New features and enhancements in version 7.5.006

Main features

  • The VPN Client now allows Active Directory (AD) to be used for Trusted Network Detection (TND),
  • The VPN Client adapts the behavior of the Connection Panel and the TrustedConnect Panel according to the compliance level reported by the Secure Connection Agent (SCA), which determines whether an endpoint should be allowed to access the corporate network,
  • The VPN Client is now able to forward audit traces to the Connection Management Center (CMC) when combined with the Secure Connection Agent add-on (SCA),
  • Complies with ANSSI recommendations to ensure compatibility with gateways operating in “IPsec DR” (Restricted) mode, including use of SHA-2 hashing algorithm in the certificate request payload,
  • The web browser to be used for Captive Portal Detection (CPD) can now be specified and a command line can be added, e.g. to disable the proxy in order to secure the connection,
  • All OpenSSL-based components in the VPN Client have been migrated to version 3.0,
  • The TrustedConnect Panel and the Connection Panel now manage endpoint compliance dynamically based on the SCA's status.

Enhancements

  • Greater granularity when configuring certificate selection: you can now specify the certificate's location (user store or machine store) at the tunnel level,
  • Automated certificate selection regardless of medium, even when there are several tokens and smart cards,
  • Added a dynamic parameter to enable the Online Certificate Status Protocol (OCSP),
  • User certificates with a Brainpool curve using method 14 are supported by default and a dynamic parameter has been added to set method 214 as the default method when Restricted mode is required,
  • ANSSI's new requirements relating to Key Usage and Extended Key Usage extensions have been applied,
  • The SHA-1 or SHA-2 hash algorithm is now selected automatically for the certificate request payload (CERTREQ),
  • Added a dynamic parameter to configure the size of the local virtual network,
  • Added a Remediation checkbox to specify that the corresponding connection can be used for remediation,
  • Better management of fragmented packets,
  • USB mode has been removed to enhance product security.