CyberEdge Spectra 0.17
0.17.5
Available 30th October, 2024
Change of Behaviour
Feature |
Description |
|---|---|
| Content Scanning | Content scanning network exclusion IPs and ranges have been migrated to a new IP List object called "Content Scanning Exclusions," located under Shared Objects > IP Lists. |
| Content Scanning | The "Content Scanning Exclusions" object is now referenced in Content Scanning > General > Content Scanning > Excluded Ranges. Going forward, it is recommended to add any IPs or networks requiring exclusion to the "Content Scanning Exclusions" lists within Shared Objects. |
Enhancements
Feature |
Description |
|---|---|
| Management UI | Access Policy Overview now displays the Time of Day and Date range values of a policy. |
| Management UI | Access Policy Overview now displays the AND / OR values of the policy logic. |
| Management UI | Improvements to the management user interface to improve the overall user experience for system administrators. |
| Management UI | Improvements to the Balance and Failover configuration UI to better display IP's and Network information where a large number of network inputs are listed. |
| Management UI | Within the category test tool results, custom categories listed now have a link to the custom category shared object lists. |
| LiveZone UI | Improvements to the responsiveness of LiveZone and Classroom Control on mobile devices. |
Resolutions
Feature |
Description |
|---|---|
| Management UI | Resolved in issue with the JWT refresh that could result in a full page reload, resulting in the possible of loss of state. |
| Management UI | Resolved an issue where the policy name change would not save with the policy as intended. |
| Block Page | Small CSS updates to the custom block page to stretch images rather than tile. |
| Authentication | Existing authentication session timeouts are updated when the configuration value managing auth session timeouts is changed. |
| Management UI | Resolved an issue with the custom category filtering not working within Access Policy > Categories > Custom Categories |
| Generated Report | Resolved an issue with quarterly reports generation that could result in other reports not generating as intended. |
| Generated Report | Resolved an issue with generated reports that could result in report generation performance issues. |
| System Config | Resolved an issue with DHCP reservation configuration validation that resulted in the slow performance of the CyberEdge configuration system. |
| System Config | Updates to the save functionality to reduce redundant data within the configuration. |
| System | Resolved an issue with system resource utilisation on CyberEdge systems with greater than 48CPU Cores. |
| Content Scanning | Resolved an issue that resulted in disabled content scanning rules processing network traffic. |
0.17.4
Available 26th September, 2024
Change of Behaviour
In version 0.17.4, a new shared objects model has been introduced allowing administrators to manage and reference re-usable information within CyberEdge policy criteria more effectively. The shared objects model includes handling for custom categories (domain lists), IP lists and port lists. As a result, there is a change in behaviour in the CyberEdge that should be noted.
- Access Policies, Fast Path Policies, Routing Policies, Traffic Shaping Policies and RoamSafe Agent Policies - Source and Destination criteria can now reference IP and Port list objects.
- Access Policies and RoamSafe Agent Policies custom categories now reference the new custom category lists. Changes to custom category domain lists are now completed via the new shared objects menu.
More information on the new shared objects can be found here
Important Note
- IP and Port inputs currently configured in the policy criteria have NOT been migrated to the new IP and Port lists. This allows administrators to review and create appropriate list and lists types for your network. It is advised that administrators move IP and Port configuration to the new shared objects at their convenience to simplify system administration.
- All custom categories have been moved to the new custom category object list and should be managed via the new shared objects.
- In future releases, the shared object model will be extended to additional components of the CyberEdge system configuration.
