Subscribe

Product Updates

April-2026 Release Highlights

Generally Available Features

• Edit Points of Presence (PoP):

  • Admins with orgs created before March 27th 2026 can now edit PoP locations in their org.
  • Legacy PoP assignments are maintained in old orgs (i.e., orgs created before March 27th 2026) until an admin edits their PoP locations, at which point the new maximum is 4.

• New Auto Update Toggle:

  • Admins can now enable silent auto updating of apps in their org.
  • This setting is enabled by default for new orgs and disabled for existing orgs.
  • Note: Desktop app version 4.2.0+ is required for auto update on next restart.

• New Event Hooks for Post-Connection Scripts on macOS devices:

  • Admins can now use events generated by user connection to Service Tunnel as hooks to scripts that can automate various aspects of their workflows on macOS devices, as well as Windows devices.

Early Preview Features

• New Malware Download Protection:

  • Malware Download Protection (File Analysis in the console) adds real-time file inspection for users that have an Internet Threat Protection (ITP) policy applied to their devices.
  • When enabled, downloaded files are analyzed in a sandbox powered by SonicWall Capture ATP before reaching the endpoint and automatically blocked if deemed malicious.
  • Malware Download Protection is disabled by default.

Enhancements and Updates

• New mobile app support for Active Service Tunnels:

  • Active Service Tunnels on mobile devices are now reflected in the total Active Service Tunnels count.

• New Service Tunnel Disconnect Logs:

  • CSE now generates an event for Service Tunnel disconnections, helping admins to track Service Tunnel usage.
  • Disconnect events include user-initiated disconnections and session timeouts.

• Mac Installer Package Versioning (MDM):

  • Mac installer package receipts now reflect the packaged app version.

• Persistent Service Tunnel over TCP Toggle:

  • When enabled, the Enable Service Tunnel over TCP toggle now stays on indefinitely, unless toggled off.

Bug Fixes

• Fix Access Tier was removing quotes from cookies on hosted websites.
• Fix Security policy attachment was lagging, blocking users from accessing resources via Service Tunnels.
• Fix Domain name rules were not allowing users to include dashes in internal domain names.
• Fix Service Tunnel access logs were flooded with duplicate entries.
• Fix Service Tunnel was not reconnecting after login when installed using an MDM script.

March-2026 Release Highlights

Generally Available Features

• Netagent New Points of Presence (PoP) Management:

  • Admins can now select geographic locations in which they want to provision points of presence (PoPs).
  • PoP selection is available for new orgs (created after March 27th, 2026) with SPA licensing.

• Desktop App Event Hooks for Post-Connection Scripts on Windows devices:

  • Admins can now use events generated by user connection to Service Tunnel as hooks to scripts that can automate various aspects of their workflows.
  • Event hooks are only supported on Windows devices with CSE desktop app version 4.10.0 or later.

Enhancements and Updates

• Desktop App New app-generated sessions for multi-user Service Tunnels:

  • Now, when the CSE desktop app detects a user switch, it triggers a new session.

Bug Fixes

• Fix Desktop App Service Tunnel Active Connection was reporting inconsistently.
• Fix UI Users were unable to add an email address with the apostrophe character as part of a Role.

February-2026 Release Highlights

Generally Available Features

• UI Force re-authentication support for SAML:

  • Admins can now use a toggle in the SAML IDP settings to enable force re-authentication.
  • When enabled, users must re-enter credentials (i.e., password and MFA) each time they log into the CSE app or access a federated SaaS app.
  • Hosted Websites will require authentication only once per active session.

Enhancements and Updates

• Desktop App Cloud Secure Edge support for MacOS 26.3.1:

  • The CSE App must be upgraded to v4.0.1 before upgrading to MacOS 26.3.1.

• Desktop App Cloud Secure Edge desktop app re-branding:

  • Code signing certificate is now SonicWall branded
  • App executable names, package names, service names, and directory names are now SonicWall Cloud Secure Edge branded.
  • For Zero Touch installations on desktop app v. 4.0.0 or later, admins should use this desktop app installer for mdm.

