SafeConnect NAC Release Notes
Click below for high-level release notes, or for a list of maintenance notifications.
Or click below for a full list of releases, including all issues addressed in each.
7.0.6 – 5/19/2020
What's New
-
PM-2299 Extreme Wireless has been added as a NAS type under RADIUS configuration.
-
PM-2089 Purchased license count information is now available in the SafeConnect UI.
What's Changed/Improved
-
PM-2300 The AD Connector has been revamped to adapt to newer Windows Server versions and leverage new code-level platform capabilities.
-
PM-2257 HA customers will now be able to view information about the node state (Master/Backup) in the lower-left corner of the Console Networking Configuration screen.
What's Fixed
-
PM-2291 Subnet Mappings page not loading after qualifier container is deleted while being used by a group.
-
PM-2281 Updated label name of the Contextual Identity module to correlate with the action taking when enabling/disabling this option.
-
PM-2265 Resolve issue where enforcement in HA nodes could not be re-enabled after upgrade.
7.0.5 - 3/13/2020
What’s New
-
PM-2252 Ubiquiti Wireless has been added as a NAS type under RADIUS configuration
-
PM-2086 Mist-Juniper-Wireless has been added as a NAS type under RADIUS configuration
-
PM-2272 Extreme- Identifi Wireless has been added as a NAS type under RADIUS configuration
-
PM-2269 Dell OS6 has been added as a NAS type under RADIUS configuration
What’s Changed/Improved
-
PM-2247 Updating the DNS server(s) inside the console configuration tool will no longer restart networking or any other services
-
PM-2261 SafeConnect now allows for guests to be created more than 30 days in the future
-
PM-2269 Dell NAS type in RADIUS configuration now supports COA
-
PM-2282 New RBE roles no longer require VSAs to be populated for the corresponding role
What’s Fixed
-
PM-2260 Home servers in RADIUS configuration are not listed in order based on their priority
-
PM-2222 Substring based IP filters not working in Device Manager for some device views
-
PM-2229 Slow LDAP connections can cause negative client and system behavior
7.0.4 – 2/20/2020
What’s New
-
PM-1613 SAML web pages now support the full set of authentication use cases.
-
PM-1374 Implemented an additional metric for SafeConnect to leverage in device identification, providing better detection of new clients.
What’s Changed/Improved
-
PM-1498 To improve system efficiency, the weekly usage report is no longer able to be previewed.
-
PM-2234 The configuration utility will now require an additional prompt when testing and changing network configurations beyond the initial setup.
What’s Fixed
-
PM-2131 An edge condition where the primary database can encounter an unexpected state, resulting in a resync being required
-
PM-1665 Advanced options are hidden when a guest has an expiration set to "Never Expire"
7.0.3 – 1/24/2020
What’s New
-
PM-2211 Limited re-brand of SafeConnect NAC to reflect the OPSWAT acquisition
-
PM-2214 Customers are now able to specify a custom email address for reports to get sent from.
-
PM-1419 Enhanced device identification to allow for better matching of device fingerprints.
-
PM-2192 New parser capability added for Palo Alto Threat Prevention Service.
What’s Changed/Improved
-
PM-2205 Notification added to Subnet Mappings when a change to a subnet affects a pre-existing group.
-
PM-2228 SafeConnect's Azure support was refreshed to ensure better support for Azure going forward.
What’s Fixed
-
PM-2221 When multiple NAS IPs were listed for a client, SafeConnect encountered an issue tracking changes between them.
-
PM-2197 Bulk uploading authorized devices failed after upgrades.
-
PM-2208 Non-impacting issue in which SafeConnect attempted to listen for duplicate threat detection inputs.
-
PM-2130 SafeConnect needed to be reloaded after an upgrade to allow for client enforcement.
-
PM-1643 Enrolled devices had a device profile of Unknown rather than the enrolled device type.
-
PM-1645 Some web messages, e.g. device enrollment forms, were unable to be previewed.
-
PM-1823 Admin interface for device enrollment had inconsistencies between the fields for days and number of seconds.
7.0.2 – 11/20/2019
What’s New
-
PM-2132 Customers are now able to leverage any subdomain of myweblogon.com as their hostname (e.g. impulse.myweblogon.com) for improved customer branding.
What’s Changed/Improved
-
PM-2169 Included newest Mac OS PK.
-
PM-1936 Updated bulk upload templates with improved grammar and proper field names.
-
PM-1803 Updated SafeConnect to reflect proper browser compatibility changes.
-
PM-1602 Increased the guest email address character limit to 255 characters when saved through the admin interface.
