SafeConnect NAC Legacy Release Notes

6.5.23.rc2 – 9/06/2019

What’s Fixed

  • PM-2156 Role changes were not happening successfully due to the credentials used to connect to an internal database being improperly set.

  • PM-2106 Under some situations, clicking "Apply and Use" in the RADIUS UI broke MAC Authentication Bypass.

  • PM-1001 Fixed an issue where COAs were not issued on HA nodes after initial RADIUS configuration.

6.5.23 – 8/02/2019

What’s New

  • PM-1272 UI session time outs will now be based on last activity, not login time.

  • PM-1868 FireEye is now supported as an IDS source.

What’s Changed/Improved

  • PM-1975 Custom RADIUS certificates whose private key require a passphrase can now be uploaded via the UI.

What’s Fixed

  • PM-2042 Fixed an issue where devices which were failing anti-virus policies were shown the generic block page.

  • PM-2015 Fixed an issue where RADIUS server certificates which were uploaded through the UI were converted to the wrong format.

  • PM-2100 Fixed an issue that caused a small RADIUS server configuration to be incorrect after migration.

  • PM-2084 Fixed an issue where SafeConnect would believe it was on a lower tier after a migration.

  • PM-1995 Fixed an issue where RADIUS would not work with compound name attributes for LDAP group overrides.

  • PM-1849 Fixed an issue with the RADIUS log viewer where data would never load.

  • PM-1063 Fixed an issue where the MAC address displayed for a device in the Device Manager was not the MAC address of the device's active interface.

6.5.22 – 7/10/2019

What’s New

  • PM-1763 Customers can now set their hostname to a subdomain of myweblogon.com (impulse-university.myweblogon.com). This removes the need for customers to get their own custom certificate as well as help with automated captive portal detection.

  • PM-456 A new host type has been added for "Thin Client".

What’s Changed/Improved

  • PM-1985 The "Routers and APs" host type qualifier is now included in the "Host Types for non-PK devices" qualifier set.

What’s Fixed

  • PM-1910 Fixed an issue where stored procedures took a long time to run, which in some cases would cause system impact.

  • PM-1737 Fixed an issue where the "FailOpenAuthGroup" role was added to clients when devices which had authenticated with SAML switched groups.

  • PM-1958 Fixed an issue where the menu on the top right of the SafeConnect UI would not store new user passwords which include special characters correctly.

6.5.21 – 4/10/2019

What’s New

  • PM-1922 RADIUS is now able to leverage nested groups for AD/LDAP group lookups.

  • PM-1859 Added support for AD/LDAP group lookups for machine authentication.

  • PM-1760 The macOS Policy Key has been updated to be a 64 bit application.

What’s Changed/Improved

  • PM-1947 A client's group and compliance state will be updated immediately when utilizing open or block access, rather than waiting until the client is active again.

  • PM-1866 Special characters no longer allowed in Enforcement Role names, as this can cause attributes not to be appended.

  • PM-1708 When changes are made to a web page for a failed policy, the page shown to clients who were already failing that policy will now retroactively update to include those changes.

What’s Fixed

  • PM-1987 Fixed an issue where devices were incorrectly failing the NAT policy.

  • PM-1944 Fixed an issue where clicking "Apply and Use" in the device manager would cause an unexpected error.

  • PM-1889 Fixed an issue where a PK download page would be displayed to a non PK device, if that device's IP was re-assigned before the SafeConnect session expired.

  • PM-1882 Fixed an issue where Authorized Devices was not case sensitive and could not support different types of delimiters.

  • PM-1879 Fixed an issue where the "Use Authorized Devices as a Whitelist" check box did not work as expected.

  • PM-1869 Fixed an issue where LDAP Group Override entries would not be successfully applied.

  • PM-1834/1475 Fixed an issue where some timestamps in the UI were not shown in the correct timezone.

  • PM-1815 Fixed an issue where username stripping did not work correctly with LDAP group override feature.

  • PM-1389 Fixed an issue where the Network Console Configuration was unable to be used on Hyper-V appliances.

6.5.20 – 3/8/2019

What’s Changed/Improved

  • PM-1865 RADIUS TLS authentication now supports certificate chains.

  • PM-1788 Whitespace in the MAC address field of the authorized devices bulk upload spreadsheet would will now be stripped out automatically.

  • PM-1698 Improved identification for Windows 10S devices.

  • PM-1584 The word "Manager" was removed from all section headers.

What’s Fixed

  • PM-1872 Fixed an issue where the AD Domain attribute was not removed from a client when the domain user was no longer logged in.

  • PM-1861 Fixed an issue where Strip Username couldn't be enabled.

  • PM-1741 Fixed an issue where no NAS entries could be deleted from the RBE UI.

