New Features
The following table describes major features that are introduced in the corresponding release:
Feature |
Description |
---|---|
Release 9.1R16.1 Features |
|
No new features applicable to this release. |
|
Release 9.1R16 Features |
|
Microsoft 365 support through re-writer |
Ivanti Connect Secure supports Microsoft Office 365 through re-writer. |
PSAL browser extension |
An option for administrator to enable browser extension for the end-users. For installation instructions refer to Pulse Secure Application Launcher Deployment Guide under Ivanti Secure Access Client Documents. |
Ivanti Neurons for MDM (formerly MobileIron Cloud) |
Ivanti Connect Secure now supports Ivanti Neurons for MDM (formerly MobileIron Cloud). |
Release 9.1R15 Features |
|
End user bookmark creation |
This feature allows the users to create SSH/Telnet/VNC HTML5 bookmarks to initiate which SSH/Telnet/VNC connections. This feature also allows admins to select the bookmark types that users can create. |
Admin controlled session recording |
This feature allows admins to control and store the session recordings, for end user and admin created bookmarks, to internal or external storage on Advanced HTML5 sessions. |
Intune integration enhancement |
This feature allows to check compliance of an end user and retrieval of Device attributes using the Device ID. Support Intune Government cloud is available in Preview only mode for this release. |
DHCP options enhancement |
This feature allows ICS to act as a relay agent and communicate to the DHCP server the subnet/link to allocate an IP address. This feature allows Admins to configure any sub-option (1-255) for DHCP option including DHCP option 82, sub-option 5. |
OAuth/OpenId Connect Enhancements |
This feature enhancement includes:
|
Accessibility Conformance report |
Accessibility conformance report helps to check the level of accessibility compliance of the product. |
Release 9.1R14 Features |
|
oAuth/openID support for authentication |
Ivanti Connect Secure supports OAuth as an Auth Server which can be added and configured for End User authentication. OAuth is an open-standard authorization protocol or framework that describes how unrelated servers and services can safely allow authenticated access to their assets without sharing the initial, related, single logon credential. OpenID Connect 1.0 is a simple identity layer on top of the OAuth 2.0 protocol. This feature allows users to authenticate with any standard OpenID Provider like Google, OKTA, Azure AD, to connect to Ivanti Connect Secure. |
REST API enhancements |
The new REST API methods allows the admin to configure and manage the Ivanti Connect Secure seamlessly. Supports new REST API functions for Upgrade, Reboot, Rollback, Read-Only Admin, Console password protection, Monitor NTP status, Map interfaces to certificates, Toggle Fault Tolerance and Telemetry Settings. |
SAML enhancements |
A new option introduced in SAML Auth Server config, where admin can override default FQDN and provide custom FQDN to talk to SAML providers and end user authentications. |
Advanced HTML5 enhancements |
For RDP bookmarks, fetch domain feature supports automatic detection of domain for AD servers. This feature supports AD servers only. License count is changed from session basis to user login basis. |
Admin Authentication fallback URL |
Introduced an option to provide a fallback URL in case the Auth server is not reachable while admin tries to login. |
Geo-Location to the realm restrictions |
This feature provides an option to restrict or allow logins based on location. Note: Ensure UEBA package is uploaded on the ICS for this feature to work. |
Kerberos e-type extension |
This feature allows Kerberos to use AES128 as the highest encryption type. |
Audio Support on Citrix desktops |
Audio support for Citrix desktops that are hosted on a Citrix server using an admin created VDI bookmark. |
Release 9.1R13.1 Features |
|
ISA virtual platforms as license clients |
ISA virtual platforms can be configured as license clients from 9.1R13.1. For more information, refer to the License Management Guide. |
Release 9.1R13 Features |
|
AWS marketplace publishing |
AWS marketplace publishing with GP3 AMI image to reduce the Ivanti Connect Secure upgrade time on AWS. |
Release 9.1R12.1 Features |