-
PM-1434 Safeconnect no longer has to verify the reachability of custom hostnames.
What’s Fixed
-
PM-2206 Fixed an issue where the Fortinet DHCP syslog parser did not handle certain input as expected.
-
PM-2196 Fixed an issue where enforcement roles VSA names could not be saved if they contained a number.
-
PM-2170 Fixed an issue where the RADIUS agent wouldn't start after an upgrade.
-
PM-2144 Fixed an issue where Threat Enforcement could not be enabled through the UI.
-
PM-1970 Fixed an issue in clusters where Policy Key devices could overload SafeConnect nodes with traffic.
-
PM-1841 Fixed an issue where setting "Never" for temporary access caused negative end user behavior.
-
PM-1592 Fixed an issue where spaces in Role Qualifiers were not parsed correctly.
-
PM-1184 Fixed an issue where role names containing spaces caused errors during the enrollment process.
7.0.1 – 9/9/2019
What’s New
-
PM-1868 FireEye is now supported as a Threat Enforcement (IDS) source.
-
PM-1272 UI session time outs will now be based on last activity, not login time.
What’s Changed/Improved
-
PM-2036 The weekly usage report has been optimized for better performance.
-
PM-2010 The Contextual Intelligence Publisher output now includes the "class" attribute required by a Fortigate system to be able to perform RADIUS SSO.
-
PM-1998 The Contextual Intelligence Publisher will not allow invalid network configurations to be saved.
-
PM-1975 Custom RADIUS certificates whose private key require a passphrase can now be uploaded via the UI.
-
PM-1972 Add ability to use CIDR format for NAS-IP-Address RADIUS attribute in Policy Manager.
-
PM-1381 The Block/Open Access note field will now present a helpful error when invalid characters are used. The textbox is limited to alpha numeric, typical punctuation, and white space.
-
PM-2131 The synchronization process for HA environments is now improved.
-
PM-2081/2024 Administrative UI webpages have received various security improvements.
What’s Fixed
-
PM-2156 Role changes were not happening successfully due to the credentials used to connect to an internal database being improperly set.
-
PM-2106 Under some situations, clicking "Apply and Use" in the RADIUS UI broke MAC Authentication Bypass.
-
PM-2100 The RADIUS server would not be configured as expected after a migration.
-
PM-2015 Under some situations, RADIUS server certificates which were uploaded through the UI were converted to the wrong format.
-
PM-1995 RADIUS would not work with compound name attributes for LDAP group overrides.
-
PM-1991 The "Last Updated User" field was not updated when editing a Block Access entry.
-
PM-1990 Editing Block Access entries cleared the expiration date field.
-
PM-1987 Policy Key devices would be incorrectly blocked for failing the NAT policy if they started a session with an IP which did not match the previous session's.
-
PM-1950 The RBE UI showed the server's IP to be 127.0.0.1 instead of the actual IP of the node.
-
PM-1849 The RADIUS log viewer where data would spin trying to load in some cases.
-
PM-1120 The enrollment widget would not pop up as expected on the device details page.
-
PM-1063 The MAC address displayed for a device in the Device Manager was not the MAC address of the device's active interface.
-
PM-1000 Fixed an issue where an HA pair would join to an AD domain using the same NetBIOS name for both servers.
-
PM-2042 Fixed an issue where in some cases devices which were failing anti-virus policies were shown the generic block page.
7.0.0 – 7/10/2019
What’s New
-
PM-1876 The Configuration Manager includes a help page which walks users through SafeConnect setup. – Essentials tier only
-
PM-1767 RADIUS integrations now support LDAP based authentication. This removes the requirement of SafeConnect maintaining a persistent join connection to a single active directory server and better supports redundancy.
-
PM-1763 Customers can now set their hostname to a subdomain of myweblogon.com (impulse-university.myweblogon.com). This removes the need for customers to get their own custom certificate as well as help with automated captive portal detection.
-
PM-456 A new host type has been added for "Thin Client".
What’s Changed/Improved
-
PM-1985 The "Routers and APs" host type qualifier is now included in the "Host Types for non-PK devices" qualifier set.
-
PM-1875 RADIUS Configuration page has an updated look which makes set up simpler and more straightforward.
What’s Fixed
-
PM-1910 Fixed an issue where report related stored procedures took a long time to run, which in some cases would cause system impact.
-
PM-1737 Fixed an issue where the " FailOpenAuthGroup" role was added to clients when devices which had authenticated with SAML switched groups.
-
PM-1958 Fixed an issue where the menu on the top right of the SafeConnect UI would not store new user passwords which include special characters correctly.