  • PM-1778 Fixed an issue where the API did not work as expected on fresh SafeConnect deployments.

  • PM-1256 Fixed an issue where the number of client history records exceeded the expected limit.

    No Hyper-V version is available for this version as some issues still need to be addressed. These should be fixed in the next release.

6.5.19 – 2/28/2019

What’s Fixed

  • PM-1897 Fixed an issue where PK devices may encounter communication issues in environments with router SETs.

6.5.18 – 2/7/2019

What’s New

  • PM-1745 Subnets added in Configuration Manager will now automatically generate a matching qualifier in Policy Manager.

  • PM-1728 The Console Network Configuration Tool now has a tab in which TCP connections to a specific host and port can be tested.

  • PM-1659 The new "Backup" page in the Configuration Manager allows choosing a location for the local storage of client data, which is by default only backed up locally to the SafeConnect appliance. Should a restore be required, this will remove the need for all clients to be re-prompted to get on the network.

What’s Changed/Improved

  • PM-1794/1813 Improved RADIUS Machine Authentication support. This feature no longer conflicts with the "Strip Username" feature, and no longer requires specific configuration in the UI.

  • PM-1755 Changing an authentication scheme used by an authentication policy will no longer force clients using that policy to re-authenticate. Additionally, the Policy Manager will now give a warning for any changes which would force users to re-authenticate.

What’s Fixed

  • PM-1905 Fixed an issue where LDAP could not be configured for RADIUS if the LDAP URL included dashes.

  • PM-1786 Fixed an issue where after an upgrade, there would be pending changes in the Policy Manager from a "null" user.

  • PM-1783 Fixed an issue where a bulk upload to Authorized Devices would fail due to roles not being retrieved correctly.

  • PM-1779 Fixed an issue where having a special character in the "Organization Name" field of the Design Options would cause an additional special character to display in the web pages.

  • PM-1772 Fixed an issue where the Design Options page in the Policy Manager did not make it clear that the "Headings and Borders" field also controls button color.

  • PM-1771 Fixed an issue where the header background in the Design Options page would show as green, no matter what color was specified in the "Header and Background" field.

  • PM-1770 Fixed an issue where the body background field in the Design Options defaulted to the wrong value.

  • PM-1764 Fixed an issue where connection failures between cluster nodes did not automatically recover.

  • PM-1706 Fixed an issue where the IP shown for a radius server in the UI doesn’t match the RADIUS server’s actual IP.

  • PM-973/1671 Fixed an issue where renaming or reordering authentication chains would case an error and changes would not be saved.

  • PM-1669 Fixed an issue where duplicate authentication policies would show up in the RADIUS SSO Options page.

  • PM-1668 Fixed an issue where renaming an authentication scheme would cause any authentication chain it was in to be renamed as well.

  • PM-1422/1429 Fixed various issues which caused "Apply and Use" in the RADIUS Configuration page to fail.

  • PM-1365 Fixed an issue where headless devices were misidentified due to identification data sent from previous devices with the same IP being re-processed.

  • PM-1655 Fixed an issue where a compliant PK device would be marked as non-compliant when connected to an external NIC/Dock.

6.5.17 – 12/12/2018

What’s Changed/Improved

  • PM-1580 Added a default API user for the AD Connector and created a new user profile for API access only

  • PM-1567 Uninstalling the Policy Key will now cause a user to fail the PK policy immediately

  • PM-1214 Devices can now be ordered by OS in the Device Manager

What’s Fixed

  • PM-1726 Fixed an issue where connecting to an AD server failed if it only had TLS v1.2 enabled.

  • PM-1681 Fixed an issue where device host types were being incorrectly overwritten.

  • PM-1675 Fixed various issues with the bulk upload template for guest users.

  • PM-1588 Fixed an issue where clicking "Apply and Use" in the Policy Manager returned an unexpected error.

  • PM-1139 Fixed an issue where compliant devices were incorrectly quarantined

  • PM-1684 Fixed an issue where the NAS Configuration page would not display correctly and did not allow changes.

  • PM-1679 Fixed an issue where tabs in the Configuration Manager would show the home page instead of the expected page.

6.5.16 – 11/19/2018

What’s New

  • PM-538 Added a "Shell" section in the Console Network Configuration Tool which includes helpful troubleshooting tools for Network Administrators.

  • PM-1661 Added the ability to schedule actions on guest profiles.

  • PM-1607/1608 Added new Firewall tab in the Configuration Manager where devices or services can be given permission to reach the SafeConnect server.

What’s Changed/Improved

  • PM-1583 Added new features to the Design Options for web pages.

  • PM-1658 Updated instructions in Network Settings tab in the Configuration Manager to be more clear on where to change these settings.

