Authentication |
Enhancement |
Better manage a subset of users on a massive AD servers (i.e.: more than 10,000 users), by providing a filter for desired users for a specific location by security group. Desired groups for a site can be set under Configuration > Authentication in the AD plugin, there is a new field titled “Active Groups”, which is an optional group filter applied to all lookups. |
Web Proxy |
Enhancement |
The logging for the web proxy has been enhanced to include a lot more data on each request, including categories, user agent, and matching policy for allow rules. A new detailed log option is available for the Web Proxy logs to access all of this information.
Note: If using automated log parsing tools, these will need to be updated to support this new format. |
NGFW |
Enhancement |
Decide if HTTPS inspection should be done on a specific request based on the SNI header only (not the IP address) this provides more accurate and faster categorization for “Bypass HTTPS Inspection” policies. |
NGFW |
Enhancement |
Allow the use of custom domain categories for “Bypass HTTPS Inspection”. This includes the matching of subdomains (e.g.: .example.com to match example.com and all subdomains). This is now the preferred method for HTTPS exclusions, and some of these will be automatically migrated from the configuration screen. |
NGFW |
Enhancement |
On the Block Activity report, introduce a new protocol column to match what is available in Network Monitoring. |
NGFW |
Enhancement |
Block the use of the non-standard QUIC protocol by default for all traffic, enforcing the use of standards based web traffic. This option can be set under Access Policies > General. |
NGFW |
Enhancement |
A new permission level has been introduced to allow for “Test policies and recategorization”. This means users can be given the ability to request a recategorization, without the ability to change policies. |
Pipe Plus |
Enhancement |
If DNS servers have been configured for a specific link, and force route is now automatically added for each of the DNS servers to push the traffic out that link, removing the need to do this manually. |
HTTPS Inspection |
Enhancement |
If an upstream SSL certificate changes or is temporarily broken, more rapidly detect this and generate a new local certificate. |
Redirection |
Enhancement |
For captive portal logins and other redirected pages on HTTPS, use SNI for the certificate generation. |
BIC Agent |
Enhancement |
Enhanced memory management for big local uploads, minimizing the use of local memory. |
BIC Agent |
Enhancement |
Better handle the corruption of settings on the agent side, and use a different format to prevent leakage of corruption of settings should this occur. |
BIC Agent |
Enhancement |
In some instances on Mac OS X, the agent is not notified that the system has come back from sleep, causing traffic to be block for extended periods, use a secondary method to detect this, and more quickly recover when coming back from sleep. |
BIC Agent |
Enhancement |
Use the newer SHA256 when generating HTTPS inspection certificates. |
BIC Agent |
Enhancement |
If a reboot is required on the agent, more regularly notify the user that a reboot is required to encourage this to happen sooner. |
BIC Agent |
Resolution |
When testing policies for the BIC agent under Access Policies, more closely match what would happen on the BIC Agent to provide an accurate representation of the policies that would be applied. |
Reporting |
Resolution |
When displaying user generated content in a report, if the content is HTML, correctly escape it to prevent display issues. |
BYOD Installer |
Enhancement |
A new MSI BYOD certificate installer is now available, this is ideal for sites that wish to distribute the certificate installer via group policy. This same installer can run as either a local machine account or a domain admin account, depending on your AD configuration. |
Archive Emails |
Enhancement |
For archive emails and Symantec EV integration, provide more detailed logs on both success and failure. |
Direct Proxy |
Enhancement |
Provide the ability to exclude local networks and IP’s from authentication on the direct proxy (in addition to remote servers). |
Direct Proxy |
Enhancement |
If using automatic proxy configuration, a new field is now available to create a custom proxy.pac file, at the bottom of the Configuration > Web Proxy screen. If this is set, the automatic proxy.pac file is not generated, and the custom one is use instead. |
Web Mail |
Resolution |
In some views, the ordering by date was not working correctly, this has been addressed. |