Skip to content

Release Notes

Release notes for the update July, 21 2024

Update Version 4.1.202407192016

New Features

Added API Tokens Management

Added the option to manage API tokens and to generate JWT tokens to authenticate and authorize external scripts and application to access data and processes of the application server.

API token represents an authentication and an authorization mechanism for 3rd party scripts and applications to communicate with the system server using its REST API. After created in the system, an API token generates a unique string signed by the tenant signature key in a standard JSON Web Token (JWT) format that that defines a compact and self-contained way for securely transmitting information from external parties to the system server.

To ensure access security, an API token encapsulates information about the user, expiration time and IP address filter for the caller location. It is signed by the tenant signature keys and could be disabled on the server side.

OpenAPI Tenant

Added the option to execute system API from OpenAPI browser

Added the option to OpenAPI browser GUI to specify tenant for the script execution to execute selected function with the real data.

The option allows to use OpenAPI REST API browser to execute functions in the real application server tenant in addition to just browsing API categories and functions.

The option facilitates adoption of the system integration into the specific clients networks.

OpenAPI Tenant

Improved filters on the Network Connections reports.

Added the option to filter connection list on space- and on asset-level reports by the Active indicator.

Active Connections Filter

Added the option to filter system and asset level connection report by local and foreign address and port.

Port and Address Connections Filter

Extensions

  • Updated the application framework and WEB container to the latest versions.

  • Fixed the issue with Enable Policy Enforcement action disabling default in-bound traffic.

  • Updated server and client side application components to the latest versions.

  • Added context help for the Framework update on the About screen.

  • Added Oracle RDBMS, MS SQL Server, MySQL and PostgreSQL drivers to the software distribution.

  • Added the option to show a progress indicator when creating, updating a tenant or testing tenant back end database connectivity.

Bug Fixes

  • Fixed the issue with processing SSH script results with no exit code.

  • Fixed the issue with the missing Linux Firewall Management Script Batch in the default Unix-related asset types.

  • Fixed the issue with the blanket error message during the Linux installation about removing non-existing files.

  • Fixed the issue with saving asset that contains a single space character in a Password field.

  • Fixed the issue with parsing incomplete data in script definitions.

  • Fixed the publishing of the offline installer package.

  • Fixed the issue with the error message unlocking the empty secret field.

  • Fixed the issue with some password managers embedded into the browser attempting to save asset user and password fields to their vaults when saving assets.

  • Fixed the issue with accessing the application home page and the asset list by the user with no space administrator or space auditor permissions.

  • Fixed the issue with mis-counting total number of accessible space assets on the home page wizard for non-admin users.

  • Fixed the issue with non-admin users browsing the asset hierarchy.

  • Fixed the home page layout for non-admin users.

  • Fixed the issue with losing database password when creating tenants with the external database.

  • Fixed the success message after testing a tenant connection to the new database on the tenant add of edit screen.

  • Improved context help for DB URL field on the tenant editing screen to include database connection strings.

  • Fixed the issue with switching to policies and switching to original state checking the status of the operation.

  • Changed default rule prefix generated on Windows platforms to ZT.

  • Fixed the issues with using Oracle RDMS as a backend tenant database.

Oracle

Release notes for the update July, 14 2024

Update Version 4.1.202407121357

New Features

Added signatures to the application installation and update scripts on Windows platforms.

While Windows Server OS does not trust the installer right away (although it might start doing this following enough executions from different locations), it prints the vendor information during the launch of the script and offers to establish permanent trust with the vendor's certificate. This is a good progress as compare to the unsigned script considering that the script itself comes from the WEB site mentioned in the certificate.

Add or Edit Service Request

Default setting on the Windows Server platforms allows signed script executions and prompts to establish the trust with the vendor. There is nothing special needs to be done on Servers to install and to update the application.

Default setting on the Windows Desktop blocks any script executions. To start deploy the application on Windows Desktops the script execution should be enabled by using the following PowerShell command:

Set-ExecutionPolicy -ExecutionPolicy RemoteSigned

The command should remain in effect on Windows Desktop platforms during application life time to ensure application updates that are also script driven.

