Server Changelog
Changes to SonicWall Cloud Secure Edge (formerly Banyan's) Netagent & Connector
- Updated on Sep 11, 2024
To stay informed about important updates to our product, subscribe to our monthly Release Notes. You may also review past release notes here and current limitations (and workarounds) of the Cloud Secure Edge here.
September 11th 2024
v2.8.11
- Download:
August 14th 2024
v2.8.10
- Download:
July 10th 2024
v2.8.8
-
fix Remove API key after Access Tier install package.
-
Download:
May 22nd 2024
v2.8.7
-
Search Domains: Domain names and FQDNs are now case insensitive.
-
Download:
May 8th 2024
v2.8.6
-
Netagent bypasses systemd-resolved.
-
Download:
April 10th 2024
v2.8.5
- Download:
March 14th 2024
v2.8.4
-
Performance enhancements for the Global Edge.
-
Download:
February 14th 2024
v2.8.3
-
Performance enhancements for the Global Edge.
-
Download:
January 17th 2024
v2.8.2
-
new Enhanced Netagent performance (lowered CPU usage).
-
Download:
December 13th 2023
v2.8.1
-
fix Connection test was failing for hosted web services with capitalized Access Tier names.
-
Download:
November 15th 2023
v2.8.0
-
fix (Discover Public Resources) Accessing the same FQDN resource using a second Service Tunnel was not updating the tunnel information on the list page or in the “Last Reported” status.
-
Download:
October 11th 2023
v2.7.4
- fix Improved support for private resource discovery
-
new
/health
API endpoint supports query parameters to filter results specific to a service or component - Download:
September 20th 2023
v2.7.3
- fix Access Tiers were collecting stale certificates from outdated services.
-
new Support for non-standard websockets (like
socket.io
), enabled via Access Tier Local Config API. - Download:
August 9th 2023
v2.7.2
-
new Netagent Health Check.
-
Download:
July 12th 2023
v2.7.1
-
fix Enabling ITP misroutes DNS in Ubunutu.
-
Download:
June 14th 2023
v2.7.0
- new Debugging interface now enabled by default (
memprofile
set totrue
). -
fix Users were intermittently being disconnected from Infra Services and Service Tunnel; warnings were generated but error messages were not.
- Download:
May 10th 2023
v2.6.0
- fix ICMP admin prohibited packets are returned for rejected traffic.
-
Efficiency improvements in Service Tunnel L4 policy changes.
- Download:
April 28th 2023
v2.5.1
-
fix Hotfix for Netagent - Shield connection.
-
Download:
April 12th 2023
v2.5.0
- Improved Netagent reporting.
-
new StatsD support for monitoring Service Tunnels.
- Download:
April 5th 2023
v2.4.2
-
fix FQDNs used in Tunnel-based policies were failing to resolve in some cases.
-
Download:
March 16th 2023
v2.4.1
-
fix Domain-based policies weren’t working as expected when FQDNs’ IP addresses were changed.
-
Download:
March 8th 2023
v2.4.0
- new Support for new Domain-based Tunnel Policies.
- Performance and stability improvements.
February 8th 2023
v2.3.0
- fix When using intermediate CA certificates, the CA certificate format was incorrectly written, causing the Netagent to fail on start.
- fix WireGuard kernel module, required for running kernel version in Amazon Linux 2, was missing.
-
Browser-based Error messages have been updated.
- Download:
January 11th 2023
v2.2.0
-
fix Private domains (ipv6) were not resolving over Service Tunnel.
-
Download:
December 14th 2022
v2.1.1
-
fix Hotfix for Service Tunnel with Connector.
-
Download:
December 13th 2022
v2.1.0
- new Service Tunnel for Public Domains.
-
new Service Tunnel Discovery.
- Download:
November 9th 2022
v2.0.0
- Simplified the Access Tier installation process.
-
new Local configs (i.e., advanced configs) are done via API/UI instead of the config.yaml file.
- Download:
October 13th 2022
v1.49.0
- new Netagent logs will now report the TLS ciphers and versions for every connection.
-
new Access type Event Logs will now report Access Tier name along with its public address for every connection.
- Download:
September 14th 2022
v1.48.0
-
Performance and stability improvements.
-
Download:
August 25th 2022
v1.47.0
-
fix Netagent was unable to correctly handle websocket connections in case of OIDC exempt requests.
-
Download:
July 28th 2022
v1.46.0
- fix Websocket connections were not being closed in certain conditions.
-
fix Netagent logs were not being collected through Netagent Support Bundle.
