Known Issues

Release 9.1R18.2

There are no known issues in this release.

Release 9.1R18.1

There are no known issues in this release.

Release 9.1R18

Symptom:Swap memory consumption and high CPU usage.

Condition: Performing SNMP polling on 200+ switches and monitoring 10,000 dot1x user sessions has the potential to significantly increase swap memory and CPU utilization by both, the SNMP collector and PostgresServer. The SNMP polling process requires the retrieval of ARP/CAM tables from all switches, which is a computationally intensive task that can consume significant CPU resources. Similarly, 10,000 dot1x user sessions results in frequent updates to the Postgres database with session details, leading to increased memory and CPU utilization. CPU utilization and Swap memory Usage will come down to normal levels once the polling is complete , the time of polling depends on number of switches being scanned..

Workaround: None.

Release 9.1R17

Symptom:Host Checker on Unbantu OS is not supported on Firefox

Condition: On Linux, Host checker on the Unbantu OS is not supported on Firefox.

Workaround: None.

Symptom: In Chinese language, machine certificate rule failed message showing in English.

Condition: When using Chinese language on Firefox ESR browser.

Workaround: None.

Symptom:Citrix Storefront with CTS client will not launch.

Condition: When PSAL extension is enabled.

Workaround: Disable PSAL extension, CSF-CTS client will launch.

Release 9.1R16

Symptom: Server is not allowing to connect a client, displays error "CreateRadiusRequest Faliure" or "Authentication Rejected by Server : 1308"

Condition: When server is configured with "Advanced Host Checking" policy and client access the URL to evaluate this policy on Windows System .

Workaround: Remove "Advanced Host Checking" policy from the Role/Realm on the server.

Symptom: Server is not allowing to connect a client, displays error "CreateRadiusRequest Faliure" or "Authentication Rejected by Server : 1308"

Condition: When server is configured with "Advanced Host Checking" policy and client access the URL to evaluate this policy on Windows System .

Workaround: Remove "Advanced Host Checking" policy from the Role/Realm on the server.

Symptom: After upgrade IPS/ICS server to 9.1R16 shows scroll bar instead of list during OS Hostcheck Policy configuration.

Condition: Changes observed after upgrade Server to 9.1R16

Workaround: There is no functionality impact to perform OS check on the client.

Symptom: Some random radius logs getting generated on UI event logs.

Condition: On upgrading IPS 2-node cluster to 9.1R16.

Workaround: None.

Release 9.1R15

No known issues in this release.

Release 9.1R14

No known issues in this release.

Release 9.1R13.1

Symptom: Remediation rule is not working.

Condition: When the client is configured with the HKEY-CURRENT-USER.

Workaround: None

Symptom: Active user session from Windows 11 shows log-in from Windows 10 System.

Condition: User logs in from Windows 11 systems using Browsers or PDC.

Workaround: None

Release 9.1R13

Symptom: "DeleteAllSessions" not releasing the IP addresses assigned to the user sessions.

Condition: Sessions with assigned IP address from IP address pools.

Workaround: Select all sessions. Uncheck only "admin" session and click "delete selected sessions".

Symptom: Swap memory consumption and high CPU usage.

Condition: Increase in swap memory consumption and high CPU usage is observed in heavily loaded Profiler system.

Workaround: None

Symptom: Guest Sponsor received e-mails do not contain some details entered during register process.

Condition: When registered as guest with details of Company Name and Host or Sponsor.

Workaround: None

Symptom: ESAP diagnose tool collects only OPSWAT related logs and does not collect any Pulse logs.

Condition: When an endpoint connected to latest 9.1R13 server and required components are installed.

Workaround: From the endpoint manually collect Pulse logs or using PDC save required logs.

Symptom: Active user session from Windows 11 shows log in from Windows 10 System.

Condition: User login from Windows 11 systems using Browsers or PDC.

Workaround: None

Release 9.1R12

Symptom: Juniper SRX firewall and Ivanti Policy Secure connection doesn't break after changing TLS version 1.2 with higher encryption setting for non-supported TLS1.2 version Juniper SRX firewall.

Condition: Juniper SRX firewall is running lower version, which do not support TLS1.2 and Ivanti Policy Secure security setting (Configuration > Security > SSL Options) Accept only TLS 1.2 (maximize security) with Maximize Security (High Ciphers).