What’s Fixed

  • PM-1662 Fixed an issue in Layer 2 environments where blocked devices would not be unblocked when they were no longer under policy.

  • PM-1647 Fixed an issue where the default role would not be correctly applied to devices when there were multiple RADIUS servers configured.

  • PM-1515 Fixed an issue where the redirect URL could not be changed to a relative URL.

  • PM-1488 Fixed an issue where the UI would not present an error when RADIUS enforcement could not be enabled correctly.

6.5.15 – 10/17/2018

What’s New

  • PM-1457 Added SafeConnect as a SAML SSO application to Azure AD Gallery.

  • PM-32 Added support for Sflow v5.

What’s Changed/Improved

  • PM-1626/1617/1018 Improved and simplified several aspects of RADIUS Configuration UI.

  • PM-1615 Improved handling of Anonymous Identities during RADIUS authentication.

  • PM-1453 Contextual Intelligence Publisher is now enabled by default.

  • PM-1314 Added support for multiple SAML IDPs.

  • PM-825 Added "Routers and APs" as visible device type.

What’s Fixed

  • PM-1654 Fixed an issue where the machine authentication checkbox in RADIUS Configuration UI did not work as expected.

  • PM-1623 Fixed an issue where the NAS upload template did not include all vendors.

  • PM-1545 Fixed an issue where the absence of "$URLOneClick" variable from SMS notifications resulted in unexpected behavior.

  • PM-1535 Fixed an issue where SMS notifications were not working correctly.

  • PM-1527 Fixed an issue where "Routers and APs" qualifier were not in "All host types" qualifier set.

  • PM-1525 Fixed an issue where the correct options were not displayed in the device type field for bulk enrollments.

  • PM-1524 Fixed an issue where having the log viewer open inside the RADIUS Configuration UI for some time would cause the service which handles RADIUS configurations to become unresponsive.

  • PM-1411 Fixed an issue where the Policy Key would cause users to be redirected to SafeConnect web pages even when enforcement was disabled.

  • PM-619 Fixed an issue where the carrier field was still showing in the device enrollment form

6.5.14 – 09/11/2018

What’s Changed/Improved

  • PM-1605 RADIUS Configuration UI improved to be able to handle large number of NAS.

6.5.13-rc2 – 09/04/2018

Security Update

  • PM-1532 Fixed a major security issue. Please contact the support team for more information and to schedule an upgrade. (There is also a fix for SC version 6.4)

What’s New

  • PM-1457 Added SafeConnect as a SAML SSO application to Azure AD Gallery.

  • PM-32 Added support for Sflow v5.

What’s Changed/Improved

  • PM-1369 Improved device identification for headless devices.

What’s Fixed

  • PM-1616 Fixed an issue where Ruckus VSAs were not being correctly recognized.

  • PM-1531 Fixed an issue where "Print login information" button in the Guest Manager would open a blank page.

  • PM-1520 Fixed an issue with the OSX Policy Key that was causing the domain attribute of devices to not be sent.

  • PM-1518 Fixed an issue where syslog publishers could not be successfully added in the Contextual Intelligence Publisher.

  • PM-1473 Fixed an issue where DHCP servers would not show up in the Configuration Manager, despite DHCP syslog being received and processed.

  • PM-1375 Fixed an issue where devices would get stuck in a blocked state when removed from Block Access.

  • PM-1181 Fixed an issue that caused role changes to not be processed correctly.

6.5.12-rc2 – 07/23/2018

What’s Fixed

  • PM-1508 Fixed an issue where under some circumstances the Open/Block Access buttons in device details did not function as expected.

6.5.12 – 07/02/2018

What’s New

  • PM-267 RADIUS Based Enforcement now includes a customer branded RADIUS server certificate option when using SafeConnect as a RADIUS server.

  • PM-294 RADIUS Based Enforcement now includes a RADIUS machine authentication option for configurations.

What’s Changed/Improved

  • PM-993 Support Portal from SafeConnect Administrative UI has been updated. This now links to https://support.impulse.com.

  • PM-1506 DHCP Syslog Support for Fortinet has been added for customer serving DHCP from a Fortinet FortiGate firewall

  • PM-1483 SMS Gateway URL has been updated.

What’s Fixed

  • PM-1120 Fixed an issue where Device Enrollment button was not consistently displaying.

  • PM-1430 Fixed an issue where multiple emails are sent to user and administrator when utilizing guest self-registration,

  • PM-1505 Fixed an issue with MacOS Policy Key on machines running Deep Freeze.

  • PM-1410 Fixed an issue where users were incorrectly receiving "Network is under maintenance" web page.

  • PM-1519 Fixed an issue where Policy Key compliance was improperly evaluated.

