Aruba VIA Android Edition

Similar documents
Aruba VIA Windows Edition

Aruba VIA Windows Edition

Aruba Central Switch Configuration

Aruba Central Switch Configuration

Aruba Instant

Aruba VIA for Mobility Master

Aruba Central Guest Access Application

Aruba Central Application Programming Interface

August 2015 Aruba Central Getting Started Guide

Aruba Instant

Aruba VIA 3.x (for ArubaOS 6.5.x)

Deploy APs in a Centralized Controller-Based Network

Aruba VIA Windows Edition

Aruba VIA 2.1.x. User Guide

Aruba VIA 3.x (for ArubaOS 8.x)

Installing or Upgrading to 6.6 on a Virtual Appliance

Aruba Central. User Guide

AirWave Glass Release Notes

Aruba SFP/SFP+ Optical Modules

Aruba Central. User Guide

Aruba Central. User Guide

Aruba Instant Release Notes

MSP Solutions Guide. Version 1.0

AirWave Supported Infrastructure Devices

AirWave Supported Infrastructure Devices. Aruba Devices. ArubaOS. ArubaOS Clarity Synthetic. ArubaOS FIPS.

SonicOS Enhanced Release Notes

Workspace ONE UEM Certificate Authentication for Cisco IPSec VPN. VMware Workspace ONE UEM 1810

AirWave Glass Installation and User Guide

Aruba Instant Release Notes

Aruba Central Switch Configuration

Aruba Networks and AirWave 8.2

ClearPass. ClearPass Extension Universal Authentication Proxy. ClearPass Extension Universal Authentication Proxy TechNote

Pulse Secure Mobile Android

ClearPass and Check Point Integration Guide. Check Point. ClearPass. ClearPass and Check Point Integration Guide 1

ArubaOS Release Notes

AirGroup Configuration How- To with ClearPass Technical Note

Aruba Instant Release Notes

Pulse Secure Mobile Android Release 6.3.0

Aruba Central Switch Configuration

Aruba Instant Release Notes

ArubaOS Release Notes

Integrating AirWatch and VMware Identity Manager

VMware AirWatch Certificate Authentication for Cisco IPSec VPN

Pulse Secure Mobile Android

Forescout. Configuration Guide. Version 4.2

Troubleshoot. What to Do If. Locate chip.log File. Procedure

Workspace ONE UEM Integration with RSA PKI. VMware Workspace ONE UEM 1810

Guide to Deploying VMware Workspace ONE. DEC 2017 VMware AirWatch 9.2 VMware Identity Manager 3.1

AirWatch Mobile Device Management

Amigopod Release Notes. Updating to Amigopod Document Overview. Overview of the Update Process. Verify the System s Memory Limit

VMware Horizon View Deployment

Workspace ONE UEM Certificate Authority Integration with JCCH. VMware Workspace ONE UEM 1810

Configuration of Shrew VPN Client on RV042, RV042G and RV082 VPN Routers through Windows

Sophos Connect. help

ClearPass and Tenable.sc Integration Guide. Tenable.sc. Integration Guide. ClearPass. ClearPass and Tenable.sc - Integration Guide 1

Troubleshoot. What to Do If. Locate chip.log File

Administrator's Guide

Aruba Central Access Points Configuration

Verizon MDM UEM Unified Endpoint Management

SonicOS Enhanced Release Notes

Aruba Instant. Validated Reference Design. Chapter 2 Branch Connectivity. Version Roopesh Pavithran Andrew Tanguay

Aruba Instant Release Notes

IntroSpect 2.4. User Guide

ClearPass Extension for BMC Remedy TechNote. ClearPass Extension For BMC Remedy. ClearPass. ClearPass Extension for BMC Remedy - TechNote 1

Release Notes ( ) Digi TransPort LR Product Family

Guide to Deploying VMware Workspace ONE. VMware Identity Manager VMware AirWatch 9.1

Troubleshoot. Locate chip.log File. Procedure

How to Set Up External CA VPN Certificates

This document is designed as a reference for installing AirWave using the CentOS software bundled with the.iso disc image.

