Security Management Appliance : The Security Management Appliance is a new appliance that provides centralized configuration, policy, searches, and reporting for multiple joined Web Appliances in your organization. |
Centralized Management and Reporting: In order to scale Web Appliance capabilities to serve large and growing organizations, multiple Web Appliances can be configured to work together under a single Security Management Appliance. Joining up to 50 Web Appliances to one Security Management Appliance has been tested and is supported. |
Granular policy control: You can now create policies to control access to individual URLs via "tags". |
Apply policies to individuals: You can now set policies for individual users and groups. |
Finer-grained time ranges for policies: You can now specify start and end times for policies to the exact minute. |
Scheduled Reports: You can select groups of reports that can be generated automatically as PDFs and emailed to configurable lists of recipients on a predefined schedule. |
Group-based reporting: You can now generate reports for groups of users. |
Enhanced connectivity management: Diagnostic tools have been added for network connectivity troubleshooting, including ping, traceroute, DNS lookup, and HTTP requests. |
Enhanced Certificate Validation: You can now manage individual site certificates. |
Data leakage prevention: You can now prevent your users from sending webmail or posting to blogs. |
Recent Activity Searches by date range: You can now specify a date range for the results of a recent activity search. |
Firefox 3 Support: Firefox 3 support has been added and fully tested for accessing the administrative web interface and as an end user browser. |
Enhanced Notification Page Information: The end-user notification pages now display visual icons and more extensive information, such as the reason why access to a page may be blocked. |
Setup Wizard Joining: A Web Appliance can join a Management Appliance as a step in the Setup Wizard. |
Setup Wizard duration reduced: The initial URL data download, which can extend the time required to complete the Setup Wizard, can now be completed in the background, allowing the Setup Wizard to be completed independently. This new feature includes a System Status warning alert from an appliance for which the Setup Wizard has been completed, but the initial URL data is not yet completely downloaded. |
System-level tags: The finer-grained policy control to apply policy to
individual websites with the addition of tags has been further extended by the
addition of two predefined system tags, Globally allowed
sites and Globally blocked sites. Note: Prior to the 3.0 release, marking a site as either
Trusted or High Risk would
override the accessibility determined by the site's category. For 3.0, it was
decided that the risk class should no longer override the accessibility determined
by the category, but that the accessibility that established users have set in the
Local Classifications (Local Site List) should be maintained. To accomplish this,
the Local Site List is migrated during an upgrade to 3.0 as follows:
The behavior of these system-level tags is as follows:
Also, excluded users are excluded from the policy and hence system level tags have no affect on them. Note: If a site has been tagged with a global system tag, it is not
necessary to add it to an Additional Policy.
|
Improved Active Directory security: Improved the security of communications between the Security Management Appliance and an Active Directory server. |
Work Order # | Description |
---|---|
DEF38427 | Increased the length of Active Directory synchronization timeouts to ensure connectivity in poor network environments. |
DEF38419 | Improved our handling of newline characters in Active Directory records that prevented some usernames from being retrieved. |
SUG35558 | Added the Filter button in the Group Editor dialog box. |
SUG35499 | Improved the error message that is displayed in the status bar when an invalid email address in entered in the Specify Recipients page of the Report Scheduler wizard. |
DEF35488 | Web Appliances now accurately report the bandwidth for streaming media site connections. |
DEF35414 | Web Appliance can now join a Management Appliance during periods of high network latency. |
DEF35356 | Improved the responsiveness of the Local Site List Editor while adding entries. |
DEF35295 | Corrected a problem in which connections to certain streaming media sites would only work if the Allow large files (>800 Mb) option is selected in the page. |
DEF35113 | Web Appliances with multiple alert recipients no longer fail to receive emailed alerts. |
DEF35111 | Improved the display of custom groups so that IP addresses no longer fail to display in large lists. |
DEF35102 | Corrected the title of the Browse time by user report. |
DEF35048 | The proxy no longer fails to reload the policy after policy has been changed. |
DEF35042 | An apparent failure of the Web Appliance that required a physical restart has been resolved. The proxy restarts after configuration changes, but this failed in one case as the HTTPS keybridging helper wasn't closing all file descriptors. This situation has now been resolved. |
DEF34978 | Corrected two typographical errors in the Add Certificate dialog box. | page's
DEF34967 | The proxy module no longer exits unexpectedly on policy reloads. |
DEF34869 | Active Directory LDAP sessions now use encrypted authentication. |
DEF29143 | FTP directory listings icons are no longer blocked. |
DEF26214 | The FTP port is now configurable for backups. |
DEF25353 | Improved the performance of the Local Site List adding, viewing, and deleting operations when there are a large numbers of entries. |
DEF25313 | Improved the handling of HTTPS scanning. |