Version 3.0.0 Release Notes

New Features

Security Management Appliance : The Security Management Appliance is a new appliance that provides centralized configuration, policy, searches, and reporting for multiple joined Web Appliances in your organization.
Centralized Management and Reporting: In order to scale Web Appliance capabilities to serve large and growing organizations, multiple Web Appliances can be configured to work together under a single Security Management Appliance. Joining up to 50 Web Appliances to one Security Management Appliance has been tested and is supported.
Granular policy control: You can now create policies to control access to individual URLs via "tags".
Apply policies to individuals: You can now set policies for individual users and groups.
Finer-grained time ranges for policies: You can now specify start and end times for policies to the exact minute.
Scheduled Reports: You can select groups of reports that can be generated automatically as PDFs and emailed to configurable lists of recipients on a predefined schedule.
Group-based reporting: You can now generate reports for groups of users.
Enhanced connectivity management: Diagnostic tools have been added for network connectivity troubleshooting, including ping, traceroute, DNS lookup, and HTTP requests.
Enhanced Certificate Validation: You can now manage individual site certificates.
Data leakage prevention: You can now prevent your users from sending webmail or posting to blogs.
Recent Activity Searches by date range: You can now specify a date range for the results of a recent activity search.
Firefox 3 Support: Firefox 3 support has been added and fully tested for accessing the administrative web interface and as an end user browser.
Enhanced Notification Page Information: The end-user notification pages now display visual icons and more extensive information, such as the reason why access to a page may be blocked.
Setup Wizard Joining: A Web Appliance can join a Management Appliance as a step in the Setup Wizard.
Setup Wizard duration reduced: The initial URL data download, which can extend the time required to complete the Setup Wizard, can now be completed in the background, allowing the Setup Wizard to be completed independently. This new feature includes a System Status warning alert from an appliance for which the Setup Wizard has been completed, but the initial URL data is not yet completely downloaded.
System-level tags: The finer-grained policy control to apply policy to individual websites with the addition of tags has been further extended by the addition of two predefined system tags, Globally allowed sites and Globally blocked sites.
Note: Prior to the 3.0 release, marking a site as either Trusted or High Risk would override the accessibility determined by the site's category. For 3.0, it was decided that the risk class should no longer override the accessibility determined by the category, but that the accessibility that established users have set in the Local Classifications (Local Site List) should be maintained. To accomplish this, the Local Site List is migrated during an upgrade to 3.0 as follows:
  • Any entry with a Trusted risk level will have the system-level tag Globally allowed sites applied.
  • Any entry with a High Risk level will have the system-level tag Globally blocked sites applied.

The behavior of these system-level tags is as follows:

  • Globally allowed sites tag overrides all policy but will not override risk level-denied access.
  • Globally blocked sites tag overrides all policy and also overrides Trusted sites.

Also, excluded users are excluded from the policy and hence system level tags have no affect on them.

Note: If a site has been tagged with a global system tag, it is not necessary to add it to an Additional Policy.
Improved Active Directory security: Improved the security of communications between the Security Management Appliance and an Active Directory server.

Resolved Issues

Work Order # Description
DEF38427 Increased the length of Active Directory synchronization timeouts to ensure connectivity in poor network environments.
DEF38419 Improved our handling of newline characters in Active Directory records that prevented some usernames from being retrieved.
SUG35558 Added the Filter button in the Group Editor dialog box.
SUG35499 Improved the error message that is displayed in the status bar when an invalid email address in entered in the Specify Recipients page of the Report Scheduler wizard.
DEF35488 Web Appliances now accurately report the bandwidth for streaming media site connections.
DEF35414 Web Appliance can now join a Management Appliance during periods of high network latency.
DEF35356 Improved the responsiveness of the Local Site List Editor while adding entries.
DEF35295 Corrected a problem in which connections to certain streaming media sites would only work if the Allow large files (>800 Mb) option is selected in the Configuration > Global Policy > Download Options page.
DEF35113 Web Appliances with multiple alert recipients no longer fail to receive emailed alerts.
DEF35111 Improved the display of custom groups so that IP addresses no longer fail to display in large lists.
DEF35102 Corrected the title of the Browse time by user report.
DEF35048 The proxy no longer fails to reload the policy after policy has been changed.
DEF35042 An apparent failure of the Web Appliance that required a physical restart has been resolved. The proxy restarts after configuration changes, but this failed in one case as the HTTPS keybridging helper wasn't closing all file descriptors. This situation has now been resolved.
DEF34978 Corrected two typographical errors in the Configuration > Global Policy > Certificate Validation page's Add Certificate dialog box.
DEF34967 The proxy module no longer exits unexpectedly on policy reloads.
DEF34869 Active Directory LDAP sessions now use encrypted authentication.
DEF29143 FTP directory listings icons are no longer blocked.
DEF26214 The FTP port is now configurable for backups.
DEF25353 Improved the performance of the Local Site List adding, viewing, and deleting operations when there are a large numbers of entries.
DEF25313 Improved the handling of HTTPS scanning.