Skip to content

CyberEdge Spectra 0.17

0.17.6

Coming Soon

RoamSafe Agents are licensed per device and are available as a paid add-on component of the CyberEdge platform. For pricing and licensing information, please contact your CyberEdge business partner.

CyberEdge Windows RoamSafe Agent

Outlined below are the capabilities of the RoamSafe Agent for Windows. For a comprehensive list of features, visit https://docs.slsecure.zone/RoamSafe/RoamSafe_Agent_Windows.html. Please note, there are no product or feature changes to the RoamSafe Agent for macOS in this release.

Major Enhancements

Feature
Description
RoamSafe Agent RoamSafe Agent for Windows is now generally available
RoamSafe Agent RoamSafe Agent for Windows MSI installed is available for download via RoamSafe > Agents > Downloads
RoamSafe Agent RoamSafe Agent for Windows includes support for category web filtering, custom list, group based policies, IP/Port filtering, Protocol Filtering, Time of Day Polices, Date ranges
RoamSafe Agent SafeSearch protections for Google, Bing and Duck Duck Go
RoamSafe Agent YouTube restricted mode is supported
Content Scanning Content scanning policies and reporting is now available for the Windows agent
RoamSafe Agent New Windows RoamSafe agent logs are available via Status > Log Viewer > RoamSafe Agent
RoamSafe Reporting RoamSafe Agent reporting data is available within the CyberEdge Reporting Application

Enhancements

Feature
Description
Change History Added a "Show Raw Diff" Button to Change History and Apply Changes to better display config changes
Management UI Improvements to the DHCP, System logging, and Traffic Shaping profiles UI components
Captive Portal Updated the display of error messages for SSO provided captive portal pages
LiveZone Added functionality to Deselect all users within LiveZone
Management UI Small UI changes to the RoamSafe Agent configuration page to support the new Microsoft Windows Agent

Resolutions

Feature
Description
Performance Resolved and issue that could occasionally cause excessive memory usage in the captive portal service
Authentication Resolved an error which would stop users from being able to log in to box services if the provider they were authenticating against had unicode characters in their identifier.
LiveZone Teachers no longer see failed login attempts as selectable students in LiveZone
LiveZone Resolved an issue where selected users were removed if they were not visible in the list because of searching.
Management UI Resolved an issue with the zone pair selector in Access Policies

0.17.5

Available 30th October, 2024

Change of Behaviour

Feature
Description
Content Scanning Content scanning network exclusion IPs and ranges have been migrated to a new IP List object called "Content Scanning Exclusions," located under Shared Objects > IP Lists.
Content Scanning The "Content Scanning Exclusions" object is now referenced in Content Scanning > General > Content Scanning > Excluded Ranges. Going forward, it is recommended to add any IPs or networks requiring exclusion to the "Content Scanning Exclusions" lists within Shared Objects.

Enhancements

Feature
Description
Management UI Access Policy Overview now displays the Time of Day and Date range values of a policy.
Management UI Access Policy Overview now displays the AND / OR values of the policy logic.
Management UI Improvements to the management user interface to improve the overall user experience for system administrators.
Management UI Improvements to the Balance and Failover configuration UI to better display IP's and Network information where a large number of network inputs are listed.
Management UI Within the category test tool results, custom categories listed now have a link to the custom category shared object lists.
LiveZone UI Improvements to the responsiveness of LiveZone and Classroom Control on mobile devices.

Resolutions

Feature
Description
Management UI Resolved in issue with the JWT refresh that could result in a full page reload, resulting in the possible of loss of state.
Management UI Resolved an issue where the policy name change would not save with the policy as intended.
Block Page Small CSS updates to the custom block page to stretch images rather than tile.
Authentication Existing authentication session timeouts are updated when the configuration value managing auth session timeouts is changed.
Management UI Resolved an issue with the custom category filtering not working within Access Policy > Categories > Custom Categories
Generated Report Resolved an issue with quarterly reports generation that could result in other reports not generating as intended.
Generated Report Resolved an issue with generated reports that could result in report generation performance issues.
System Config Resolved an issue with DHCP reservation configuration validation that resulted in the slow performance of the CyberEdge configuration system.
System Config Updates to the save functionality to reduce redundant data within the configuration.
System Resolved an issue with system resource utilisation on CyberEdge systems with greater than 48CPU Cores.
Content Scanning Resolved an issue that resulted in disabled content scanning rules processing network traffic.

0.17.4

Available 26th September, 2024

Change of Behaviour

In version 0.17.4, a new shared objects model has been introduced allowing administrators to manage and reference re-usable information within CyberEdge policy criteria more effectively. The shared objects model includes handling for custom categories (domain lists), IP lists and port lists. As a result, there is a change in behaviour in the CyberEdge that should be noted.