Bug Fixes

• Fix Desktop App Application Check Trust Factor not updating in real time.
• Fix Netagent A 3rd-party vulnerability scanner was producing false positives.

January-2026 Release Highlights

Early Preview Features

• Netagent New CORS toggle:

  • Admins can now enable a CORS toggle to secure authorization requests on hosted websites.

Generally Available Features

• UI New Firewalls tab:

  • Admins can now view a comprehensive list of Gen7+ firewalls inside the CSE Command Center.
  • The firewalls displayed can be used to configure the CSE Connector.

• UI Gemini Log Summarizer:

  • Admins can now view an AI summary of logs and events in the CSE Command Center.

Bug Fixes

• Fix Desktop App Auto-Update Trust Factor was failing.
• Fix Desktop App Multiple PowerShells were running indefinitely.
• Fix Desktop App After zero-touch deployments, tunnels were not auto-connecting.
• Fix Netagent Service Tunnel performance improved.
• Fix UI Entra ID Auto-Config was generating the incorrect redirect URL for orgs on net.

December-2025 Release Highlights

Generally Available Features

• UI New Internet Access Logging:

  • Admins can now view Internet Access Logs, which detail users' access activity, including blocked access attempts and the reason for the block.
  • Internet Access Log entries include a downloadable CSV file that admins can use for compliance and incident response.

• ITP New AI & ML Category in Internet Threat Protection Policies:

  • Admins can now block internet content categorized as Artificial Intelligence (AI) and Machine Learning (ML) (i.e., AI & ML) in Internet Threat Protection policies.

• UI New Proof of Value Reporting:

  • SIA and SPA orgs now display high-level reports to provide a visual overview of protected devices, licensed users, web activity (threat/compliance/allowed), and device Trust Level in an org.

Enhancements and Updates

• UI New maximum for Admin token session (i.e., every 12 hours).

Bug Fixes

• Fix Connector LDAP configuration was disappearing when the Connector was disconnected.
• Fix Netagent Duplicate entries within the service_tunnel_accesseslog.

November-2025 Release Highlights

Generally Available Features

• UI New Entra ID API Auto-Configuration:

  • Admins can now set up API auto-configuration with Entra ID, instead of manually configuring Entra ID as an IdP in Cloud Secure Edge.

• Desktop App New ARM Architecture support on CSE desktop app:

  • Desktop app now supports ARM architecture on macOS and Windows devices.

Enhancements and Updates

• UI Improved the UI experience for device root certificate and reporting token expiry.

• ITP Explicit URL Blocking is now available.

Bug Fixes

• Fix UI User report in admin console was only displaying registered users.
• Fix Desktop App Service Tunnel was failing to connect over TCP.
• Fix Desktop App Firewall Trust Factor erroneously reporting a Low Trust Level.
• Fix Desktop App Mandarin characters were displayed in the app after upgrading to v3.26.0.
• Fix Desktop App Service Tunnel exclude public domains function was not working on Windows devices.
• Fix Mobile App Android Auto was not working when users were connected to CSE.

September-2025 Release Highlights

Generally Available Features

• Netagent New HTTP-2 Transport Toggle:

  • Admins can now enable HTTP-2 Transport so that users connecting to resources can do so via the HTTP-2 protocol.
  • HTTP-2 allows for multiplexing, efficient throughput, and simultaneous connections to a backend service from a single browser.
  • Admins must enable this setting, since it is not enabled by default.

Enhancements and Updates

• Connector Windows C++ Redistributable is now packaged with the Windows Connector installer.

Bug Fixes

• Fix API SCIM was returning invalid responses in 3rd-party IDPs.
• Fix Netagent Hosted website sub-URL redirect was not working.
• Fix Netagent Global Edge Access Tiers were being terminated, which impacted access to internal services via the Service Tunnel.
• Fix Desktop App Shared access on ethernet adaptors was not starting automatically.