|
No new features applicable to this release. |
|
Release 9.1R12 Features |
|
Integrity Checker |
The integrity tool allows an administrator to verify the Ivanti Connect Secure package installed on Virtual or Hardware Appliances This tool checks the integrity of the complete file system and finds any additional/modified files in the system. |
Intune integration enhancements |
This feature enhancement allows Windows users to fetch attributes from Intune by using MAC address option. |
Advanced HTML5 Enhancements |
The feature enhancement allows users to create admin/end-user Advanced HTML5 bookmarks. |
SeamlessMigration of Ivanti Connect Secure instance in AWS. |
This feature allows to modify internal port and external port of Ivanti Connect Secure deployed in AWS. |
Choice of interface for each configured syslog server |
This feature enhancement allows to add Source interface selection for each syslog servers configured in the Ivanti Connect Secure. It enables the admin to select a source interface with which address packets are sent to the syslog server. |
REST API Enhancements for Named Users |
This feature enables the admin to access the named users and its information and delete them on both Ivanti Connect Secure and License Server in Named User Repository mode using REST APIs. |
Release 9.1R11.5 Features |
|
No new features applicable for this release. |
|
Release 9.1R11.4 Features |
|
No new features applicable for this release. |
|
Release 9.1R11.3 Features |
|
No new features applicable for this release. |
|
Release 9.1R11 Features |
|
Advanced HTML5 solution (General Availability version) |
Ivanti Connect Secure supports Advanced HTML5 Access solution. This Advanced HTML5 Access solution supports two Advanced HTML5 sessions by default and includes multiple monitors, session recording, audio recording, high sound quality, and camera support. From 9.1.R11, Advanced HTML5 access is available as General Availability version. |
Release 9.1R10 Features |
|
No new features applicable for this release. Refer to Noteworthy Information in 9.1R10 Release for more details. |
|
Release 9.1R9.1 Features |
|
No new features applicable for this release. |
|
Release 9.1R9 Features |
|
SNMP v3 multiple user support |
Ivanti Connect Secure supports two users to be registered with an SNMP engine with different authentication and privilege settings. |
ESP Tunnel for Mixed Mode |
Ivanti Connect Secure provides option to use ESP tunnel for 6in4 and 4in6 traffic. |
Advanced HTML5 solution (Trial version) |
Ivanti Connect Secure supports Advanced HTML5 Access solution. This Advanced HTML5 Access solution supports two Advanced HTML5 sessions by default and includes multiple monitors, session recording, audio recording, high sound quality, and camera support. |
Remote microphone support in WTS |
Supports microphones connected to the client computer during the remote session. |
Release 9.1R8.2 Features |
|
No new features added in this release. |
|
Release 9.1R8.1 Features |
|
No new features added in this release. |
|
Release 9.1R8 Features |
|
UEBA package for fresh installation of Ivanti Connect Secure/Ivanti Policy Secure |
In case you have a fresh installation of Ivanti Connect Secure/Ivanti Policy Secure, you may download latest UEBA package from Support Site (my.pulsesecure.net) and add the package at Behavior Analysis page before using Adaptive Authentication or Geolocation based Conditional Access. |
Show users by access type |
Apart from showing the number of concurrent user sessions, Ivanti Connect Secure Dashboard now shows the L4 access type (PSAM) and Clientless access type (Browser) logins as non-tunnel users. |
Ivanti Connect Secure Protection from Overload |
This feature disallows user login, user login via Pulse Desktop, HTML5 connection or connection to a web resource when the CPU load is above a certain threshold. By default, this option is disabled for Ivanti Connect Secure upgrades and enabled for new installation. |
Reset/Unlock TOTP user through REST API |
This release provides REST API to Reset/Unlock a user under a TOTP server. |
New license SKUs for Ivanti Connect Secure/Ivanti Policy Secure |
In this release, added around 120 new license SKUs for Ivanti Connect Secure/Ivanti Policy Secure. |
Support for pool of NTP servers and NTP status check |