Read the following information carefully, before you begin an upgrade.

AT&T Global Network Client for Android

Aruba Central Instant Access Point Configuration

Pulse Secure Mobile Android Release 5.2R1

HP Instant Support Enterprise Edition (ISEE) Security overview

Peplink Balance: 20 / 30 / 30 LTE / 50 / One / 210 / 310 / 305 HW2 / 380 HW6 / 580 HW2-3 / 710 HW3 / 1350 HW2 / 2500

ClearPass Release Notes

Setting Up Resources in VMware Identity Manager (On Premises) Modified on 30 AUG 2017 VMware AirWatch 9.1.1

Junos Pulse 2.1 Release Notes

PULSE CONNECT SECURE APPCONNECT

LDAP Directory Integration

VMware AirWatch Integration with RSA PKI Guide

Using VMware View Client for Mac

VMware Workspace ONE Quick Configuration Guide. VMware AirWatch 9.1

NetFort LANGuardian Integration Guide. NetFort LANGuardian. NetFort LANGuardian Integration Guide 1

Android Mobile Single Sign-On to VMware Workspace ONE. SEP 2018 VMware Workspace ONE VMware Identity Manager VMware Identity Manager 3.

Release Notes. Dell SonicWALL SRA Release Notes

Configuring Windows 7 VPN (Agile) Client for authentication to McAfee Firewall Enterprise v8. David LePage - Enterprise Solutions Architect, Firewalls

Pulse Secure Desktop Client

Aruba Instant

AnyConnect on Mobile Devices

Administrator's Guide

Symptom Condition / Workaround Issue Full domain name is not resolved by the RDP- ActiveX Client.

How to Configure the Barracuda VPN Client for Windows

AT&T Global Network Client for Mac User s Guide Version 1.7.3

ClearPass. MobileIron Cloud and Common Platform Service. Integration Guide. MobileIron Cloud and Common Platform Services

Installing and Configuring vcenter Multi-Hypervisor Manager

IPV6 SIMPLE SECURITY CAPABILITIES.

Sophos Mobile as a Service

AT&T Global Network Client for Mac User s Guide Version 2.0.0

ClearPass Release Notes

Transcription:

Aruba VIA 3.0.3 Android Edition a Hewlett Packard Enterprise company Release Notes

Copyright Information Copyright 2017 Hewlett Packard Enterprise Development LP. Open Source Code This product includes code licensed under the GNU General Public License, the GNU Lesser General Public License, and/or certain other open source licenses. A complete machine-readable copy of the source code corresponding to such code is available upon request. This offer is valid to anyone in receipt of this information and shall expire three years following the date of the final distribution of this product version by Hewlett Packard Enterprise Company. To obtain such source code, send a check or money order in the amount of US $10.00 to: Hewlett Packard Enterprise Company Attn: General Counsel 3000 Hanover Street Palo Alto, CA 94304 USA Revision 01 August 2017 Aruba VIA 3.0.3 Android Edition Release Notes

Contents Contents 3 Release Overview 4 About VIA 4 Contacting Support 4 What s New in This Release 5 Features Introduced in VIA 3.0.3 5 Certificate-Based Authentication for Profile Downloads 5 Marking Outgoing Packets with ToS Bits 5 Resolved Issues in VIA 3.0.3 5 Known Issues in VIA 3.0.3 5 Features Added in Previous Releases 7 Features Introduced in VIA 3.0.2 7 Login Banner 7 Support for Sideloaded VPN Connection Profiles with Samsung Knox 7 Features Introduced in VIA 3.0.1 7 Features Introduced in VIA 3.0.0 7 VIA User Interface 8 Lockdown All Settings 8 Support for Samsung Knox 8 Resolved Issues in Previous Releases 9 Resolved Issues in VIA 3.0.2 9 Resolved Issues in VIA 3.0.1 9 Resolved Issues in VIA 3.0.0 9 Known Issues in Previous Releases 11 Known Issues in VIA 3.0.1 11 Known Issues in VIA 3.0.0 11 Aruba VIA 3.0.3 Android Edition Release Notes Contents 3

