- Sonar Server - Please upgrade to the latest version to get important bug fixes and performance enhancements. Upgrade instructions may be found at the bottom of this page. If you need assistance, please contact Customer Support.
- Security Enhancements - Support for WPA3 Enterprise
- Usability Improvements - Locations with no service areas are now hidden in Analyzer topology
- Wi-Fi 6 KPI Support - 802.11ax frames now included in the following calculations:
- Total Client Retries
- (Total MU client retries) / (SU filtered frame total + MU frame total) = Combined retry rate
- Single-user AP Retries
- Single-user Client Retries - client retries that occur with any single user modulation in any supported PHY can be counted directly using the retry bit in the MAC header
- Multi-user Client Retries - client retries that occur within OFDMA can be inferred from examining the Mult-STA BlockAck frame that follows UL OFDMA
- Total Airtime Utilization % (now includes all frames all PHYs)
- OFDMA Airtime Utilization % (does not include DL OFDMA)
- UL OFDMA Airtime Utilization %
- OFDMA traffic Volume % (also does not include DL OFDMA)
- BSS Info (Configurator and Analyzer information dialogs)
- Spatial Reuse Parameters
- AP Channel Report
- Reduced Neighbor Report
- AP Change Events for BSS Color Changes
- Total Client Retries
- Support for OWE (Opportunistic Wireless Encryption for open networks)
- Replaced 7SIGNAL's internal AP identifier with AP Name from the following Analyzer reports: SLA, End-to-End, Frames, Channels, and Data Rates
April 2022 Security Notification Regarding Spring4Shell
- Document download
Date and time incident began: April 8, 2022
Date and time incident ended: April 14, 2022 (planned at time of issued document)
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to
remote code execution (RCE) via data binding. The specific exploit requires the
application to run on Tomcat as a WAR deployment. If the application is deployed as a
Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However,
the nature of the vulnerability is more general, and there may be other ways to exploit
Impact identified vulnerability:
• Sapphire Eye using version 4.3.2 no impact or risk.
• Sapphire Eye hardware not using Spring Framework.
• Mobile Eye web application not using Spring Framework.
• Mobile Eye Agents Using 5.2.3 (no risk not a web server).
• Production System tested for all Spring Framework products with no risks
• SIEM logs showed no signs of exploitation.
• Sapphire Eye will update to a more current version in Q2 or Q3 2022 as planned
in the technical roadmap.
• Mobile Eye Agent will upgrade to 5.3.18 by 4/15/2022 once tested to ensure no
new issues are introduced into Production.
• Mobile Eye Agent.
• No loss of data.
• No security breach or risk was introduced.
Procedural or Design changes planned:
• Continue to run vulnerability testing with 3rd party tools (per 7SIGNAL policy).
• Continue to monitor https://nvd.nist.gov/vuln/detail/cve-2022-22965 for future
• Reviewed Incident with 7SIGNAL CTO
- GET Sapphire Eye status (idle, active, offline, maintenance)
- GET non-managed access point list
- New function calls visible through online Swagger document
Security Enhancements and Support
- WPA3 and OWE
- Analyzer: New URL (region.cloud.7signal.com/analyzer)
- Analyzer: New icons that more accurately depict endpoint destinations (Sonar, web download, ping)
- Analyzer: Show/hide legend available for each chart generated
- Analyzer: Channels report, AP's listed in alpha/numeric order
- Configurator: Map Config, "All Services Areas" is now unselected by default
- Configurator: Date/time stamp provided for when test profile was last updated
- Configurator: For organizations managing multiple tenants, organization list now alphabetized
- Configurator: New system alert for "Webhook Call Failed"
- Support for LLDP upon Sapphire Eye reboot (information discovered is also available through the API)
- Various bug fixes and performance improvements.
- Support for IPv6 configuration on testing interfaces, including:
- DHCPv6 KPIs
- SLAAC KPIs
- "Basic" KPI list is changing to reflect the most often used KPIs for the End-to-End and Frames tabs in Sapphire Analyzer.
- End to End Basic KPI List
- Beacon Availability
- Radio Attach Success Rate
- Total EAP Authentication Success Rate
- DHCP Success Rate
- Ping Success Rate
- Ping RTT
- HTTP DL Throughput
- HTTP UL Throughput
- VoIP MOS Download
- VoIP MOS Upload
- Packet Loss
- Signal Strength
- AP Channel
- Frames Basic KPI List
- AP Retries
- Client Retries
- Airtime Utilization
- QBSS Channel Utilization
- Number of Clients per AP
- QBSS Station Count
- End to End Basic KPI List
January 2022 Security Notification Regarding Log4j
Log4j update to version 2.17.1 to be applied for all cloud servers in response to Log4j vulnerability CVE-2021-44832.