Workaround: Need to restart uac-service in Juniper SRX firewall using the command (restart uac-service). Ivanti Policy Secure and SRX connection breaks and is reestablished with higher TLS and encryption settings.

Release 9.1R10

Symptom: Active user page “Agent Type” shows “Mac OS 10.15" in place of “Mac OS 11.0.1".

Condition: When using Safari on macOS version BigSur 11.0.1.

Workaround: None

Release 9.1R9

Symptom:  NTP will not synchronize time when default VLAN ID is configured on the interface.

Condition: If default VLAN ID is configured on the interface.

Workaround:

1. Remove VLAN ID from the interface.

2. On PSA hardware, use “Set Time Manually” option.

3. On Ivanti Policy Secure virtual machines (VM’s), disable NTP on Ivanti Policy Secure and Enable Sync with ESXi Host Option on VMware ESXi.

Symptom: Invalid Admin log shows as “Unable to synchronize time, either NTP server(s) are unreachable or provided symmetric key(s) are incorrect” even though NTP servers are reachable and clock is syncing.

Condition: When upgrading to 9.1R8.1 or later builds.

Workaround: None

Symptom: Sending Guest mail notification fails while using SMTP Server Config with SMTP Login/Password.

Conditions: While SMTP configuration with SMTP Login and SMTP Password with or without SSL under System > Configuration > Guest Access > SMTP Settings

Workaround: Configure SMTP Server without SMTP Login and SMTP Password and made SSL disable, perform NTLM authentication.

Symptom: Internal Error occurred while performing SNMPv3 Discovery from Profiler UI.

Condition: Perform SNMPv3 Discovery from Profiler UI.

Workaround: Retry from Profiler UI page or Navigate & Discover from Endpoint Policy > Network Access > Network Infrastructure page

Symptom: While adding Palo Alto Network devices as SNMP Client in Profiler new UI (from Ivanti Policy Secure version 9.1R8 onwards) SSH options are not shown.
Condition: Adding new Palo Alto Networks as SNMP client in new profiler UI.
Workaround: Add SNMP client from Network Access > New network Infrastructure Devices.

Release 9.1R8.2

Symptom: SAML SLO is not initiated from Ivanti Policy Secure to its IDP when the user’s browser-based session is ended.

Condition: When user is authenticated using any browser to Ivanti Policy Secure with SAML authentication method where Ivanti Policy Secure is SAML SP, user session is ended in browser because of idle timeout or max session timeout or if admin ends the user session from Ivanti Policy Secure Admin console. Currently only manual sign out from browser session is supported to send SLO request to IDP from Ivanti Policy Secure side.

Workaround: Close the browser window and launch a new browser window, so that user is prompted for authentication again for security reasons

Release 9.1R8

Symptom: SBR TACACS+ shell policies defined at the user level is not supported.

Condition: If shell policy is defined at user level, only the user will be migrated to Ivanti Policy Secure but will not be mapped to shell policy.

Workaround: In this case, Admin has to manually configure role, shell policy and role mapping rule in the realm.

Symptom: Hyper-V 9.1R8 upgrade from earlier versions is not supported.

Condition: When upgrading from the earlier versions. For example, 9.1R5.

Workaround: Install a fresh instance of 9.1R8 and import the configurations from the earlier version.

Symptom: After upgrading to 9.1R8, admission control alert is not processed post VIP failover.

Condition: Users connected to Active Node in A/P cluster will move to Passive Node on Cluster failover. If any Admission control event/alert is received for these users, action set in the Admission control policy will not be triggered.

Workaround: Disabling and enabling any one of the admission control clients post VIP fail will address the issue.

Symptom: Cisco WLC is not supporting default arguments with some roles.

Condition: When Ivanti Policy Secure assigns any roles apart from ALL/MONITOR WLC throws error saying “bad authorization”.

Workaround: To handle this specific scenario if service type is configured as “ciscowlc” in Ivanti Policy Secure then no default attributes (session timeout, idle timeout and privilege level) are sent but if admin wants these attributes to be sent (in case of admin roles like ALL and MONITOR) admin must configure the attributes as custom attributes.

Symptom: Host Checker (HC) installation error found Intermittently while installing HC or Pulse Client (HC enabled) through browser (Chromium Edge/Chrome/Firefox)

Condition: Fresh Installation of HC or Pulse Client (HC enabled) through browser (Chromium Edge/Chrome/Firefox) after uninstalling old HC components

Workaround: Uninstall the HC/Pulse Client components manually and reboot the system or Manually kill the HC process before installing Pulse Client/HC Component.