Release Overview Aruba VIA 3.0.3 is a major software release that introduces new features and fixes to issues identified in previous releases of Aruba VIA Android Edition. For more details, see the Aruba VIA 3.0.3 Android Edition User Guide. About VIA Virtual Intranet Access (VIA) is part of the Aruba remote networks solution targeted for teleworkers and mobile users. VIA detects the network environment (trusted and untrusted) of the user and automatically connects the user to the enterprise network. A trusted network refers to a protected office network that allows users direct access to the corporate intranet. Untrusted networks are public Wi-Fi hotspots such as airports, cafes, or home networks. Contacting Support Table 1: Contact Information Main Site Support Site Airheads Social Forums and Knowledge Base North American Telephone International Telephone Software Licensing Site End-of-life Information Security Incident Response Team (SIRT) arubanetworks.com support.arubanetworks.com community.arubanetworks.com 1-800-943-4526 (Toll Free) 1-408-754-1200 arubanetworks.com/support-services/contact-support/ hpe.com/networking/support arubanetworks.com/support-services/end-of-life/ Site: arubanetworks.com/support-services/security-bulletins/ Email: sirt@arubanetworks.com Aruba VIA 3.0.3 Android Edition Release Notes Release Overview 4

What s New in This Release Features Introduced in VIA 3.0.3 This section describes the features and enhancements introduced in VIA 3.0.3 Android Edition. Certificate-Based Authentication for Profile Downloads In previous versions of VIA, the client must provide their user credentials as part of the https communication with the controller in order to download a VIA.profile. This feature allows the client to authenticate automatically when a valid certificate is presented to the controller with standard ssl/tls key exchange and certificate validation rules. When a certificate-based profile is configured on a controller, VIA will attempt to authenticate the client certificate, while downloading the initial connection profile from the controller. If the controller requires a role to be assigned to the user, the client's identity can be authenticated using the appropriate certificate. This can be accomplished through the following: Email ID from the SubjectAltName extension (2.5.29.17) Email address OID (1.2.840.113549.1.9.1 Subject containing E= attribute (2.5.29.14) Issued to Name (in absence of email address) (2.5.19.17) Marking Outgoing Packets with ToS Bits This feature provides ability to mark outgoing IKE and ESP packets with custom DSCP (which is configured on controller under VIA connection profile. A new knob tos_dscp for marking custom DSCP is available under VIA connection profile. It supports values between 0 to 63. When a VIA client downloads the connection-profile, this value will also get pushed. VIA will set the configured DSCP value to outer IP header's ToS byte. Please note this feature is supported in ArubaOS 6.5.4 and onward, however, it is unavailable for ArubaOS 8.x versions. Resolved Issues in VIA 3.0.3 The following issues have been resolved in VIA 3.0.3: Table 2: VIA 3.0.3 Resolved Issues 26293 Symptom: Android VIA was unable to establish certificate -based tunnels if the client certificate was chained. Scenario: This issue was observed in all VIA releases prior to 3.0.3. Known Issues in VIA 3.0.3 The following are known issues in VIA 3.0.3: Aruba VIA 3.0.3 Android Edition Release Notes What s New in This Release 5

Table 3: VIA 3.0.3 Known Issues 27292 Symptom:VIA fails to connect. Scenario: This issue is specific to the Android 5.0 operating system and occurs after installing VIA 2.2.6 or later, or after upgrading to VIA 2.2.6 when previous versions of VIA or any other VPN client are already installed and connected. Workaround: Restart the Android 5.0 device after installing VIA 2.3.1 or later, or after upgrading VIA. 41413 Symptom: Clients are unable to download VIA profiles when using a chain certificate. Scenario: This issue is present in VIA 3.0.1 and 3.0.3. When clients attempt to download a VIA profile using a chain certificate, the download will fail. The chain certificate may still be used to connect to VIA. 6 What s New in This Release Aruba VIA 3.0.3 Android Edition Release Notes

