Aventail README ASAP Platform version 8.0

Similar documents
This version of the SonicWALL Aventail E-Class SRA EX-Series software includes numerous fixes, which are listed at the end of this document.

Release Notes. Contents. Platform Compatibility. Release Caveats. Dell SonicWALL Aventail E-Class SRA Release Notes. Secure Remote Access

Aventail ST2 SSL VPN New Features Guide

Secure Remote Access SonicWALL Aventail E-Class SRA EX-Series v10.0

SonicWALL Aventail E-Class SRA EX-Series v9.0.4

Aventail Connect Client with Smart Tunneling

The SSL device also supports the 64-bit Internet Explorer with new ActiveX loaders for Assessment, Abolishment, and the Access Client.

Aventail WorkPlace. User s Guide Version 8.7.0

SonicWALL Aventail README ST v /SSL VPN version 8.9.0

Dell SonicWALL Aventail Connect Tunnel User s Guide

Clearspan Hosted Thin Call Center R Release Notes JANUARY 2019 RELEASE NOTES

Cisco Unified Serviceability

Aventail Installation Tech Note

SonicWall Secure Mobile Access 12.0 Connect Tunnel. User Guide

Dell Secure Mobile Access About Dell Secure Mobile Access

User Management. Users, Groups, Communities, and Realms. Using Realms and Communities. Users and groups. Communities. Realms

Release Notes. Platform Compatibility. Upgrading from Earlier Versions. Release Caveats

Aventail Connect Tunnel Service

This Readme describes the NetIQ Access Manager 3.1 SP5 release.

BIG-IP Access Policy Manager : Portal Access. Version 12.1

Upgrade Guide. Platform Compatibility. Dell SonicWALL Aventail E-Class SRA 10.7 Upgrade Guide. Secure Remote Access

Policy Settings for Windows Server 2003 (including SP1) and Windows XP (including SP2)

WorkPlace. User Guide Version 10.5

Release Notes Version 7.8

CFS Browser Compatibility

Telephony Toolbar Enterprise. User Guide

RSA Authentication Manager 7.1 Help Desk Administrator s Guide

NetExtender for SSL-VPN

Workstation Configuration Guide

Cisco TelePresence VCS Cluster Creation and Maintenance

Upgrade Guide. SonicWALL Aventail E-Class SRA EX-Series v9.0.5

In This Month s Issue: General and Limited Release Hotfixes/Roll-up Packs: Page 2 Citrix Knowledge Center Articles: Page 24

Release Notes. Dell SonicWALL SRA Release Notes

Upgrade Guide. Platform Compatibility. SonicWALL Aventail E-Class SRA EX-Series v Secure Remote Access

Agent and Agent Browser. Updated Friday, January 26, Autotask Corporation

AppSense DataNow. Release Notes (Version 4.0) Components in this Release. These release notes include:

BlackBerry Enterprise Server for Microsoft Office 365. Version: 1.0. Administration Guide

Introduction to application management

Aventail E-Class SRA WorkPlace User Guide

SRA Virtual Appliance Getting Started Guide

Quest Desktop Authority Full Build Update Release Notes

Clearspan Hosted Thin Call Center R Release Notes APRIL 2015 RELEASE NOTES

Data Protection Guide

BIG-IP Access Policy Manager : Portal Access. Version 13.0

Cisco Expressway Cluster Creation and Maintenance

Access Gateway 9.3, Enterprise Edition

Release Notes. Platform Compatibility. Upgrading from Earlier Versions. Release Caveats

Install and upgrade Qlik Sense. Qlik Sense 3.0 Copyright QlikTech International AB. All rights reserved.