Symptom: Upgrading Azure images from 9.1R5 to any later releases returns with error message for Ivanti Policy Secure if the factory reset version is 9.1R5

Conditions: When factory reset version is 9.1R5.

Workaround: Admin has to take the backup of the existing configurations. Deploy the new image with latest version and import the backup configurations.

Profiler

Symptom: Calender pop-up in Advanced Filter on DDR Page does not work intermittently

Condition: Navigate to System > Reports > Device Discovery Tab, enter the from/to dates in Advanced Filters

Workaround: Refresh the page and retry.

Symptom: If device sponsoring and time bound is configured for an endpoint in the selected sponsored category then during classification device sponsoring is given priority over time-bound. Due to which endpoint status is set to unapproved.

Condition: With Device sponsoring configured and Time Bound option enabled for the selected categories in the Profile Group.

Workaround: Don't configure device sponsoring, if time-bound configurations has to be used.

Symptom: Roles are not getting updated based on updated status.

Condition: Export DB (csv/binary) and then import DB for the same endpoint during active session.

Workaround: Roles will be updating after doing logout from the session and re-initiate session from the endpoint.

Symptom: Configuring Agentles Hsostcheck policy Navigate to Auth Servers link wrongly redirects to Authentication Servers Page instead of Profiler page.

Condition: User navigates to Endpoint Security > Host Checker and click "Profiler" collector under option or Endpoint Security > Host Checker > New Host Checker Policy and clicks "Auth Servers" settings.

Workaround: Navigate to Profiler Configuration > Settings > Basic Configuration for configuration.

Release 9.1R5

Symptom: uacHostChecker process application exits unexpectedly

Condition: Pulse Client with latest component tries to connect to lower server version, for example: 5.4R7.1 through Internet Explorer/Chrome/Firefox.

Workaround: This issue is seen only on Windows 10 (1909) version whereas Windows RS5 (1809) and Windows7 Enterprise there is no issue.

Symptoms: User sessions will not be synced for the session logged in at the time of second node upgrade in Active Passive cluster.

Condition: During Active Passive cluster upgrade, when the first node comes up after upgrading newer version, it informs the other node to upgrade. During this time if any new user logs in then all those sessions will not be synced after second node upgrade.

Workaround: Users needs to re-login

Symptom: ECC device certificate is not supported with SRX firewall below Junos version 15.x.

Condition: If the server uses ECC device certificate then the connection to SRX is established only with releases later than Junos 15.x version.

Workaround:

ECC certificate support is introduced in releases later than 15.x Junos version.

If the server uses ECC device certificate, then the connection to SRX is established only with releases later than Junos 15.x version.

If the server has both the ECC and RSA device certificate installed, then Restart Services (System Maintenance > Platform > Restart Services) is required to switch from ECC to RSA or vice versa).

Symptom: XML import is failing if configuration file has syslog IPv6 settings.

Condition: If IPv6 syslog server on log settings is configured then the XML import fails.

Workaround: Export the binary system configuration and import on another device.

Symptom: When the end-user changes his password, login with the changed password fails.

Condition: User won’t be able to login with the changed password.

Workaround: Admin can change the password for the end-user and that password can be used to login.

Symptom: When SNMP Device is discovered using SNMP (v2/v3 version), Location Group and Default VLAN configured for the discovered device is not applied after clicking “Add Device”.

Condition: Discover a Switch using SNMP (v2/v3 version). Configure Location Group and Default VLAN, and then click on “Add Device”. Added device will not have the Location Group and Default VLAN configuration.

Workaround: Configuration has to be manually changed under Endpoint Policy > Network Access > Network Infrastructure Device.

Symptom: Connection error displayed while installing Host Check component. The issue is seen while performing agentless connection (Host Check enabled) after cleaning all the previously installed Host Check components.

Conditions: "UAC Host Checker" process running in the background.

Workaround: Kill the process or reboot the system and perform agentless connection.

Symptom: Inconsistent upgrade issues seen while upgrading Hyper-V images in clustering and single node.

Condition: Upgrading a Hyper-V image to 9.1R5.

Workaround: If cluster upgrade fails, reboot the node which is not upgraded. If the issue persists, try upgrading the nodes individually and then form cluster.

Symptom: The event Agent_session_bridge is not included in Login Type Dashboard chart formation in splunk App.

Condition: It gets impacted only when a user forming L2 followed by L3 session from the PDC client. The reason is, this event is not been added in parsing regexp in backend , hence bridged session will not be appeared in Login_Type Dashboard chart in Ivanti Policy Secure App.

Workaround: The event 'Agent_session_bridge' should be added in backend with applying regexp for the field to be extracted for further use.

Symptom: The current splunk session displayed on Dashboard will not be retained when clicking on Ivanti Policy Secure App.

Condition: Splunk limitation

Workaround: Not Available

Profiler

Symptom: Full sync happens more than once in Forwarder A/P Cluster.

Condition: This issue is observed only after upgrading Forwarder A/P Cluster.

Workaround: None

Symptom: During "edit all similar devices" in DDR, the response message is displayed successful. However, devices are still getting classified in the background. Admin does not know when the re-classification is done for all the devices.

Condition: This occurs when there is large number(~50K) of devices classified.

Workaround: Refresh the DDR page after few minutes.

Symptom: If endpoints entries are deleted from DC, these endpoints are not deleted from DR and vice versa.

Condition: This issue is only seen when full sync is in progress. If endpoints entries are deleted after full sync done, sync happens properly.

Workaround: Delete the endpoints from DC/DR separately.

Symptom: In the Switch View Bridge Interfaces are not showing up, all other interfaces are coming.

Condition: Fetching the IFMIB doesn't gives the bridge interfaces.

Workaround: None.

Release 9.1R4

Symptom: Mist is not sending class attribute and hence Ivanti Policy Secure unable to map session for incoming accounting request due to which the accounting stop will not remove the session from the Ivanti Policy Secure after Guest disconnects from SSID

Condition: When SSID is disconnected from the endpoint by the Guest without logging out from the active session

Workaround: Manually remove the active session from Mist controller Or Provide lower session timeout value for Guest users in Ivanti Policy Secure.

Symptom: Mist is not sending class attribute and hence Ivanti Policy Secure unable to map session for incoming accounting request and hence IP is not getting updated in the Active Users page in Ivanti Policy Secure

Condition: When active Guest session is formed

Workaround: NA

Release 9.1R3

Symptom: CSV import to System local database will fail with error message as "Invalid User Name. Only ASCII characters are allowed on Ivanti Policy Secure UI.

Condition: When username in the CSV file to be imported to System local database involves charac-ters apart from ASCII

Workaround: None

Symptom: Microsoft Excel is changing the format of CSV file while saving.

Condition: User tries to edit the CSV file using MS Excel.

Workaround: User should make sure that CSV file fulfil all condition of CSV file format. Open file in simple editor like: notepad++, vim.

Symptom: Policy evaluation failed on macOS 10.14x or any higher versions for a file rule configured to validate a file location with System default Directories <%HOME%>

Condition: Hostcheck policy with File Rule for macOS 10.14.x or higher versions for a file located at System Directories <%HOME%>

Workaround: Need to add permissions for "Pulse Client" under "Accessibility" and "Full Disk Access" and which can be accessed from System Preferences > Security & Privacy > Privacy Or without providing permission /tmp location can be used for File validation.

Symptom: Ivanti Policy Secure upgrade to 9.1R3 will not update the connection set and component set of the user role configured with Odyssey Access client settings.

Condition: Fresh installation of Pulse client or migrating from OAC to Pulse client

Workaround: OAC migration guide will help the administrators to configure the connection set and component set and map the same to appropriate roles.

Symptom: Dismiss until next upgrade option is not working for banner related to perpetual licensing.

Condition: Admin clicks on Dismiss until next upgrade.

Workaround: For every new Admin login use the close button as a workaround.

Release 9.1R2

Symptom: Cache server is continuously crashing in Longevity setup. Unable to open admin UI, crash messages display.

Condition: When cache memory is hitting more than 512mb this crash has been observed.

Workaround: NA, rollback and upgrade to latest version to start the test again.

Symptom: SMTP Port 465 is not working for Ivanti Policy Secure guest user.

Condition: Under SMTP settings, port 465 should also supported for Guest user.

Workaround: SMTP port 587 with selecting SSL works in case of guest.

Symptom: Radius Disconnect message (DM) is not working after importing user.cfg configuration from the previous release.

