2. SafeConnect NAC Release Notes

Click below for high-level release notes, or for a list of maintenance notifications.

Or click below for a full list of releases, including all issues addressed in each.

8.0.4 MetaAccess NAC - 15 Apr 2021

What’s Fixed

  • Fixed a few bugs in the Policy Manager UI that may prevent users from setting custom enforcement options for anti-virus policies.

8.0.3 MetaAccess NAC - 1 April 2021

Agent Version

  • Windows Policy Key: 7092.184

  • Mac Policy Key: 8085.176

What’s New

  • Introduce the Clear-Role feature, which allows MetaAccess NAC to look for the changes of RADIUS attribute, identify whether the device has switched to another network and then assign the appropriate role.

What Changed/Improved

  • Upgrade to TLS version 1.2 and fix various security vulnerabilities

  • Upgrade SSH library to support modern HMAC algorithms e.g: Ciphers, Host Key Algorithms, Key Exchange Algorithms, MAC Algorithms.

What’s Fixed

Prevent browser’s caching so customers do not have to clear cache to see the new UI

8.0.2 RC2 MetaAccess NAC - 1 Feb 2021

What's New

  • No new features for this hot fix

What's Changed/Improved

  • Optional capability to use newer HMA algorithm when connecting with SSH to routers/switches; in some cases the connection could not be made with the older library/algorithm. This must be enabled in napconf for this release, will become the default in the future.

8.0.2 MetaAccess NAC - 14 Jan 2021

What's New

  • Support for Dell OS 10 network device integration

  • Added the ability to proxy RADIUS while also leveraging the MetaAccess NAC’s embedded RADIUS server, thereby permitting customers to, for example, use the embedded RADIUS server while also proxying requests to a service such as EDUROAM.

What's Changed/Improved

  • Alert the OPSWAT NAC admin by email if the NAC stops receiving updates from the AD Connector

  • “Weekly Usage” report again displays Policies section

  • “Device out of Compliance – Summary” report can be scheduled

  • MAC Address ignore-list now will permit VPN interfaces to create client record

  • Improved automated upgrade for macOS Policy Key

  • Improve the validation of uploaded custom certificates

What's Fixed

  • SAML SSO: fixed issues related to the option to “Generate Certificate” in the SAML -> Service Provider feature

  • macOS Big Sur version is now displayed as 11.0 in Device Management Console

8.0.1 MetaAccess NAC - 10 Nov 2020


  • For a full summary of everything that has changed between version 7.0.1 and 8.0.1, see the 8.0.1 entry on the Digest Release Notes page.

What's New

  • PM-2407 rebranding to OPSWAT language and styles

  • PM-2406 Alcatel is now a supported layer 2 integration for RADIUS enforcement

What's Changed/Improved

  • PM-2290 authorized devices may now use a MAC address prefix instead of listing large numbers of MAC addresses individually

What's Fixed

  • PM-1284 PolicyKey MSI now supports silent installs correctly

  • PM-2410 changing certain RADIUS configuration options no longer breaks the UI

7.0.8 - 28 Sep 2020

What's New

  • PM-2368 Support iOS 14

  • PM-2367Support MacOS Big Sur (MacOS 11)

  • PM-2356 Added a "Decline" link to the notification emails for device enrollment

  • PM-2338 Add new NAS type for Extreme XOS (Wired)

  • PM-1782 Add UI elements to reflect HA status

  • PM-885 Allow proxing RADIUS accounting to an upstream home serverWhat's Changed/Improved

What's Changed/Improved

  • PM-2359 Updated MacOS End of Life to account for MacOS devices running on 10.10-10.12 versions.

  • PM-2189 Dual boot devices should now be identified by the OS they are booted on(Windows-Linux).What's Fixed

What's Fixed

  • PM-2402 Fixed an issue where changes to RADIUS mode would not remain if no change were made to the settings

  • PM-2388 ADConnector Firewall UI rules we note applied to firewall configuration files

7.0.7 - 7/28/2020

What’s New

  • PM-2322 Limit use of duplicate phone numbers for guest registration

  • PM-2328 Generic AV policy based on Windows APIs - a device will be considered compliant if based on Windows Security they have AV installed, enabled, and up to date.

What’s Changed/Improved

  • PM-2329 Changing from LDAP to LDAPS on an existing authentication policy will allow testing when using the option for default certificates

  • PM-2324 SafeConnect now handles the COA disconnect message from Cisco 9800 controller

  • PM-2326 New version of the weekly usage report does not include policy compliance data and offers better performance – customers that wish to maintain the old behavior, please contact OPSWAT Support. We will be re-enabling this in the future in a more performant fashion.

  • PM-2295 Updated Ubiquiti COA handling to work better with open network.