Another advantage of the script signatures is that the script download using WEB browser does not produce warning messages from the WEB browser about unknown origins of the downloaded scripts.

Added offline installer accessible using the following URL

https://bin.12port.com/product/12port-offline.tgz

Added support for Handler script orchestration type

Handlers allow the application to expose customizable parts of the complex network management workflows as editable scripts in the script library while preserving proprietary micro-segmentation logic inside the application core. This approach simplifies customizations and development of new device types.

Handlers

Example of a handler is the action that enables policy rules enforcement. The action collects current asset status and the firewall configuration from the asset endpoint using the scripts from the script library. Then the action analyses the result using the proprietary logic. Finally, the action enables the firewall enforcement using another script from the script library.

Added support to enforce application license expiration.

While waiting for the License Server implementation, current expiration date is set for now to October, 18th with the expectation we will move the date forcing the current users to update until the proper licensing system will be implemented.

In the expired state the application prohibits creating, updating and deleting Assets, Network Services and Segmentation Policies as well as moving, copying assets and promoting objects to major version.

Both server side restrictions and client side helpers are implemented.

Added the notification box about the license expiration to the home screen as well as to the asset, services and policies lists.

Home Screen License Expiration Notification

Added license expiration entry to the system About screen.

License Expiration on About screen

Extensions

  • Added Japanese translation for server- and client-side labels and messages.

  • Added the option to use note element > in the context help markdown files.

  • Added context help for the Users Report

  • Added context help to the Service Request report as well as to Add and Edit Service Requests screens.

  • Added context help to the Network Status report.

  • Added context help to the Workloads report.

  • Added context help to the Connections report.

  • Added context help to the Firewall report.

  • Added context help to the Network Service management screens.

  • Added context help for Policy management screens.

  • Added context help for Policy Query Preview screen.

  • Added context help to the About screen

  • Added context help to the SSL Key Import screen

  • Added context help to the Time Range picker dialogue

Bug Fixes

  • Fixed the issue with unnecessary creating new local database when testing database connection for the new tenant created with the embedded database.

  • Fixed the issue with XSLT parser processing empty list results.

  • Fixed the issue with the availability of the option to edit detected firewall rule.

  • Fixed the issue with deleting an asset associated with the collected data.

  • Fixed the issues with successful and un-successful message confirmation when changing password on My Profile / Account page.

  • Fixed the issue with resetting password update fields on the My Profile / Account screen after successful update of the password.

  • Fixed the issue with out of the box assets and policies appear in the draft state.

  • Fixed the issue with automatic publishing of the firewall rules generated after publishing a policy.

  • Fixed the issue with passing PowerShell script parameters from handlers.

  • Fixed the issue with missing Firewall Management task in the out of the box Windows Host asset type

  • Fixed the issue with disabling default RDP and WinRM rules when enabling enforcement on the Windows hosts as well as re-enabling them when restoring firewall to the original state.

  • Fixed the issue with increasing asset minor version when switching status of the segmentation policy affecting the asset.

  • Fixed the issue with asset copy preserving secure fields.

  • Fixed the issue with placeholder for the asset displayed on the success message after the individual asset copy, move and delete operations.

  • Fixed the issue with detecting terms match using Same policy source criteria.

  • Fixed the issue with inability to delete all values from multi-values fields.

Release notes for the update July, 7 2024

Update Version 4.1.202407052156

New Features

  • Added the option to create service requests for an asset under management to open requested service for the requested period of time in the future.

The option allows users to request the system to open requested ports on the managed endpoints for the requested devices during the requested time range (possibly in the future) outside of the context of existing policies.

Add or Edit Service Request

Service requests track in the Service Request report with the options to review, delete and modify existing requests.

Track Service Request

Firewall report displays rules originated from the service requests with the indication of this service request.

Track Service Request

Service requests are triggered from the asset context menu in the asset database navigator. Service request replace previously introduces Add New Rule action in a controlled, tracked and managed way.