- Download:
July 1st 2022
v1.45.1
- fix Banyan’s Private DNS resolution was case-sensitive; DNS resolution is no longer case-sensitive.
-
fix Enhanced DNS routing was not resolving correctly for Windows.
- Download:
June 30th 2022
v1.45.0
- fix Updating the Access Tier tunnel configuration in Banyan’s Cloud Command Center was causing Netagent to bring down the WireGuard (wg) interface.
-
fix In some scenarios, enhanced DNS routing was not resolving correctly.
- Download:
May 12th 2022
v1.44.0
-
new Option to disable Strict-Transport-Security HTTP R
-
new Option to disable Strict-Transport-Security HTTP Response Header within Netagent configuration.
-
Download:
March 24th 2022
v1.43.0
- new Support for Service Accounts in the Cloud Command Center.
- Admins can customize the SameSite cookie property of the
bnn_trust
cookie used by Hosted Websites. -
fix Service Tunnel iptables rules were not deleting after the Access Tier was removed from the Service Tunnel.
- Download:
February 3rd 2022
v1.42.2
-
fix Service Tunnel issues that were causing select TrustScores to be ignored.
-
Download:
v1.42.1
-
fix Service Tunnel users were experiencing packet loss when users were added or removed.
-
Download:
January 27th 2022
v1.42.0
- new Admins can now easily define L7 rules within web policies through the Banyan console.
-
new Admins can now create network-level (L4) Service Tunnel policies.
- Download:
January 6th 2022
v1.41.0
- fix Netagent was stripping out invalid HTTP cookies. Now, it forwards invalid cookies.
-
fix macOS users now receive the correct IP address when they use Service Tunnel.
- Download:
October 31st 2021
v1.40.0
- Download:
September 30th 2021
v1.39.0
- new Netagent now returns a connection test response when it receives a request from shield with
*
in the site name. -
new The REST API server now reports for all access-tiers in a cluster.
- Download:
September 2nd 2021
v1.38.0
- Restored “Netagent Details” for hosted websites and infrastructure
-
Removed enforcement of “Site Domain Names” configuration parameter
- Download:
July 7th 2021
v1.37.0
- Metrics collection using
statsd
to send metrics to Datadog via Dogstatsd - Use Let’s Encrypt certificates for hosted websites
-
Frontend domain with upper case letters
- Download:
May 12th 2021
v1.36.1
-
Performance and stability improvements.
-
Download:
April 28th 2021
v1.36.0
- Various improvements to Access events.
- User and Device info for TCP service connection-level events.
- Added
reported_by
field to display the specific Netagent sending the event. - For Access events, the
correlation_id
identifies the TCP connection.
-
Added Headers field under HTTP Settings in the Service Spec.
- Download:
March 31st 2021
v1.35.0
- Optimized standard config parameters down to only four values and updated defaults for many parameters to simplify common Netagent configurations. The following defaults have changed:
- Shield Connectivity -
secure_bootstrap = true
- Access Tier -
access_tier = true
,site_domain_names = "*"
- OIDC Services -
code_flow = true
,groups_by_userinfo = true
,redirect_to_https = true
- Shield Connectivity -
- Miscellaneous Access event improvements.
- Service Name shows Service ID.
- HTTP_CONNECT mode now indicates backend address.
- Increased the time interval for periodic events to 1 hour from 10 minutes.
-
(Bug fix) If a request had two Trust cookies – one that is valid and a second one which is not valid – then depending on the order in which they are getting processed by Netagent, the valid one could end up getting deleted, which would make the user have to re-authenticate. Now, in that scenario the valid cookie will not be deleted.
- Download v1.35.0
March 12th 2021
v1.34.1
-
(Bug fix) Netagent v1.34.0 did not properly handle expired cookies, which caused end users’ browsers to get stuck in an endless redirect loop when attempting to access a web service.
-
Download:
March 3rd 2021
v1.34.0
- Wildcard Web Service definitions (such as
*.example.com
) now support the root domain (example.com
). -
(Bug fix) Netagent handling of cookies for wildcard domains.
- Download v1.34.0
January 27th 2021
v1.33.0
-
(Bug Fix) Valid short-lived certificates that were older than 24 hours were rejected. Now, short-lived certificates can be up to 72-hours old.
January 6th 2021
v1.32.0
-
Performance and stability improvements.
October 28th 2020
v1.31.0
-
Performance and stability improvements.
