MRD Template - Juniper Networks
Transcription
MRD Template - Juniper Networks
Pulse Policy Secure 5.2R1 Release Notes Pulse Policy Secure version 5.2 R1 Build 28769 Pulse Client version 5.1 R2 Build 54585 Odyssey Access Client version 5.60.27023 Product Release 5.2 Document Revision 1.0 Published: 2015-03-31 © 2015 by Pulse Secure, LLC. All rights reserved Pulse Policy Secure Release Notes Table of Contents Hardware Platform ___________________________________________________________________ 4 Virtual Appliance Editions ______________________________________________________________ 4 Interoperability and Supported Platforms _________________________________________________ 4 Upgrading to Pulse Policy Secure 5.2R1 ___________________________________________________ 5 New Features ________________________________________________________________________ 5 Fixed Issues _________________________________________________________________________ 6 Open Issues _________________________________________________________________________ 6 Documentation ______________________________________________________________________ 8 Documentation Feedback ________________________________________________________________ 9 Technical Support ______________________________________________________________________ 9 Requesting Technical Support ___________________________________________________________ 9 Revision History ________________________________________________________________________ 9 © 2015 by Pulse Secure, LLC. All rights reserved Page 2 of 10 Pulse Policy Secure Release Notes List of Tables Table 1: Virtual Appliance Qualified Systems ........................................................................................... 4 Table 2 Upgrade Paths ............................................................................................................................. 5 Table 3 List of New Features .................................................................................................................... 5 Table 4 List of Issues Fixed in this Release ................................................................................................ 6 Table 5 List of Open Issues in this release ................................................................................................ 6 Table 6 Documentation ............................................................................................................................ 8 Table 7: Revision History .......................................................................................................................... 9 © 2015 by Pulse Secure, LLC. All rights reserved Page 3 of 10 Pulse Policy Secure Release Notes Hardware Platform You can install and use this software version on the following hardware platforms: IC4500, IC6500, IC6500 FIPS, MAG2600, MAG4610, MAG6610, MAG6611, MAG SM160, MAG SM360 Virtual Appliance Editions This software version is available for the following virtual appliance editions: Demonstration and Training Edition (DTE) Service Provider Edition (SPE) Table 1: Virtual Appliance Qualified Systems Platform VMware KVM Qualified System IBM BladeServer H chassis BladeCenter HS blade server vSphere 5.1, 5.0, and 4.1 QEMU/KVM v1.4.0 Linux Server Release 6.4 on an Intel Xeon CPU L5640 @ 2.27GHz o NFS storage mounted in host o 24GB memory in host o Allocation for virtual appliance: 4vCPU, 4GB memory and 20GB disk space To download the virtual appliance software, go to: http://www.pulsesecure.net/support/ Interoperability and Supported Platforms Refer to the Supported Platforms document on the software download site for details about supported versions of the Screen OS Enforcer, the Junos Enforcer, client browsers, client smart phones, and client operating systems. Go to: http://www.pulsesecure.net/support/ © 2015 by Pulse Secure, LLC. All rights reserved Page 4 of 10 Pulse Policy Secure Release Notes Upgrading to Pulse Policy Secure 5.2R1 Table 2 Upgrade Paths Release Description Pulse Policy Secure Software Upgrade Automatic updates to this release are supported for all PPS releases after and including PPS 4.4 R1. This release does not support IC4000 and IC6000 devices. These hardware models have reached end-of-life (EOL). Pulse Secure Desktop 5.1R2 Client Software Upgrade Refer to the Pulse Secure Desktop Client 5.1 release notes. Odyssey Access Client Upgrade In this release same version of Odyssey client is retained. PPS Agent (OAC) An IC Series device can handle 1500 concurrent endpoint upgrades. Standalone OAC Client This release supports the standalone, non-PPS version of Odyssey Access Client. Instructions for installing OAC on standalone clients are contained in the help guide under the section Getting Started > Initial Configuration. Endpoint Security Assessment Plug-in (ESAP) Compatibility ESAP package version 2.6.6 is the minimum version to be compatible with Pulse Policy Secure version 5.2R1. The default version for ESAP is 2.6.6 Network and Security Manager (NSM) Compatibility NSM is not supported New Features Table 3 describes the major features that are introduced in this release. Table 3 List of New Features Feature Description Wireless LAN Controller (WLC) external captive portal integration Ability to deploy Guest access management on Cisco and Aruba WLAN Guest Self-service registration Self-service registration of guests to obtain network access User Experience Enhancements for Guest Refreshed user-experience through revamp of the existing User Interface for both Guest users as well the Guest User Access © 2015 by Pulse Secure, LLC. All rights reserved Page 5 of 10 Pulse Policy Secure Release Notes Access Managers IF-Map Rebranding Introduced Pulse Secure brand and trademarks in IF-MAP vendor specific metadata types Addition of Funk-DestinationIP-Address attribute Ability to enable administrator to assign realm based on Radius incoming port Fixed Issues Table 4 lists issues that have been fixed and are resolved by upgrading to this release. Table 4 List of Issues Fixed in this Release PR Number Release Note PRS-323316 When many authentication requests are pending at the same time, SBR consumes lot of memory leaving very less memory for system to continue to work. To avoid this situation, the number of pending authentication requests in SBR have been reduced. Open Issues