What's New

• (Preview) Tenant Admin Audit Logs for Gateway operations: Tenant Admin Logs page is newly added to show nSA admin audit logs generated for Gateway operations such as create, delete, upgrade, reboot and rollback. For more details, see Checking Tenant Admin Logs.

• Password policy for XML configuration export and import, and TOTP users export and import:

  • Strengthening the XML configuration file import/export process with password authentication checks. For more details, see: Exporting an XML Configuration File.

  • Strengthening the TOTP server by adding password authentication checks for importing and exporting the users data file. For more details, see: Exporting/Importing TOTP Users.

• Config Sync enhancements: "Refresh Gateway Status" option is newly added in Config Synchronization Status page for target gateways with status "Pending", "Importing" or "Timed out". For more details, see Config Synchronization.

• Admin experience enhancements:

  • Alphabetical sorting (ascending / descending) is now possible in the Gateways List and the Config Synchronization pages. Use the arrow icon provided in the column header to show alphabetically sorted list.

  • "Expand all / Collapse all" functionality is added in the Gateways List page. Use the Expand all / Collapse all icon provided in the Gateways List page to expand / collapse the Clusters and Gateways lists.

• Admin UI user experience enhancements: Column reordering is newly added in the Users L3 and L4 pages. To move a column, a user can click the header and drag to its new position. For more details, see Ivanti Connect Secure Gateway Analytics.

•Consolidated landing page: Drill down support for the Sankey chart is newly added on the consolidated landing page. With each chart, the View all link provides a page with detailed log records for that category. For more details, see Consolidated Landing Page, see Consolidated Landing Page.

•Multinode configuration status enhancement: configuration status now includes start and end timestamps and additional status information. For more details, see Config Synchronization.

•All Gateways Counter: All Gateways counter is newly added on ZTA and nSA specific analytics landing page. For more details, see Reviewing Your Network Activity. For more details, see Registering Ivanti Connect Secure Gateway and Creating an ICS Cluster.

•Gateway name / Cluster name length: The maximum length of ICS Gateway name / Cluster name is increased to 19 characters. Admin can now register the existing ICS Gateway Cluster with cluster name length up to 19 characters to nSA.

•Feature parity with ICS Gateway 22.7R2.1 version:

•Max log Size for Event logs: The range is 1- 200 MB and the maximum size is 200 MB for Virtual Appliances. The range is 1- 1024 MB and the maximum is 1GB/1024MB for ISA Hardware. For details, see Events to Log.

•Play integrity check for rooting detection on Android devices: checks if interactions and server requests are coming from the genuine app binary running on a genuine Android device. For details, see Mobile Configuration.

•(Preview) Consolidated landing page: A new unified landing page allows tenant admin to examine the shared analytical tables and charts for nZTA and ICS Gateways. For more details, see Consolidated Landing Page.

•Admin UI user experience enhancements: Improvements to the admin experience (Modernize the table view for session management and log view). Advanced filter on the page for managed users. For more details, see:

•Checking the Logs

•Managing the Sessions

•Viewing Admin Authentication Methods

•Viewing Admin Authentication Policies

•Creating Admin Groups

•Sync Now: A new Sync Now page allows the tenant admin to implement changes made to Admin Management and correct any configuration problems based on the alerts. For more details, see Synchronizing the Configuration.

•Admin Experience Enhancements: To enhance the administrative experience, there have been improvements in the form of table modernization for both Admin Management and Session Management. For details, see nSA Administration.

•Password Strengthening for Local Authentication Server: The local authentication server has stronger password restrictions. For details, see Workflow: Creating a Local Authentication Policy.

•IPv6 L3 VPN Application Visibility (Supported only for 22.x ICS Gateway): Support for IPV6 L3 VPN visibility in nSA. You can view both IPv4 and IPv6 applications for L3 user sessions from the Applications overview page. For details, see Using the Applications Filter Bar.

•nSA Named User License Normalization (Supported only for 22.6R2 ICS Gateway with 22.6R1 ISAC Client and later versions): Normalization of license seat reservation across devices and users. Single license is consumed instead of two through associating devices with users for Machine Cert Authentication and subsequent User Authentication. For details, see nSA Licensing/Subscription.