Please update your local Sonar/Carat servers following the instructions towards the bottom of this knowledge base article.
Please email Customer Support with any questions.
Also as part of this maintenance, fixed the issue with DSCP tagging on uplink for voice and video testing.
December 2021 Security Notification Regarding Log4j
7SIGNAL cloud servers have all been patched and protected from the Log4j vulnerabilities:
If you have a Sonar™ server or Sapphire Carat™ server onsite, instructions may be found towards the bottom of this knowledge article. Please contact 7SIGNAL Customer Support if you have questions or need any assistance. Mobile Eye® is not affected by this vulnerability.
November 2021 Release 22.214.171.124
Various bug fixes and improvements including a correction to the Airtime Utilization calculation that occasionally resulted in values greater than 100%. Also, improved Aerohive/Mikrotik/Extreme access point name detection.
August 2021 Release 126.96.36.199
Improved Topology pane makes Analyzer™ reporting easier to use and understand, with new nomenclature, powerful search, and simple checkboxes for filtering.
Table of aggregation name changes below:
|Previous Name||New Name||Description of Aggregation (grouping)|
|NWBandServ||Service Area||Network per band per service area aggregation|
|APEye||Access Point||Access point per Sapphire Eye aggregation|
|APGroup||Access Point Group||Access point group aggregation|
|NW||Network||Network (SSID) aggregation|
|n/a||Location||Location aggregation - NEW TO ANALYZER|
|EyeEth||Eye Ethernet||Sapphire Eye aggregation, Ethernet testing|
|EyeAnt||Eye Antenna||Sapphire Eye antenna aggregation|
|Eye||Eye Wi-Fi||Sapphire Eye aggregation|
|ChEye||Channel||Sapphire Eye channel aggregation|
|DestAP||Destination||Sonar endpoint per access point aggregation|
- Less common aggregations now hidden by default. Check the Advanced box at the top of the pane to reveal.
- The following aggregations have been deprecated...
- DestEyeEth, Link, NWServ, NWEye, NWBand, NWBandServ, NWBandEye, NWBandEyeAnt, APEyeAnt, ChEyeAnt, QoSAP
- Only selections that are relevant to the report at-hand are displayed.
- Use new search functionality to find anything (Service Area, AP, Network, etc.)
- Selections are saved and carried forward to the next report tab. You may also go back to a previous set of selections.
- An additional 'generate report' button has been added to the bottom of the Topology pane, along with PDF and CSV export icons.
- Report size indicator updates after each Topology selection and appears at the bottom of the Topology pane.
New top navigation menu - reordered to accommodate the most common troubleshooting workflows.
July 2021 Release 188.8.131.52
- Meraki access point name identification
- SSID names appear on automated reports
- Ability to pipe packet capture data directly from a Sapphire Eye to a network drive
- Various bug fixes and security enhancements
April 2020 Release 8.2.2
Public Key Infrastructure (PKI) Improvements
- Support for new 7SIGNAL certificate (Eye’s must have this installed prior to May 14 to maintain connectivity to Cloud)
- Improved software signing capabilities
- Easier to complete Eye software upgrades
- Disconnected Eye status included in upgrade workflow – tells you what you need to get connected
- Paused test status indicators for Eyes
- OTA Mode Enhancements
- Connection state notifications
- Countdown timer for reconnection to server
- Set test cycle durations
- Supplicant output for WPA
- Ability to disable alarm groups or individual alarms within a group
- Automated Reports – ability to change order of SLA appearance
- AP Naming – option to keep your AP name (and other manual edits) the same even if it is changed on the controller
- DHCP Discover messages KPI added (helps identify Cisco bug)
- Simplified command for showing system logs when SSHd into different Eye models
June 2019 Release 8.2
Sapphire Eye 2200
- Support for 802.11ac Wave 2
- RPM based software installations and upgrades improves speed and simplicity of deployment. Use commands below:
- Cloudsmith repository for devops
- #yum install 7signal-Sapphire
- #yum upgrade
- Overall report generation performance improvements
- Data Rates reports now show spatial streams, channel width, mcs, and 802.11 standard in use
- Topology pane now shows disconnected Eyes
- Macro KPIs (EyeQ) now available in Dashboard KPI dropdown selector
- Alarms that are 30 days old now automatically purged
- Setup Wizard improvements
- Will simultaneous setup 100 Eyes
- Configurable signal strength and band setup wizard
- LAN test now included
- Automated Reports
- Select the KPI’s you want to see in the SLA report
- Select time intervals
- Use random MAC address
- Configure multiple APs at once with new multi-select feature
- Various bug fixes
- Control over Sapphire Eye LED (blink/no blink/off)
- REST API now supports all KPIs