Features Added in Previous Releases This chapter describes the new features and enhancements introduced in the previous releases of VIA Android Edition. Features Introduced in VIA 3.0.2 This section describes the features and enhancements introduced in VIA 3.0.2 Android Edition. Login Banner The login banner feature allows you to display a static warning message that provides information related to corporate policies or terms and conditions of using VIA. The login banner is displayed when the VIA connection is initiated and contains the Agree and Disconnect Now buttons. The VIA connection is processed only if the user clicks Agree. If the user clicks Disconnect Now, the warning message closes, and the VIA connection is aborted. To upload a login banner for VIA: 1. Navigate to Configuration > Advanced Services > VPN Services > VIA in the controller WebUI. 2. Under the Upload VIA Login Banner section, click Choose File to locate and select the login banner file. 3. Click Upload. Support for Sideloaded VPN Connection Profiles with Samsung Knox VIA 3.0.2 introduces support for sideloaded VPN connection profiles in Samsung Knox environments. If an admin user sideloads a VPN connection profile to VIA and then provisions a Samsung Knox profile, VIA gives preference to the sideloaded VPN connection profile. When the VPN connection is triggered, VIA connects using the sideloaded profile. To sideload a VPN connection profile to VIA: 1. Login to https://<controller-ip>/via. 2. After successful login, go to https://<controller-ip>/via/config?ikever=3. The controller returns a VPN connection profile xml file. 3. Save the xml file as via_config.xml. 4. Place the via_config.xml file in the root directory of the Android file system. 5. Launch VIA. If a VPN connection profile has not yet been provisioned on VIA, VIA loads the connection profile from the via_config.xml file. Features Introduced in VIA 3.0.1 There are no new features or enhancements introduced in VIA 3.0.1 Android Edition. Features Introduced in VIA 3.0.0 This section describes the features and enhancements introduced in VIA 3.0.0 Android Edition. Aruba VIA 3.0.3 Android Edition Release Notes Features Added in Previous Releases 7

VIA User Interface VIA 3.0.0 introduces a new User Interface (UI). For more details, see the ArubaVIA 3.0.0 Android Edition User Guide. Lockdown All Settings Network administrators can enable the Lockdown All Settings knob on the controller to prevent profile setting changes on the VIA client. When this knob is enabled, users cannot clear profiles or edit any settings on the VPN Profiles tab, including the server and authentication profile. Support for Samsung Knox VIA 3.0.0 introduces support for Samsung Knox to enhance security and provide mobile device management (MDM) integration. This feature includes: Implementation of the Knox VPN service and APIs. Refer to the Samsung Knox Vendor Integration Guide for more details. Automatic VIA profile provisioning in a Knox/MDM-controlled environment. Use of a generic Knox VPN framework to setup IPSec VPN tunnels. Support for dual IPSec tunnels. VIA can be used as an outer or inner tunnel in a dual tunnel environment. Support for IPSec VPN tunnels inside the Knox container. VIA supports Knox features on Samsung devices with Knox 2.2 and onwards. 8 Features Added in Previous Releases Aruba VIA 3.0.3 Android Edition Release Notes