October 2nd 2020
v1.30.0
-
OIDC Services - Added ability to exempt specific Source IPs from Policies
October 1st 2020
v1.29.1
- OIDC Services - Add ability for Netagent to query TrustProvider’s
userinfo
endpoint to obtain a user’s group membership. This is especially useful for organizations where the end users belong to a large number of groups, which increases group information included in the TrustCookie and triggers browser limitations on cookie size. -
(Bug Fix) OIDC Services - the
bnn_return
cookie logic used to return the end user to the original path they were attempting to access (for example,/foo
) now also supports query parameters (such as,foo?bar=123
). - Download v1.29.1
August 26th 2020
v1.28.0
- Enriched information collected about a Netagent when generating a one-click support bundle. The bundle now collects additional Netagent configuration files and CIDR ranges as well as common commands support staff needs to better understand the Netagent environment.
- Ability to create allow list of backends and ports (including CIDR ranges) when configuring services.
-
(Bug Fix) OIDC Services - Previously, when configuring CORS, the target parameter only supported a wildcard (
*
). Now, the target parameter supports actual domains. - Download v1.28.0
July 30th 2020
v1.27.1
-
Updated a shared-library dependency involving default values for the
allow_user_override
metadata tag, which (in some scenarios) reset admin-configurations and led to erroneous blocking of end user access.
July 29th 2020
v1.27.0
- Added
HTTP_CONNECT
mode for Backend routing; when set, Netagent will rely on an HTTP Connect request to derive the backend target address (i.e.,ipaddress:port
orfqdn:port
). - (Bug Fix) Successful WebSocket closure statuses were returning incorrectly.
-
(Bug Fix) Netagent Service configurations were not properly updating.
- Download v1.27.0
June 19th 2020
v1.25.1
-
(Bug Fix) Netagent v.1.25.0 introduced a regression for Cognito that passed an OAuth “scope” called “groups”, which Cognito does not support.
June 17th 2020
v1.25.0
-
Support of exempting CORS traffic.
May 20th 2020
v1.23.0
-
Added ability to zip up logs folder and send, via Shield, to the Command Center to create a Support Bundle for troubleshooting.
May 6th 2020
v1.22.0
-
Fixed cookie logic for WebSockets and Multi-domain Services so that Banyan TrustCookies are removed from HTTP requests that are forwarded to upstream servers.
The Banyan TrustCookie still can be forwarded by setting the forward_trust_cookie
parameter to true
. Banyan TrustCookie removal is performed both with and without the domain parameter to avoid a browser redirect loop scenario.
April 22nd 2020
v1.21.1
- Added a configuration option
redirect_to_https
to redirect traffic from Port 80 (HTTP) to Port 443 (HTTPS). - Added a configuration option
https_proxy
to use an HTTP Connect Proxy to make outbound connections to Shield and TrustProvider - Added a configuration option
forward_trust_cookie
to not strip out thebnn_trust
cookie before sending an HTTP request to the backend application -
(Bug Fix) OIDC Services - Strip out the
bnn_
cookies, that are used in OIDC authentication flows, before sending an HTTP request to the backend application. This enables Netagent to proxy traffic to applications that cannot tolerate additional cookies due to theirmax-http-header-size
parameter. - Download v1.21.1
April 8th 2020
v1.20.0
- Service configuration details are now reported from Netagent and displayed in the Banyan Command Center.
- The service spec has a new
exempted_paths
field which allows specifying a list of HTTP paths that will be accessible without OpenID Connect authentication. - In the Service Spec, the
oidc_settings.service_domain_name
URL value can include a wildcard (*
) in the first component of the domain name. Including the wildcard enables one Banyan service to permit a dynamic, non-fixed set of OpenID Connect redirect URLs. Please note: The OpenID Connect standard does not support wildcard redirect URLs, and so this feature should be used with care. - Added a configuration option
code_flow
for opt-in support for OpenID Connect Authorization Code flow. The default mechanism for OIDC authentication remains OpenID Connect Implicit Code flow. -
Changed wildcard support in
site_domain_names
parameter in theconfig.yaml
settings file, used when Netagent is run in Access Tier mode. Now, the wildcard (*
) will match any prefix, not just the first component, of the SNI name. Previously,"*.example.com"
in theservice_domain_names
parameter would match SNI “www.example.com” but not “alpha.beta.example.com”; now, it will match both. - Download v1.20.0
March 25th 2020
v1.19.0
-
(Bug Fix) OIDC Services - Fixed a race condition at the token validation stage that was causing sporadic hanging of connections to applications.
-
(Bug Fix) Fixed issue where Netagent stopped working if the underlying host was upgraded.
March 12th 2020
v1.18.0
-
Performance and stability improvements.