What’s Fixed

  • PM-2250 Improved files sync'ing between HA nodes

  • PM-2340 Under some cases RADIUS log download failed in Firefox

  • PM-2339 RADIUS log downloads not working as designed for date ranges

  • PM-2323 Summary reports documents do not contain the detailed data shown in the preview

7.0.6 – 5/19/2020

What's New

  • PM-2299 Extreme Wireless has been added as a NAS type under RADIUS configuration.

  • PM-2089 Purchased license count information is now available in the SafeConnect UI.

What's Changed/Improved

  • PM-2300 The AD Connector has been revamped to adapt to newer Windows Server versions and leverage new code-level platform capabilities.

  • PM-2257 HA customers will now be able to view information about the node state (Master/Backup) in the lower-left corner of the Console Networking Configuration screen.

What's Fixed

  • PM-2291 Subnet Mappings page not loading after qualifier container is deleted while being used by a group.

  • PM-2281 Updated label name of the Contextual Identity module to correlate with the action taking when enabling/disabling this option.

  • PM-2265 Resolve issue where enforcement in HA nodes could not be re-enabled after upgrade.

7.0.5 - 3/13/2020

What’s New

  • PM-2252 Ubiquiti Wireless has been added as a NAS type under RADIUS configuration

  • PM-2086 Mist-Juniper-Wireless has been added as a NAS type under RADIUS configuration

  • PM-2272 Extreme- Identifi Wireless has been added as a NAS type under RADIUS configuration

  • PM-2269 Dell OS6 has been added as a NAS type under RADIUS configuration

What’s Changed/Improved

  • PM-2247 Updating the DNS server(s) inside the console configuration tool will no longer restart networking or any other services

  • PM-2261 SafeConnect now allows for guests to be created more than 30 days in the future

  • PM-2269 Dell NAS type in RADIUS configuration now supports COA

  • PM-2282 New RBE roles no longer require VSAs to be populated for the corresponding role

What’s Fixed

  • PM-2260 Home servers in RADIUS configuration are not listed in order based on their priority

  • PM-2222 Substring based IP filters not working in Device Manager for some device views

  • PM-2229 Slow LDAP connections can cause negative client and system behavior

7.0.4 – 2/20/2020

What’s New

  • PM-1613 SAML web pages now support the full set of authentication use cases.

  • PM-1374 Implemented an additional metric for SafeConnect to leverage in device identification, providing better detection of new clients.

What’s Changed/Improved

  • PM-1498 To improve system efficiency, the weekly usage report is no longer able to be previewed.

  • PM-2234 The configuration utility will now require an additional prompt when testing and changing network configurations beyond the initial setup.

What’s Fixed

  • PM-2131 An edge condition where the primary database can encounter an unexpected state, resulting in a resync being required

  • PM-1665 Advanced options are hidden when a guest has an expiration set to "Never Expire"

7.0.3 – 1/24/2020

What’s New

  • PM-2211 Limited re-brand of SafeConnect NAC to reflect the OPSWAT acquisition

  • PM-2214 Customers are now able to specify a custom email address for reports to get sent from.

  • PM-1419 Enhanced device identification to allow for better matching of device fingerprints.

  • PM-2192 New parser capability added for Palo Alto Threat Prevention Service.

What’s Changed/Improved

  • PM-2205 Notification added to Subnet Mappings when a change to a subnet affects a pre-existing group.

  • PM-2228 SafeConnect's Azure support was refreshed to ensure better support for Azure going forward.

What’s Fixed

  • PM-2221 When multiple NAS IPs were listed for a client, SafeConnect encountered an issue tracking changes between them.

  • PM-2197 Bulk uploading authorized devices failed after upgrades.

  • PM-2208 Non-impacting issue in which SafeConnect attempted to listen for duplicate threat detection inputs.

  • PM-2130 SafeConnect needed to be reloaded after an upgrade to allow for client enforcement.

  • PM-1643 Enrolled devices had a device profile of Unknown rather than the enrolled device type.

  • PM-1645 Some web messages, e.g. device enrollment forms, were unable to be previewed.

  • PM-1823 Admin interface for device enrollment had inconsistencies between the fields for days and number of seconds.

7.0.2 – 11/20/2019

What’s New

  • PM-2132 Customers are now able to leverage any subdomain of myweblogon.com as their hostname (e.g. impulse.myweblogon.com) for improved customer branding.

What’s Changed/Improved

  • PM-2169 Included newest Mac OS PK.

  • PM-1936 Updated bulk upload templates with improved grammar and proper field names.

  • PM-1803 Updated SafeConnect to reflect proper browser compatibility changes.

  • PM-1602 Increased the guest email address character limit to 255 characters when saved through the admin interface.