Clearspan Web Interface Getting Started Guide

Workstation Configuration

Hosted VoIP Phone System. Blue Platform. Hosted Call Center. Agent User Guide

Installation Guide. Contents. Overview. Dell SonicWALL Advanced Reporting Installation Guide. Secure Remote Access. SonicOS

SonicOS Enhanced Release Notes

User Guide SecureLogin 8.1

Using VMware View Client for Mac

AUTHORIZED DOCUMENTATION

HP Management Integration Framework 1.7

Practice Labs User Guide

Guide to Deploying VMware Workspace ONE. DEC 2017 VMware AirWatch 9.2 VMware Identity Manager 3.1

VMware Identity Manager Administration. MAY 2018 VMware Identity Manager 3.2

Barracuda Firewall Release Notes 6.5.x

Guide to Deploying VMware Workspace ONE. VMware Identity Manager VMware AirWatch 9.1

Receiver (Updater) for Windows 2.0

Getting Started with VMware View View 3.1

Realms and Identity Policies

Configuring the SMA 500v Virtual Appliance

Browser Configuration Reference

VII. Corente Services SSL Client

Symptom Condition / Workaround Issue Full domain name is not resolved by the RDP- ActiveX Client.

Installing and Configuring vcenter Support Assistant

Guide to Deploying VMware Workspace ONE with VMware Identity Manager. SEP 2018 VMware Workspace ONE

CloudLink SecureVM. Administration Guide. Version 4.0 P/N REV 01

Viewing System Status, page 404. Backing Up and Restoring a Configuration, page 416. Managing Certificates for Authentication, page 418

Horizon Cloud with On-Premises Infrastructure Administration Guide. VMware Horizon Cloud Service Horizon Cloud with On-Premises Infrastructure 1.

The Evolved Office Assistant

DSS User Guide. End User Guide. - i -

Data Protection Guide

Clientless SSL VPN End User Set-up

SSL VPN User Guide. Access Manager Appliance 3.2 SP2. June 2013

Novell Access Manager

Accella Toolbar. User Guide. Release 20.0

SAP BusinessObjects Live Office User Guide SAP BusinessObjects Business Intelligence platform 4.1 Support Package 2

Sign in and Meeting Issues

This section of the release notes is reserved for notable changes and new features since the prior version.

Release Notes. Release Purpose... 1 Platform Compatibility... 1 Upgrading Information... 1 Browser Support... 1 Known Issues... 2 Resolved Issues...

Workstation Configuration

Novell Access Manager

Workstation Configuration

Cisco s AnyConnect VPN Client (version 2.4)

Cisco Terminal Services (TS) Agent Guide, Version 1.1

Hosted VoIP Phone System. Hosted Call Center. Supervisor User Guide

Cisco Craft Works Interface Quick Start Guide Cisco IOS XR Software Release 3.2 1

Remote Access Resources

Cisco Terminal Services (TS) Agent Guide, Version 1.1

NetIQ Privileged Account Manager 3.5 includes new features, improves usability and resolves several previous issues.

UPGRADING STRM TO R1 PATCH

Installing and Configuring VMware Identity Manager Connector (Windows) OCT 2018 VMware Identity Manager VMware Identity Manager 3.

Merchandising Server 2.2

Juniper Networks Access Control Release Notes

Receiver for BlackBerry 2.2

Transcription:

Aventail README 1 Aventail README ASAP Platform version 8.0 Part No. 0850-000010-01 October 19, 2004 This README highlights new features and provides late-breaking information about the Aventail EX-1500 and EX-750 appliances. It also lists known issues that are fixed in this release. This information supplements the printed and online documentation that accompanies the EX-1500 and EX-750. Review the README before installing and configuring the Aventail EX-1500 or EX-750 appliance. What s New in this Release? Version 8.0 of the Aventail ASAP platform includes the following new and enhanced features: Simplified access policy management: The separate access control lists for Web, client/server, and file system resources have been consolidated into a single Access Control page, resulting in fewer steps required to create, manage, and audit access policies. Support for a new Web proxy client access method: The new, standard Web access method for Windows 2000/XP clients running Internet Explorer 5.5 or later eliminates the need for Web content translation and provides enhanced access to enterprise Web applications. Enhanced End Point Control capabilities: New End Point Control (EPC) configuration options give administrators greater control over VPN access by defining zones and device profiles. EPC zones classify connection requests based on selected end-user device attributes that define the degree of trustworthiness allowed for client devices. EPC zones can also be associated with access control rules. Improved update and rollback functionality: The new System Maintenance page includes options to update the system configuration or roll back to a previous version of the system software. This provides an easier alternative but not a replacement to using the command line tools. User monitoring and termination: The new Active Users page displays the current number of active user sessions, and displays a searchable list of sessions that can be sorted by username and realm. This page also includes a new End session option that temporarily terminates all VPN connections for selected users. Expanded authentication and user management support: The use of authentication realms has been expanded to include support for selecting which EPC zones and access methods are available to realm members. Group affinity checking accommodates network environments where authentication and authorization are handled by different servers. This allows you to configure a secondary authentication server (either LDAP or Microsoft Active Directory) that is queried for group affinity Enhanced OnDemand configuration: The new Configure OnDemand page requires less data entry to configure port-mapped applications. The new network Redirection List shows all network resources that are automatically redirected in Dynamic Mode. Enhanced Simple Network Management Protocol (SNMP) configuration: The Configure SNMP page has a new option for enabling support for SNMP traps, and provides the ability to download the new Aventail Management Information Base (MIB) file, which adds ASAP-specific data to already supported MIBs. 2004 Aventail Corporation. All rights reserved.