  • Access Policies, Fast Path Policies, Routing Policies, Traffic Shaping Policies and RoamSafe Agent Policies - Source and Destination criteria can now reference IP and Port list objects.
  • Access Policies and RoamSafe Agent Policies custom categories now reference the new custom category lists. Changes to custom category domain lists are now completed via the new shared objects menu.

More information on the new shared objects can be found here

Important Note

  • IP and Port inputs currently configured in the policy criteria have NOT been migrated to the new IP and Port lists. This allows administrators to review and create appropriate list and lists types for your network. It is advised that administrators move IP and Port configuration to the new shared objects at their convenience to simplify system administration.
  • All custom categories have been moved to the new custom category object list and should be managed via the new shared objects.
  • In future releases, the shared object model will be extended to additional components of the CyberEdge system configuration.

Enhancements

Feature
Description
Custom Categories Custom categories management, used by Access Policies and RoamSafe Policies, has been moved to the new shared objects > Custom Categories menu.
IP/Port Lists IP and Port lists can now be created and managed in shared objects > IP/Port Lists. IP and Port lists can now be referenced and used within Access Policies, Fast Path, RoamSafe and Routing Policies within source and destination criteria.
Proxy Logs Enhanced the performance and clarity of proxy logs in the log viewer, including updates to the format, user agent values, and proxy actions. To view proxy logs navigate to Status > Log Viewer > Proxy.
Reporting The RoamSafe VPN has been added as an option in the 'Creation Method' filter within the authentication data source of the reporting application.
Reporting The CSV export limit has been increased from 10,000 to 50,000 rows.
Policy Test Tool The web filtering category check tool now supports custom categories.
Performance Performance improvements for the proxy and content scanning process.
Classroom Control Added additional pre-defined classroom lesson lengths, now including options for 80 minutes, 120 minutes, and 360 minutes.
Content Scanning Alert Both the full name and user name are now displayed in the content scanning email notifications.
Management UI The UI components for Users and Groups in Local Auth Providers have been updated to improve the user experience for administrators when managing these elements.
Management UI Added the report schedule status to Reporting > Scheduled Reports view.

Resolutions

Feature
Description
Log Forwarding Resolved an issue with log forwarding where logs were not being sent if the remote syslog server was configured to use a port other than the default port 514.
Reporting Dashboard Resolved an issue that could result in a broken dashboard when saving queries with a custom time range.
Generated Reports Increased the system timeout for report generation, allowing reports to run for up to 10 minutes and reducing failures for long-running queries.
Authentication The Cisco ISE pass-through authentication service has been updated to support RADIUS accounting events that deviate from the standard RADIUS accounting format, often due to custom events created by network administrators. Previously, CyberEdge would ignore RADIUS accounting packets with missing non-essential data.
Authentication Improved the performance of group lookups against extremely large directory services for both MS Active directory, Google Cloud and OpenLDAP.
RoamSafe VPN Resolved an issue with RoamSafe VPN routing in networks utilising multiple Internet connections.
RoamSafe VPN Improvements to the RoamSafe VPN to improve connection reliability on iOS/iPadOS.
Client to Site VPN Improvements to the Client-to-Site VPN to more effectively manage slow-performing authentication providers, reducing the risk of VPN authentication disconnects.
Management UI Resolved an issue in the Access Policies UI that incorrectly displayed the application tag for "AI."
Management UI Resolved an issue with the with the incorrect IP showing on the secondary node in System > Nodes > Secondary.
Management UI Access Policy test results now displays group names correctly.
Management UI Resolved an issue on the Network > Adapters page where adding multiple interfaces without 'Name' and toggling VLANs would result in duplicated rows.
Custom block page Resolved an issue that would result in an error when resetting to the default CSS of for the custom block page.
Reporting UI Resolved an issue with JWT token refresh that resulted in users to lose their application state in the reporting application.
Reporting UI Resolved an issue where the time range and timestamps were improperly cleared when refreshing the page in the reporting application event viewer.
LiveZone UI Resolved an issue with JWT token refresh that resulted in users to lose their application state in LiveZone application.
System Resolved an intermittent system issue that could occur after a reboot when Custom block pages are configured.
Proxy Resolved an issue where proxy reloads could time out if large Custom block page images are configured.
Classroom Control Resolved an issue that would result in Domain allows not working correctly in classroom control.

