What's New

In 22.4R1

•Pulse One enablement on IPS 22.4R1 or above. This feature is not enabled by default and has to be enabled through CLI.

•IPS is qualified on Azure cloud and Hyper-V platforms.

•IPv6 support for Host Checker, Download ESAP, Signature files.

•IPv6 support for Log Archiving

In 22.3R1

•Allow Host checker policy on certificate expiry: This feature allows the administrators to pass host checker policies on endpoints after the user certificate expiry. The Administrator can assign endpoints to have remediation roles, so that users can renew certificate.

•Log Enhancements: This feature allows the admin to enter a custom message to display on the client highlight the host checker compliance errors.

•Report scheduling enhancements: This feature supports scheduling multiple reports of the same type. Allows scheduling report notification on a customized time of a day/month/week.

•Compliance report enhancements: The dashboard displays the chart for the compliant and non-compliant devices. The compliance report is enhanced to display the compliant devices.

In 22.2R3

•This release qualifies certification of FIPS, JITC (DoDIN APL) and NDcPP.

•nSA support is not qualified with this release.

•JITC (DoDIN APL) Certification

•Log Support for detection and prevention of SMURF/SYN Flood/SSL Replay Attack.

•Disable ICMPv6 echo response for multicast echo request.

•Disable ICMPv6 destination unreachable response.

•DSCP Support.

•Password Strengthening.

•Notification for unsuccessful admin login attempts.

•Re-authentication of admin users.

•Notification on admin status change

•NDcPP Certification

•When NDcPP option is enabled, only NDcPP allowed crypto algorithms are allowed.

•Device/Client Auth certificate 3072 bit key length support.

•Not allowing Import of Device/Client Auth Certificate if Respective CAs are not in Trusted Stores.

•Not allowing Importing of Device Certificate without Server Authentication EKU (Extended Key Usage).

•Device/Client Auth/CA certificate revocation check during Certificate Import

•Syslog certificate revocation check during TLS connection establishment.

•Not Allowing 1024 bit Public Key Length Server Certificate from Syslog during TLS connection.

In 22.2R1

•Supports feature parity with 9.1R15 release. For more information, see Release Notes

•OAuth/OpenID support for authentication: Ivanti Policy Secure (IPS) supports OAuth as an Auth Server, which can be added and configured for End User authentication. OAuth is an open-standard authorization framework that describes how unrelated servers and services can safely allow authenticated access to their assets, without sharing the initial, related, or single logon credentials. OpenID Connect 1.0 is a simple identity layer on top of the OAuth 2.0 protocol. This feature allows users to authenticate with any standard OpenID Provider like Google, OKTA, Azure AD, to connect to IPS.

•Support deployment of IPS on AWS cloud platform: IPS can now be deployed on AWS cloud platform.

•IPv6 enforcement support for Palo Alto Networks (PAN) firewall: IPS supports IPv6 resources access through PAN firewall.

In 22.1R1

•Policy Secure runs on the next generation Ivanti Secure Appliances (ISA) series appliances, which has better performance and throughput due to hardware, software, and kernel optimization.

•It is available as fixed-configuration rack-mounted hardware.

•ISA6000

•ISA8000

•It can also be deployed to the data center or cloud as virtual appliances.

•ISA4000-V

•ISA6000-V

•ISA8000-V

•Supports feature parity with 9.1R14 release. For more information, see Release Notes.

•The following are some of the sample SKU's introduced in this release:

•IPS-SVC-GLD-1000U-1YR

•IPS-SVC-GLD-1000U-3YR

•IPS-SVC-GLD-1000U-5YR

•IPS-PROFILER-LG-3YR

The features listed in https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44747 are not supported with 22.1 GW release. In addition, Pulse Collaboration, HOB Java RDP, Basic HTML5 and Pulse One are not supported in 22.1 Gateway.