2 ASAP Platform version 8.0 Policy replication between Aventail appliances: The new Import/Export page allows you to export the current configuration from one appliance and then import all or part of the configuration on another appliance. This is an easy way to ensure that multiple appliances are using the same access policies. License management: With the new Licensing page you can review and manage software licenses for the appliance, and view status information about concurrent users and expiration dates. Improved usability throughout AMC: This release includes numerous functional enhancements to the user interface including the grouping of common tasks, navigation breadcrumbs, sortable lists, easier access to options, and summary pages that provide configuration and status information at a glance. Upgrading from Prior Versions If you are upgrading to ASAP version 8.0 from a previous release, be sure to consult the upgrade instructions in the Upgrade Guide for detailed information. You ll find a copy of this document on the Aventail Assurance support site. CAUTION: If any of your resource groups include the OnDemand Dynamic Proxy resource, the upgrade to Aventail ASAP Platform v8.0 will fail. Before upgrading to ASAP v8.0, ensure that the OnDemand Dynamic Proxy resource is not included in any resource groups. Known Issues This section describes the known issues for this release. Web Access Service Standard Web agent does not work with NTLM-protected resources (25448) Internet Explorer prohibits NTLM authentication to be used with a proxy. Because the standard Web agent is a proxy, users will get an access denied message when they attempt to connect to an NTLM-protected resource when standard Web access is enabled in WorkPlace. Use translated Web mode to access NTLM-protected resource, or enable basic authentication on the resource. Netegrity Single Sign-On doesn t function when Aventail standard Web mode is enabled (25881) Single sign-on does not function when accessing a resource protected by Netegrity if the user s ASAP WorkPlace session has the standard Web mode enabled. In this situation the user is re-prompted for authentication when they click on the Netegrity resource in WorkPlace. Netegrity single sign-on works properly when accessing a resource from WorkPlace using translated Web mode. Standard Web access mode disrupts prior sessions for some Web applications (26244) If a Web application (such as WebEx) is running on a client machine when it connects to the appliance and launches Aventail s standard (non-translated) Web access mode in a separate browser, the user may receive Javascript errors in the browser running the Web application. This is caused by Microsoft Internet Explorer s cross-frame security. (For information on cross-frame security, see 2004 Aventail Corporation. All rights reserved.

