2. SafeConnect NAC Release Notes

Click below for high-level release notes, or for a list of maintenance notifications.

Or click below for a full list of releases, including all issues addressed in each.

7.0.7 - 7/28/2020

What’s New

  • PM-2322 Limit use of duplicate phone numbers for guest registration

  • PM-2328 Generic AV policy based on Windows APIs - a device will be considered compliant if based on Windows Security they have AV installed, enabled, and up to date.

What’s Changed/Improved

  • PM-2329 Changing from LDAP to LDAPS on an existing authentication policy will allow testing when using the option for default certificates

  • PM-2324 SafeConnect now handles the COA disconnect message from Cisco 9800 controller

  • PM-2326 New version of the weekly usage report does not include policy compliance data and offers better performance – customers that wish to maintain the old behavior, please contact OPSWAT Support. We will be re-enabling this in the future in a more performant fashion.

  • PM-2295 Updated Ubiquiti COA handling to work better with open network.

What’s Fixed

  • PM-2250 Improved files sync'ing between HA nodes

  • PM-2340 Under some cases RADIUS log download failed in Firefox

  • PM-2339 RADIUS log downloads not working as designed for date ranges

  • PM-2323 Summary reports documents do not contain the detailed data shown in the preview

7.0.6 – 5/19/2020

What's New

  • PM-2299 Extreme Wireless has been added as a NAS type under RADIUS configuration.

  • PM-2089 Purchased license count information is now available in the SafeConnect UI.

What's Changed/Improved

  • PM-2300 The AD Connector has been revamped to adapt to newer Windows Server versions and leverage new code-level platform capabilities.

  • PM-2257 HA customers will now be able to view information about the node state (Master/Backup) in the lower-left corner of the Console Networking Configuration screen.

What's Fixed

  • PM-2291 Subnet Mappings page not loading after qualifier container is deleted while being used by a group.

  • PM-2281 Updated label name of the Contextual Identity module to correlate with the action taking when enabling/disabling this option.

  • PM-2265 Resolve issue where enforcement in HA nodes could not be re-enabled after upgrade.

7.0.5 - 3/13/2020

What’s New

  • PM-2252 Ubiquiti Wireless has been added as a NAS type under RADIUS configuration

  • PM-2086 Mist-Juniper-Wireless has been added as a NAS type under RADIUS configuration

  • PM-2272 Extreme- Identifi Wireless has been added as a NAS type under RADIUS configuration

  • PM-2269 Dell OS6 has been added as a NAS type under RADIUS configuration

What’s Changed/Improved

  • PM-2247 Updating the DNS server(s) inside the console configuration tool will no longer restart networking or any other services

  • PM-2261 SafeConnect now allows for guests to be created more than 30 days in the future

  • PM-2269 Dell NAS type in RADIUS configuration now supports COA

  • PM-2282 New RBE roles no longer require VSAs to be populated for the corresponding role

What’s Fixed

  • PM-2260 Home servers in RADIUS configuration are not listed in order based on their priority

  • PM-2222 Substring based IP filters not working in Device Manager for some device views

  • PM-2229 Slow LDAP connections can cause negative client and system behavior

7.0.4 – 2/20/2020

What’s New

  • PM-1613 SAML web pages now support the full set of authentication use cases.

  • PM-1374 Implemented an additional metric for SafeConnect to leverage in device identification, providing better detection of new clients.

What’s Changed/Improved

  • PM-1498 To improve system efficiency, the weekly usage report is no longer able to be previewed.

  • PM-2234 The configuration utility will now require an additional prompt when testing and changing network configurations beyond the initial setup.

What’s Fixed

  • PM-2131 An edge condition where the primary database can encounter an unexpected state, resulting in a resync being required

  • PM-1665 Advanced options are hidden when a guest has an expiration set to "Never Expire"

7.0.3 – 1/24/2020

What’s New

  • PM-2211 Limited re-brand of SafeConnect NAC to reflect the OPSWAT acquisition

  • PM-2214 Customers are now able to specify a custom email address for reports to get sent from.

  • PM-1419 Enhanced device identification to allow for better matching of device fingerprints.

  • PM-2192 New parser capability added for Palo Alto Threat Prevention Service.

What’s Changed/Improved

  • PM-2205 Notification added to Subnet Mappings when a change to a subnet affects a pre-existing group.

  • PM-2228 SafeConnect's Azure support was refreshed to ensure better support for Azure going forward.

What’s Fixed

  • PM-2221 When multiple NAS IPs were listed for a client, SafeConnect encountered an issue tracking changes between them.

  • PM-2197 Bulk uploading authorized devices failed after upgrades.

  • PM-2208 Non-impacting issue in which SafeConnect attempted to listen for duplicate threat detection inputs.

  • PM-2130 SafeConnect needed to be reloaded after an upgrade to allow for client enforcement.

  • PM-1643 Enrolled devices had a device profile of Unknown rather than the enrolled device type.

  • PM-1645 Some web messages, e.g. device enrollment forms, were unable to be previewed.

  • PM-1823 Admin interface for device enrollment had inconsistencies between the fields for days and number of seconds.

