- SSH support for WLC
- SSH commands can now be sent to WLC directly from Live Log. Administrators can configure different commands for network switchess and WLC
- Certificate authentication
- XTENDISE can be configured to request client certificates for authentication. Certificate authentication can enhance overall application security because ISE admin interface does not support certificate authentication
- Access VLAN variable
- Customers may want to configure switch interfaces in the way that critical VLAN number is same as configured access VLAN and aviod dynamic VLAN assignment from ISE. In this case, it is dificult to keep this configuration consistent across the network. Compliance module now supports access VLAN variable which can be added into the compliance tempale. This variable is automatically prefilled from the switchport access vlan
- Add AP name and SSID in Live Log
- You can now find AP and SSID of your wireless clients directly on the Live Log main page
- Congiruration Mode enhancements
- Minor ehancements in Configuration Mode in Compliance Module which will improve user experience
- VLAN inputs are pre-filled with VLAN numbers from the template if configured and cannot be edited. The inputs will be editable only if the template does not contain any VLAN configuration. In this case, the pre-filled VLAN number is derived from the actual switchport configuration.
In order to fully utilize new features, there are new required configurations in a customer requirement:
- New logging category - ISE needs to be configured to log the category Administrative and Operational Audit syslog messages to XTENDISE. Please refer to the Installation Guide for detailed configuration steps.
- AP name in WLC logs - Update the WLC configuration to log the AP name in the Called-Station-ID field in RADIUS accounting messages based on the picture bellow.
- Multi-Day Live log
- XTENDISE Live Log will now provide history up to 7 days long. Live Log history will be a configurable value which can be adjusted based on enviroment size
- Improved MAC address synchronization between ISE and XTENDISE
- Newly added or learned MAC addresses are now synchronized immediately into the local XTENDISE database. In previous versions, synchronization was performed every few hours so there was a significant delay
- Protected interfaces in Compliance Module
- Administrator can now specify interfaces which will be protected from unwanted configurations. Administrators will not be able to configure these interfaces in the Compliance Module nor send SSH commands
- Configure checkbox unecked by default
- Configure checkbox in Compliance module configuration page is now unchecked by default
- Endpoint's last activity/status
- Advanced Endpoint Search page now displays last authentication status and date. An administrator can now see whether an endpoint is currently connected to the network or not and when the last authentication event happened and filter based on these values.
- Connected endpoints in Device (Switch) Detail
- Every switch detail in the Compliance Module now displays endpoints (Login Names) which are connected behind each interface.
- Configureable Log Purge
- Administrator can now configure log persistance in range 1 - 999 days. This affects Audit, SSH and Compliance Log.
- Configuration Audit
- Audit log now contains configurations changes made in the application for audition purposes.
- Advanced Endpoints Detail
- Endpoints in Advanced Endpoint Search page now contains detail, which provides more detailed information about an enpoint and it's last authentication.
- Readable authorization response in Live Log
- Authorization Respoinse Details are not nicely parsed and displayed in Live Log detail.
- Option to save a filter in compliance module devices list page
- Devices List in the compliance module now allows to save the configured filter. This filter can be later selected so an administrator does not have to fill the filtering options again. An administrator can also set a default filter in Users Setting page which is automatically selected then the Devices List page is opened.
- Graphical changes
- Minor graphical changes and optimizations.
- New Web Interface look
- The Web interface has a brand new modern look which makes your work more comfortable and effective.
- We are now introducing a new Dashboard which is displayed as a default page. The dashboard is devided into three tabs and provides you a basic information about your ISE deployment:
- Overview - Overview tab provides multiple widgets with monitoring and statistical data about your ISE deployment in the last 24 hours. You can find these data useful when troubleshooting your ISE Deployment in order to quickly identify an anomaly behavior.
- Endpoints - Endpoints tab provides authentication events grouped by various parameters such as number of failed authentications, Device location, or NAD. There are also TOP 10 widgets grouped by individual MAC addresses which provide information about anomalous or misbehaving MAC addresses. Widgets are enriched with additional information such as device profile or NAD, switchport, and location.
- Compliance - The compliance tab provides widgets with compliance module information. It provides information about the compliance status of your network devices and their switchports and the last and the next date of evaluation.
- SSH log pagination
- SSH log now support pagination and allows you to browse historical data.
- Compliance Module Configuration
- Compliance Module Configuration page was redesigned into tabs which allows simpler navigation.
- Object Duplication
- Compliance Module objects and SSH commands can be duplicated so there is no need to configure a new object from scratch.
- Support and Documentation Link
- Support and Documentation Links are now available in the web interface footer. You can now request support directly from the application or open an online documentation.