6.5.11 – 04/30/2018

Security Update

  • PM-1413 Fixed a critical security issue. Please contact the support team for more information and to schedule an upgrade. (There is also a fix for SC version 6.4)

What’s New

  • PM-344 RADIUS Based Enforcement has received an update that now includes a EAP-TLS option for configurations.

What’s Changed/Improved

  • PM-1436 Policy Key user detection has been updated to better handle actively logged in users connected to devices via remote connection software, such as RDP.

What’s Fixed

  • PM-1415 Fixed an issue that was causing devices to not receive the proper role change update flag when RADIUS Based Enforcement was re-enabled.

  • PM-1390 Fixed an issue where the session inactivity timer would log out active users connected to the management interfaces regardless of activity.

  • PM-1241 Fixed an issue that was causing the Policy Key to have a slow startup on some Windows devices.

6.5.10 – 02/09/2018

What’s Changed/Improved

  • PM-1190 SMS notifications have been updated to include Amazon SNS messaging.

What’s Fixed

  • PM-1342 Fixed an issue that was preventing Authorized Devices from being bulk uploaded.

  • PM-1320 Fixed an issue that was causing the enforcement devices view in Device Manager from properly updating when moving between listed enforcement device views.

  • PM-1298 Fixed an issue that was causing multiple PDF reports to be emailed when scheduled weekly reports are configured.

  • PM-1281 Fixed an issue in Device Enrollment that was causing the buttons to be displayed behind the device list when the windows size was minimal.

6.5.9 – 01/31/2018

What’s Changed/Improved

  • PM-1307 RADIUS Based Enforcement has been updated to include Aruba Wired as vendor option.

  • PM-1255 Management Console received an update that includes 'VoIP Phones' as a new machine type qualifier.

What’s Fixed

  • PM-932 Fixed an issue that would prevent mac address filtering in Device Manager when delimiters were being used.

  • PM-1197 Fixed an issue in the Device Manager that was causing the Block/Open access page to become slow to respond when deleting devices from the list.

  • PM-1199 Fixed an issue in the OSX Policy Key that was displaying "Not Responding" in the Activity Monitor.

  • PM-1199 Fixed an issue in the OSX Policy Key that was causing higher than expected memory usage in versions of OSX prior to 10.13. (This partially fixes the issue in OSX 10.13.)

  • PM-1242 Fixed an issue with the OSX Policy Key that was preventing the username from being updated when a user "fast-switched" between local or domain user accounts.

  • PM-1282 Fixed an issue in the Device Enrollment UI where the "add" and "bilk upload" buttons would sometimes disappear when switching tabs or views.

  • PM-1319 Fixed an issue with the Windows PK that was preventing it from reporting the correct username when user's fast-switched between local accounts.

  • PM-1330 Fixed an issue with the OSX Policy Key that was preventing anti-virus running processes from being properly assessed.

  • PM-1359 Fixed an issue with the OSX Policy Key that was failing AVG for Mac running policy.

  • PM-1340 Fixed an issue that was causing the weekly usage report to hang in HA environments when parsing large data sets.

6.5.8 – 12/21/2017

What’s Changed/Improved

  • PM-1296 RADIUS Based Enforcement has received speed optimizations to quickly updated active client records when failing open.

  • PM-1288 High Availability was updated to include an option to disable timed fail overs.

6.5.7 – 12/14/2017

What’s Changed/Improved

  • PM-1235 Guest Management has received several improvements to the default display options.

  • PM-696 Device Management has received several improvements to it's display options.

What’s Fixed

  • PM-1196 Fixed an issue in guest history that causing the scroll bar to be inaccessible.

6.5.6 – 11/27/2017

What’s Changed/Improved

  • PM-1210 High Availability has received several performance improvements for data replication handling during link failures.

  • PM-1200 Policy Key Windows and OSX PKs have been updated to renew DHCP after a device changes VLANs.

  • PM-1147 Identity Publisher has been updated to include a more accurate timestamp when exporting events to Syslog.

What’s Fixed

  • PM-1194 Fixed an issue that caused the user details report to take a significant time to complete.

  • PM-1123 Fixed an issue that was causing missing attributes in RADIUS reply-details when RBE was configured with multiple NAS' using CIDR notation.

  • PM-1192 Fixed an issue that was causing the Logs tab in RBE configuration to be extremely slow or inaccessible.

  • PM-1191 Fixed an issue that was prevented domain rule matching for usernames to work in RBE proxy rule configuration.

  • PM-1151 Fixed an issue that was causing guest accounts from being saved after edit.

6.5.5 – 11/03/2017

What’s Changed/Improved

  • PM-1213 RADIUS Based Enforcement has been updated to include COA mode for HP Wired NAS type.

  • PM-405 Device Profiling has received several improvements.

What’s Fixed

  • PM-1123 Fixed an issue that was causing missing attributes in RADIUS reply-details when RBE was configured with multiple NAS' using CIDR notation.

