howto_trusted_ca_certificate",
+ "config_password_security",
"config_password_policies",
"howto_reset_user_password",
"config_ntp_auth",
@@ -361,6 +364,8 @@ module.exports = {
"sec_hardening_guidelines",
"sec-usb-security",
"sec-disable-console-output",
+ "cert_based_sec_encrpt",
+ "svr-ztna",
],
},
{
diff --git a/static/img/svr-ztna-key-exchange.png b/static/img/svr-ztna-key-exchange.png
new file mode 100644
index 0000000000..6fd07a33f5
Binary files /dev/null and b/static/img/svr-ztna-key-exchange.png differ
diff --git a/static/img/u-iso11_cond-mngd-assoc-new.png b/static/img/u-iso11_cond-mngd-assoc-new.png
new file mode 100644
index 0000000000..d245b4521b
Binary files /dev/null and b/static/img/u-iso11_cond-mngd-assoc-new.png differ
diff --git a/static/img/u-iso11_define_conductor copy.png b/static/img/u-iso11_define_conductor copy.png
new file mode 100644
index 0000000000..e65ff23f5f
Binary files /dev/null and b/static/img/u-iso11_define_conductor copy.png differ
diff --git a/static/img/u-iso9_define_conductor.png b/static/img/u-iso9_define_conductor.png
index faeddcf8a1..0db58fe953 100644
Binary files a/static/img/u-iso9_define_conductor.png and b/static/img/u-iso9_define_conductor.png differ
diff --git a/static/img/u-iso9a_ha_conductor-2 copy.png b/static/img/u-iso9a_ha_conductor-2 copy.png
new file mode 100644
index 0000000000..11890c8fde
Binary files /dev/null and b/static/img/u-iso9a_ha_conductor-2 copy.png differ
diff --git a/static/img/u-iso9a_ha_conductor1.png b/static/img/u-iso9a_ha_conductor1.png
new file mode 100644
index 0000000000..e0035e3242
Binary files /dev/null and b/static/img/u-iso9a_ha_conductor1.png differ
diff --git a/static/img/ztna-sample-topo.png b/static/img/ztna-sample-topo.png
new file mode 100644
index 0000000000..6e4054136e
Binary files /dev/null and b/static/img/ztna-sample-topo.png differ