What's New

Important Notice for v22.3R1 and Later

To prevent any upgrade related issues and to clean up the disk space, follow the mandatory steps listed in the KB article before staging or upgrading: KB44877.

Important Notice for v22.1R1 and Later

nSA 22.1R1 includes updates to address the OpenSSL vulnerability described in CVE-2022-0778. Ivanti recommends upgrading your Gateways to version 22.1R1 at your earliest convenience.


The following caveats are applicable to this release:

Analytics Dashboard and Gateway logs are not synchronized with nSA when using an ICS gateway on the cloud running version 22.5R2 or above.

Gateway ESAP package version 4.1.6 is default.

Config group management works best with ESAP version 4.0.5. The ESAP version on the Gateway can be upgraded to desired version.

For uploading the ESAP package, you must have the package in ESAP<version>_Prod.pkg format.

Config Synchronization feature:

Active ESAP versions must be same on both Source and Target Gateways.

Admin Realms, Admin Sign-In URLs, Device certificates and Client Auth certificates are not supported.

During Config Synchronization, the configurations will be getting merged from Source Gateway to Target Gateway and hence the delete operation is not supported.

nSA accepts only certificates in PEM format, DER format certificates are not supported from nSA.

nSA custom validation is not supported through Configuration Templates. The UI may accept invalid configuration parameters.

Remote profiler and OAuth server are not supported through Configuration templates.

Always on VPN wizard is not supported on nSA.

Dark theme for nSA ICS admin UI is not supported.

ICS Cluster creation with IPv6 address from nSA is not supported.


RBAC: If the tenant has both nSA and ZTA gateway, setting any common permissions while creating an Custom RBAC Admin Role applies to both nSA and ZTA gateway. For example, if custom admin role has modify permission for ZTA gateway then the same applies to nSA gateway also.

The ICS upgrade time from nSA depends on the network bandwidth and latency. If the downloading of package takes more than 4 hours then the upgrade process is marked as failed.

Cluster creation from nSA takes few minutes to create cluster and add/join members.

The time taken for Config Synchronization process from source to target Gateway depends on the configuration size.

Additional Notes

Rollback - When we rollback to previous versions of 9.1Rx (where nSA is not supported), the status in nSA shows disconnected.