  • PM-1110 Fixed an issue that was preventing SafeConnect from joining the AD when SMBv1 was disabled on the AD server.

  • PM-1090 Fixed an issue that required a service restart when updating router_sets.

  • PM-1076 Fixed and issue that was preventing SafeConnect from publishing to Palo Alto on it's latest PAN OS 8 software.

6.5.4 – 10/18/2017

What’s New

  • PM-1163 DHCP Syslog Support for Cisco ASA has been added for customer serving DHCP from a Cisco ASA firewall

  • PM-1152 HP Wired NAS type has been added as an option for RADIUS-based enforcement

What’s Changed/Improved

  • PM-1170 Device Fingerprinting has been enhanced to allow for more granularity in parsing feeds

What’s Fixed

  • PM-1185 Fixed an issue causing the Open/Block access pages to result in a 500 error

  • PM-1182 Patch CVE-2017-14491 Buffer Overflow exploit - Batch has also been back-ported to all production versions currently running in the field

  • PM-1172 Fix for Mac machine name not being reported by Policy Key

  • PM-947 Fix for an issue where Device Enrollments are not taking effect immediately

  • PM-676 Fix for Reporting parameters not being shown properly if a policy label has been duplicated

6.5.4 – 10/18/2017

What’s New

  • PM-1163 DHCP Syslog Support for Cisco ASA has been added for customer serving DHCP from a Cisco ASA firewall

  • PM-1152 HP Wired NAS type has been added as an option for RADIUS-based enforcement

What’s Changed/Improved

  • PM-1170 Device Fingerprinting has been enhanced to allow for more granularity in parsing feeds

What’s Fixed

  • PM-1185 Fixed an issue causing the Open/Block access pages to result in a 500 error

  • PM-1182 Patch CVE-2017-14491 Buffer Overflow exploit - Batch has also been back-ported to all production versions currently running in the field

  • PM-1172 Fix for Mac machine name not being reported by Policy Key

  • PM-947 Fix for an issue where Device Enrollments are not taking effect immediately

  • PM-676 Fix for Reporting parameters not being shown properly if a policy label has been duplicated

6.5.3 – 09/19/2017

What’s New

  • PM-1127 Device Manager has been updated to display device types as a tiered hierarchical system (E.g. Computer/Windows/Windows 7 x64) in the client summary page.

  • PM-1118 Mac OSX 10.13 support has been added to the OSX Policy Key.

What’s Changed/Improved

  • PM-1125 Client Life Cycle has been updated to purge client records with no persistent data that would allow the record to become active.

  • PM-1097 DHCP Device Fingerprinting has been tweaked for more precise device identification.

  • PM-1040 Responsive UI has received several performance and usability improvements.

  • PM-624 Windows & OSX policy keys have been updated to communicate to SafeConnect even when the users are logged out. This change greatly improves the accuracy of policy assessment and the end user experience.

What’s Fixed

  • PM-1088 Fixed an issue that was preventing CoA's from being sent in Aruba CoA mode configured RBE environments.

  • PM-1087 Fixed an issue with the Windows PK that was erroneously marking an inactive interface as active.

  • PM-1077 Fixed an issue that was preventing scheduled daily reports from being emailed.

  • PM-935 Fixed an issue that was causing the sessiontracker input queues (DHCP, RADIUS) to fill up and drop packets.

6.5.2 – 08/08/2017

What’s Changed/Improved

  • PM-1023 RADIUS Based Enforcement has been updated to complete a disconnect request without requiring the the NAS IP to be present.

  • PM-994 Sessiontracker has been updated to recognize option 12 (hostname) from DHCP as an additional data point to evaluate.

  • PM-879 Responsive UI has received several performance improvements.

  • PM-701 RADIUS Based Enforcement can now be configured to have the same vendor type in multi-agent configurations.

What’s Fixed

  • PM-1078 Fixed an issue where client disconnects were not being sent for Brocade Wired RBE configurations.

  • PM-1058 Fixed an issue that was causing a delay when disabling routers (enforcement).

  • PM-1048 Fixed an issue with the XML API that was reordering results after an inquiry and not displaying the relevant information.

  • PM-1026 Fixed an issue where client interfaces were being created with an empty mac address.

  • PM-1004 Fixed an issue that causes a delay when sending a disconnect to an AP.

  • PM-976 Fixed an issue where the certificate used when configuring LDAPS authentication was not being transferred to the nodes in a clustered environment.

  • PM-793 Fixed an issue in RBE configuration that was preventing changes to be pushed when multiple home server pools were configured.

6.5.1 – 06/26/2017

What’s Changed/Improved

  • PM-982 Report Manager has been updated to allow multiple report recipients.