Resolved Issues in Previous Releases The following issues were fixed in the previous releases of VIA Android Edition. Resolved Issues in VIA 3.0.2 The following issues are resolved in VIA 3.0.2: Table 4: VIA 3.0.2 Fixed Issues 34254 Symptom: VIA automatically reconnected after reaching the maximum session timeout. Scenario: This issue was observed in VIA 3.0.0. 36315 Symptom: When users connected to a trusted network, the Local IP on the Network tab of the VIA UI was updated with the assigned network IP address. Scenario: This issue was observed in VIA 3.0.0 when users connected to a trusted network. Resolved Issues in VIA 3.0.1 The following issues are resolved in VIA 3.0.1: Table 5: VIA 3.0.1 Fixed Issues 36314 Symptom: The VIA application was vulnerable to MITM attacks. Scenario: This issue was observed in Android devices in VIA 3.0.0 and earlier during the profile download process. This issue occurred when there were multiple SSL sessions during profile download, and a trust check was only performed for the first session. 36677 Symptom:VIA was unable to failover to a backup controller if port 443 was blocked. This issue is resolved by skipping controller reachability checks on port 443 during failover. Instead, VIA initiates an IPsec session directly with the controller. If the controller becomes unreachable, IKE negotiation fails with a timeout period of five seconds for the first UDP packet reply. Scenario: This issue was observed in Android devices in VIA 3.0.0 when port 443 was blocked. 151428 Symptom: The VIA application crashed when users attempted to connect in the absence of network connectivity. Scenario: This issue was observed in Android devices in VIA 3.0.0 when clients used the fully qualified domain name (FQDN) of a controller to download a VPN profile. Resolved Issues in VIA 3.0.0 The following issues are resolved in VIA 3.0.0: Aruba VIA 3.0.3 Android Edition Release Notes Resolved Issues in Previous Releases 9

Table 6: VIA 3.0.0 Fixed Issues 33924 Symptom: The VIA application crashed on Android devices if the configured VPN profile contained multiple IKE authentication profiles. Scenario: This issue was observed in Android devices in VIA 2.4.0. 34236 Symptom: Certificate-based VIA connection failed if the server certificate used for the VPN connection included a street name and postal code. Scenario: This issue was observed in Android devices in VIA 2.3.1. 35028 Symptom:VIA failed to connect when devices moved in and out of their Wi-Fi or LTE coverage areas. Scenario: This issue was observed in Android devices in VIA 2.4.0. 10 Resolved Issues in Previous Releases Aruba VIA 3.0.3 Android Edition Release Notes

Known Issues in Previous Releases The known issues and limitations observed in the previous releases of VIA Android Edition are described in the following table. s and applicable workarounds are included. Known Issues in VIA 3.0.1 The following issues are observed in VIA 3.0.1. Applicable workaround is included. Table 7: VIA 3.0.1 Known Issues 135653 Symptom:VIA connections with IKEv1 certificates fail when the certificate chain is used. Scenario: If the controller does not have the complete certificate chain configured as a trusted CA, but individual certificates in the chain are configured as trusted CAs, the VIA connection fails with IKEv1 certificates. This issue is observed in Android devices in VIA 2.3.1. Workaround: On the controller, configure the complete certificate chain of the intermediate CA as an ISAKMP CA certificate. 27292 Symptom:VIA fails to connect. Scenario: This issue is specific to the Android 5.0 operating system and occurs after installing VIA 2.2.6 or later, or after upgrading to VIA 2.2.6 when previous versions of VIA or any other VPN client are already installed and connected. Workaround: Restart the Android 5.0 device after installing VIA 2.3.1 or later, or after upgrading VIA. Known Issues in VIA 3.0.0 The following issues are observed in VIA 3.0.0. Applicable workaround is included. Table 8: VIA 3.0.0 Known Issues 135653 Symptom:VIA connections with IKEv1 certificates fail when the certificate chain is used. Scenario: If the controller does not have the complete certificate chain configured as a trusted CA, but individual certificates in the chain are configured as trusted CAs, the VIA connection fails with IKEv1 certificates. This issue is observed in Android devices in VIA 2.3.1. Workaround: On the controller, configure the complete certificate chain of the intermediate CA as an ISAKMP CA certificate. 27292 Symptom:VIA fails to connect. Scenario: This issue is specific to the Android 5.0 operating system and occurs after installing VIA 2.2.6 or later, or after upgrading to VIA 2.2.6 when previous versions of VIA or any other VPN client are already installed and connected. Workaround: Restart the Android 5.0 device after installing VIA 2.3.1 or later, or after upgrading VIA. Aruba VIA 3.0.3 Android Edition Release Notes Known Issues in Previous Releases 11

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback