What's New

nSA now provides option to stage the package on individual Gateway/Cluster or multiple Gateways/Clusters, and upgrade the Gateways manually or on a specified date and time. The Gateway stage and upgrade is supported from ICS Gateway 22.7R2.8 release. For more details, see Upgrading Gateways and Clusters with a New Gateway Version.

nSA enables you to configure external syslog server to forward ICS Gateway logs and nSA Tenant Admin logs. This enables centralized and secure log management and enhanced visibility into the health and efficiency of the services running in your ICS Gateways, or to facilitate debugging in the event of unexpected service behavior. For details, see Using Enterprise Integration to Export Your Logs for External Analysis.

Config Sync enhancement supports configuring the entire configuration synchronization across multiple targets (up to 15 targets for entire configuration and 50 targets for selective configuration). This enhancement enhances flexibility and scalability for managing multiple gateways or clusters. This is particularly useful for enterprises with extensive networks, as it simplifies configuration management across various systems. This feature is supported from ICS Gateway 22.7R2.8 release. For details, see Config Synchronization.

In order to avoid performance issue, app visibility logs is segregated from user access logs. App visibility logs is available in debug log/snapshot for troubleshooting. This feature is supported from ICS Gateway 22.7R2.8 release. For details, see Using the Debug Log.

The maximum debug log file size for Gateways with disk space > 80 GB is increased to 1024 MB.

•The number of scheduled/on-demand reports is increased to 10.

•Summary charts of gateways, user roles, application access, anomalies, non-compliance, and user risk now displays top 100 with more than 1 lakh users aggregation.

•User analytics now shows maximum top 30 users.

Search and Sort options are added for selective tables:

•Gateway > Users > Resource Policies

•Gateway > System > Configuration, Network, IF-MAP Federation, Log/Monitoring

•Gateway > Authentication > Signing In, Authentication Servers

Move Up and Down arrow option is disabled when Search function is applied to a table.

UI changes made for the following features:

•For Gateways with disk space > 80 GB, maximum debug log file size is increased to 1024 MB. For details, see Using the Debug Log. This change is applicable from ICS 22.7R2.6.

•VPN Tunneling Resource Policy configuration allows you to enable / disable IPv4 and IPv6 address assignments and specify IPv4 and IPv6 address ranges. For details, see VPN Tunneling Resource Policy Configuration Use Case. This change is applicable from ICS 22.7R2.3.

Tenant Admin logs now captures all the admin activities from login to logout. For more details, see Checking Tenant Admin Logs

Admin can now schedule config sync rule jobs to run only on a specified time or to run daily, weekly or monthly frequencies. For more details, see Scheduling Config Sync Rule Job.

nSA Config Authoring can handle multiple certificates with the same serial number.

•Search and Sort options are added for tables in Gateway > Users > Roles, Realms, and Resource Profiles, and Authentication > Endpoint Security.

Tenant Admin Logs page now additionally shows the audit logs generated for config change operations (create/update/delete) performed by all admins. For more details, see Checking Tenant Admin Logs

"Duplicate Rule" option is newly added in the Config Synchronization page to clone an existing, suitable config sync rule.. For more details, see Cloning a Config Sync Rule.

•"Group by" option is added in the Gateway List page to filter the list based on Gateway Type, Connection status, Version or Region.

Tenant Admin Logs page is newly added to show nSA admin audit logs generated for Gateway operations such as create, delete, upgrade, reboot and rollback.

For more details, see Checking Tenant Admin Logs.

•Strengthening the XML configuration file import/export process with password authentication checks. For more details, see: Exporting an XML Configuration File

•Strengthening the TOTP server by adding password authentication checks for importing and exporting the users data file. For more details, see: Exporting/Importing TOTP Users.

"Refresh Gateway Status" option is newly added in Config Synchronization Status page for target gateways with status "Pending", "Importing" or "Timed out". For more details, see Config Synchronization.

•Alphabetical sorting (ascending / descending) is now possible in the Gateways List and the Config Synchronization pages. Use the arrow icon () provided in the column header to show alphabetically sorted list.

•"Expand all / Collapse all" functionality is added in the Gateways List page. Use the Expand all / Collapse all icon () provided in the Gateways List page to expand / collapse the Clusters and Gateways lists.

Column reordering is newly added in the Users L3 and L4 pages. To move a column, a user can click the header and drag to its new position.

For more details, see Ivanti Connect Secure Gateway Analytics.

Drill down support for the Sankey chart is newly added on the consolidated landing page. With each chart, the View All link provides a page with detailed log records for that category. For more details, see Consolidated Landing Page.

Multinode configuration status now includes start and end timestamps and additional status information. For more details, see Config Synchronization.

All Gateways counter is newly added on ZTA and nSA specific analytics landing page. For more details, see Reviewing Your Network Activity.

The maximum length of ICS Gateway name / Cluster name is increased to 19 characters. Admin can now register the existing ICS Gateway Cluster with cluster name length up to 19 characters to nSA. For more details, see Registering Ivanti Connect Secure Gateway and Creating an ICS Cluster.