  • PM-945 Sessiontracker has been updated to include regex filtering for username from RADIUS. (Contact support to have this feature enabled)

  • PM-915 Device Enrollment has been updated to allow enrollment of a device that was previously identified as a different device. (Contact support to have this feature enabled)

What’s Fixed

  • PM-960 Fixed an issue with guest accounts that incorrectly ignored the renewal duration when calculating expiration date and time.

  • PM-933 Fixed an issue in Device Enrollment bulk upload that was displaying upload errors as invalid characters.

  • PM-931 Fixed an issue in Device Enrollment bulk upload where the delimiters where not being properly stripped the mac addresses.

  • PM-923 Fixed an issue in that was preventing users with device manager privileges from creating device enrollments.

  • PM-900 Fixed an issue that was preventing device enrollments to be set to never expire.

  • PM-834 Fixed an issue that was preventing guest accounts to be set to never expire.

  • PM-770 Fixed an issue in threat enforcement that prevented source IP changes from being persisted immediately.

6.5.0 – 05/30/2017

What's New

  • PM-282 Device Authorization. This new feature allows for an administrator to bulk load a list of MAC addresses to the RADIUS server. This list can be used for two purposes listed below. More detail can be found in the 6.5.0 release notes available here.

    • Predefining an enforcement role at the initial association with the network.

    • Optionally Predefining a set of MAC addresses that are permitted on the network - devices not in the list will NOT be permitted to use the network.

What’s Changed/Improved

  • PM-215 Report Manager has been updated to include a weekly usage report. Users can set when the report is ran, and who the email recipients are directly from the UI.

  • PM-742 RADIUS Based Enforcement has been updated to include the default VSA values for Cisco Wired.

  • PM-784 RADIUS Based Enforcement has been updated to include the default VSA values for Cisco Meraki.

What’s Fixed

  • PM-826 Fixed an issue that was causing identity publisher to publish partial device data.

6.5.0 and above does require SafeConnect be migrated to a new platform – Impulse's recommended platform is VMWare. For more information or options, please reach out to Impulse Support at The Impulse Support Portal

6.4.20 – 10/26/2018

What’s Fixed

  • PM-1550 Fixed an issue where devices were still being designated a compliant role after disabling and re-enabling Layer 2/RBE enforcement

6.4.19 – 09/04/2018

Security Update

  • PM-1532 Fixed a major security issue. Please contact the support team for more information and to schedule an upgrade.

What’s Fixed

  • PM-1531 Fixed an issue where "Print login information" button in the Guest Manager would open a blank page.

  • PM-1375 Fixed an issue where devices would get stuck in a blocked state when removed from Block Access.

  • PM-947 Fixed an issue where Device Enrollments were not taking effect immediately.

6.4.18 – 7/02/2018

What’s Fixed

  • PM-1519 Fixed an issue where Policy Key compliance was improperly evaluated.

6.4.17 – 03/15/2018

Security Update

  • PM-1413 Fixed a critical security issue. Please contact the support team for more information and to schedule an upgrade. Please contact our support team to schedule and upgrade.

6.4.16 – 02/23/2018

What’s Fixed

  • PM-1276 Fixed an issue that preventing device attributes from updating when the device would fast user switch between local and domain users.

  • PM-1200 Fixed an issue that was preventing the PK from renewing the device IP address when the device changed VLANs.

6.4.15 – 01/30/2018

What’s Changed/Improved

  • PM-1197 Added additional logging to assist in capturing errors reported when removing devices from open or block access.

  • PM-1181 Added additional logging to assist in capturing issues where devices were not being added to the mac enforce table for RBE configurations.

6.4.14 – 11/16/2017

What’s Fixed

  • PM-918 Fixed an issue in the Device Manager that was preventing guest account modifications from being saved.

6.4.13 – 09/19/2017

What’s New

  • PM-1118 Mac OSX 10.13 support has been added to the OSX Policy Key.

What’s Changed/Improved

  • PM-1125 Client Life Cycle has been updated to purge client records with no persistent data that would allow the record to become active.

  • PM-1097 DHCP Device Fingerprinting has been tweaked for more precise device identification.

  • PM-1040 Responsive UI has received several performance and usability improvements.

  • PM-624 Windows & OSX policy keys have been updated to communicate to SafeConnect even when the users are logged out. This change greatly improves the accuracy of policy assessment and the end user experience.

What’s Fixed

  • PM-1088 Fixed an issue that was preventing CoA's from being sent in Aruba CoA mode configured RBE environments.

  • PM-1087 Fixed an issue with the Windows PK that was erroneously marking an inactive interface as active.

  • PM-1077 Fixed an issue that was preventing scheduled daily reports from being emailed.

