Introduction
Ivanti Policy Secure (IPS) is a next generation Secure access product, which offers customers to adapt to zero trust network access security model. Enterprises use Policy Secure to enforce endpoint policy compliance for employees, guests and contractors regardless of location, device type or device ownership. Users enjoy greater productivity and the freedom to work anywhere without limiting access to authorized network resources and applications. BYOD onboarding optimizes the user experience by allowing workers to use their preferred device. Policy Secure provides complete visibility of managed and unmanaged network devices.
The IPS Gateway versions listed below are the supported versions to use with Gateway for respective releases.
Security Advisory and Patch Update
Ivanti has released security advisories and mitigations for critical vulnerabilities in the Ivanti Pulse Secure gateways. The following CVE's have been fixed:
- CVE-2024-21894
- CVE-2024-22052
- CVE-2024-22053
- CVE-2024-22023
- CVE-2023-46805
- CVE-2024-21887
- CVE-2024-21888
- CVE-2024-21893
- CVE-2024-22024
For more details, see forum link.
Hardware Platforms
You can install and use the software version on the following hardware platforms.
•ISA6000
• ISA8000
Virtual Appliance Editions
The following table lists the virtual appliance systems qualified with this release:
Virtual appliance qualified in 22.6R1
|
Variant |
Platform |
vCPU |
RAM |
Disk Space |
|---|---|---|---|---|
|
OpenStack Wallaby on Ubuntu 20.04 LTS |
(4 vCPUs / ISA4000-v), (8 vCPUs,ISA6000-v), (12 vCPUs, ISA8000-v) |
4 |
8 GB |
80 GB |
|
VMware ESXi 7.0.3
|
ISA4000-V |
4 |
8 GB |
40 GB |
|
ISA6000-V |
8 |
16 GB |
40 GB |
|
|
ISA8000-V |
12 |
32 GB |
40 GB |
|
|
AWS
|
ISA4000-V (M5.xlarge) |
4 |
16 GB |
40 GB |
|
ISA6000-V (M5.2xlarge) |
8 |
32 GB |
40 GB |
|
|
ISA8000-V (M5.4xlarge) |
16 |
64 GB |
40 GB |
|
|
Azure
|
ISA4000-V (Standard DS3 V2 - 3NICs) |
4 |
14 GB |
40 GB |
|
ISA4000-V (Standard_D4s_v3 - 2NICs) |
4 |
14 GB |
40 GB |
|
|
ISA6000-V (Standard DS4 V2 -3 NICs ) |
8 |
28 GB |
40 GB |
|
|
ISA6000-V (Standard D8s V3) |
8 |
32 GB |
40 GB |
|
|
ISA8000-V (Standard D16s V3) |
16 |
64 GB |
40 GB |
|
|
ISA4000-V (F4s_v2) |
4 |
8 GB |
40 GB |
|
|
ISA6000-V (F8s_v2) |
8 |
16 GB |
40 GB |
|
|
ISA8000-V (F16s_v2) |
16 |
32 GB |
40 GB |
|
|
Hyper-V
|
ISA4000-V |
4 |
8 GB |
40 GB |
|
ISA6000-V |
8 |
16 GB |
40 GB |
|
|
ISA8000-V |
12 |
32 GB |
40 GB |
Virtual appliance qualified in 22.5R1
|
Variant |
Platform |
vCPU |
RAM |
Disk Space |
|---|---|---|---|---|
|
VMware ESXi 7.0.3
|
ISA4000-V |
4 |
8 GB |
40 GB |
|
ISA6000-V |
8 |
16 GB |
40 GB |
|
|
ISA8000-V |
12 |
32 GB |
40 GB |
|
|
AWS
|
ISA4000-V (M5.xlarge) |
4 |
16 GB |
40 GB |
|
ISA6000-V (M5.2xlarge) |
8 |
32 GB |
40 GB |
|
|
ISA8000-V (M5.4xlarge) |
16 |
64 GB |
40 GB |
|
|
Azure
|
ISA4000-V (Standard DS3 V2 - 3NICs) |
4 |
14 GB |
40 GB |
|
ISA4000-V (Standard_D4s_v3 - 2NICs) |
4 |
14 GB |
40 GB |
|
|
ISA6000-V (Standard DS4 V2 -3 NICs ) |
8 |
28 GB |
40 GB |
|
|
ISA6000-V (Standard D8s V3) |
8 |
32 GB |
40 GB |
|
|
ISA8000-V (Standard D16s V3) |
16 |
64 GB |
40 GB |
|
|
ISA4000-V (F4s_v2) |
4 |
8 GB |
40 GB |
|
|
ISA6000-V (F8s_v2) |
8 |
16 GB |
40 GB |
|
|
ISA8000-V (F16s_v2) |
16 |
32 GB |
40 GB |
|
|
Hyper-V
|
ISA4000-V |
4 |
8 GB |
40 GB |
|
ISA6000-V |
8 |
16 GB |
40 GB |
|
|
ISA8000-V |
12 |
32 GB |
40 GB |
Virtual appliance qualified in 22.4R1
|
Variant |
Platform |
vCPU |
RAM |
Disk Space |
|---|---|---|---|---|
|
VMware ESXi 7.0.3
|
ISA4000-V |
4 |
8 GB |
40 GB |
|
ISA6000-V |
8 |
16 GB |
40 GB |
|
|
ISA8000-V |
12 |
32 GB |
40 GB |
|
|
AWS
|
ISA4000-V (M5.xlarge) |
4 |
16 GB |
40 GB |
|
ISA6000-V (M5.2xlarge) |
8 |
32 GB |