Ivanti Connect Secure now supports pool of NTP servers up to 4 NTP servers to sync date and time. |
Release 9.1R7 Features |
|
Automatic enable/disable ICE license |
This release provides automatic management of ICE license. Ivanti Connect Secure enables ICE license when the logged in users count crosses the maximum licensed users count and disables ICE license when the logged in users count drops below the maximum licensed users count. As an example, If you installed 100 licensed user counts, when the 101th user logs in, ICE license gets automatically enabled. |
Show current HTML5 RDP sessions in Dashboard |
This release provides HTML5 sessions information in the dashboard and the trend graph that helps admin to view the CPU usage and take necessary action to provide better remote access experience for the users. |
Support for srcset attribute in HTML |
Ivanti Connect Secure provides support for the responsive images (in web applications) via rewriter by rewriting the srcset attribute value. The corresponding images would be fetched on client application based on screen size, resolutions and other features. |
Enable/Disable FQDN ACL |
FQDN ACL feature was enabled by default earlier even though there are no policies configured. A new admin configurable option to enable or disable FQDN ACL feature is added in 9.1R7 at System > Configuration > VPN tunneling. |
Release 9.1R6 Features |
|
Hyperlink to Host Checker Policies |
In the User Realms > Authentication Policy > Host Checker page, the policy names now have hyperlinks. Click the link to view the policy configuration. |
Hardware ID in the System Maintenance page |
The System > Maintenance > Platform page displays Hardware ID along with the other platform details. |
Serial number in the Licensing screen |
The System > Configuration > Licensing page, displays Hardware Id and Serial number. |
Enable/Disable option for ICE license |
This release provides REST API to do the following on a Standalone/Cluster:
|
Release 9.1R5 Features |
|
Terraform template support for AWS and Azure |
Ivanti Connect Secure can be deployed using Terraform templates on supported hypervisors and cloud platforms. |
Location based Conditional Access |
Conditional Access feature for Cloud Secure now provides a mechanism to enforce access control policies based on location parameters by defining policies for applications. |
Password management for Open LDAP |
LDAP based password management works with generic LDAP servers such as OpenLDAP. |
Microsoft Intune MDM integration |
In this release, device access management framework supports integration with Microsoft Intune. |
HTML5 Sessions report |
Active number of HTML5 sessions on Ivanti Connect Secure can be obtained using a REST API call to api/v1/stats/active-html5-sessions. |
MSSP Reporting enhancements |
It is now possible to extract any particular license client/cluster report through REST API. Enhancements include:
|
SSLDump for VLAN |
In this release, SSLDump utility supports VLAN. Admins can use this tool for debugging / data collection purpose. |
Edit default gateway configuration |
In Ivanti Connect Secure hosted on a cloud environment, it is now possible to edit default gateway configuration from UI. |
Host Checker feature enhancement |
Host Checker policy to detect and allow hard disk in which encryption is in progress. |
License server with Active-Active cluster |
Administrators can:
|
Release 9.1R4.3 Features |
|
No new features added for this release |
|
Release 9.1R4.2 Features |
|
No new features added for this release |
|
Release 9.1R4.1 Features |
|
No new features added for this release |
|
Release 9.1R4 Features |
|
Ivanti Connect Secure VA on Alibaba Cloud |
Ivanti Connect Secure now supports VA deployment on Alibaba Cloud. |
Conditional Access |
Conditional Access feature for Cloud Secure provides a mechanism to enforce access control policies based on user and device parameters by defining policies for applications. Conditional Access policies are evaluated during application access time while roles are mapped to the session during the session creation time. |
REST API enhancements |
Enhancements include:
|
vTM and Ivanti Connect Secure Integration for Load Balancing |