  • PM-1434 Safeconnect no longer has to verify the reachability of custom hostnames.

What’s Fixed

  • PM-2206 Fixed an issue where the Fortinet DHCP syslog parser did not handle certain input as expected.

  • PM-2196 Fixed an issue where enforcement roles VSA names could not be saved if they contained a number.

  • PM-2170 Fixed an issue where the RADIUS agent wouldn't start after an upgrade.

  • PM-2144 Fixed an issue where Threat Enforcement could not be enabled through the UI.

  • PM-1970 Fixed an issue in clusters where Policy Key devices could overload SafeConnect nodes with traffic.

  • PM-1841 Fixed an issue where setting "Never" for temporary access caused negative end user behavior.

  • PM-1592 Fixed an issue where spaces in Role Qualifiers were not parsed correctly.

  • PM-1184 Fixed an issue where role names containing spaces caused errors during the enrollment process.

7.0.1 – 9/9/2019

What’s New

  • PM-1868 FireEye is now supported as a Threat Enforcement (IDS) source.

  • PM-1272 UI session time outs will now be based on last activity, not login time.

What’s Changed/Improved

  • PM-2036 The weekly usage report has been optimized for better performance.

  • PM-2010 The Contextual Intelligence Publisher output now includes the "class" attribute required by a Fortigate system to be able to perform RADIUS SSO.

  • PM-1998 The Contextual Intelligence Publisher will not allow invalid network configurations to be saved.

  • PM-1975 Custom RADIUS certificates whose private key require a passphrase can now be uploaded via the UI.

  • PM-1972 Add ability to use CIDR format for NAS-IP-Address RADIUS attribute in Policy Manager.

  • PM-1381 The Block/Open Access note field will now present a helpful error when invalid characters are used. The textbox is limited to alpha numeric, typical punctuation, and white space.

  • PM-2131 The synchronization process for HA environments is now improved.

  • PM-2081/2024 Administrative UI webpages have received various security improvements.

What’s Fixed

  • PM-2156 Role changes were not happening successfully due to the credentials used to connect to an internal database being improperly set.

  • PM-2106 Under some situations, clicking "Apply and Use" in the RADIUS UI broke MAC Authentication Bypass.

  • PM-2100 The RADIUS server would not be configured as expected after a migration.

  • PM-2015 Under some situations, RADIUS server certificates which were uploaded through the UI were converted to the wrong format.

  • PM-1995 RADIUS would not work with compound name attributes for LDAP group overrides.

  • PM-1991 The "Last Updated User" field was not updated when editing a Block Access entry.

  • PM-1990 Editing Block Access entries cleared the expiration date field.

  • PM-1987 Policy Key devices would be incorrectly blocked for failing the NAT policy if they started a session with an IP which did not match the previous session's.

  • PM-1950 The RBE UI showed the server's IP to be instead of the actual IP of the node.

  • PM-1849 The RADIUS log viewer where data would spin trying to load in some cases.

  • PM-1120 The enrollment widget would not pop up as expected on the device details page.

  • PM-1063 The MAC address displayed for a device in the Device Manager was not the MAC address of the device's active interface.

  • PM-1000 Fixed an issue where an HA pair would join to an AD domain using the same NetBIOS name for both servers.

  • PM-2042 Fixed an issue where in some cases devices which were failing anti-virus policies were shown the generic block page.

7.0.0 – 7/10/2019

What’s New

  • PM-1876 The Configuration Manager includes a help page which walks users through SafeConnect setup. – Essentials tier only

  • PM-1767 RADIUS integrations now support LDAP based authentication. This removes the requirement of SafeConnect maintaining a persistent join connection to a single active directory server and better supports redundancy.

  • PM-1763 Customers can now set their hostname to a subdomain of myweblogon.com (impulse-university.myweblogon.com). This removes the need for customers to get their own custom certificate as well as help with automated captive portal detection.

  • PM-456 A new host type has been added for "Thin Client".

What’s Changed/Improved

  • PM-1985 The "Routers and APs" host type qualifier is now included in the "Host Types for non-PK devices" qualifier set.

  • PM-1875 RADIUS Configuration page has an updated look which makes set up simpler and more straightforward.

What’s Fixed

  • PM-1910 Fixed an issue where report related stored procedures took a long time to run, which in some cases would cause system impact.

  • PM-1737 Fixed an issue where the " FailOpenAuthGroup" role was added to clients when devices which had authenticated with SAML switched groups.

  • PM-1958 Fixed an issue where the menu on the top right of the SafeConnect UI would not store new user passwords which include special characters correctly.

New Tiers with SafeConnect version 7.0!

With version 7.0.0 of SafeConnect, we are also announcing three different tiers for our NAC customers! Learn more at https://impulse.com/products/.