...
- When there are a total of nine (9) rulesets stored in the database, the ruleset that is not used by the appliance and is not marked as "Do Not Delete" will be replaced by the newly downloaded ruleset.
- If there are more than one ruleset that can be replaced, the appliance selects the oldest version based on the version number.
- If a specific system or auto rule from the current ruleset version does not exist in the new ruleset, it will not be migrated to the new ruleset.
- If a specific template from the current ruleset version does not exist in the new ruleset, all of its custom rules will not be migrated to the new ruleset.
- There is change in behavior in Advanced DNS Protection (ADP) ruleset for DNS type64/65 rules. They are changed from default Drop to Pass.
- During a NIOS upgrade to 9.0.2 and higher versions, the NIOS node that has the Advanced DNS Protection running continues to Drop DNS type64/65 queries. As the setting of these rules in earlier releases is inherited into the new ruleset that gets downloaded/uploaded.
- You must manually change the action to Pass to enable DNS Type 64/65 queries in such an instance. If these rules were manually changed to Pass in old ruleset, then Pass action is inherited in to the new ruleset, and the queries are allowed.
- Note that if you configure a new node in NIOS 9.0.2 OR higher and download/upload the Advanced DNS Protection ruleset, the DNS type64/65 rule is set to Pass by default. The passing of these types of queries will result in changes to DNS query statistics.