Track Service Request

Extensions

  • Added the option to change date / time format using the application customizer to test data format use across the application.

Note that like everything in the customizer right now the setting is not preserved during the browser refresh.

Track Service Request

  • Added vertical scroll to the asset context menu to better accommodate smaller screens.

Asset Scrollable Context Menu

  • Added the option to open container browser or asset view screens from the asset database navigator in the new tab by right clicking on it and selecting "Open in a new tab" browser action.

  • Added the option to open Add SMTP configuration screen in the new tab by right clicking on Add button and selecting "Open in a new tab" browser action.

  • Added the option to open Add and Edit Parser screens in the new tab by right clicking on corresponding buttons and selecting "Open in a new tab" browser action.

  • Added the option to open Add and Edit Script screens in the new tab by right clicking on corresponding buttons and selecting "Open in a new tab" browser action.

  • Added the option to open Add and Edit Network Service screens in the new tab by right clicking on corresponding buttons and selecting "Open in a new tab" browser action.

  • Added the option to open Add and Edit Policy as well as policy history screens in the new tab by right clicking on corresponding buttons and selecting "Open in a new tab" browser action.

  • Added the option to open View Import screen in the new tab by right clicking on corresponding buttons and selecting "Open in a new tab" browser action.

  • Added the option to save new or update existing space using Ctrl-S shortcut

  • Updated context help for the Import management screens

  • Updated context help for the Tenant management screens

Bug Fixes

  • Fixed the issue with displaying asset icons that are default to type.

  • Fixed the issue with changing asset icon dialogue defaulting to the asset type icon.

  • Fixed the issue with rendering display names of principals in case of their source directory is not known at the time of reporting.

  • Fixed the issue with exporting reports that contain data that require database access during rendering

  • Fixed the issue with allowing to create a space with non-alpha-numeric characters

  • Fixed the issue with Success message fixed when promoting asset to major version

  • Fixed the issue with failing Test button on Create New Tenant and Initialize first tenant screens

Release notes for the update June, 30 2024

Update Version 4.1.202406282233

New Features

  • Added support for the native deployment on Windows ARM platforms

Windows ARM

Extensions

  • Changed the system log name to ztna.

  • Added the option to open application screens from the left side vertical menu in the new tab by right clicking on it and selecting "Open in a new tab" browser action.

  • Added the option to open application screens from the left side horizontal menu in the new tab by right clicking on it and selecting "Open in a new tab" browser action.

  • Added the option to open Add New SMTP Connection screen in the new tab by right clicking on the Add button and selecting "Open in a new tab" browser action.

  • Added the option to open Add New Asset screen, Manage Asset Permissions and Container Visibility, View Asset screens as well as all screens from the asset drop down menu in the new tab by right clicking on the Add button and selecting "Open in a new tab" browser action.

Bug Fixes

  • Fixed the issue with switching from default script or parser content when updating other script or parser properties

  • Fixed the issue with starting WEB Server from command line for troubleshooting purposes

  • Fixed the issue with creating new tenants in case there were issues accessing one of the old ones

  • Fixed the issue with detecting framework update on all platforms that support vendor driven framework distribution

  • Fixed the issue with creating tenants with embedded back end database to ensure that database user and database passwords are not set.

  • Fixed Windows platforms update procedure compatibility issue with different brands of JRE framework

  • Fixed the application name on the My Profile / About screen

Release notes for the update June, 23 2024

Update Version 4.1.202406211732

New Features

  • Added version support for micro-segmentation policies.

Creation of a new policy as well as updating existing policy will create a minor version of the policy (such as 2.1, 2.2, 2.3, ...). Policy application that generates rules and checks for traffic violations only works with the major versions of the policies while the system users can review all versions.

Added the option to promote current minor version of the policy to a major version.

Added the option to review policy history report with details about each policy version. Added the option to run a policy review for any selected historical version.

Policy versioning adds a story about change control. Changing policy selectors, services or sources might affect multiple endpoints by generating or removing firewall rules on these endpoints. The system allows policy owners to review the change before applying it to the assets either themselves, or with their peers, or with the other stakeholders that have interests in the maintaining the endpoints under management.

