Version 3.7.0 Release Notes

Improvements

This release provides increased authentication flexibility for user-based policy enforcement and reporting in complex environments. New features Include:
  • Connection profiles
  • Authentication profiles
  • Support for Single Sign-On with Mac OS X
  • Captive Portal authentication

Authentication and Connection Profiles

This release adds two new constructs: connection profiles and authentication profiles. These provide much more flexibility for authenticating your users, enabling better control of user-based policy enforcement and reporting. You can now create connection profiles based on IP address, device type, application, or any combination of these. Then, you can use the connection profiles you have created in authentication profiles, to define how you want these classes of users to authenticate.

For instance, you could:
  • Set up a connection profile for iOS devices and then create an authentication profile that requires authentication for web browsing using the Captive Portal feature.
  • Create a connection profile for non-browser applications that need to use the internet (such as iTunes or application software updates), and then exempt them from authentication.
  • Create a connection profile of the IP range provided on your "guest" wireless network and exempt that profile from authentication.
Note: If you are upgrading from a previous version of the appliance and have configured a list of applications exempted from Active Directory Authentication, or have configured IP-based exemptions, these will be migrated to an application/connection profile configuration that will maintain your settings. To add additional applications or addresses to your existing lists, modify the related connection profiles.

Single Sign-On for Mac OS X

The appliance now supports single sign on for OS X, so you can authenticate Mac users using their stored system credentials. Please see Configuring Authentication and Configuring Active Directory to support Kerberos for OS X in the online product documentation.

Captive Portal

With the Captive Portal enabled, users can be automatically redirected to a login page to enter their Active Directory credentials, or to log in as a guest and browse using IP based web policy.

Resolved Issues

Work Order # Description
DEF76371 Resolved an issue where iTunes updates would fail if the download category was set to warn.
DEF79009 Improved network performance under heavy load.
DEF79712 Improved system stability and resolved a problem that could cause alerts and EDN messages.
DEF79902 Resolved an issue where an appliance could incorrectly send a CPU temperature alert.
DEF77326 Resolved an issue where iTunes URLs could be blocked, despite having been added to the local site list.
DEF80385 Improved network stability and resolved an issue that could trigger an alert on some systems.
DEF77795 The TMG/ISA plug-in now supports downloading files more than 4GB. Please reinstall the plug-in.
DEF80288. Added better validation on the Certificate Authority page to detect invalid certificates
DEF76457 Resolved an issue where some sites would incorrectly display the error "FTP Server Disconnected".
SUG79832 Added a new certificate to Sophos trusted authorities: QuoVadis Global SSL ICA .
SUG79835 Added a new certificate to Sophos trusted authorities: VeriSign Class 3 Secure Server CA - G3.
DEF80066 Improved reporting data for connected endpoints.