-
Disconnect existing TCP connections (SSH, RDP, etc.) automatically if the device’s TrustScore drops below the level specified in the Policy condition.
February 26th 2020
v1.17.0
- Added
name_delimiter
field to backend target in Service spec -
Performance and stability improvements
- Download v1.17.0
February 12th 2020
v1.16.0
- Configuration guardrails - Require site name, site address, or site domain name
-
(Bug Fix) Proxy WebSocket - Passing all headers for WebSocket request
- Download v1.16.0
January 29th 2020
v1.15.0
-
Improvements to log messages
December 18th 2019
v1.13.0
- (Bug Fix) Workload identification - Improved handling when process or parent process has exited
- (Bug Fix) Workload identification - Client cert issued to Unidentified container even if it has no roles
-
(Bug Fix) OIDC Services - robust deep-linking
- Download v1.13.0
November 25th 2019
v1.11.1
- Support for Services with mixed (user and workload) client types
- OIDC Services - Trust cookie is a session cookie (auto-removed on browser shutdown)
- (Bug Fix) OIDC Services - Obey Source IP Exceptions as long as Service is non-SNI
-
(Bug Fix) Workload Roles - Affix Roles even if workload is “Unidentified”
- Download v1.11.1
October 23rd 2019
v1.9.0
- Inactivity & max session timeouts
- “BadActor” module for DoS prevention
- Connection IDs in events & log files for easier troubleshooting
-
OIDC Services - deep-linking, HTTP Strict Transport Security (HSTS)
- Download v1.9.0
September 25th 2019
v1.7.0
- Support for proxying Websocket
- Send complete cert chain on TLS handshake
-
Uninstall script
- Download v1.7.0
July 19th 2019
v1.5.0
- GA Release
- Access Tier mode
-
Trust Scoring support
- Download v1.5.0
February 4th 2019
v0.7.1
- Service definition via Web Console
- CIDRs automatically installed from Service definition
- OIDC workflows
-
HTTP authorization policies
- Download v0.7.1
September 10th 2018
Netagent v0.6.13
- Forwarding Gateway mode
-
Various stability enhancements
- Download v0.6.13
August 14th 2024
v.1.18.1
- Cloud connectivity check was added to installer.
-
Help commands for TCP health check were added for Mac, Linux, and Windows.
- Download:
July 10th 2024
v.1.18.0
-
Enhancements for the new release of the Windows-based Connector.
-
Download:
May 8th 2024
v1.17.1
-
Connector bypasses systemd-resolved.
-
Download:
April 2024
v1.17.0
-
Performance and stability improvements.
-
Download:
March 2024
v1.16.0
-
Performance and stability improvements.
-
Download:
November 2023
v1.15.0
-
Performance and stability improvements.
-
Download:
October 11th 2023
v1.14.4
-
Performance and stability improvements.
-
Download:
August 9th 2023
v1.14.2
-
Performance and stability improvements.
-
Download:
July 12th 2023
v1.14.1
-
Performance and stability improvements.
-
Download:
May 10th 2023
v1.13.0
-
Performance and stability improvements.
-
Download:
March 8th 2023
v1.12.0
-
Performance and stability improvements.
-
Download:
February 8th 2023
v1.11.0
-
Performance and stability improvements.
-
Download:
January 11th 2023
v1.10.1
-
Performance and stability improvements.
-
Download:
December 21st 2022
v1.9.1
-
Performance and stability improvements.
-
Download:
December 13th 2022
v1.9.0
-
new ARM architecture support for install.
- Download:
- Connector v1.9.0
November 9th 2022
v1.8.0
-
Performance and stability improvements.
-
Download:
October 13th 2022
v1.7.0
-
Optimized Docker image size for Connector.
-
Download:
September 14th 2022
v1.6.0
-
Performance and stability improvements.
-
Download:
August 25th 2022
v1.5.0
-
Connector will now include /etc/hosts when proxying DNS requests.
-
Download:
May 12th 2022
v1.4.0
- Support for Service Tunnel.
-
Support for Connector deployment on M1.
- Download:
October 14th 2021
v1.3.0
-
Support for users who want to install the Banyan Connector via Docker on a MacOS device.
-
Download:
August 4th 2021
v1.2.0
-
Configure Connectors from Command Center
-
CIDR-less support
-
Added example services
-
Download:
July 14th 2021
v1.1.0
- Various bug fixes.
June 12th 2021
v1.0.0
- Initial release
- Semi-manual configuration
Can’t find what you’re looking for?
We’re happy to help. Contact our team.