7.0.2 – 11/20/2019

What’s New

  • PM-2132 Customers are now able to leverage any subdomain of myweblogon.com as their hostname (e.g. impulse.myweblogon.com) for improved customer branding.

What’s Changed/Improved

  • PM-2169 Included newest Mac OS PK.

  • PM-1936 Updated bulk upload templates with improved grammar and proper field names.

  • PM-1803 Updated SafeConnect to reflect proper browser compatibility changes.

  • PM-1602 Increased the guest email address character limit to 255 characters when saved through the admin interface.

  • PM-1434 Safeconnect no longer has to verify the reachability of custom hostnames.

What’s Fixed

  • PM-2206 Fixed an issue where the Fortinet DHCP syslog parser did not handle certain input as expected.

  • PM-2196 Fixed an issue where enforcement roles VSA names could not be saved if they contained a number.

  • PM-2170 Fixed an issue where the RADIUS agent wouldn't start after an upgrade.

  • PM-2144 Fixed an issue where Threat Enforcement could not be enabled through the UI.

  • PM-1970 Fixed an issue in clusters where Policy Key devices could overload SafeConnect nodes with traffic.

  • PM-1841 Fixed an issue where setting "Never" for temporary access caused negative end user behavior.

  • PM-1592 Fixed an issue where spaces in Role Qualifiers were not parsed correctly.

  • PM-1184 Fixed an issue where role names containing spaces caused errors during the enrollment process.

7.0.1 – 9/9/2019

What’s New

  • PM-1868 FireEye is now supported as a Threat Enforcement (IDS) source.

  • PM-1272 UI session time outs will now be based on last activity, not login time.

What’s Changed/Improved

  • PM-2036 The weekly usage report has been optimized for better performance.

  • PM-2010 The Contextual Intelligence Publisher output now includes the "class" attribute required by a Fortigate system to be able to perform RADIUS SSO.

  • PM-1998 The Contextual Intelligence Publisher will not allow invalid network configurations to be saved.

  • PM-1975 Custom RADIUS certificates whose private key require a passphrase can now be uploaded via the UI.

  • PM-1972 Add ability to use CIDR format for NAS-IP-Address RADIUS attribute in Policy Manager.

  • PM-1381 The Block/Open Access note field will now present a helpful error when invalid characters are used. The textbox is limited to alpha numeric, typical punctuation, and white space.

  • PM-2131 The synchronization process for HA environments is now improved.

  • PM-2081/2024 Administrative UI webpages have received various security improvements.

What’s Fixed

  • PM-2156 Role changes were not happening successfully due to the credentials used to connect to an internal database being improperly set.

  • PM-2106 Under some situations, clicking "Apply and Use" in the RADIUS UI broke MAC Authentication Bypass.

  • PM-2100 The RADIUS server would not be configured as expected after a migration.

  • PM-2015 Under some situations, RADIUS server certificates which were uploaded through the UI were converted to the wrong format.

  • PM-1995 RADIUS would not work with compound name attributes for LDAP group overrides.

  • PM-1991 The "Last Updated User" field was not updated when editing a Block Access entry.

  • PM-1990 Editing Block Access entries cleared the expiration date field.

  • PM-1987 Policy Key devices would be incorrectly blocked for failing the NAT policy if they started a session with an IP which did not match the previous session's.

  • PM-1950 The RBE UI showed the server's IP to be 127.0.0.1 instead of the actual IP of the node.

  • PM-1849 The RADIUS log viewer where data would spin trying to load in some cases.

  • PM-1120 The enrollment widget would not pop up as expected on the device details page.

  • PM-1063 The MAC address displayed for a device in the Device Manager was not the MAC address of the device's active interface.

  • PM-1000 Fixed an issue where an HA pair would join to an AD domain using the same NetBIOS name for both servers.

  • PM-2042 Fixed an issue where in some cases devices which were failing anti-virus policies were shown the generic block page.

7.0.0 – 7/10/2019

What’s New

  • PM-1876 The Configuration Manager includes a help page which walks users through SafeConnect setup. – Essentials tier only

  • PM-1767 RADIUS integrations now support LDAP based authentication. This removes the requirement of SafeConnect maintaining a persistent join connection to a single active directory server and better supports redundancy.

  • PM-1763 Customers can now set their hostname to a subdomain of myweblogon.com (impulse-university.myweblogon.com). This removes the need for customers to get their own custom certificate as well as help with automated captive portal detection.

  • PM-456 A new host type has been added for "Thin Client".

What’s Changed/Improved

  • PM-1985 The "Routers and APs" host type qualifier is now included in the "Host Types for non-PK devices" qualifier set.

  • PM-1875 RADIUS Configuration page has an updated look which makes set up simpler and more straightforward.

What’s Fixed

  • PM-1910 Fixed an issue where report related stored procedures took a long time to run, which in some cases would cause system impact.

  • PM-1737 Fixed an issue where the " FailOpenAuthGroup" role was added to clients when devices which had authenticated with SAML switched groups.

  • PM-1958 Fixed an issue where the menu on the top right of the SafeConnect UI would not store new user passwords which include special characters correctly.

New Tiers with SafeConnect version 7.0!

With version 7.0.0 of SafeConnect, we are also announcing three different tiers for our NAC customers! Learn more at https://impulse.com/products/.