0.17.3

Available 25th July, 2024

Enhancements

Feature
Description
Access Policies A new Access Policy test tool has been introduced, allowing system administrators to assess Access Policy matches. Please note that matching based on Access Policy schedule criteria will be added in a future release
High Availability Email notifications are now sent when CyberEdge HA failover events are triggered
High Availability New HA configuration option allows system administrators to manually fail back to the primary node as required
Reporting Dashboard New reporting dashboard widgets have been created using the list of CyberEdge pre-built queries
Reporting Dashboard Dashboard widgets can now be created from personal custom queries
Google Restricted Google Workplace (G-Suite) restricted mode can now be enforced, allowing access to approved Google domains only. To enforce Google restrictions go to Security Centre > General > Google Workspace Restricted Mode
UI Update Additional information has been included in the management UI, displaying version numbers and the last updated date and time for Application Signatures, Category Web Filtering, GeoIP, and IPS rules. Signature information has also been added to the healtcheck output. To view go to System > Updates > Signature Updates.
Captive Portal The authentication captive portal page can now be customised. To create a custom captive portal go to Authentication > Captive Portal to add images, messages and custom css
block page block pages can now be customised. To create a custom block page go to Security Centre > block page to add images, messages and custom css
DNS DNSSEC can now be configured within the system DNS settings, allowing it to be disabled in situations where certain upstream DNS requirements necessitate it
Certificates Certificates using ECDSA keys are now supported and can be updated via Systems > Certificates

Resolutions

Feature
Description
Captive Portal Resolved an issue with the captive portal redirecting HTTPS connections to an IP instead of the localnetwork.zone URL
Authentication Resolved an issue with authentication that could cause failed authentication and incorrect user reporting data for a user account which was renamed in MS Active Directory and OpenLDAP providers
Content Scanning Resolved an issue with content scanning word lists where line spaces between words in a list could result in content scanning engine not matching correctly
Wonde Resolved an issue with Wonde API revocation process
Reporting RoamSafe VPN has been included in the creation method filters under Reporting > Authentication > Zone Access
RoamSafe VPN Resolved an issue with RoamSafe VPN for Windows not sending intermediate certificates and upgraded the allowed connection types for RoamSafe VPN services to improve compatibility
System System and proxy performance improvements

0.17.2

Available 2nd July, 2024

Major Resolutions

Feature
Description
Content Scanning Resolved an issue where traffic from devices excluded from content scanning, regardless of the exclusion method used, was incorrectly being subjected to HTTPS inspection. As a result, devices without the CyberEdge inspection certificate installed encountered issues with content scanning

If you have already updated to CyberEdge v0.17.1 and are experiencing this issue, please contact CyberEdge support for assistance.

Enhancements

Feature
Description
Firewall Improved the performance of loading and evaluating custom category criteria within Access Policies
SNMP Non-physical network adapters (e.g, VLANs or LACP bundles) can now be monitored via SNMP
SNMP IPSec tunnels can now be monitored via SNMP
Reporting Dashboard The reporting dashboard has been enhanced to support the creation and customization of multiple user dashboards
Reporting Dashboard New reporting dashboard widgets for YouTube and Network Monitoring have been added to provide improved visibility of network events. Additionally, the widget management process has been improved to make it easier for users to add and remove options
Reporting Dashboard Existing dashboard configurations have been migrated and set as the default dashboard
Reporting The performance of previewing reports in the reporting user interface has been improved
Management UI Graphing widgets on Management UI can now be resized with more options
Management UI The management dashboard has added widgets for monitoring client-to-site VPN network connections
Management UI A small user interface change has been made to Networks > System DNS to better represent the active system DNS configuration. In addition, a warning is now displayed where Google Public DNS servers have been configured that may result in DNS rate limiting

Resolutions

Feature
Description
Generated Reports Resolved an issue with generated reports that would not respect the number of results to show value set by the user
Authentication Don't show certificates without keys when setting up Google Cloud Authentication Provider
DNS Resolved an issues with disabled DNS zones still being enabled in the DNS recursor service
Reverse Proxy Fixed handling of reverse proxy redirects to not expose internal port
MFA Resolved an issue with MFA where the Google Authenticator App on IOS was not able to scan the QR code correctly to enable MFA
Management UI Resolved an issue in the Access Policy Edit Stack user interface view that would prevent the vertical scroll bar from displaying correctly
LiveZone In LiveZone, the Classroom tab and session restriction buttons are now hidden when a Classroom policy is not included in Access Policies. In the management UI, the "Add Classroom Control" button in Access Policies is now disabled when the Classroom control feature is turned off
Reporting Resolved an issue with filtering for users who a members of multiple groups. Event filtering input now accommodates multiple group selections
Reporting Resolved and issue with writing database events in timezones with non-integer UTC offsets

0.17.1

Available 19th June, 2024

The CyberEdge Spectra 0.17.1 release introduces a range of new features and enhancements to the platform. This major update will be accessible to customers seeking to upgrade once it is officially released. As this is a major release, automatic updates will not initiate an update. Customers are advised to manually update via System > Updates.

Major Enhancements

The CyberEdge RoamSafe agent for Apple macOS is now accessible to licensed customers. This agent allows for policy-based web filtering and provides security protections for users and devices when they are off the network.