Aventail README 3 http://support.microsoft.com/default.aspx?scid=http://support.microsoft.com:80/s upport/kb/articles/q167/7/96.asp&nowebcontent=1). Refresh the browser window for the session running the Web application. Microsoft Outlook Web Access with single sign-on and form-based authentication not supported (26048, 25025, 26005) The appliance does not support Microsoft Outlook Web Access (OWA) with single sign-on with form-based authentication. If OWA is configured for single sign-on in AMC and the back-end server is configured for form-based authentication, attempting to access OWA from ASAP WorkPlace will result in script errors. The appliance supports single sign-on for OWA with basic or NTLM authentication forwarding. With SSO enabled, back-end resources configured with NTLM authentication forwarding are sometimes inaccessible using Mozilla v1.7.2 (26228) With Single Sign On enabled, timing issues may prevent a Mozilla 1.7.2 user from accessing a back-end Web resource offering NTLM authentication. This occurs if that resource is configured with different credentials than those used to access the appliance, and the user enters his or her credentials before all connections are closed. This problem occurs intermittently. Instruct the user wait a few seconds before entering his or her credentials. Aliased URLs cannot contain query strings or file names (23913) When creating an aliased URL to a resource, do not end the URL with a either a query string or a file name. When the Aventail Web access service receives an aliased URL ending in a query string or file name, it may not make a proper request to the back end server because it appends a trailing slash to the URL. When creating an aliased URL, make sure that it points to a directory. In translated Web mode, reloading a page in Mozilla v1.7.2 may cause intermittent JavaScript warnings (26127) When using translated Web mode and accessing a resource using JavaScript translation (as configured in the Web Application Profile), reloading a page containing JavaScript can sometimes cause Mozilla v1.7.2 to display JavaScript warnings. Instruct the user to force a page reload (that is, not reading it from the browser cache) by pressing CTRL+SHIFT+R, which will address the problem. Disabling HTTP 1.1 setting in Internet Explorer causes browser connections to fail (26286) If Internet Explorer is configured to disable the Use HTTP 1.1 setting on the Advanced Internet options tab, when a user logs in to a realm that provisions Aventail s standard Web agent, all browser connections will fail when the standard Web agent is activated. Ensure that the Use HTTP 1.1 option is enabled in Internet Explorer. 2004 Aventail Corporation. All rights reserved.

4 ASAP Platform version 8.0 Microsoft OWA 2003 re-prompts for authentication using Firefox browser (26285) When connecting to Microsoft OWA 2003 using Firefox 1.0 via a Web shortcut in ASAP WorkPlace, users are re-prompted for basic authentication after they enter valid credentials. Logging out of Microsoft OWA 2003 in Internet Explorer forces user to reauthenticate to the appliance (23922) Using Internet Explorer to log out of OWA 2003 logs users out of ASAP WorkPlace and forces them to reauthenticate to the appliance. Using the Aventail standard Web agent will resolve this issue. ACL denies access to Citrix in OnDemand port-mapped mode (26076) When an access control rule denies access to a Citrix back-end server, the Aventail Web access service is incorrectly translating the Citrix.ica file even when the OnDemand port-mapped configuration is not loaded. In this situation, when a user logs in to a realm via OnDemand and downloads an.ica file, attempting to connect to the Citrix host would fail. Logging out of Lotus inotes v6.0.2 forces user to reauthenticate to the appliance if JavaScript translation is disabled (23466) If Lotus inotes v6.0.2 is configured with JavaScript translation disabled, clicking the Logout button in inotes logs the user out of ASAP WorkPlace and forces him or her to reauthenticate to the appliance. Using the Aventail standard Web agent will resolve this translation issue. Otherwise, create a Web application profile and make sure that the Translate JavaScript option is enabled. Next, apply that profile to the inotes resource. Errors using Microsoft OWA v5.5 with basic authentication forwarding enabled (25115) Users running Microsoft Outlook Web Access (OWA) v5.5 through the Aventail Web access service may encounter one or more error messages when they send an e- mail message or attach a file to an e-mail. In the case where the user s Aventail Web access service credentials match those of the OWA server, creating an e-mail triggers an error message stating that message body is over the size limit. When the Aventail Web access service credentials don t match those of the OWA server, the user gets an error message when attempting to attach a file to an e-mail. Disable basic authentication forwarding in the OWA v5.5 server. Platform Do not to reset system time while using evaluation license (25800) Setting the system time backward on your appliance while using an Aventailprovided evaluation license will disable all services on the appliance for licensing reasons. Do not move your system time backward while using an Aventail-provided evaluation license. Before importing a license file you should ensure that the appliance s system data and time are configured correctly by setting them forward for your local time. 2004 Aventail Corporation. All rights reserved.

