What’s New in Propalms VPN 3.5?
Improved Management Console Interface
The VPN management console GUI is simplified and improved now. The left navigation tree has a new organization with more logical grouping of configuration screens.Inline Help on Management Console
Context sensitive help is added to management console to facilitate quick reference to configuration options.Graphical Dashboard on Management Console
A new graphical dashboard is added to management console showing live users, license usage, resource usage and important VPN information.Multiple Authentication Server & Cascading
It is now possible to add and use more than 1 external authentication servers. There is a new authentication server management screen where multiple servers can be configured. These servers can be then configured in cascading mode. This means, if user can not be found in highest priority server, the user is will searched in the lower priority servers also.External Authorization Server
In case the authentication server cannot provide role/group information for an incoming user, a separate authorization server can be specified which will be used to provide user role information. Authentication servers like OTP tokens or RSA SecureID servers may not provide role information to VPN gateway. VPN gateway requires user's role to assign applications to the user. With such servers an additional external authentication server or native groups can be used to decide the role of the user. The authentication is done with the external authentication server and then the username is searched in the configured external authorization server.Block Groups
The Administrator can specify a list of native/local groups that are not allowed to login into the VPN gateway. This feature can be used when the external authentication server cannot provide any role information and VPN local groups need to be used to put users into particular roles. In that case specific local groups can be blocked to login into VPN.Global VPN Domain Settings
A new screen is added to management console to define the authentication and authorization scheme for the VPN, termed as VPN domain. In future versions, it will be possible to add multiple VPN domains each with own AAA scheme. The global authentication scheme includes the authentication servers to be used for authentication, any external authentication server(s) and group list which needs to be denied login to VPN.New Product Licensing
The licensing mechanism is improved to include a system default license, endpoint security feature control based on license as well as making the license key tied to a particular hardware. VPN gateway can run in 3 license states:1. System default (5 users for 30 day evaluation)
2. Evaluation license (time bound)
3. Production license
A newly installed VPN gateway can be started in system default license which is valid for 5 concurrent users for 30 days. Alternatively administrator can choose to put a license key at the time of pre-boot stage. A license key can be added from management console after the VPN is configured. To get a license key, administrator must send the "product key" displayed on management console to info@propalms.com. The new license key will be valid only for the hardware from which product key was taken. The new license can enable endpoint security feature on the appliance. The VPN gateway will send notification emails to all registered security officers and administrators before 5 days and 2 days from expiry of the license. The VPN gateway will send a last notification email 24 hours before expiry of the license.
Detecting Application Creation Errors
While creating new applications, it is common to set a hostname for Application server or the URL which is not resolvable from VPN gateway. This can happen either the hostname typed is not correct or the DNS server is not configured correctly or there is no DNS server at all. In v3.5 when creating applications, the VPN will check if the hostname specified as Application Server hostname and the hostname/domain name in the Web URL is resolvable from VPN gateway or not. An error is displayed if the name cannot be resolved. The Administrator can fix the hostname or they can create host file entry for the hostname.
VPN Client for Linux and MAC OS
VPN Clients for Linux and MAC OS X are now available for download from VPN portal. Users can choose to download the correct VPN client for their platform.Backup and Restore Configuration
With v3.5, administrators can back up the configuration and restore the same in case of a disaster. The backup file is stored on administrator's desktop which can be uploaded back to gateway for restoration. There are two back options available: User settings backup or full system backup.Administration Logs
All the administration changes are logged and viewable through the management console. The logs are achieved on the gateway with capacity to store more than 200,000 log entries.Reset Security Officer Account
An option is added to VPN console to reset security officer/administration's account. The feature resets the administrator's certificate on VPN management console and sends a new passphrase to the registered email ID of the administrator. This feature can be used in case administrator's certificate is lost or administrator forgets her password.Network Settings Configuration
A new option is added to the management console so that IP address, DNS and host file modifications can be done from management console. Administrators can change IP address related settings as well as configure the DNS options. It is also possible to create host file entries on VPN gateway to resolve the names.Reboot and Shutdown Option
A new option is added to the management console providing the capability to reboot and shutdown the appliance.Route Configuration
A new option is added to the management console so static route configuration can be done from within the console itself.Scheduled Expiration of Local User Accounts
At the time of creating local user accounts, administrator can set a date when the account will automatically expire. After the given date the user account is set to "disabled". This option is applicable only for basic authentication and certificate users. This option is not applicable to security officers and administrators.Single Sign-on to Propalms TSE for Certificate Users
Until version 3.4, SSO for Propalms TSE was supported only for basic authentication users. In v3.5, SSO is supported for users authenticating with certificate also. The username is fetched from the client certificate's 'issued to' field. The user must have same username and password on the Propalms TSE server also.Endpoint Security Configuration Checks
- Endpoint security cannot be turned ON unless there is a device profile present.- A Device profile cannot be added unless a Host scan policy is already present.
- A Mandatory Device Profile cannot be created unless at least one more device profile exists.
- A Quarantine Device Profile cannot be created unless at least one more device profile exists.