Enhancements
Feature |
Description |
|---|---|
| Custom Categories | Custom categories management, used by Access Policies and RoamSafe Policies, has been moved to the new shared objects > Custom Categories menu. |
| IP/Port Lists | IP and Port lists can now be created and managed in shared objects > IP/Port Lists. IP and Port lists can now be referenced and used within Access Policies, Fast Path, RoamSafe and Routing Policies within source and destination criteria. |
| Proxy Logs | Enhanced the performance and clarity of proxy logs in the log viewer, including updates to the format, user agent values, and proxy actions. To view proxy logs navigate to Status > Log Viewer > Proxy. |
| Reporting | The RoamSafe VPN has been added as an option in the 'Creation Method' filter within the authentication data source of the reporting application. |
| Reporting | The CSV export limit has been increased from 10,000 to 50,000 rows. |
| Policy Test Tool | The web filtering category check tool now supports custom categories. |
| Performance | Performance improvements for the proxy and content scanning process. |
| Classroom Control | Added additional pre-defined classroom lesson lengths, now including options for 80 minutes, 120 minutes, and 360 minutes. |
| Content Scanning Alert | Both the full name and user name are now displayed in the content scanning email notifications. |
| Management UI | The UI components for Users and Groups in Local Auth Providers have been updated to improve the user experience for administrators when managing these elements. |
| Management UI | Added the report schedule status to Reporting > Scheduled Reports view. |
Resolutions
Feature |
Description |
|---|---|
| Log Forwarding | Resolved an issue with log forwarding where logs were not being sent if the remote syslog server was configured to use a port other than the default port 514. |
| Reporting Dashboard | Resolved an issue that could result in a broken dashboard when saving queries with a custom time range. |
| Generated Reports | Increased the system timeout for report generation, allowing reports to run for up to 10 minutes and reducing failures for long-running queries. |
| Authentication | The Cisco ISE pass-through authentication service has been updated to support RADIUS accounting events that deviate from the standard RADIUS accounting format, often due to custom events created by network administrators. Previously, CyberEdge would ignore RADIUS accounting packets with missing non-essential data. |
| Authentication | Improved the performance of group lookups against extremely large directory services for both MS Active directory, Google Cloud and OpenLDAP. |
| RoamSafe VPN | Resolved an issue with RoamSafe VPN routing in networks utilising multiple Internet connections. |
| RoamSafe VPN | Improvements to the RoamSafe VPN to improve connection reliability on iOS/iPadOS. |
| Client to Site VPN | Improvements to the Client-to-Site VPN to more effectively manage slow-performing authentication providers, reducing the risk of VPN authentication disconnects. |
| Management UI | Resolved an issue in the Access Policies UI that incorrectly displayed the application tag for "AI." |
| Management UI | Resolved an issue with the with the incorrect IP showing on the secondary node in System > Nodes > Secondary. |
| Management UI | Access Policy test results now displays group names correctly. |
| Management UI | Resolved an issue on the Network > Adapters page where adding multiple interfaces without 'Name' and toggling VLANs would result in duplicated rows. |
| Custom block page | Resolved an issue that would result in an error when resetting to the default CSS of for the custom block page. |
| Reporting UI | Resolved an issue with JWT token refresh that resulted in users to lose their application state in the reporting application. |
| Reporting UI | Resolved an issue where the time range and timestamps were improperly cleared when refreshing the page in the reporting application event viewer. |
| LiveZone UI | Resolved an issue with JWT token refresh that resulted in users to lose their application state in LiveZone application. |
| System | Resolved an intermittent system issue that could occur after a reboot when Custom block pages are configured. |
| Proxy | Resolved an issue where proxy reloads could time out if large Custom block page images are configured. |
| Classroom Control | Resolved an issue that would result in Domain allows not working correctly in classroom control. |
0.17.3
Available 25th July, 2024
Enhancements
Feature |
Description |
|---|---|
| Access Policies | A new Access Policy test tool has been introduced, allowing system administrators to assess Access Policy matches. Please note that matching based on Access Policy schedule criteria will be added in a future release |
| High Availability | Email notifications are now sent when CyberEdge HA failover events are triggered |
| High Availability | New HA configuration option allows system administrators to manually fail back to the primary node as required |
| Reporting Dashboard | New reporting dashboard widgets have been created using the list of CyberEdge pre-built queries |
| Reporting Dashboard | Dashboard widgets can now be created from personal custom queries |
| Google Restricted | Google Workplace (G-Suite) restricted mode can now be enforced, allowing access to approved Google domains only. To enforce Google restrictions go to Security Centre > General > Google Workspace Restricted Mode |
| UI Update | Additional information has been included in the management UI, displaying version numbers and the last updated date and time for Application Signatures, Category Web Filtering, GeoIP, and IPS rules. Signature information has also been added to the healtcheck output. To view go to System > Updates > Signature Updates. |
| Captive Portal | The authentication captive portal page can now be customised. To create a custom captive portal go to Authentication > Captive Portal to add images, messages and custom css |
| block page | block pages can now be customised. To create a custom block page go to Security Centre > block page to add images, messages and custom css |
| DNS | DNSSEC can now be configured within the system DNS settings, allowing it to be disabled in situations where certain upstream DNS requirements necessitate it |
| Certificates | Certificates using ECDSA keys are now supported and can be updated via Systems > Certificates |
Resolutions
Feature |
Description |
|---|---|
| Captive Portal | Resolved an issue with the captive portal redirecting HTTPS connections to an IP instead of the localnetwork.zone URL |
| Authentication | Resolved an issue with authentication that could cause failed authentication and incorrect user reporting data for a user account which was renamed in MS Active Directory and OpenLDAP providers |
| Content Scanning | Resolved an issue with content scanning word lists where line spaces between words in a list could result in content scanning engine not matching correctly |
| Wonde | Resolved an issue with Wonde API revocation process |
| Reporting | RoamSafe VPN has been included in the creation method filters under Reporting > Authentication > Zone Access |
| RoamSafe VPN | Resolved an issue with RoamSafe VPN for Windows not sending intermediate certificates and upgraded the allowed connection types for RoamSafe VPN services to improve compatibility |
| System | System and proxy performance improvements |
0.17.2
Available 2nd July, 2024
Major Resolutions
Feature |
Description |
|---|---|
| Content Scanning | Resolved an issue where traffic from devices excluded from content scanning, regardless of the exclusion method used, was incorrectly being subjected to HTTPS inspection. As a result, devices without the CyberEdge inspection certificate installed encountered issues with content scanning |
If you have already updated to CyberEdge v0.17.1 and are experiencing this issue, please contact CyberEdge support for assistance.