Policy Versions 1

Policy Versions 1

  • Firewall Rules synchronization

Added synchronization logic to re-apply segmentation policies to the assets when the new rules created on the endpoints or existing policy-generated rules deleted from the asset directly without the use of the application policies.

This update maintains a consistent state between configured segmentation policies in the application and the state of the firewall on the endpoints even if admins create of delete firewall rules directly on the endpoint.

The process happens in the background and triggers automatically after execution of List Firewall Rules scripts.

  • Policy Preview for Asset Versions

Added support to display Policy Preview screen for a selected asset version and a selected segmentation taxonomy field of this version.

This update continues the story of change control. It allows system owners to review the policy application to an old version of the asset (for example, for the currently production major version) as compared to the last version or to one of the past versions.

Also note that an asset might contain several segmentation taxonomy fields that would apply different policies based on different segmentation taxonomy. It allows demonstration of different segmentation taxonomies and their application to control the traffic for the same asset. Example is that the same asset might be classified based on the location, environment, component and application or it might be classified based on specific process phase, confidentiality level and priority impact. The update allows to run Policy Preview not only for the selected version of the asset but for the selected segmentation field.

Extensions

  • Updated the application favorite icon in the browser page tab.

It looks like the icon has white background instead of transparent background. The original icon has ico format (favicon.ico) that included multiple resolutions. We generated one from the supplied png files using some online WEB converter. Maybe the supplied png files could be combined into the aggregated ico file better than this online converter. We will keep working with the designer to generate the icon in the right format.

  • Menu ident

Changed left side application menu appearance to indent second level menu to the right to show that this is another menu level.

  • Added support for unsupported rules

Added support for ignoring firewall rules from the endpoints that are not supported by the application. We will decide during business operation whether do we want to add support for these rules or leave them undetected. The fix allows to continue micro-segmentation logic in the presence of unsupported firewall configuration. Firewall service has more functionality that is needed for micro-segmentation story so the current approach is to ignore firewall aspects that are not interesting for our current marketing.

The rule in question this week was the enabling Ping service to respond on Windows 10 computers (worked fine for Windows 11). Ping is an ICMP protocol which is outside of the scope of the first implementation (TCP and UDP are supported).

This update should fix the issue we had with Windows 10 computers on the demo tenant.

  • Asset-specific icons

Added the option to change application icon on the asset level overwriting the asset type configuration.

This update allows to emphasize certain areas of the application both containers and assets. We will surely use it for demos. Based on our past experiences, clients like it too.

  • Hardware Architecture

Added hardware architecture information to the system about screen.

  • Mass Promote

Added the option to mass promote selected assets to the major version.

This is a handy productivity enhancement tool especially after large imports but useful for the manual asset creations as well.

Bug Fixes

  • Cleaned up language translations files so they would be consistent with each other.

  • Automated language translations through the corporate Google Cloud account to maintain language translations consistent for the weekly releases.

  • Fixed the issue with importing assets to the system in case the import file does not include asset name (use host instead) or both asset name and a host (post an error during import).

  • Fixed the issue with deleting imported assets from the system without deleting the import before that

  • Fixed the issue with updating default parsers in the existing tenants

  • Fixed the issue with using default script templates for Groovy and PowerShell scripts. This fix resolves the issue that required us to re-save each PowerShell script on the demo tenant before it started to work.

  • Fixed the issue with unclassified API documentation for Import module.

  • Removed default time filter from Interfaces report.

  • Removed default time filter from Firewall Rules report.

  • Removed default time filter from Workloads report.

  • Fixed the issue with not-adjustable IPv6 column on the Interface report to make it fit to the lower resolution displays.

Release notes for the update June, 16 2024

Update Version 4.1.202406162121

New Features

Added initial support for asset database

  • Manage and browse space hierarchy of nested sub-spaces. Sub-space inherits and extends a configuration of its parent space and maintains unique asset database.

  • Browse containers and assets based on users permissions.

  • Create, edit, view and delete as well as copy, paste and link containers and assets.