  • PM-935 Fixed an issue that was causing the sessiontracker input queues (DHCP, RADIUS) to fill up and drop packets.

6.4.12 – 08/08/2017

What’s New

  • PM-958 RADIUS Based Enforcement can now be configured to use Ruckus vendor type.

What’s Changed/Improved

  • PM-1023 RADIUS Based Enforcement has been updated to complete a disconnect request without requiring the the NAS IP to be present.

  • PM-994 Sessiontracker has been updated to recognize option 12 (hostname) from DHCP as an additional data point to evaluate.

  • PM-879 Responsive UI has received several performance improvements.

  • PM-701 RADIUS Based Enforcement can now be configured to have the same vendor type in multi-agent configurations.

What’s Fixed

  • PM-1078 Fixed an issue where client disconnects were not being sent for Brocade Wired RBE configurations.

  • PM-1058 Fixed an issue that was causing a delay when disabling routers (enforcement).

  • PM-1048 Fixed an issue with the XML API that was reordering results after an inquiry and not displaying the relevant information.

  • PM-1026 Fixed an issue where client interfaces were being created with an empty mac address.

  • PM-1004 Fixed an issue that causes a delay when sending a disconnect to an AP.

  • PM-976 Fixed an issue where the certificate used when configuring LDAPS authentication was not being transferred to the nodes in a clustered environment.

  • PM-793 Fixed an issue in RBE configuration that was preventing changes to be pushed when multiple home server pools were configured.

6.4.11 – 06/26/2017

What’s Changed/Improved

  • PM-982 Report Manager has been updated to allow multiple report recipients.

  • PM-945 Sessiontracker has been updated to include regex filtering for username from RADIUS. (Contact support to have this feature enabled)

  • PM-915 Device Enrollment has been updated to allow enrollment of a device that was previously identified as a different device. (Contact support to have this feature enabled)

What’s Fixed

  • PM-960 Fixed an issue with guest accounts that incorrectly ignored the renewal duration when calculating expiration date and time.

  • PM-933 Fixed an issue in Device Enrollment bulk upload that was displaying upload errors as invalid characters.

  • PM-931 Fixed an issue in Device Enrollment bulk upload where the delimiters where not being properly stripped the mac addresses.

  • PM-923 Fixed an issue in that was preventing users with device manager privileges from creating device enrollments.

  • PM-900 Fixed an issue that was preventing device enrollments to be set to never expire.

  • PM-834 Fixed an issue that was preventing guest accounts to be set to never expire.

  • PM-770 Fixed an issue in threat enforcement that prevented source IP changes from being persisted immediately.

6.4.10 – 05/30/2017

What’s Changed/Improved

  • PM-215 Report Manager has been updated to include a weekly usage report. Users can set when the report is ran, and who the email recipients are directly from the UI.

  • PM-742 RADIUS Based Enforcement has been updated to include the default VSA values for Cisco Wired.

  • PM-784 RADIUS Based Enforcement has been updated to include the default VSA values for Cisco Meraki.

What’s Fixed

  • PM-826 Fixed an issue that was causing identity publisher to publish partial device data.

6.4.9 – 05/10/2017

What’s Changed/Improved

  • PM-789 RADIUS logs for cluster environments are now displaying as expected when multiple RADIUS nodes are configured.

What’s Fixed

  • PM-776 Fixed an issue where RADIUS CoA or disconnects were sent to the wrong nas IP.

  • PM-835 Fixed an issue where sessions sorting in the Responsive UI was not working correctly.

  • PM-756 Fixed an issue where not all fields in the Contextual Intelligence publisher settings were visible.

6.4.8 – 04/13/2017

What’s Changed/Improved

  • PM-139 Responsive UI has been updated. All legacy pages have been moved into /manage and have been deprecated.

  • PM-139 ManagementConsole has been updated to include end of life policies for OSX 10.9.

What’s Fixed

  • PM-768 Fixed an issue that was causing a few legacy pages to load slowly.

  • PM-743 Fixed an issue with configured routers that were unreachable/offline causing router processing threads to hang and eventually timeout.

6.4.7 – 03/17/2017

What’s Changed/Improved

  • PM-139 ManagementConsole has been updated to allow the creation of unique discovery groups to correctly utilize VLAN assignment in Aerohive environments.

  • PM-488 Radius Based Enforcement has been updated to optionally permit initial role assignment for all possible RBE configurations.

  • PM-738 DHCP syslog was updated to filter out similar events. This was causing large dhcp log files being saved and archived.

What’s Fixed

  • PM-680 Fixed an issue that was causing the Qualifier Inquiry API to return no sessions errors.

  • PM-703 Fixed an uncommon issue that would cause java to run out of memory and require a service restart.

  • PM-749 Fixed an issue that was preventing Identity Publishers from being configured in the legacy UI.

