What's New

• Admin UI user experience enhancements: Column reordering is newly added in the Users L3 and L4 pages. To move a column, a user can click the header and drag to its new position. For more details, see Using the Insights Menu to Monitor User Activity and Service Usage.

•Consolidated landing page: Drill down support for the Sankey chart is newly added on the consolidated landing page. With each chart, the View all link provides a page with detailed log records for that category. For more details, see Consolidated Landing Page, see Consolidated Landing Page.

•All Gateways Counter: - All Gateways counter is newly added on ZTA and nSA specific analytics landing page. For more details, see Reviewing Your Network Activity.

•(Preview) Consolidated landing page: A new unified landing page allows tenant admin to examine the shared Analytics tables and charts for nZTA and ICS Gateways. For more details, see Consolidated Landing Page.

•Admin UI user experience enhancements: Improvements to the admin experience (Modernize the table view for session management and log view). Advanced filter on the page for managed users. For more details, see:

•Checking the Logs

•Viewing Gateway Logs

•Viewing and Terminating User Sessions

•Sync Now: A new Sync Now page allows the tenant admin to implement changes made and correct any configuration problems based on the alerts. For more details, see Synchronizing the Configuration.

22.7R2 ZTA Gateway version is the security hardened version with CentOS updates.

•Configurable MTU size for gateways: Tenant admin can now define MTU size for ZTA gateways depending on their requirements and underlying network infrastructure.

For details, see:

•Adding a VMware vSphere Gateway

•Adding an AWS Gateway

•Adding an Azure Gateway

•Adding a KVM Gateway

•Adding a GCP Gateway

•Adding an Oracle Gateway

•Password Strengthening for Local Authentication Server: The local authentication server has stronger password restrictions. For details, see Workflow: Creating a Local Authentication Policy.

•Renewed ZTA IDP metadata in release 22.7R1: To ensure continued compatibility, download the renewed ZTA IDP metadata from the ZTA tenant application configuration page and subsequently apply the updated information to the SaaS SAML SSO configurations.

•Integrating NMDM with ZTA: Ivanti Neurons for MDM provides compliance check and simplified onboarding experience for nZTA end users connecting via mobile. For details, see. For details see Integrating Ivanti Neurons for MDM with nZTA.

•Hardened custom sign-in policies and login URLs: As part of hardening custom sign-in policies and login URLs, the following changes are implemented:

•Instead of requiring administrators to configure enrollment policies, administrators will only need to configure user policies. As a default, all configured user policies support enrollment.

•Single SAML authentication server for user authentication and enrollment.

For details, see:

•Workflow: Creating a SAML Authentication Policy With Azure AD

•Workflow: Creating an Authentication Policy for On-Premises ICS SAML

•Workflow: Creating a SAML Authentication Policy for Okta

•Workflow: Creating a SAML Authentication Policy for Ping Identity

•Workflow: Creating a Local Authentication Policy

•Oracle Cloud Platform support for ZTA Gateway: ZTA Gateway now supports deployment on Oralce Cloud Platform. For details see Workflow: Creating a Gateway in Oracle Cloud Platform.

•Launching the Windows Edge/Webview2 browser: In a typical enrollment, upon successful authentication to the Controller, Ivanti Secure Access Client automatically shows the end-user portal applications page through a Windows Edge/Webview2 browser. This feature is supported with ISAC client version 22.6R1. For details. see Enrolling a Windows Device.

•Reusable custom icon to associate with application: The create application page provides an option to upload your own icon, which can be used to associate with more than one application. For details. see Adding Applications to the Controller.

•Enhancements to L4, Gateway Logs, and Logs Tables:

The following list shows the enhancements to L4, Gateway Logs, and Logs Tables.

•Column resizing across ZTA pages

•Cell content copy text from Table

•Pagination across ZTA pages

•Minimum number of columns in all the tables in L4 dashboards

•Enhancement to Advanced Filter

For details. see Viewing Detailed Logs for a Chart and Filtering the Logs.

•Simplifying device rules and policies, and global device preferences: Admin experience is enhanced by simplifying the device rules and policies For details, see Creating Device Policies, Setting Global Device Preferences.