RoamSafe Agent for macOS

Feature
Description
RoamSafe Agent The RoamSafe agent is available for macOS version 12 and above
RoamSafe Agent RoamSafe agents for macOS integrate with Jamf Pro, supporting automated deployment of the application and certificates
RoamSafe Agent The RoamSafe agent for macOS supports SSO authentication through the Jamf Pro client API
RoamSafe Agent RoamSafe agents now use a dedicated Access Policy stack to allow managing device-based policies easier. To manage the RoamSafe Access Policies, navigate to RoamSafe > Agent Policies. Access Policy criteria supports user groups, networks, web categories, custom lists and macOS bundle ID management
RoamSafe Agent A RoamSafe Agent status viewer has been introduced allowing system administrators to view and manage devices connected to the CyberEdge

Report Builder

The CyberEdge now provides a custom report builder to allow users to create and manage their reporting needs. Custom reports can leverage existing pre-built queries or those created by the user.

Feature
Description
Event Viewer The reporting application event viewer has been enhanced to make it easier to create and save custom queries
Custom Reports Custom reports can now be created by users via the new report builder. To create and manage reports, navigate to https://reporting.localnetwork.zone (or any custom domain) > Reports
Custom Queries Users can create new reports by importing queries from any data source with suitable permissions
Custom Reports Reports support custom headers, horizontal lines and short descriptions to provide more detailed information on how to interpret report data
Custom Reports For standard users, custom reports are user based and will be stored as part of standard user preferences. System administrators can create and share reports to multiple users
Custom Reports Custom reports can be previewed

Enhancements

Feature
Description
Firewall The packet processing engine of the firewall has been upgraded, enhancing the overall performance of packet inspection and increasing throughput
Proxy Upgrade to the CyberEdge proxy service for improved performance, connection handling and memory utilisation
Proxy Enhancements to TLS1.3 and HTTP2 based connections have reduced the necessity for custom fast path policies
Proxy New cipher suites have been introduced to enhance security of proxy based connections
block page The default block page design has been updated to provide improved feedback and responsiveness to the user
Web Filtering Web Filtering re-categorization requests can now be made by the system administrator. To request a categorization review go to Security Centre > Categorisation > Categorisation Test
Logging RoamSafe Agent access logs have been added to assist system administrators with connectivity troubleshooting. To view logs, navigate to Status > Log Viewer > Source
Management UI The management user interface has been updated to enhance the overall user experience for system administrators
Reporting RoamSafe agent usage data is available in the reporting application. To view event data in reporting, navigate to Networking > Agent Network Monitoring
Reporting The export to CSV function now supports exporting up to 10,000 rows of data. The speed of the query and export has been significantly improved
Reporting The performance of generating PDF reports with larger data sets has been significantly improved
Reporting RoamSafe agent blocked events is now available in the reporting event viewer. To view RoamSafe event blocks in your reporting application, navigate to Security > Agent Network Blocks
Reporting SpeakUp Incident details data has been added to the SpeakUp event viewer
Reporting Event data can now be quickly exported in PDF format from the reporting application. To generate, add the required query filters and select download as PDF
Management UI A new Active Session dashboard widget has been added to display authentication session information
Management UI Small changes have been made to the Apply Change process to improve the user experience during configuration changes
LiveZone UI The LiveZone portal user interface has been updated to provide an improved experience for users
Reporting UI The reporting application user interface has been enhanced to provide an improved user experience for users
Scheduled Reports Scheduled reports can now be previewed. To preview reports go to Reporting > Scheduled Reports > Preview Report
Scheduled Reports Scheduled reports can be run ad-hoc and supports passing in additional filters including username, group and time/date range. To run an ad-hoc report go to Reporting > Scheduled Reports > Run
Configuration Configuration backup files now include items for classroom control lessons and custom reports
Content Scanning Content Scanning Alerts now supports multiple recipients
Content Scanning Improvements to unicode matching in content scanning

Resolutions

Feature
Description
Upstream Proxy Resolved an issue adding multiple upstream proxy configurations when only a single Internet connection was configured
Configuration Resolved an issue that could result in the HA configuration backup restore failing when more than a single IP was assigned to the management connection
Access Policies Resolved an issue where access policies were incorrectly ordered after it being imported into a new network zone pair from an existing set
Authentication Resolved an issue where incorrect RADIUS attribute values in an 802.1x accounting record could lead to an invalid authentication session cache
SafeSearch Resolved an issue with the DNS cache that could cause SafeSearch to not be enforced correctly when network or group exclusions have been configured by the system administrator
YouTube Restrictions Resolved an issue with the DNS cache that could cause YouTube restricted mode to not be enforced correctly when network or group exclusions are configured
Fast Path UI The "zone" field has been removed from the network source criteria within Fast Path policies because it is an invalid configuration option
Captive Portal Enhanced the responsiveness of the captive portal page during heavy load conditions