•Licensing Enhancements for named user licenses (UAL): Support added to perform out of band license checks. The subscription page in nSA tenant admin portal will be updated with few minutes of delay from the new user login.

•nSA Feature parity with 22.6R2 ICS gateway

•Resource policies > VPN Tunnelling > Connection Profile > DHCP Subnet - 22.x

•HTML5 Bookmark - Enable Auto Resolution Option - 22.x and 9.x

•User Roles Options - Enable Auto Resolution Option - 22.x and 9.x

•System > Configuration > SAML > New SAML > Hide PDP Option - 22.x

•Hide Authentication > Auth Servers > LDAP server > Health check - 9.x

•Authentication > Auth Servers > LDAP server > Health check - 22.x

•System > Configuration > Security > Miscellaneous > Relay state option - 22.x

• Support SAML Authentication server as a secondary authentication server when configuring Certificate Authentication server (Supported only for 22.x ICS Gateway): nSA now supports configuration of Certification Authentication server with SAML Authentication server as a secondary authentication server. For details, see Configuring Certificate Authentication Server.

•Admin experience enhancements to L4, Gateway Logs, and Logs Tables in terms of selection and resizing, pagination, and text copy/paste

The following list shows the enhancements to L4, Gateway Logs, and Logs Tables.

•Column resizing across ICS pages

•Cell content copy text from Table

•Pagination across ICS pages

•Minimum number of columns in all the tables in L4 dashboards

•Enhancement to Advanced Filter

For details, see Using the Top Active Breakdown Charts and Filtering the Logs.

•Auto Selecting Dependent Configurations as part of Config Sync: While creating config sync rule, if there is any dependency mismatch, admin can review dependent configurations and select them before creating/editing rule. For details, see Config Synchronization.

For example, If realm configuration is mapped to Authentication server and if config sync rule is created with only realm. The dependent configuration is highlighted (Auth server). Realm configuration is highlighted with i icon and when dependencies are reviewed, Authentication server is mentioned in the dependency tree.

•Preview of changes done in source gateway before config sync. This feature is available only with Manual sync.

Preview before sync will work only when one manual config sync rule is triggered.

•22.5R2 ICS configuration parity in nSA.

•Admin Access Control based on location, Host Checker, and Network: Checks the Admin's device geographic location/network/host checker compliance for admin sign-in policy before providing access to admin login. For details, see Creating Admin Policies.

•nSA Licensing Enhancements: When nSA licensing is enabled on Gateway, and if there is connectivity issue between gateway and controller, grace period of 24 hours is applied for new user logins up to platform limit.

•Role Based Access Control for Admin Users: With Role-based access control (RBAC), organizations can easily add admins and assign them specific roles, with differing levels of access to the nSA Admin Portal. In addition to an existing set of default roles, Administrators can now create custom granular roles for specific functions within the nSA admin portal. For details, see Role-based Access Control for Admin Users

•Analytics: Historical View: Analytics supports data visualization in Active View. Admin can see the historic data on different time windows. Admin's can find all connections details for different time frames past 30 days. For details, see Using the Filter Bar

•Config Sync Rule Status: This feature allows a user to view the config sync rule status of all target gateways. For details, see Config Synchronization.

•nSA named user licensing normalization: This feature allows a user to use different login formats - Domain\username, Common Name (CN), and User Principal Name (UPN) - from different devices, but consumes only one seat for the user. For details, see nSA Licensing/Subscription.

•Configuring ZTA Policy to an ICS Application: Administrators can now configure ICS application with ZTA secure access policy from the nSA-ICS Applications page.

•nSA Named User Licensing - Freeing named user licenses automatically: Users who have not logged in to the ICS Gateway for the last 30 days can be deleted automatically from the Users list.

•Addition of a new alert "Config Sync Target Cluster Deleted": This alert is generated when the Target Cluster, which is in any of the Config Sync rule gets deleted.

Configuration template functionality is consolidated into Configuration sync feature.

Actionable Insights: Step up Authentication, Subsequent login and Chart Visibility.

•Enhanced Admin experience

•Config Sync enhancements

•Alerts and Notification enhancements

•nSA UI parity with 9.1R16 and R17

•L3 VPN App Visibility

•Config Replace/reorder