Blue Cedar Connect Gateway 4.2.x Release Notes

About Blue Cedar Connect Gateway

The Blue Cedar Connect Gateway is an IKEv2 VPN gateway and a key component of Blue Cedar’s secure connectivity offering. The Blue Cedar Connect Gateway allows apps integrated with the Blue Cedar Accelerator for Secure Edge Connect to securely access network protected resources such as backend services and application data. With Blue Cedar’s secure connectivity offering, enterprise users can seamlessly connect to remote resources from any device, even one not controlled by MDM.

What's new

What's new in Blue Cedar Connect Gateway 4.2.6

Added support for using SCEP over HTTPS (BCC-251)
Added message for mobile app user if the client certificate presented to the gateway fails to authenticate. (BCC-264) See Understanding certificates used by Blue Cedar products to troubleshoot this situation.

What's new in Blue Cedar Connect Gateway 4.2.5

Added the ability to configure the depth of the certificate authority's chain of trust. See Configuring certificate enrollment for the gateway.

What's new in Blue Cedar Connect Gateway 4.2.3

Added a healthcheck REST API to the public interface. (BCC-239)
Added support for NDES 2016. (BCC-237)

Resolved issues

Resolved in Connect Gateway 4.2.6

Item	Description
BCC-230	Fixed an issue where sometimes the underlying DNS configuration would not be updated with what was represented in the gateway configuration.
BCC-243	Improved release file size.
BCC-255	Fixed an issue where sessions were not being fully flushed.
BCC-285	Fixed an issue where the client's IP address was not being displayed in the session.

Resolved in Connect Gateway 4.2.5

Item	Description
BCC-257	Fixed issue with verifying client certificate.

Resolved in Connect Gateway 4.2.4

Item	Description
BCC-254	Fixed issue with file parsing during SCEP.

Resolved in Connect Gateway 4.2.3

Item	Description
BCC-225	Fixed a bug where enrollment PIN was not emailed to the user during certificate enrollment.
BCC-244	Fixed a bug where authentication would incorrectly fail when using an LDAP auth-provider.

Open issues/limitations

You cannot currently modify a trusted certificate. To work around this limitation, first delete the certificate and add a new one. See Configuring AAA Public Key Infrastructure.
The gateway does not yet support the ability to add additional interfaces.
The gateway does not yet support the ability to configure network inactivity timeout.
Certificate enrollment is not currently supported with OAuth authentication.
The "auto" mode under the "ports" configuration is experimental.
Certificate enrollment email-pin is not yet supported when using LDAP authentication.

Documentation

Online documentation is available at https://apollo.bluecedar.com/connect-gateway-doc