6.4.6 – 02/16/2017

What’s Changed/Improved

  • PM-509 Responsive UI received several UI enhancements.

  • PM-649 Identity Publisher has been updated to allow the disabling of the HIP report when exporting to Palo Alto.

What’s Fixed

  • PM-611 Fixed an issue in open and block access that was causing above average processing times.

  • PM-664 Fixed an issue that was preventing some Threat Enforcement alerts from being processed after the initial alert was processed.

6.4.5 – 01/30/2017

What’s New

  • PM-404 SafeConnect can now be hosted in a Azure Virtual Environment.

  • PM-568 Radius Based Enforcement can now be configured to use Xirrus vendor type.

What’s Changed/Improved

  • PM-389 Managed Access (open/block) has been moved to the new responsive UI.

  • PM-390 Device Enrollment has been moved to the new responsive UI.

  • PM-391 Sessions History has been moved to the new responsive UI.

  • PM-639 Radius Based Enforcement has been updated to accept single label domain format.

What’s Fixed

  • PM-513 Fixed an issue that was preventing uploaded certificates from propagated to the nodes in clustered environments.

6.4.4 – 12/15/2016

What’s New

  • PM-41 Web Messages were updated to provide an authentication page with and without a guest option.

  • PM-388 Guest Management has been refreshed and move to the new responsive UI.

What’s Changed/Improved

  • PM-424 Threat Enforcement has been updated to support Juniper SRX IDS.

  • PM-552 Radius Based Enforcement has been updated to allow mapping the same role as the initial role to any group.

What’s Fixed

  • PM-490 Fixed an issue with the Qualifier Inquiry API that would periodically return incomplete data.

  • PM-493 Fixed an issue where the Block Access Group would not include a Block Access Policy in some upgrades.

  • PM-554 Fixed an issue where Internet Explorer was not properly displaying the country code picker for the guest self registration pages.

  • PM-558 Fixed an issue where the radius coa.log was not archiving and rotating during nightly maintenance.

  • PM-570 Fixed an issue where RBE was not properly calculating CIDR notation for NAS IP.

6.4.3 – 10/25/2016

What’s New

  • PM-397 SonicWALL is now a supported vendor type for threat enforcement.

  • PM-397 Slooce is now a supported SMS gateway.

What’s Changed/Improved

  • PM-498 Policy Key MSI installer is now included in safeconnect builds by default and will contain the latest PK released with that version.

What’s Fixed

  • PM-483 Fixed an issue that prevented Impulse managed policy icons from rendering in the client details page.

6.4.2 – 10/17/2016

What’s Changed/Improved

  • PM-43 Radius Based Enforcement has been updated to allow different initial attributes to be appended to first access-accept of a session based on AD group membership.

What’s Fixed

  • PM-230 Fixed an issue in rbe configuration that was preventing automatic creation of the machine account during the AD join process.

  • PM-260 Fixed an issue that was preventing users from viewing the rbe log.

  • PM-263 Fixed an issue where users with read-only permissions for guest management can edit guest user accounts.

  • PM-385 Fixed an issue where purged devices previously connected via rbe were being unexpectedly assigned the initial role.

  • PM-419 Fixed an issue with the OSX policy key that was causing intermittent NAT policy failures when the device has multiple network interfaces.

  • PM-425 Fixed an issue that was preventing the ChromeOS host type from being added to all the appropriate core qualifier sets.

  • PM-437 Fixed an issue that was preventing guest notification from being resent.

  • PM-455 Fixed an issue that was preventing guest notification from being resent.

6.4.1 – 07/15/2016

What’s New

  • PM-120 Threat Enforcement is now supported and provides the ability to perform network level quarantine actions on devices that are believed to be compromised based on alerts from third party threat detection systems, such as: Palo Alto, Juniper etc…

  • PM-048 RADIUS Attributes from RADIUS accounting can now be configured as qualifiers for policy groups. This is available in the responsive UI.

  • PM-249 Meraki is now a supported vendor type for radius based enforcement.

What’s Changed/Improved

  • PM-065 RADIUS Logging in the RBE configuration page has been updated to include success/failure events when joining and unjoining from Active Directory.

  • PM-209 MAC Authentication Only mode support has been added to Radius Based Enforcement.

  • PM-305 RBE Configuration can now use special characters for shared-secrets.

What’s Fixed

  • PM-089 Fixed an issue where IPs were still being added to the router’s ACL after being disabled.

  • PM-221 Fixed an issue that caused additional load times when navigating to dashboard / guest management.

  • PM-333 Fixed an issue where submitting a qualifier inquiry to the XML API resulted in an error while processing request message.

  • PM-377 CVE-2016-5696 Vulnerability in Kernel 3.6 or newer has been patched.