40 GB |
|
|
ISA8000-V (M5.4xlarge) |
16 |
64 GB |
40 GB |
|
|
Azure
|
ISA4000-V (Standard DS3 V2 - 3NICs) |
4 |
14 GB |
40 GB |
|
ISA4000-V (Standard_D4s_v3 - 2NICs) |
4 |
14 GB |
40 GB |
|
|
ISA6000-V (Standard DS4 V2 -3 NICs ) |
8 |
28 GB |
40 GB |
|
|
ISA6000-V (Standard D8s V3) |
8 |
32 GB |
40 GB |
|
|
ISA8000-V (Standard D16s V3) |
16 |
64 GB |
40 GB |
|
|
ISA4000-V (F4s_v2) |
4 |
8 GB |
40 GB |
|
|
ISA6000-V (F8s_v2) |
8 |
16 GB |
40 GB |
|
|
ISA8000-V (F16s_v2) |
16 |
32 GB |
40 GB |
|
|
Hyper-V
|
ISA4000-V |
4 |
8 GB |
40 GB |
|
ISA6000-V |
8 |
16 GB |
40 GB |
|
|
ISA8000-V |
12 |
32 GB |
40 GB |
Virtual appliance qualified in 22.2R3
|
Variant |
Platform |
vCPU |
RAM |
Disk Space |
|---|---|---|---|---|
|
VMware ESXi 7.0.3
|
ISA4000-V |
4 |
8 GB |
40 GB |
|
ISA6000-V |
8 |
16 GB |
40 GB |
|
|
ISA8000-V |
12 |
32 GB |
40 GB |
Virtual appliance qualified in 22.1R1, 22.2R1, and 22.3R1
|
Variant |
Platform |
vCPU |
RAM |
Disk Space |
|---|---|---|---|---|
|
VMware ESXi 7.0.3
|
ISA4000-V |
4 |
8 GB |
40 GB |
|
ISA6000-V |
8 |
16 GB |
40 GB |
|
|
ISA8000-V |
12 |
32 GB |
40 GB |
|
|
AWS
|
ISA4000-V (M5.xlarge) |
4 |
16 GB |
40 GB |
|
ISA6000-V (M5.2xlarge) |
8 |
32 GB |
40 GB |
|
|
ISA8000-V (M5.4xlarge) |
16 |
64 GB |
40 GB |
To download the virtual appliance software, go to: https://forums.ivanti.com/s/contactsupport
Upgrade Path
The following table describes the tested upgrade paths, in addition to fresh installation of 22.1R1 and 22.1R6 for IPS Product.
|
Upgrade to |
Upgrade From (Supported Version) |
Qualified |
|---|---|---|
|
22.6R1 |
22.4R1 and 22.5R1 |
Q |
|
22.5R1 |
22.4R1 and 22.3R1 |
Q |
|
22.4R1 |
22.3R1 and 22.2R1 |
Q |
|
22.3R1 |
22.2R1 and 22.1R1 |
Q |
|
22.2R1 |
22.1R6 and 22.1R1 |
Q |
|
22.1R6 |
22.1R1 |
Q |
Upgrade Path in 22.2R3
Upgrade can only be done with JITC (DoDIN APL) mode disabled.
|
Upgrade to |
Upgrade From (Supported Version) |
Qualified |
|---|---|---|
|
22.2R3 |
22.2R1 and 22.1R1 |
Q |
JITC (DoDIN APL) supports fresh installation and upgrade for VMware images and only upgrade for cloud (AWS) images.
Configuration Migration Path
The recommended and qualified import option is using Binary Config.
The following table describes the tested migration paths.
|
Migrate to |
Migrate From (Supported Versions) |
Qualified |
|---|---|---|
|
22.6R1 |
9.1R18.2, 9.1R18.1 |
Q |
|
22.5R1 |
9.1R18, 9.1R17, 9.1R16.2 |
Q |
|
22.4R1 |
9.1R18, 9.1R17, 9.1R16.2, 9.1R14.3 |
Q |
|
22.3R1 |
9.1R17, 9.1R16, 9.1R16.2, 9.1R15, 9.1R14 |
Q |
|
22.2R1/ 22.2R3 |
9.1 R15, 9.1 R14.1, 9.1 R13.2 |
Q |
|
22.1R6 |
9.1R14.1 or prior releases |
Q |
|
22.1R1 |
9.1R13.2 or prior releases |
Q |
Noteworthy Information
Version 22.7R2
•When you upgrade to 22.7R2 the following features do not work:
•Profiler SSH collector
•IF-MAP
•MySQL
•SNMP ACL Enforcement
•Dot1x Authentication with certification auth is not supported with TLS 1.3 on Windows 11.
•Layer 3 Enforcement communication with Juniper SRX is not supported as this functionality is not supported by Juniper SRX.
Version 22.3R1
•Host checker on the Ubuntu OS is not supported on Firefox browser.
Version 22.2R3
•New password must differ from previous 8 password positions option is newly added under Password options in Local Authentication Settings page.
•Reset Password and Change Password options are newly introduced for Local Authentication Account (User/Admin).
Version 22.2R1
•For MAC spoof detection based on NMAP, the classification change counter is configurable. To configure, you must navigate to Profiler Configuration > Settings > Advance Configuration.
• Platform (Core) License SKUs for ISA platforms are introduced. Concurrent users are reset to two if core license is not installed or leased.