The Platform Limit, Maximum Licensed User Count and Cluster Name attribute values are available for optimal load balancing. |
Support for Windows Redstone 6 |
In 9.1R4 release, Windows Redstone 6 - version 1909 is qualified. |
Support for SharePoint 2019 |
In 9.1R4 release, SharePoint 2019 is qualified. |
Support for VMware VDI 7.9, and 7.10 |
In 9.1R4 release, VMware VDI versions 7.9 and 7.10 are qualified. |
Support for Citrix Virtual Apps and Desktops 7 1909 |
In 9.1R4 release, Citrix Virtual Apps and Desktops 7 1909 is qualified. |
Protect passwords stored in local auth server using stronger hash |
When a new local authentication server is created, now admin has a choice to store the password with strong hashing using pbkdf2. |
Support license reporting per license client |
Licensing report is enhanced with usage statistics for each Ivanti Connect Secure instance - maximum user count per month per Ivanti Connect Secure/per MSSP. MSSPs can now:
|
Release 9.1R3 Features |
|
Consolidated system and troubleshooting logs |
The various system logs and troubleshooting logs that help in investigating user access issues and system issues can be configured and accessed using the Log Selection page. |
Connect to nearest available DC |
The LDAP authentication configuration is enhanced in 9.1R3 to locate the nearest Microsoft domain controllers, which are spread across the globe, by resolving DNS SRV records. |
Zero touch provisioning |
From 9.1R3 release, Ivanti Connect Secure can detect and assign DHCP networking settings automatically at the Ivanti Connect Secure VM boot up. In the script included in the PSA-V package, the Ivanti Connect Secure parameters should be set to null in order to fetch the networking configuration automatically from the DHCP server. This feature is not supported on PSA hardware. |
Ivanti Connect Secure hosted in OpenStack cloud |
OpenStack is an open source cloud computing platform that allows deploying and managing a cloud infrastructure as an IaaS service. As part of this release, Ivanti Connect Secure supports deploying Ivanti Connect Secure KVM in OpenStack cloud. |
VMware tools support |
From 9.1R3 release, VMware support is qualified for VMware 10.3.10, ESXi 6.7 Update 2c. |
Debug Log storage expansion |
From 9.1R3 release, the maximum debug log size is increased to 1024 MB on hardware platforms. |
Periodic iostat data collection |
From 9.1R3 release, the “iostat” information is gathered periodically and made available as part of node monitoring in system snapshot. |
Control copy/paste option for a user from an HTML5 session |
9.1R3 release provides option to the administrators as well as end-user to enable/disable copy/paste from HTML5 RDP sessions. This option will be available under User Roles as well as Admin Created Bookmarks”. |
Enhancements to Local Authentication Server default password |
From 9.1R3 release, for a fresh installation, the valid password range defined is 0-999. Minimum length 10 and maximum length 128 are set as default values. |
Restricting access to default resource policies |
From 9.1R3 release, for a fresh installation, the following predefined resource policies are set to “Deny” state by default. The predefined policy for VPN Tunneling is not provided. |
IKEv2 Fragmentation |
IKEv2 packets can be larger than the MTU especially the IKE_AUTH packets which include the certificate chain. These larger IKE packets get fragmented in the intermediate devices. This feature implements fragmentation at IKE level and avoids IP fragmentation. |
MSS value for TCP connections on Tun devices |
Due to larger IPv6 header as compared to IPv4, if the MSS of the Ivanti Connect Secure external interface is not set appropriately, the packets would be dropped on the external interface. This feature enables to set MSS to a lower value so that TCP connections are not dropped for 6-in-4 cases or when there is NAT translation somewhere in the network before reaching Ivanti Connect Secure. |
Release 9.1R2 Features |
|
SP-Initiated SAML SSO |
Ivanti Connect Secure supports SP-initiated SAML SSO when Ivanti Connect Secure is configured as IdP in gateway mode. Ivanti Connect Secure uses the existing user session in generating SAML assertion for the user for SSO. |
IDP initiated SAML Single Logout |