•Max log Size for Event logs: The range is 1- 200 MB and the maximum size is 200 MB for Virtual Appliances. The range is 1- 1024 MB and the maximum is 1GB/1024MB for ISA Hardware. For details, see Events to Log.

•Play integrity check for rooting detection on Android devices: checks if interactions and server requests are coming from the genuine app binary running on a genuine Android device. For details, see Mobile Configuration

A new unified landing page allows tenant admin to examine the shared Analytics tables and charts for nZTA and ICS Gateways. For more details, see Consolidated Landing Page.

Improvements to the admin experience (Modernize the table view for session management and log view). Advanced filter on the page for managed users. For more details, see:

•Checking the Logs

•Managing the Sessions

•Viewing Admin Authentication Methods

•Viewing Admin Authentication Policies

•Creating Admin Groups

A new Sync Now page allows tenant admin to implement changes made to Admin Management and correct any configuration problems based on the alerts. For more details, see Ivanti Connect Secure Gateway Analytics.

User experience for Administration > Admin Management is enhanced in this release. For details, see nSA Administration.

The local authentication server has stronger password restrictions. For details, see Workflow: Creating a Local Authentication Policy.

• FAV Icon: User can add/update FAV icon on Authentication > Signing Pages to change Gateway admin and end user FAV icon. For details, see Configuring Standard Sign-In Pages.
• IMEI option is removed for Microsoft Intune on Authentication > Authentication Servers > MDM server. For details, see Configuring MDM Authentication Server.
• AAA traffic is added for MDM and OAuth Server on Authentication > Authentication Servers. For details, see AAA Traffic Management.
• SAML/ Web Server: New setting is added to monitoring the SAML/Web server, see Configuring System Maintenance Options.
• Integrity Check: Booting Options on Integrity Check Failure is newly introduced to check integrity check failures during boot up (Disabled by default). Options are added to Reboot, rollback or continue booting if integrity check fails, see Miscellaneous Setup.
• TLSv1.3: Browser based TLSv1.3 certificate authentication using Port Redirection is now added. Also more Key Exchange Options are added for Encryption Strength. For details, see Inbound SSL Options.
• Warning is added to Config Export and Gateway Upgrade pop-up if more than one active client package exists, see Exporting a Binary System Configuration File.
• Mobile Options: IF-T/TLS NCP knob option is newly added for Mobile, see Mobile Configuration.

Support for IPV6 L3 VPN visibility in nSA. You can view both IPv4 and IPv6 applications for L3 user sessions from the Applications overview page. For details, see Using the Applications Filter Bar.

Normalization of license seat reservation across devices and users. Single license is consumed instead of two through associating devices with users for Machine Cert Authentication and subsequent User Authentication. For details, see nSA Licensing/Subscription.

• Resource policies > VPN Tunneling > Connection Profile > DHCP Subnet - 22.x
• HTML5 Bookmark - Enable Auto Resolution Option - 22.x and 9.x
• User Roles Options - Enable Auto Resolution Option - 22.x and 9.x
• System > Configuration > SAML > New SAML > Hide PDP Option - 22.x
• Hide Authentication > Auth Servers > LDAP server > Health check - Test username, Test Password and Validate User Credential fields - 9.x
• Authentication > Auth Servers > LDAP server > Health check - Test username, Test Password and Validate User Credential fields - 22.x
• System > Configuration > Security > Miscellaneous > Relay state option - 22.x

nSA now supports configuration of Certification Authentication server with SAML Authentication server as a secondary authentication server. For details, see Configuring Certificate Authentication Server.

The following list shows the enhancements to L4, Gateway Logs, and Logs Tables.

• Column resizing across ICS pages
• Cell content copy text from Table
• Pagination across ICS pages
• Minimum number of columns in all the tables in L4 dashboards
• Enhancement to Advanced Filter

For details, see Using the Top Active Breakdown Charts and Filtering the Logs.

Checks the Admin's device geographic location/network/host checker compliance for admin sign-in policy before providing access to admin login. For details, see Creating Admin Policies.

While creating config sync rule, if there is any dependency mismatch, admin can review dependent configurations and select them before creating/editing rule.

For example, If realm configuration is mapped to Authentication server and if config sync rule is created with only realm. The dependent configuration is highlighted (Auth server). Realm configuration is highlighted with i icon and when dependencies are reviewed, Authentication server is mentioned in the dependency tree.

Preview of changes done in source gateway before config sync. This feature is available only with Manual sync.

Preview before sync works only when one manual config sync rule is triggered.

For details, see Config Synchronization.

With Role-based access control (RBAC), organizations can easily add admins and assign them specific roles, with differing levels of access to the nSA Admin Portal. In addition to an existing set of default roles, Administrators can now create custom granular roles for specific functions within the nSA admin portal.

For details, see Role-based Access Control for Admin Users.

Analytics supports data visualization in Active View. Admin can see the historic data on different time windows. Admin's can find all connections details for different time frames past 30 days. For details, see Using the Filter Bar.

This feature allows a user to view the config sync rule status of all target gateways. For details, see Config Synchronization.

This feature allows a user to use different login formats - Domain\username, Common Name (CN), and User Principal Name (UPN) - from different devices, but consumes only one seat for the user. For details, see nSA Licensing/Subscription.