Enhancements
Feature |
Description |
|---|---|
| Firewall | Improved the performance of loading and evaluating custom category criteria within Access Policies |
| SNMP | Non-physical network adapters (e.g, VLANs or LACP bundles) can now be monitored via SNMP |
| SNMP | IPSec tunnels can now be monitored via SNMP |
| Reporting Dashboard | The reporting dashboard has been enhanced to support the creation and customization of multiple user dashboards |
| Reporting Dashboard | New reporting dashboard widgets for YouTube and Network Monitoring have been added to provide improved visibility of network events. Additionally, the widget management process has been improved to make it easier for users to add and remove options |
| Reporting Dashboard | Existing dashboard configurations have been migrated and set as the default dashboard |
| Reporting | The performance of previewing reports in the reporting user interface has been improved |
| Management UI | Graphing widgets on Management UI can now be resized with more options |
| Management UI | The management dashboard has added widgets for monitoring client-to-site VPN network connections |
| Management UI | A small user interface change has been made to Networks > System DNS to better represent the active system DNS configuration. In addition, a warning is now displayed where Google Public DNS servers have been configured that may result in DNS rate limiting |
Resolutions
Feature |
Description |
|---|---|
| Generated Reports | Resolved an issue with generated reports that would not respect the number of results to show value set by the user |
| Authentication | Don't show certificates without keys when setting up Google Cloud Authentication Provider |
| DNS | Resolved an issues with disabled DNS zones still being enabled in the DNS recursor service |
| Reverse Proxy | Fixed handling of reverse proxy redirects to not expose internal port |
| MFA | Resolved an issue with MFA where the Google Authenticator App on IOS was not able to scan the QR code correctly to enable MFA |
| Management UI | Resolved an issue in the Access Policy Edit Stack user interface view that would prevent the vertical scroll bar from displaying correctly |
| LiveZone | In LiveZone, the Classroom tab and session restriction buttons are now hidden when a Classroom policy is not included in Access Policies. In the management UI, the "Add Classroom Control" button in Access Policies is now disabled when the Classroom control feature is turned off |
| Reporting | Resolved an issue with filtering for users who a members of multiple groups. Event filtering input now accommodates multiple group selections |
| Reporting | Resolved and issue with writing database events in timezones with non-integer UTC offsets |
0.17.1
Available 19th June, 2024
The CyberEdge Spectra 0.17.1 release introduces a range of new features and enhancements to the platform. This major update will be accessible to customers seeking to upgrade once it is officially released. As this is a major release, automatic updates will not initiate an update. Customers are advised to manually update via System > Updates.
Major Enhancements
The CyberEdge RoamSafe agent for Apple macOS is now accessible to licensed customers. This agent allows for policy-based web filtering and provides security protections for users and devices when they are off the network.
RoamSafe Agent for macOS
Feature |
Description |
|---|---|
| RoamSafe Agent | The RoamSafe agent is available for macOS version 12 and above |
| RoamSafe Agent | RoamSafe agents for macOS integrate with Jamf Pro, supporting automated deployment of the application and certificates |
| RoamSafe Agent | The RoamSafe agent for macOS supports SSO authentication through the Jamf Pro client API |
| RoamSafe Agent | RoamSafe agents now use a dedicated Access Policy stack to allow managing device-based policies easier. To manage the RoamSafe Access Policies, navigate to RoamSafe > Agent Policies. Access Policy criteria supports user groups, networks, web categories, custom lists and macOS bundle ID management |
| RoamSafe Agent | A RoamSafe Agent status viewer has been introduced allowing system administrators to view and manage devices connected to the CyberEdge |
Report Builder
The CyberEdge now provides a custom report builder to allow users to create and manage their reporting needs. Custom reports can leverage existing pre-built queries or those created by the user.