Suppress EUP Auto Launch: Allows Admin to suppress the auto launch of the End User portal. This option is enabled by default and works with ISAC 22.5R1 and later. For details, see Setting Global Device Preferences.

•Admin Access Control based on location, Host Checker, and Network: Checks the Admin's device geographic location/network/host checker compliance for admin sign-in policy before providing access to admin login. For details, see Configuring Default Device Policy for Users.

•Enhancements to Non Compliance and Anomalies L4 Drill Down logs:

•The Anomalies L4 table now includes MAC Address and Source IP Address columns.

•The Non-compliances L4 table now includes Acknowledged, Non-compliant Policy Type, Non-compliance Policy reason, MAC Address and Source IP Address columns.

•For details, see Using the Active Anomaly and Non-Compliance Charts.

•Log export options to the admin from Gateway and L4 (drill down view) logs: In any of the L4 pages, export the displayed log as a CSV or JSON text file, or create schedules to set up log export jobs. For details, see Viewing Detailed Logs for a Chart.

•Exporting logs from L4 (drill down view) logs and Gateway logs. For details see Exporting logs.

•Gateway Creation Config UI Simplification: Create ZTA Gateway and Create ZTA Gateway Group are grouped under Create. For details, see Adding a vSphere Gateway.

•Acknowledge non-compliance in the non-compliance info panel on the Landing page: Acknowledge individual non-compliances and remove them from the active total. Filter on acknowledged, unacknowledged (active), or all non-compliances. For details, see Using the Summary Ribbon.

•Role Based Access Control for Admin Users: With Role-based access control (RBAC), organizations can easily add admins and assign them specific roles, with differing levels of access to the nSA Admin Portal. In addition to an existing set of default roles, Administrators can now create custom granular roles for specific functions within the nSA admin portal. For details, see Role-based Access Control for Admin Users

•HTTP Proxy Support: Support Proxy configuration in gateway to connect to ZTA.

For details, see:

•Adding a vSphere Gateway

•Adding an AWS Gateway

•Adding an Azure Gateway

•Adding a KVM Gateway

•Adding a GCP Gateway

•Applications and Application Groups UI change: Group together multiple applications for which a single secure access policy is required. Adding Applications to the Controller and Adding Application Groups to the Controller.

•ZTA Gateway Connection Control for Trusted Networks: ZTA Gateway can sometimes be bypassed so that users can connect directly to specific applications. For example, you might want users to bypass ZTA for a specific application if they are connected directly to your trusted corporate network. ZTA gateway tunnel creation will be bypassed on the endpoint since resource access will go through the physical interface.

For details, see Configuring a Default Gateway for Application Discovery.

•Gateway Re-registration: ZTA Gateway can now be re-registered in case if the Gateway Registration was not successful and can edit gateway configuration parameters. On registration failures, admin can trigger the registration manually along with the current debugging options such as networking tools, reboot etc. You can also regenerate and download the gateway init config from the controller admin interface as when required. The Admin can also use Registration error report, which provides insight about the registration failure and suggest solutions to overcome it.

For details, see Re-registering a VMware vSphere Gateway, Re-registering an Amazon Web Services Gateway and Re-registering a GCP Gateway.

Limitations :​ Azure and KVM does not allow the user to update configuration after the gateway is deployed. So, if any config update is needed in Azure or KVM gateways (ZTA) ,we need to redeploy the ZTA gateway.

•Location/Network rule support in default device policy: Location/Network policy based enforcement can be applied for any user policy. For details, see Options for Location Rules and Options for Network Rules.

•Management port support on ZTA Gateway: With this feature, ZTA Gateway can use management interface to communicate with controller and NTP Server.

•Optimal Gateway Selection (OGS)

•End User UX Improvements

•Simplified Configuration Users and Secure Access Policy configurations

•Actionable Insights: Step up Authentication, Subsequent login and Chart Visibility

•Device Risk Assessment: RiskSense integration, Default Device Policy

•Application Visibility Improvements: Secure Access Policy for discovered applications

•Lookout SWG/CASB Forward Proxy integration

•External Browser support

•Minimum Client Version

•Lock Down mode support

•PSAL with Browser Extension