ControlOne Platform 22.49.1
December 9, 2022
- The Real-time sync of reporting data to an external SIEM (structured JSON over TLS) is now in preview. Contact your account rep today to request a trial.
- DHCP Reservations can now be quickly created directly from the device row of the "Bridge Connected Devices (ARP)" panel.
- Traffic from internal originating hosts towards port forwards on the same account / zone (NAT hairpin) would not function as desired.
- Removed a CA certificate validity check that interferes with Windows Update.
ControlOne Platform 22.45.3
November 9, 2022
- Optimized user registration and password reset flows for users on mobile device browsers or smaller screens.
- UX enhancements to the network map based on partner feedback, including CBR port numbers and WAN port statuses, CBR connected clients count, more information on hover and expanded options within each options menu.
- Client devices running the Agent that are non-compliant and placed in quarantine, then later become compliant with a policy could take up to twice (2x) the configured check interval for the system to acknowledge the compliance check and allow the client device back onto its configured zone.
- DNS filtering could interfere with normal telemetry and control traffic from the Agent.
ControlOne Platform 22.42.1
October 17, 2022
- Support for non-rfc1918 addresses in legacy networks that overlap “public” IP space, and need to be routable within a ControlOne network topology.
- Management and configuration access to the ControlOne management portal can now be delegated to a third party MSSP.
- Removed an incorrect error message that could appear on the login page when no password was submitted or if the browser was offline.
ControlOne Platform 22.39.1
September 28, 2022
- The Security and Audit Event reporting panel now enables easy retrieval of data within a custom date and time range, in addition to the time span presets within the top panel.
- Device Posture compliance check failures displayed within the main dashboard now deep-links directly to the event detail view, allowing rapid evaluation and remediation of the cause for the compliance failures from Devices running the ControlOne Agent.
- ControlOne Bridges now isolate traffic between Zones assigned to ports by default. Network traffic is now allowed between Zones set in the "Connected Zone" option within the Network Map or within each Zone configuration. Previously this was enabled on a per-request basis.
- Cloud Connector / IPSec configurations now support use of an empty or null IPSec Peer Identification field, expanding interoperability and with more legacy IPSec router configurations.
ControlOne Platform 22.37.2
September 15, 2022
- Devices running the ControlOne Agent have been relocated to the "Client Devices" tab of a new top level "Devices" panel.
- DHCP Leases issued to client devices from ControlOne Bridges are now displayed within the "Bridge DHCP Leases" tab of the new "Devices" panel. Lease data for DHCP includes the IP + MAC address, device hostname, DHCP ID reported by the client, lease expiration, and whether the device is is currently online.
- Locally connected devices detected on the LAN by ControlOne Bridges are now displayed within the "Bridge Connected Devices (ARP)" tab of the new "Devices" panel.
- User sessions within the management portal are now logged out after 30 minutes of inactivity, with a warning prompt appearing after 5 minutes of inactivity. Any management action, browsing activity, or clicking "continue" to the warning prompt will prevent automatic log out.
- Devices running the ControlOne Agent can now be updated from the management portal. Updates can be pushed to all Devices by the button at the top of the Client Devices list. individually by selecting a device and then using the "Update Agent" button within the detail panel. If a device is offline, the update will be installed the next time a device has internet connectivity.
- Various UI and UX improvements, including more helpful tips when creating top level objects (Cloud Gateways, Zones, Sites, Policies) within an instance.
- Network interfaces on ControlOne Bridges can no longer be set to the network or broadcast addresses of the subnet configured for the interface.
ControlOne Platform 22.35.1
August 31, 2022
- Device Posture Check policies now allow selection of an alternate zone for compliance failures. Devices running the ControlOne Agent can be redirected to a "Quarantine" zone for remediation purposes while the device is non-compliant with the posture policy.
- Security and Audit events can now be synchronized in real time to third-party SOC / SIEMs over http(s). Please contact your account rep for details.
- Various UI and UX improvements, including helpful tips within empty pages to facilitate easier initial setup of networks and policies.
ControlOne Platform 22.34.1
August 25, 2022
- ControlOne Bridges can now be assigned to individual customer accounts in the new "Bridge Inventory" panel. Customer accounts with co-management access to the ControlOne management portal can only see or manage ControlOne Bridge devices that are assigned to the respective customer account. Partner accounts can also assign Cold-Spare Bridge devices from inventory for use with a customer instance.