Feature |
Description |
|---|---|
| Event Viewer | The reporting application event viewer has been enhanced to make it easier to create and save custom queries |
| Custom Reports | Custom reports can now be created by users via the new report builder. To create and manage reports, navigate to https://reporting.localnetwork.zone (or any custom domain) > Reports |
| Custom Queries | Users can create new reports by importing queries from any data source with suitable permissions |
| Custom Reports | Reports support custom headers, horizontal lines and short descriptions to provide more detailed information on how to interpret report data |
| Custom Reports | For standard users, custom reports are user based and will be stored as part of standard user preferences. System administrators can create and share reports to multiple users |
| Custom Reports | Custom reports can be previewed |
Enhancements
Feature |
Description |
|---|---|
| Firewall | The packet processing engine of the firewall has been upgraded, enhancing the overall performance of packet inspection and increasing throughput |
| Proxy | Upgrade to the CyberEdge proxy service for improved performance, connection handling and memory utilisation |
| Proxy | Enhancements to TLS1.3 and HTTP2 based connections have reduced the necessity for custom fast path policies |
| Proxy | New cipher suites have been introduced to enhance security of proxy based connections |
| block page | The default block page design has been updated to provide improved feedback and responsiveness to the user |
| Web Filtering | Web Filtering re-categorization requests can now be made by the system administrator. To request a categorization review go to Security Centre > Categorisation > Categorisation Test |
| Logging | RoamSafe Agent access logs have been added to assist system administrators with connectivity troubleshooting. To view logs, navigate to Status > Log Viewer > Source |
| Management UI | The management user interface has been updated to enhance the overall user experience for system administrators |
| Reporting | RoamSafe agent usage data is available in the reporting application. To view event data in reporting, navigate to Networking > Agent Network Monitoring |
| Reporting | The export to CSV function now supports exporting up to 10,000 rows of data. The speed of the query and export has been significantly improved |
| Reporting | The performance of generating PDF reports with larger data sets has been significantly improved |
| Reporting | RoamSafe agent blocked events is now available in the reporting event viewer. To view RoamSafe event blocks in your reporting application, navigate to Security > Agent Network Blocks |
| Reporting | SpeakUp Incident details data has been added to the SpeakUp event viewer |
| Reporting | Event data can now be quickly exported in PDF format from the reporting application. To generate, add the required query filters and select download as PDF |
| Management UI | A new Active Session dashboard widget has been added to display authentication session information |
| Management UI | Small changes have been made to the Apply Change process to improve the user experience during configuration changes |
| LiveZone UI | The LiveZone portal user interface has been updated to provide an improved experience for users |
| Reporting UI | The reporting application user interface has been enhanced to provide an improved user experience for users |
| Scheduled Reports | Scheduled reports can now be previewed. To preview reports go to Reporting > Scheduled Reports > Preview Report |
| Scheduled Reports | Scheduled reports can be run ad-hoc and supports passing in additional filters including username, group and time/date range. To run an ad-hoc report go to Reporting > Scheduled Reports > Run |
| Configuration | Configuration backup files now include items for classroom control lessons and custom reports |
| Content Scanning | Content Scanning Alerts now supports multiple recipients |
| Content Scanning | Improvements to unicode matching in content scanning |
Resolutions
Feature |
Description |
|---|---|
| Upstream Proxy | Resolved an issue adding multiple upstream proxy configurations when only a single Internet connection was configured |
| Configuration | Resolved an issue that could result in the HA configuration backup restore failing when more than a single IP was assigned to the management connection |
| Access Policies | Resolved an issue where access policies were incorrectly ordered after it being imported into a new network zone pair from an existing set |
| Authentication | Resolved an issue where incorrect RADIUS attribute values in an 802.1x accounting record could lead to an invalid authentication session cache |
| SafeSearch | Resolved an issue with the DNS cache that could cause SafeSearch to not be enforced correctly when network or group exclusions have been configured by the system administrator |
| YouTube Restrictions | Resolved an issue with the DNS cache that could cause YouTube restricted mode to not be enforced correctly when network or group exclusions are configured |
| Fast Path UI | The "zone" field has been removed from the network source criteria within Fast Path policies because it is an invalid configuration option |
| Captive Portal | Enhanced the responsiveness of the captive portal page during heavy load conditions |