Release and Upgrade Notes

Important Notice for v22.3R1 and Later

To prevent any upgrade related issues and to clean up the disk space, follow the mandatory steps listed in the KB article before staging or upgrading: KB.

Important Notice for v22.1R1 and Later

NSA 22.1R1 includes updates to address the OpenSSL vulnerability described in CVE-2022-0778. Ivanti recommends upgrading your Gateways to version 22.1R1 at your earliest convenience.

Caveats

The following caveats are applicable to this release:

•Analytics Dashboard and Gateway logs are not synchronized with NSA when using an ICS gateway on the cloud running version 22.5R2 or above.

•Gateway ESAP package version 4.3.8 is default.

•Config group management works best with ESAP version 4.0.5. The ESAP version on the Gateway can be upgraded to desired version.

•For uploading the ESAP package, you must have the package in ESAP<version>_Prod.pkg format.

•Config Synchronization feature:

•Active ESAP versions must be same on both Source and Target Gateways.

•Admin Realms, Admin Sign-In URLs, Device certificates and Client Auth certificates are not supported.

•During Config Synchronization, the configurations will be getting merged from Source Gateway to Target Gateway and hence the delete operation is not supported.

•NSA accepts only certificates in PEM format, DER format certificates are not supported from NSA.

•NSA custom validation is not supported through Configuration Templates. The UI may accept invalid configuration parameters.

•Remote profiler and OAuth server are not supported through Configuration templates.

•Always on VPN wizard is not supported on NSA.

•Dark theme for NSA ICS admin UI is not supported.

•ICS Cluster creation with IPv6 address from NSA is not supported.

Additional Notes

•Rollback - When we rollback to previous versions of 9.1Rx (where NSA is not supported), the status in NSA shows disconnected.

•ICT scan results may sometimes display "Detected New Files" as 2; this is expected behavior. For more information, refer to Interpreting the External Integrity Scan Output.