This release of VIP Enterprise Gateway is enhanced to include the following new features:

 

• Inline Active Directory password change through VPN connection with VIP Access Push.

 

VIP Enterprise Gateway uses the Active Directory password for the first-factor authentication if you have configured Active Directory as a User Store. When this feature is active in the Validation Server and the password of the user expires, the user will be prompted to change their password. In such cases, the strong authentication can be validated by the user on their smart phone using VIP Access Push.

 

• Inline VIP PIN change through VPN connection. 

 

Users can change their VIP Access PIN through their VPN login when it detects that the previous PIN has expired.

 

• Newer browser support.

 

VIP Enterprise Gateway now supports Internet Explorer 11 for VIP Enterprise Gateway console and Chrome for VIP SSP IdP, VIP SSP IdP Proxy, and VIP Manager IdP.

 

• Domain name additions for User Store configured with Global Catalog port.

 

In a multi-domain Active Directory environment, when a user store is configured with a Global Catalog port, you can additionally configure the DNS and NetBIOS names. Therefore, users can authenticate by logging in with the domain qualified username formats used in Windows. For example, colossal\john_smith and colossal.com\john_smith.

 

• Multiple Syslog Server Support

 

You can configure VIP Enterprise Gateway to send the log messages to multiple syslog servers simultaneously. By configuring multiple servers, the log messages are not lost if one of the servers is not accessible for a certain duration.

 

• Upgrade infrastructure improvements for better LiveUpdate experience.

 

• Log rotation for all the components with number of archived files to keep.

 

You can specify the log rotation interval and the number of archived files to keep per day. The older logs are automatically archived after the log rotation interval elapses. When the number of archived files reaches the configured values, the oldest files are cleaned up from the server.

 

• Diagnostic/Connectivity tool

 

When there is an unexpected connectivity issue in VIP Enterprise Gateway, you can run the Diagnostic/Connectivity tool (vipdiagnostic utility) located in the Tools folder in the install directory to collect the diagnostic data. The diagnostic data is collected in a log file, which can be used to analyze the issue in detail.

 

Refer to the Symantec VIP Enterprise Gateway Installation and Configuration Guide for more information on the new features.

 

 

Before you upgrade to VIP Enterprise Gateway 9.6.1, ensure that the VIP Enterprise Gateway server can access the following URLs: 

• https://ssp.vip.symantec.com/

• https://manager.vip.symantec.com

• https://userservices.vip.symantec.com/ 

• https://userservices-auth.vip.symantec.com/   

• http://liveupdate.symantecliveupdate.com

• http://liveupdate.symantec.com

 

The following issues are addressed as part of VIP Enterprise Gateway 9.6.1:

 

• Support for configuring user stores in TLS mode using ECC ciphers.

• Security issues due to FREAK vulnerability (Common Vulnerabilities and Exposure (CVE)-2015-0204).

• JavaScript and Intelligent Authentication (IA) integration issue with SSP IdP proxy.

• Self-service portal service does not start when the user bind is configured with sAMAccountName.

• The VIP Enterprise Gateway console displays HTTP Error 503: Service Unavailable when there is no direct internet connectivity.

• VIP Enterprise Gateway installation on a Windows Server 2008 R2 required a Windows registry change to enable heuristic search on an Active Directory domain controller server.

• In a Validation Server configuration, the LDAP attributes can be mapped to the RADIUS attributes for VPNs to control authorization. In such cases, the LDAP attribute was an empty RADIUS response.

• On several LDAP synchronization operations, where the number of LDAP users was large, the Java process used to run out-of-memory.

• Email sent during the Business Continuity operations contained unreadable characters when the configured message did not have two terminating end-of-line characters.

• A few minor application security issues.

• The search for secondary query attributes was failing when multiple user stores were configured.

• PIN reset failure on Validation Server on Windows 2012 Standard edition.

 

Note: This release also combines the fixes which were done as part of the VIP Enterprise Gateway 9.5.  For the entire list of fixes, see What’s new in 9.5 Release Notes.

 

For information about issues and workarounds related to this release, access the Customer Support web page for VIP Enterprise Gateway at https://www.symantec.com/page.jsp?id=contact-authentication-services. 

 

In this website, do the following to search for the known issues and their workarounds:

1. Under the Support tab, in the Validation & ID Protection Service (VIP) Support section, click Knowledge Center.

2. In the Symantec™ Validation and ID Protection Service (VIP) Support page, use the search box: Knowledge Center Search to find the known issues and their workarounds.

 

 

The following documents have been updated for this release:

 

• Symantec VIP Enterprise Gateway 9.6.1 Release Notes (this document)

• Symantec VIP Enterprise Gateway Installation and Configuration Guide

 

Note: The VIP Enterprise Gateway Installation and Configuration Guide describes introduction, pre-installation requirements, installation procedures, basic configurations, and description of the features of VIP Enterprise Gateway 9.6.1.

 

To understand how to perform tasks associated with the VIP Enterprise Gateway features, refer to the VIP Enterprise Gateway Online help. Click the Help tab that is displayed at the top of the VIP Enterprise Gateway screen to access the VIP Enterprise Gateway Online help.