August-2025 Release Highlights

Generally Available Features

• Connector New Active Directory Support using LDAP:

  • Admins can now set up Active Directory authentication in CSE.

July-2025 Release Highlights

Generally Available Features

• UI New Onboarding Guided Setup:

  • A new guided setup is available in the Command Center for admins who want to set up remote access (i.e., a Service Tunnel) in their org.
  • The guided flow is available to users in Global Edge orgs with Secure Private Access (SPA) licenses.
  • Only available for MySonicWall provisioned orgs.

Enhancements and Updates

• Netagent Service Tunnel over TCP (on port 443) is now available for Global Edge orgs.
• ITP Improved ITP robustness including enhanced backoff logic for stale connections, enhanced retry for new connections, and better captive portal detection and handling for users on restricted networks.
• ITP Private domains can now be added as domain exceptions in Internet Threat Protection (ITP) policies.

Bug Fixes

• Fix Netagent Chunk encoding was not handled properly.
• Fix Netagent Multiple users receiving low Trust Levels due to caching issues.
• Fix Desktop App CSE app couldn’t identify devices via Serial Number.
• Fix Desktop App Symlinks for login were returning device trust verification errors on select versions of Windows devices.
• Fix Connector Resource IP was not translating correctly on Windows Connector when there were more than 50 IPs.
• Fix Desktop App Select Trust Factors were failing on app first startup until refreshed.

June-2025 Release Highlights

Generally Available Features

• ITP New Geo-Blocking Toggle:

  • Admins can now block access to IP ranges associated with specific countries.
  • This feature is available for customers with an SIA Advanced license.

Enhancements and Updates

• Netagent Registered domains can now route to multiple points of presence (PoP) on the Global Edge Network, improving network performance and reliability.

• Netagent Trustscoring has been hardened so that device Trust Levels cannot be altered, improving device security.

• Connector New Windows Connector support for public IPs; until certified with Microsoft, there is a limit of 49 public IPs.

Bug Fixes

• Fix UI User roles were not updating after changes were made.
• Fix Admins were unable to delete end users from Command Center in certain cases.
• Fix Services without a policy were accessible.

May-2025 Release Highlights

Early Preview Features

• New Risk-based URL Filtering:

  • Admins can now enable risk-based URL filtering to inspect and determine threats associated with host URLs; if threats are detected, end user access will be blocked.
  • Admins can configure URL filtering within Internet Threat Protection (ITP) settings in CSE.
  • This preview feature is available for customers with an SIA Advanced license.

Enhancements and Updates

• New Service Tunnel logging of connections and disconnections to Service Tunnels; These logging messages can be found under the Access event type.

• Use Geolocation is now enabled by default in Advanced Settings, for more convenient use of the Geolocation Trust Factor.

• Service Tunnel Connect on Login is now enabled by default.

• Real-time Trust Factor assessments have been enhanced and now include local checks on the CSE app every minute as well as cloud syncing of any changes within this interval.

Bug Fixes

• Fix Service Tunnel was delaying disconnecting and connecting due to excessive DNS cache entries.
• Fix Advanced Settings were resetting to default when modifying configurations.
• Fix Events page in the Command Center was not loading.
• Fix Trust Profile changes were not appearing in system logs.
• Fix Events were not generated when user Trust Level was Low.

April-2025 Release Highlights

Generally Available Features

• New Zero Touch Deployment tab for ITP:

  • Admins can now enable role-based Zero-Touch deployments for Chromebooks using Internet Threat Protection (ITP), providing more granular control over different business units.

Enhancements and Updates

• New Enable Auto Login:

  • A new toggle on the CSE app allows admins to set the app to automatically re-authenticate user sessions on app start up.
  • This toggle is not enabled by default; it must be enabled by the admin in order to work.
  • Available on macOS and Windows devices.

Bug Fixes

• Fix After users re-authenticate in the CSE app, infra services were occasionally binding to random ports even when the specified listening port was available.

• Hotfix With ITP enabled, Service Tunnel was delaying connecting and disconnecting to configured domains.