This feature provides a single logout functionality wherein if a user gets logged out of a session from one application, Ivanti Connect Secure (configured as IdP) notifies all other connected applications of that user with Single Logout. |
Flag Duplicate Machine ID in access logs |
Pulse client expects the machine ID is unique on each machine. If multiple endpoints have the same machine ID, for security reasons, the existing sessions with the same machine id are closed. A new access log message is added to flag the detection of a duplicate Machine ID in the following format: Message: Duplicate machine ID "<Machine_ID>" detected. Ending user session from IP address <IP_address>. Refer document KB25581 for details. |
Microsoft RDWeb HTML5 Access |
The newly introduced Microsoft RDWeb resource profile controls access to the published desktops and applications based on HTML5. The Microsoft RDWeb templates significantly reduce the configuration time by consolidating configuration settings into one place and by pre-populating a variety of resource policy settings. In the 9.1R2 release, Microsoft RDWeb HTML5 access does not support Single Sign On. SSO will be made available in the future release. |
Backup configs and archived logs on AWS S3/Azure Storage |
Two new methods of archiving the configurations and archived logs are available now apart from SCP and FTP methods: Ivanti Connect Secure now supports pushing configurations and archived logs to the S3 bucket in the Amazon AWS deployment and to the Azure storage in the Microsoft Azure deployment. |
V3 to V4 OPSWAT SDK migration |
Ivanti Connect Secure supports the migration of servers and clients to OPSWAT v4 to take advantage of latest updates. |
Report Max Used Licenses to HLS|VLS |
From 9.1R2 release, the licensing client (Ivanti Connect Secure) starts reporting maximum used sessions count instead of the maximum leased licenses count. For MSP customers, this change helps in billing the tenants based on maximum sessions used. |
VA Partition Expansion |
Ivanti Connect Secure/Ivanti Policy Secure supports upgrading from 8.2Rx to 9.1R2 for the following supported platforms:
When upgrading a VA-SPE running 8.2R5.1 or below that was deployed with an OVF template to a higher version, the upgrade was failing. This feature solves the upgrade problem for VMware, OpenStack KVM and Hyper-V. Refer KB41049 for more details. |
Release 9.1R1 Features |
|
Software Defined Perimeter |
SDP uses ICS appliances which individually act as either an SDP controller or an SDP gateway. Mobile users of the Pulse Client perform authentication on an SDP controller which runs an Authentication, Authorization and Accounting (AAA) Service. The SDP controller then enables direct communication between the user and the SDP gateways that protect the user’s authorized resources and enables requested encryption. |
DNS traffic on any physical interface |
Prior to 9.1R1 release, DNS traffic was sent over the Internal interface. Starting with 9.1R1 release, an administrator can modify the DNS setting to any physical interface namely Internal Port, External Port or Management Port. |
Authentication failure management |
Account Lockout option is provided to manage user authentication failures for admin users of local authentication server. The admin user account will be locked after specified number of consecutive wrong password attempts. The account will be unlocked after the specified lockout period or by using the Unlock option. |
Support for “client-name” parameter in HTML5 Access |
User can pass "client-name" in HTML5 rdp using launcher method. The %clientname% variable is matched with a workstation ID and normally that variable is unique and dedicated remote desktop computer name. |
Deploying PSA-V in OpenStack KVM |
User can deploy PSA-V in OpenStack KVM using a template. |
User access to internet resources on an Azure-based or AWS-based Ivanti Connect Secure |
AWS VPC GW and Azure VNet GW drop packets if the source IP is the endpoint tunnel IP. This feature NATs endpoint tunnel IP to Internal interface IP. The NAT allows user to access internet resources when connected to a VPN tunnel on an Azure or AWS-based Ivanti Connect Secure. |
REST API enhancements |
Enhancements include: Getting Config without Pulse packages such as ESAP package and Pulse Client package Backing up and restoring binary configuration |