Condition: When previous configuration (from 9.0R1) is loaded onto the box, overwrites the de-fault radius.dct. "Funk-Dest-IPv6-Address" attribute is missing in the old dictionary.

Workaround: After restoring the dictionary to factory default, DM is sent to the switch and session is disconnected.

Symptom: While performing L3 followed by L2 and frequently enable/disable migration option some time SDKs are replacing next periodic host check

Conditions: On Windows Platform using Pulse performing L2 authentication with Host Check enabled on Role/Realm with Migration feature enabled.

Workaround: For replacing expected SDKs wait for next periodic Handshake or Disconnect and again connect to server using Pulse.

Symptom: PSIS is not upgrading to the 9.1R2 version.

Condition: When CTS, WTS and VDI gets upgraded to 9.1R2 in Win10RS5+.

Workaround: NA

Profiler

Symptom: Linkdown Trap is not updating device link status in Device Discovery Report when profiler processes for the first time.

Condition: Profiler not processing Linkdown Trap without Linkup trap update in Device Discovery page for the device.

Workaround: NA

Release 9.1R1

Symptom: RADIUS CoA disconnect for Splash sign on page in Meraki WLC does not acknowledge the session disconnect message sent by Ivanti Policy Secure.

Conditions: Guest session will be deleted from Ivanti Policy Secure, but the session will be active on WLC for the default timeout period of the guest session on Meraki WLC.

Workaround: Admin can login to Meraki dashboard and de-authorize the guest manually from Wire-less > Splash logins page. In addition to that, we have raised an enhancement request to Meraki to support COA disconnect on splash sign on page with radius authentication.

Symptom: RADIUS Accounting stop message is not sent by Meraki when guest logs out or gets discon-nected from Guest SSID

Conditions: The Guest session will remain active on Ivanti Policy Secure for the duration of Maximum Session Length (default=725 mins).

Workaround: Admin can login to Meraki dashboard and de-authorize the guest manually from Wire-less >Splash logins page which will immediately send the Accounting stop message from Meraki to Ivanti Policy Secure.

Symptom: TACACS+ Accounting start and stop messages are not sent by BIG IP F5 device

Condition: Ivanti Policy Secure may have stale sessions as it does not receive stop accounting packets. However, these sessions are deleted from Ivanti Policy Secure when Maximum Session Timeout expires.

Workaround: NA. If there is any stale TACACS+ session on Ivanti Policy Secure, it does not cause any security risk as any TACACS+ login is controlled by the BIG IP F5 device.

Symptom: Session migration fails for secondary auth server. User is prompted with secondary auth server password.

Condition: If secondary auth server is configured for session migration.

Workaround: NA

Symptom: Session migration fails for 802.1X authentication.

Condition: When the user tries to migrate the 802.1X sessions from Ivanti Policy Secure to Ivanti Connect Secure.

Workaround: NA

Symptom: Firewall SOH policy evaluation fails for domain user when Private and Public Net-works profiles in Windows Firewall are not turned ON.

Condition: When Private and Public network profile for domain user is not turned ON for Windows firewall.

Workaround: NA

Symptom: L3 session is established with Internal IP while performing L3 followed by L2 using Pulse with Ivanti Policy Secure External VIP address.

Conditions: When Ivanti Policy Secure nodes are in cluster and external port is used for RADIUS authentication.

Workaround: NA

Symptom: SAML authentication failed with error "Missing/Invalid sign-in URL" despite correct credentials while using PDC embedded browser version 9.0.1.

Condition: Using PDC browser version 9.0.1 with Ivanti Policy Secure version 9.1R1.

Workaround: Use latest PDC version with Release 9.1R1.

Symptom: Juniper Connector UI provides option to select TCP ports for communicating with Ivanti Policy Secure. However, Ivanti Policy Secure connector always use port 443, making the selected TCP port ineffective.

Conditions: Configuring Ivanti Policy Secure as connector in Juniper PE.

Workaround: Ensure that the Port number is always set to 443.

Symptom: While configuring the Ivanti Policy Secure connector in Juniper PE, administrator need to enter the system-local administrator credentials as Ivanti Policy Secure admin and AD user account cannot be used for generating REST API key for Ivanti Policy Secure-Juniper PE communication.

Conditions: Configuring Ivanti Policy Secure as Connector in Juniper PE.