Aventail README 5 Access denial information for file shares in WorkPlace not available in SNMP (25894) The appliance s SNMP agent does not provide information about denied authorization requests from WorkPlace users attempting to access file share resources. Partition size not available via SNMP (26193) The appliance s SNMP agent does not provide information about the current and available partition size. Factory reset tool fails if run from /upgrade directory (26133) The factory_reset tool cannot be run from the /upgrade directory. Attempting to run factory_reset there will fail and display a message that there was an error creating a new file system for /upgrade. Run factory_reset from a directory that is lower than /upgrade. Message log shows incorrect access control list rule numbers (26163) The reference numbers for access rules listed in the message log do not match the numbers shown in the access control list (ACL) on the Access Control page in AMC. This occurs because there are two implicit access rules that do not appear in the ACL in AMC, but which are recorded in the message log. The result is that the number assigned to an access rule in the message log is two greater than in the ACL, so that what appears as rule 1 in AMC shows up as rule 3 in the message log. Incorrect message when upgrade partition insufficient space (26274) If the upgrade installation fails because the /Upgrade partition on the appliance has insufficient space, the install script will display a message that does not accurately reflect how much additional space is required. Regardless of the amount of space needed, the message will always state: You will need at least 1 Kbytes of disk free. Please free up the required disk space and try again. ASAP Management Console (AMC) Local user accounts on slave node are overwritten when AMC applies changes (22916) If you create a local user account (using the UNIX adduser command) on the slave node, the account is overwritten by AMC when you apply configuration changes on the master node. Upgrade fails when a resource group contains the OnDemand Dynamic Proxy resource (26309) If any of your resource groups include the OnDemand Dynamic Proxy resource, the upgrade to Aventail ASAP Platform v8.0 will fail. Before upgrading to ASAP v8.0, ensure that the OnDemand Dynamic Proxy resource is not included in any resource groups. OnDemand applications can't have the same name as a resource (26058) When configuring an application for use with OnDemand on the Mapped Mode page, assigning that application a name that is already assigned to another resource previously configured in AMC will cause a conflict. This will not display an 2004 Aventail Corporation. All rights reserved.

6 ASAP Platform version 8.0 error message when the OnDemand application is saved. However, editing the other resource on the Add/Edit Resource page displays the message The name entered is already in use by another resource. Do not assign the same name to an application configured for OnDemand and to another resource. Group caching remains enabled when LDAP group lookup options are disabled (26130 & 26131) When configuring an LDAP authentication server in AMC, disabling the two Group lookup options on the Configure Authentication Server page does not disable the Cache group checking and Cache lifetime options. This may result in users who belong to an LDAP group included in an access rule being inadvertently denied access to a resource. When disabling the Group lookup options, be sure to also clear the Cache group checking check box. Configuring OnDemand for a remote desktop connection in port-mapped mode on Windows XP SP2 (26051) For machines running Windows XP Service Pack 2, configuring OnDemand for a remote desktop connection in port-mapped mode will not work with the default local port setting (3389) assigned by AMC. On the Mapped Mode page for Aventail OnDemand, with Windows Terminal Server selected as the Service type, confirm that the Local host is set to 127.0.0.1 and change the Local port to any port number other than 3389 (for example, 3390). ASAP WorkPlace OnDemand status details not displayed for Internet Explorer 5.2.3 for the Macintosh (26141) When running Microsoft Internet Explorer 5.2.3 for the Macintosh, OnDemand status details are not displayed in ASAP Workplace. Resources entered in the Internet Address box in ASAP WorkPlace on a Macintosh don t open in a new browser session (26139) If an Apple Macintosh user running Internet Explorer enters a Web or network resource in the Intranet Address box in WorkPlace, the resource incorrectly replaces WorkPlace in the browser window instead of opening in a new browser session. WorkPlace shortcuts in AMC work correctly for Macintosh users. When Macintosh users click a shortcut in WorkPlace, the Web or network resource will open properly in a new browser session. OnDemand fails to launch in Internet Explorer when Sun JVM 1.4.2_05 is used (26200) OnDemand fails to launch on Windows XP machines with Sun Java Virtual Machine (JVM) version 1.4.2_05 installed that are running Internet Explorer with an authenticating proxy defined (not a proxy with anonymous access). Reverting to version 1.4.2_04 of the Sun JVM eliminates this problem. 2004 Aventail Corporation. All rights reserved.