Table 5 lists open issues in this release. Table 5 List of Open Issues in this release PR Number Release Note PRS-324568 Guest user sessions are reported as "802.1x Auth" in "Auth Mechanism" chart on dashboard charts. PRS-325099 If customer deployed/using GUAM prior to 5.2 and when upgraded to 5.2 old Login is shown, however the rest of pages (such as summary, create user, create many user, edit pages...and so on) will have new User Interface(UI). To get the latest Login page UI, admin needs to enable "Use this signin policy for Guest and Guest admin to use specific pages." in the SignIn-URL they used prior to 5.2 PRS-322455 Guest user session does not display Agent Type in Active Users page in Wireless LAN Controllers deployment PRS-325099 Customization of GUAM pages is no longer supported in 5.2, If customer using customization using custom sign-in pages (i.e. using sample) prior to 5.2 and when upgraded to 5.2 customization done prior to 5.2 is lost. PRS-322691 "Change password at first/next login" option will not be supported in GUAM for Wireless LAN Controller (WLC) case. This option should not be enabled. If enabled, it will not have any effect. © 2015 by Pulse Secure, LLC. All rights reserved Page 6 of 10 Pulse Policy Secure Release Notes PRS-317090 IPSec use-cases will not work if Fed client-1(Authentication PPS) is upgraded, due to change in public key. The new public key needs to be re-published to Fed client2(Enforcer PPS). Workaround: Reboot the Fed client-2 so it can fetch new public key from Fed client-1 PRS-318004 When an active node of a Pulse Policy Secure Active/Passive cluster, configured for IPSec Enforcement using Virtual Adapter, is rebooted, the ssh session to the SRX protected resource is disconnected. Work around is to restart ssh session to the protected resource. PRS-322433 Cisco WLC running 7.6.130.0 does not apply session time-out sent by PPS in the RADIUS Access Accept, if there is a session-timeout configured already on the WLC for the WLAN. PRS-321071 Deleting user from Pulse Policy Secure active user page does not disconnect the Cisco 2500/5500/7500/8500 WLC wireless user PRS-325011 With Host Check interval set to non-zero when client machine comes back from sleep or hibernation, Pulse Secure client does not resume 802.1x connection. PRS-321068 Guest Access: After login through web auth (captive portal), client does not go to vlan id sent from IC. Workaround: Use a RADIUS Filter-ID attribute to restrict the guest’s access PRS-325108 For Pulse Policy Secure, the agentless Host Checker version on Mac OSX is incorrect in versioninfo.ini file PRS-324891 When Pulse Secure client 802.1x connection is resumed after Pulse Policy Secure (PPS) Active-Passive cluster fail-over, host check does not happen immediately and it is evaluated after the configured host check interval. PRS-322623 Guest Access: With Aruba Wireless Controller, CHAP for captive portal radius authentication is not supported because Aruba Wireless Controller uses not standard implementation of CHAP. Workaround: Use PAP for captive portal radius authentication. PRS-322503 Guest Access: With Aruba Wireless Controller, change of VLAN by specifying in the new role does not work for captive portal. Workaround: Use Filter-ID Radius attribute to restrict the guest user’s access. PRS-324342 With PPS in Active/Passive cluster mode, deleting the user from active user page does not disconnect user from Cisco WLC PRS-322367 With new guest sign-in pages, admin will not be given an option to configure PostAuth Sign-in Notification © 2015 by Pulse Secure, LLC. All rights reserved Page 7 of 10 Pulse Policy Secure Release Notes Documentation Table 6 describes the documentation set. The documentation is available at http://www.pulsesecure.net/support. Table 6 Documentation Title Description Getting Started Release Notes A release summary, including lists of new features, changed features, known issues, and fixed issues. Supported Platforms List of client environments, third-party servers, and third-party applications that have been tested and are compatible with the software release. Getting Started Guide How to complete a basic configuration to get started using the solution. Licensing Guide How to install any licenses that might be required. IC Series to MAG Series Migration Guide How to migrate the system configuration and user data to the newer platform. Virtual Appliance Deployment Guide How to install, configure, and use the virtual appliance edition. Administration Guides Complete Software Guide The complete collection of user documentation for this release in PDF format. Administration Guide How to complete the network and host configuration and how to use certificate security administration, configuration file management, and system maintenance features. Feature Guides Guest Access Solution Configuration Guide A complete guide to guest access solution which enables self-registration of guest over WLC and enable administrator to manage guest user access privileges. © 2015 by Pulse Secure, LLC. All rights reserved Page 8 of 10 Pulse Policy Secure Release Notes Solutions Endpoint Security Feature Guide Describes Host Checker and Cache Cleaner settings. Developer Reference Guide Custom Sign-In Pages Developer Reference A reference on customization sign in pages Documentation Feedback We encourage you to provide feedback, comments, and suggestions so that we can improve the documentation. You can send your comments to [email protected]. Technical Support Technical product support is available through the Pulse Secure Global Support Center (PSGSC). http://www.pulsesecure.net/support/ Call 1-888-314-5822 (toll-free in the USA, Canada, and Mexico). If outside US or Canada, use a country number listed from one of the regional tabs For more technical support resources, browse the support website: http://www.pulsesecure.net/support/ Requesting Technical Support To open a case or to obtain support information, please visit the Pulse Secure Support Site: http://www.pulsesecure.net/support/ Revision History Table 6 lists the revision history for this document. Table 7: Revision History Revision Description 26 Mar 2015 Initial publication. © 2015 by Pulse Secure, LLC. All rights reserved Page 9 of 10 Pulse Policy Secure Release Notes © 2015 by Pulse Secure, LLC. All rights reserved Page 10 of 10