- The new „WoL Module“
- The WoL module solves the problem with Wake on Lan in networks with dynamic VLAN assignments and silent MAB devices
- Problem no. 1: Network Management Tools such as Microsoft Network Manager cannot wake up computers with dynamically assigned VLAN from ISE if the default switch port VLAN is different. The only solution is to statically configure the assigned VLAN on the switch port
- Solution: WoL module will help you to configure and keep assigned VLAN on the switch port so WoL will work. If the device disconnects, the WoL module will revert the switch port configuration to default VLAN so it will comply to the company configuration standards
- Problem no. 2: There are dummy devices in every network which simply does not send any packet thus makes it difficult to authenticate with MAB in networks with dynamic VLAN assignment.
- Solution: The WoL module will help you to configure assigned VLAN to the switchport and monitor it. This will help to keep the device authenticated because it will always respond to some ARP message. If the device disconnects, the WoL module will revert the switch port configuration to default VLAN so it will comply to the company configuration standards
- Audit log Authorization
- Problem: Previously, any user in XTENDISE could only see it’s own MAC address changes. It was often required by customers that users needs to see MAC address changes of their team mates
- Solution: Audit log now offers two authorization options 1) Users can only see it’s own MAC address changes 2) Users can see MAC address changes of users in the same AD group
- Additional Graphs
- We have added new Overview page with new graphs
- TOP 10 by failed authentications
- TOP 10 by authentication count (failed and passed)
- TOP 10 groups by MAC address count
- Active Sessions in time
- Live Log Utilization by Server
- All graphs from Maintenance page was moved to Overview page
- Change in import from text
- Import from text now requires to fill description
- Import from file header hint
- There is a new button which allows you to copy the CSV header
- This hint helps Administrators to create CSV import files without a mistake
- Rename Live Log filter
- Administrators can now change Live Log filter name without having to delete it
- Tables Pagination
- All relevant tables now support pagination
- Add MAC form enhancement
- Add MAC entry now support to edit a MAC address
- If an Administrator enters a MAC address which is already in the database the form now offers to edit the MAC entry
- Syslog Listener module refactoring
- The Syslog Listener is responsible for running Live Log
- This module was completely rewritten for better performance and optimizations and bug fixes
- Compliance Module - Model detection does not work for switch models 4500, 6500, 6800, 9500.
- Edit MAC from the New Record form is now more intuitive.
- Compliance modul - Fixed situation if no temlate matched an interface configuration.
- WoL import fixes
- The new „Make Compliant“ feature
- Feature helps the administrator to keep all network devices in the compliant state or easily rollout 802.1X configuration across the network
- Feature allows the administrator to easily configure Non-Compliant switch interfaces with a configured compliant templates with just few clicks
- Administrator can switch to the configuration view on every network device, select interfaces to configure and deploy the configuration
- Compliance Module features
- Multiple templates with various results can be configured as a compliance rule result
- Compliance templates can now be configured as Compliant, Part Compliant and Non-Compliant which allows to detect commands which are not allowed to be configured on interfaces
- Messaging system enhancement
- Messages are now displayed to users immediately after login and are required to be accepted
- Expiration date is now displayed for each message
- Additional Compliance module authorization option
- Users can be allowed to work with compliance module (Only administrators had access to the compliance module in previous versions)
- There are three options: 1) No access, 2) Read Only, 3) Full Access
- Additional SSH commands options
- Administrators can now configure SSH commands order
- Administrators can now configure SSH command button color
- Users can be alowed to use a SSH command in Live Log, Compliance Module or Both
- SSH commands logging
- All initiated SSH commands are now logged and can be audited
- All initiated SSH commands are now logged and can be audited
- NET Core framework upgrade
- Framework was upgraded to the version 5.x
- Increased the overall application speed
- Compliance Module does not handle characters ! and + in description.
- Compliance Module evaluates command "mab" incorrectly
- Cannot chage group of MAC addresses if they are in Unknown of Profiled group
- Messaging - cannot change expiration date when editing an entry
- Due to changes in Compliance policy, evaluation Job (Compliance - Device Evaluation) is disabled after upgrade. Please enable the job as you confirm the Compliance policy configuration
- All commands in a Compliance Template except description are evaluated as "Exact Match". Description is evaluated a "Start With".
- Minor changes CZ translations
- Messaging - expiration date is pre-filled with incorrect value
- Compliance Module - Exception and Manual bypass interfaces are handled incorrectly if the switch in inaccessible
- Compliance Templates are ordered incorrectly
- Compliance module does not handle multiple VLANs in vlan group configuration. If multiple VLANs are detected, the default template VLAN is used
- Full sync job does not set expiration date in some cases