Aventail README 7 Disabling ActiveX in Internet Explorer causes script errors in ASAP WorkPlace with standard Web agent (26256) If the Run ActiveX controls and plug-ins option is disabled in Internet Explorer s Security Settings dialog box, then users attempting to log in to a realm in ASAP WorkPlace that is configured for the standard (non-translated) Web access mode will receive script error messages. In order to use the standard Web agent in ASAP WorkPlace, Internet Explorer must be configured with the Run ActiveX controls and plug-ins option enabled. Disabling ActiveX in Internet Explorer causes WorkPlace to halt (26250) If the Run ActiveX controls and plug-ins option is disabled in Internet Explorer s Security Settings dialog box, when users attempt to log in to ASAP WorkPlace, the login process will stop at the loading agents stage. Add the URL for the appliance to the list of Trusted sites on Internet Explorer s Security tab, and then set the security level for the Trusted sites zone to Low. Macintosh Java plug-in v1.3.1 does not detect proxy settings (26150) Macintosh computers using Sun s Java plug-in v1.3.1 can t launch OnDemand because the Java plug-in is unable to detect the proxy settings. Using Sun s Java plug-in version 1.4.2 eliminates this problem. OnDemand loads when not required by an EPC zone (25959) In situations where an EPC zone is created for untrusted users (which requires Aventail Secure Desktop and provides only limited access to Web resources), when users log in to ASAP WorkPlace and are placed in the zone, on OnDemand is automatically loaded even though it can t be used by untrusted users. This occurs because OnDemand in dynamic mode is enabled at the realm level. End Point Control (EPC) Standard Web agent doesn t automatically work in an Internet Explorer session launched by Aventail Secure Desktop (26125) Client machines running Aventail Secure Desktop (ASD) can t automatically operate in standard Web (non-translated) mode in the ASAP WorkPlace browser launched by ASD. This happens because ASD cannot read the Internet Explorer proxy settings that are modified by the standard Web agent. Opening a new browser window within the secure desktop will correctly read the standard Web agent proxy settings and provide non-translated access to network resources. When the new browser session is ended, ASD will work as designed to remove all session-related data stored on the local hard drive. 2004 Aventail Corporation. All rights reserved.

8 ASAP Platform version 8.0 Aventail Cache Control ignores the cache file when a Mozilla user profile name contains a space (24614) On Linux machines running the Mozilla browser, Aventail Cache Control (ACC) will not clean the user s cache file at the end of the session if the user profile name configured in Mozilla contains a space. ACC instead will clear the default Mozilla cache. Make sure that profile names for Mozilla users who will use ACC do not contain spaces. EPC installation delay for Windows restricted users (25592) Users who have restricted user rights on Windows 2000 and XP machines running Internet Explorer will experience a delay while EPC components are downloaded. If ActiveX is disabled on the client, the EPC components are provisioned using Java. Users will need to wait approximately 20 seconds until the Java installation process completes. HTTPS URL resources seen in WorkPlace when corresponding host resource isn't created (25893) Creating an HTTPS URL resource with a Web shortcut in AMC displays the shortcut in ASAP WorkPlace, but clicking the link fails to connect the user to the resource. To access a back-end HTTPS Web resource through the standard Web agent, you must take an additional step when configuring resources and access control rules. In addition to defining the back-end server as a URL resource and creating an access control rule, you must also create a host resource for the Web resource (or a domain resource containing the Web server) and include it in the access control rule. Delayed display of File system access error message for unknown network resources (26010) Entering an unknown network resource in the ASAP WorkPlace Intranet Address box may result in a delay before the message File system access error is displayed in a separate WorkPlace browser window. File downloading error in ASAP WorkPlace with permission denial (25521) When a user attempts to download a file in ASAP WorkPlace for which they are denied access, WorkPlace does not warn the user that there is a permission violation. Instead WorkPlace downloads an empty file. Sun s Java VM fails to install EPC components if Microsoft Internet Explorer is configured to automatically detect proxy settings If ActiveX is disabled on the client, the EPC components are provisioned using Java. If Microsoft IE is configured to automatically detect proxy settings and the browser is configured with the Sun JVM, the browser will stop responding during the zone classification process for End Point Control. Configure Internet Explorer with a different JVM or enable ActiveX 2004 Aventail Corporation. All rights reserved.