Workaround: Juniper SDSN integration with Ivanti Policy Secure requires creating a local Admin user on Ivanti Policy Secure.

Symptom: Certificate Authentication fails due to configuration of "Skip Revocation when OCSP/CDP server is not available" for HC policy enforced at realm level.

Condition: When admin enables Skip Revocation check and OSCP server is not reachable.

Workaround: Set the OSCP timeout to less than 5 seconds.

Symptom: Admin is allowed to create anomaly role mapping rules based on custom expressions when UEBA license is not installed.

Condition: Configuring anomaly role mapping rules based on custom expressions when Behavioral Analytics license is not installed.

Workaround: Install Behavioral Analytics License.

Symptom: Authentication to Ivanti Policy Secure fails as Duo custom sign-in pages are not displayed.

Condition: User authenticates to Ivanti Policy Secure and assigned realm is configured with Duo as secondary authentication server.

Workaround: Use passcode-based Duo authentication.

Symptom: Authentication fails for browser-based login for Duo and LDAP combination with predefined user as <USER> in secondary authentication server.

Condition: User authenticates to Ivanti Policy Secure and assigned realm is configured with Duo as primary and LDAP as secondary auth server

Workaround: Use passcode based Duo authentication.

Symptom: VIP failover fails in A/P cluster when the Active node becomes unreachable with SPAN configured on external port.

Condition: Active node becomes unreachable in A/P Cluster with Local SPAN enabled on cluster nodes' external port.

Workaround: Configure Remote SPAN.

Symptom: OS Check rule is not supported when trying to connect from 9.0R3 Pulse client to old Ivanti Policy Secure (9.0R2\9.0R1) server on MAC OS platform.

Condition: When OS check Host checker rule is evaluated with new Pulse client connecting to pre-9.0R3 Ivanti Policy Secure server.

Workaround: Pulse client on MAC platform and Ivanti Policy Secure server need to be 9.0R3 for OS Check host checker policy to work as expected.

Symptom: Host checker fails on Mac OS 10.14 Mojave endpoint when Activate Older OPSWAT SDK in ESAP is enabled.

Condition: When ESAP with V3 SDK is activated on the server.

Workaround: Administrator should activate ESAP with V4 SDK on Ivanti Policy Secure for Host check to work as expected.

Profiler

Symptom: For Agentless Host Checker with Profiler, Antivirus Rule with "virus definition age" check may fail.

Conditions: Windows registry does not maintain the timestamp, when last virus definition was in-stalled. Time is taken as midnight time (00:00:00) of the date, when the last definition was installed.

Workaround: Create the rule with (expected number of definition age + 1) days.

Symptom: Remote profiler is unable to communicate with Profiler; hence the remote endpoints are not profiled.

Conditions: If self-signed certificate is used on Profiler Authentication server.

Workaround: Using a CA signed certificate on Profiler server.

Symptom: Endpoint session status is not updated in DDR table if the same endpoint is imported through Binary configuration.

Conditions: Importing profiler data using Binary configuration.

Workaround: Reconnect the existing user session.

Cloud Application Visibility

Symptom: CAV fails to configure proxy on endpoint, when Juniper SRX is configured as an Infranet Enforcer for a resource.

Condition: Juniper SRX is configured as Infranet Enforcer.

Workaround: N/A

Symptom: CAV policies are not applied when endpoints establish dot1x connection with a switch/access point.

Condition: Authenticator is a third-party device and is configured to use Ivanti Policy Secure as authenticating server.

Workaround: N/A

Symptom: CAV policy updates are not sent to Ivanti Policy Secure if CAV Database is updated with Ivanti Connect Secure IP address.

Condition: If CAV database at client side is updated with Ivanti Connect Secure IP address and the user establishes L2/L3 connection.

Workaround: N/A

Symptom: DNS resolution fails after CAV is re-enabled at user role level.

Conditions: If already added user role is deleted from the CAV policies.

Work Around: - N/A

Symptom: CAV feature does not work when Pulse SAM is enabled on client.

Conditions: Pulse SAM and CAV enabled for the same role.

Work Around: - N/A

Symptom: Authentication token fetching is failing under NATed environment on Pulse client for CAV policies update.

Conditions: Ivanti Connect Secure configured behind a NAT device.

Work Around: N/A

Symptom: Lockdown is not working properly if CAV policies are configured.

Conditions: Enabling CAV with lock down.

Work Around: N/A