  • Mass import assets into the space database from CSV spreadsheets.

  • Manage and query asset versions including draft (minor) and production (major) versions.

  • Manage containers and assets custom fields derived from the asset types as well as properties such as name, description and icon.

  • Manage space, container, asset and field permissions including access inheritance following the space and container hierarchy. Manage global space level access to space operations and access to assets.

  • Manage asset types defining asset fields with pre-built asset types for Windows and Linux hosts with different access strategies. Support asset fields includes Checkbox, Choice, Date, File, Number, String, Taxonomy, Text and IP Address.

  • Manage taxonomies as hierarchies of terms with synonyms used to tag assets and build policies. Graphically display taxonomy structure.

  • Query and export system event log

Added initial support for remote endpoint management

  • Support for direct PowerShell (Windows), SSH (Unix) and Groovy (local server) job execution strategies. Support for text and object model results for PowerShell scripts to parse by different parser strategies.

  • Support for RegEx (through unstructured text analytical handler), XSLT parsers processing results returned by the scripts run at the endpoints.

  • Manage script library with customizable PowerShell and Shell scripts as well as with batches executing several scripts through the same connection.

  • Manage parser library with customizable parsers.

  • Manage task execution policies defining when the script is executed on the endpoint including event based triggers as well as a scheduling mechanizm. Inherit task execution policies from the asser types to the individual assets with the option to override the policy on the asset level.

  • Query and export job execution queue with the raw job results returned from the script execution on the endpoint.

Added initial support for user authentication

  • Integration with Microsoft Active Directory as a user directory for authentication and authorization purposes including nested groups membership.

  • Integration with LDAP Servers as a user directory for authentication and authorization purposes including nested groups membership.

  • Integration with Entra ID as a user directory for authentication and authorization purposes including groups membership.

  • Manage space level local user directories. Manage local users and groups including external directories users and groups membership in local groups.

  • Integration with external Identity Providers using SAML protocol for the authentication and authorization purposes optionally utilizing group membership transferred using SAML protocol.

  • Integration with TOTP MFA (such as Google or Microsoft Authenticator).

  • Integration with HOTP MFA using Yubico services.

  • Integration with Duo Security Services as MFA provider.

  • Integration with 3rd party MFA devices over Radius protocol.

  • Integration with the MFA code provided through email.

  • Manage MFA requirements for various groups of users.

  • Manage API Tokens providing access to the application API.

  • Analyse users using the application and manage users MFA preferences.

Added initial support for network micro-segmentation

  • Manage services including ports, port range or process comprising the service

  • Manage micro-segmentation policies defining access to the services on the assets for the selected sources through taxonomy tagging of the asset database.

  • Manage micro-segmentation policies publishing status including disabled, monitoring and published.

  • Manage and query policy versions including draft (minor) and production (major) versions.

  • Manage out of the box micro-segmentation management scripts and parsers for Windows Defender Firewall and Linux IPTables.

  • Query network information collected from the endpoints including: asset status, network interfaces, workloads, connections, and firewall rules. Graphically display asset workloads as well as connections detected on the endpoint.

  • Manage policy enforcement status on the asset endpoint.

  • Manage requests for the temporary access to the asset services in addition to the applied policies.

  • Query connections violation data from the assets in the monitoring state to evaluate the effect of policy enforcement.

Added initial support for the application deployment

  • Support for software deployments on Windows and Linux platforms.

  • Support for internal database deployed during the software installation.

  • Support for external RDBMS: Oracle, MS SQL Server, MySQL and PostgreSQL.

  • Manage multiple tenants with each tenant handled by unique URL and managing its data in the tenant-based backend database.

  • Manage mail server configuration including SMTP and IMAP protocols with Basic and oAuth authentication mechanisms. Manage out of the box email templates.

  • Manage deployment-level SSL certificate to terminate HTTPS traffic.

  • API support for external scripts and software to access each function provided by the application based on the permissions assigned to the access token. Support for API browser with the options to test API functions.

  • Manage software updates including main WEB application and 3rd party components for framework and WEB container.