Aventail README 9 After disabling EPC, default zone continues to block VPN access (26239) When the default EPC zone is configured to block VPN access, changing the global state of EPC from enabled to disabled on the End Point Control page has no effect on the default zone, which continues to block VPN access. To prevent the default EPC zone from continuing to block VPN access after EPC has been disabled, change the access restriction setting for the default zone to Allow VPN access on the Zone Definition page. Personal firewall prevents Aventail Secure Desktop from exiting (24981) If a user launches Aventail ASAP WorkPlace with Aventail Secure Desktop (ASD) enabled and has a personal firewall running within the ASD session, then logs off from ASAP Workplace, the ASD padlock icon disappears from the browser s status bar. ASD remains enabled and the personal firewall continues running, but the user cannot switch between the secure desktop and the normal desktop. If ASD reaches its timeout period, both the ASD session and the personal firewall will terminate. Terminating Aventail Cache Control prevents Aventail Secure Desktop from exiting (25025) If a user terminates the Aventail Cache Control client process (cclient.exe) using Task Manager during an Aventail Secure Desktop (ASD) session, the ASD icon disappears from the secure desktop s taskbar notification area and the user is prevented from exiting ASD or switching to the normal desktop. Users should be discouraged from terminating the Aventail Cache Control client process. Dynamic Redirection prevents resource access in OnDemand under Aventail Secure Desktop (25097) When a user is running OnDemand in Dynamic Redirection mode and has Aventail Secure Desktop (ASD) enabled, the user will not be able to access the destination resources. Can t open OnDemand in a second browser window with Aventail Secure Desktop enabled (25104) If a user logs in to Aventail ASAP WorkPlace with Aventail Secure Desktop (ASD) enabled, launches and subsequently closes OnDemand, and then attempts to open OnDemand in a second browser window, OnDemand will stop responding. Close all browser windows to exit ASD, WorkPlace, and OnDemand. Cluster Configuration Imported configuration not applied to secondary node in high-availability cluster (26904) When two appliances are set up as a high-availability cluster, importing the configuration file from another clustered appliance into the new master node does not immediately apply the changes to the secondary (slave) node. Reboot the appliance that is set up as the secondary node, which will apply the changes from the imported configuration file. 2004 Aventail Corporation. All rights reserved.

10 ASAP Platform version 8.0 License file is not properly synchronized on secondary node of cluster (26261) If the secondary node of a high-availability cluster is offline or disconnected when a license is imported into the primary (master) node, the license file will not be properly synchronized on the secondary node. When the secondary node is brought back online, the master node correctly manages the synchronization of other data, such as policy and configuration, but licensing is not synchronized. Ensure that the secondary node of the cluster is running and properly connected to the primary node when importing a license. Issues Fixed in This Release The following known issues from previous versions of the appliance are fixed in this release. The numbers refer to the tracking IDs used in previous versions of the README. Web Access Service 23907 Unable to sort e-mail messages in Search window of Outlook Web Access 2003. Platform 25121 Overlap of static route configuration prevents access to network interface. 24926 Netegrity policy server clock synchronization. 24569 Log rotation settings. ASAP WorkPlace 25129 OnDemand fails to load without administrator rights in Windows 2000. End Point Control 24406 Aventail Secure Desktop and OnDemand interoperability. Documentation 25062 Online Help for Export Root Certificates page incorrectly identifies certificate format. Security Fixes in This Release The following security vulnerabilities are fixed in this release. Each issue is tracked using one or more of the following IDs: The five-digit number is an internal Aventail tracking ID. CVE numbers refer to the ID used on the used on the Common Vulnerabilities and Exposures Web site (http://www.cve.mitre.org). DSA numbers refer to Debian Security Advisory IDs (http://www.debian.org/security/). 22949 World-writable files and directories found 25234 Policy file permissions are world-readable 25235 Server certificate and key permissions need restrictions 2004 Aventail Corporation. All rights reserved.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback