What's New
![Closed](Skins/Default/Stylesheets/Images/transparent.gif)
•(Preview) Consolidated landing page: A new unified landing page allows tenant admin to examine the shared analytical tables and charts for nZTA and ICS Gateways. For more details, see Consolidated Landing Page.
•Admin UI user experience enhancements: Improvements to the admin experience (Modernize the table view for session management and log view). Advanced filter on the page for managed users. For more details, see:
•Viewing Admin Authentication Methods
•Viewing Admin Authentication Policies
•Sync Now: A new Sync Now page allows the tenant admin to implement changes made to Admin Management and correct any configuration problems based on the alerts. For more details, see Synchronizing the Configuration.
![Closed](Skins/Default/Stylesheets/Images/transparent.gif)
•Admin Experience Enhancements: To enhance the administrative experience, there have been improvements in the form of table modernization for both Admin Management and Session Management. For details, see nSA Administration.
•Password Strengthening for Local Authentication Server: The local authentication server has stronger password restrictions. For details, see Workflow: Creating a Local Authentication Policy.
![Closed](Skins/Default/Stylesheets/Images/transparent.gif)
•IPv6 L3 VPN Application Visibility (Supported only for 22.x ICS Gateway): Support for IPV6 L3 VPN visibility in nSA. You can view both IPv4 and IPv6 applications for L3 user sessions from the Applications overview page. For details, see Using the Applications Filter Bar.
•nSA Named User License Normalization (Supported only for 22.6R2 ICS Gateway with 22.6R1 ISAC Client and later versions): Normalization of license seat reservation across devices and users. Single license is consumed instead of two through associating devices with users for Machine Cert Authentication and subsequent User Authentication. For details, see nSA Licensing/Subscription.
•Licensing Enhancements for named user licenses (UAL): Support added to perform out of band license checks. The subscription page in nSA tenant admin portal will be updated with few minutes of delay from the new user login.
•nSA Feature parity with 22.6R2 ICS gateway
•Resource policies > VPN Tunnelling > Connection Profile > DHCP Subnet - 22.x
•HTML5 Bookmark - Enable Auto Resolution Option - 22.x and 9.x
•User Roles Options - Enable Auto Resolution Option - 22.x and 9.x
•System > Configuration > SAML > New SAML > Hide PDP Option - 22.x
•Hide Authentication > Auth Servers > LDAP server > Health check - 9.x
•Authentication > Auth Servers > LDAP server > Health check - 22.x
•System > Configuration > Security > Miscellaneous > Relay state option - 22.x
• Support SAML Authentication server as a secondary authentication server when configuring Certificate Authentication server (Supported only for 22.x ICS Gateway): nSA now supports configuration of Certification Authentication server with SAML Authentication server as a secondary authentication server. For details, see Configuring Certificate Authentication Server.
•Admin experience enhancements to L4, Gateway Logs, and Logs Tables in terms of selection and resizing, pagination, and text copy/paste
The following list shows the enhancements to L4, Gateway Logs, and Logs Tables.
•Column resizing across ICS pages
•Cell content copy text from Table
•Pagination across ICS pages
•Minimum number of columns in all the tables in L4 dashboards
•Enhancement to Advanced Filter
For details, see Using the Top Active Breakdown Charts and Filtering the Logs.
![Closed](Skins/Default/Stylesheets/Images/transparent.gif)
•Auto Selecting Dependent Configurations as part of Config Sync: While creating config sync rule, if there is any dependency mismatch, admin can review dependent configurations and select them before creating/editing rule. For details, see Config Synchronization.
For example, If realm configuration is mapped to Authentication server and if config sync rule is created with only realm. The dependent configuration is highlighted (Auth server). Realm configuration is highlighted with i icon and when dependencies are reviewed, Authentication server is mentioned in the dependency tree.
•Preview of changes done in source gateway before config sync. This feature is available only with Manual sync.
Preview before sync will work only when one manual config sync rule is triggered.
•22.5R2 ICS configuration parity in nSA.
•Admin Access Control based on location, Host Checker, and Network: Checks the Admin's device geographic location/network/host checker compliance for admin sign-in policy before providing access to admin login. For details, see Creating Admin Policies.
•nSA Licensing Enhancements: When nSA licensing is enabled on Gateway, and if there is connectivity issue between gateway and controller, grace period of 24 hours is applied for new user logins up to platform limit.
![Closed](Skins/Default/Stylesheets/Images/transparent.gif)
•Role Based Access Control for Admin Users: With Role-based access control (RBAC), organizations can easily add admins and assign them specific roles, with differing levels of access to the nSA Admin Portal. In addition to an existing set of default roles, Administrators can now create custom granular roles for specific functions within the nSA admin portal. For details, see Role-based Access Control for Admin Users
![Closed](Skins/Default/Stylesheets/Images/transparent.gif)
•Analytics: Historical View: Analytics supports data visualization in Active View. Admin can see the historic data on different time windows. Admin's can find all connections details for different time frames past 30 days. For details, see Using the Filter Bar
•Config Sync Rule Status: This feature allows a user to view the config sync rule status of all target gateways. For details, see Config Synchronization.
•nSA named user licensing normalization: This feature allows a user to use different login formats - Domain\username, Common Name (CN), and User Principal Name (UPN) - from different devices, but consumes only one seat for the user. For details, see nSA Licensing/Subscription.
![Closed](Skins/Default/Stylesheets/Images/transparent.gif)
•Configuring ZTA Policy to an ICS Application: Administrators can now configure ICS application with ZTA secure access policy from the nSA-ICS Applications page.
•nSA Named User Licensing - Freeing named user licenses automatically: Users who have not logged in to the ICS Gateway for the last 30 days can be deleted automatically from the Users list.
•Addition of a new alert "Config Sync Target Cluster Deleted": This alert is generated when the Target Cluster, which is in any of the Config Sync rule gets deleted.
Configuration template functionality is consolidated into Configuration sync feature.
![Closed](Skins/Default/Stylesheets/Images/transparent.gif)
Actionable Insights: Step up Authentication, Subsequent login and Chart Visibility.
![Closed](Skins/Default/Stylesheets/Images/transparent.gif)
•Enhanced Admin experience
•Config Sync enhancements
•Alerts and Notification enhancements
•nSA UI parity with 9.1R16 and R17
•L3 VPN App Visibility
•Config Replace/reorder