- Cloud Connector / IPSec configurations now have an "auto" mode and presets for the Local and Remote Peer-ID options.
- Expanded support for IPSec key exchange algorithms has been added to the DH-Group options.
- A primary action button for creating objects (Cloud Gateways, Zones, Sites, Policies) has been relocated to the top of the screen, improving the setup experience across all pages.
- Account service address settings have been moved from Site configuration panel to the Cloud Gateway detail view to allow accounts more flexibility with hybrid on-premise and fully-remote deployments.
- When a site Zone had a security policy with the blocked applications mode set to "high", systems running the ControlOne Agent behind that Zone could not connect to the ControlOne Platform.
- Local DNS services running on a ControlOne Bridge would not work when a Zone's DNS mode was set to "advanced" and the cache mode setting was inconsistent on adjacent Zones.
ControlOne Platform 22.31.1
August 4, 2022
- Reporting of status activity events about devices running the ControlOne Agent are now available within the reporting panel. A new event type, "Agent Event" tracks connection attempts, disconnections, and failures of Device Posture Check on a user and device level.
- The management portal now reports when a configuration change has been synchronized across the platform. Additionally, the ability to force a re-sync is available within the admin settings panel.
- Security and Device Posture policies can now be created from places where selection of a policy was possible, reducing the round trip through another page.
- Device Posture Check is now a top level option within the navigation pane with improvements to usability throughout the policy editor. Posture requirement options have all been updated with examples and explanations of the Posture rule's use.
- Devices are now labelled as "Compliant" or "Non-Compliant" within the device list when a Device Posture Policy is enabled on a Zone.
- When inviting users to ControlOne, the invite button would appear to be disabled while entering an email address.
- Cloud Connector / IPSec would sometimes erroneously report a Connector's status as "offline" when it was in fact "online", connected to a remote peer endpoint and capable of passing traffic.
- Traffic for some ControlOne Agents was arriving at the Cloud Gateway as NAT'd from the Cloud Zone's Interface IP instead of the Agent system's assigned IP address.
ControlOne Platform 22.29.1
July 20, 2022
- The Windows and macOS options available for minimum Operating System requirements are now presets within the Device Posture Check policy editor.
- User accounts that have been deleted or disabled are now hidden by default from the users list. Similarly, agent devices that have been inactive for 30 days are now hidden by default. A toggle at the top of each list allows the respective entries to be displayed.
- Data for the dashboard would not always load on the initial render of the dashboard page, and would require the selection of a different time span in order to view the metrics on the page.
ControlOne Platform 22.27.3
July 8, 2022
- Systems running the ControlOne Agent can now be evaluated for compliance at the time of connection and conditionally allowed or prevented from connecting to the ControlOne network with Device Posture Check. Posture Requirements can bet set for Full Disk Encryption status, Device Geolocation / Geofencing, local program or process running like an RMM or xDR executable, or presence of a local file or registry key.
- Conditional DNS forwarding across Zones within an instance would use an SDN fabric IP address as the source address for the DNS traffic towards the configured DNS server, which would then be ignored or dropped by the DNS server in most cases.
ControlOne Platform 22.20.1
May 20, 2022
- Zones are now differentiated for use with ControlOne Agents or for use with a ControlOne Bridge, with the corresponding settings appearing within the Zone panel.
- SD-WAN Link Optimization can now be set to run once at a scheduled time in the future. Ideal for performing this off-peak hours maintenance task without having to login later.
- Accounts that exist within the Partner Portal accounts can now be invited to an instance for use with the ControlOne Agent.
- Uses are now sent an email notification when account setup is complete, prompting them to install and log into the agent if they have not already done so.
- ZTNA Device Posture Check policy names will no longer be rejected on create / save if the name is in use by another account
- All top level configuration objects (Cloud Gateways, Zones, Sites, Policies) now require typing the object name to delete, preventing unintended disruption of an ControlOne account.
- The web app will no longer display an "all white" screen if an unexpected error occurs.
- Changing the Light / Dark theme settings now take effect when clicking on the save button, instead of when the option is selected.
- Zones that are changed from Cloud to Site from the Network Map may disappear momentarily from the Map view.