March-2025 Release Highlights

Generally Available Features

• Extended Network Access for Connectors:

  • Admins can now configure Connectors so that they route to public IP addresses.
  • The new Public IPs & Increased Connector Limit toggle is available on latest versions of Linux Connectors and Virtual Appliance Connectors.

• New Lookup Domain Policy Verdict:

  • The Lookup Domain functionality now displays the Content Category, the Threat Classification, and the Policy Verdict associated with the searched domain. The Policy Verdict indicates whether the searched domain is blocked or allowed in the Internet Threat Protection (ITP) policy.

• Enable Service Tunnel over TCP:

  • This new desktop app toggle can be applied by end users temporarily on a restrictive public network that blocks regularly used ports and protocols (e.g., UDP is blocked).
  • This toggle currently only applies to users in a Private Edge org.

• Enable Continuous Ping:

  • End users that are experiencing issues with Service Tunnel going down and not restarting in a timely manner can now toggle on Enable Continuous Ping in CSE app settings.
  • This new toggle keeps sessions alive and prevents the connection from dropping, in odd scenarios when the network connection keeps failing.

Enhancements and Updates

• Block Domains <30 Days Old:

  • Internet Threat Protection (ITP) now automatically blocks domains created less than 30 days ago, protecting users from emerging threats.

Bug Fixes

• Fix Zero-touch script link was broken.

• Fix Users with non-admin privileges were unable to clear the Windows defender notifications after Intune pushes.

February-2025 Release Highlights

Generally Available Features

• New Zero Touch Deployment Tab for ITP on Managed Chromebooks:

  • Admins can configure zero touch deployment for Internet Threat Protection on managed Chromebooks.

• Improved RDP file download option:

  • End users can now trigger the download of an RDP file, removing the need to interact with the RDP pop-up download prompt.

Bug Fixes

Fix Admin service was not starting after device reboot.

Fix Bug messages were sent when end users were upgrading app versions.

Fix After device restart, end users were receiving a notification requesting admin password entry.

January-2025 Release Highlights

Generally Available Features

• Enhanced Internet Threat Protection Policies:

  • New Automatically blocked threat types, including Bots/Cryptomining, Malware/Ransomware, Phishing, Spam/Ad Fraud /Spyware, and more.
  • Support for managed Chromebooks.

Bug Fixes

Fix Entra ID first-time setup now pre-selects the Metadata URL option, instead of admins having to manually select this option.

November-2024 Release Highlights

Generally Available Features

• Enhanced IDP Device Registration:

  • New Metadata URL automatic configuration option for Device Registration in Entra ID
  • CSE IDP Device Registration config is automatically deleted when admins switch to a new IDP

Enhancements

• Connector and Access Tier Download links for all install methods updated to “Latest” endpoints in the Cloud Secure Edge Command Center.

• Terraform enhancements: Access policy configuration enhancements, bug fixes, new resource descriptions via API, and new registered domains functionality.

Bug Fixes

• Fix End users running desktop app versions 3.21+ were unable to log in while connected to the Oracle VPN.

October-2024 Release Highlights

Generally Available Features

• New Open Virtual Appliance Install available for the Connector:

  • Admins can now install the CSE Connector on a virtual image using one of various VMware deployment tools (e.g., ESXi, VSphere, VMware Fusion).

• Support for macOS Sequoia:

  • Desktop app registration now automatically installs certificates on devices using macOS Sequoia.

Enhancements

• Upgraded Docker and Ubuntu packages to reduce known vulnerabilities during Access Tier installation.

• Read Only admins can now view System Logs (with sensitive information redacted).

Bug Fixes

• Fix IDP configurations for user authentication were not functioning for admins that were previously using the CSE IDP for device registration.

• Fix Admins were unable to add or edit the Registry Check trust factor.

• Fix Tunnel access policies were not editable when CIDR entries were empty.

• Fix MASQUERADE rule was only being used for the default user interface.

• Fix In Access Tier versions greater than 2.4.2, using a hosted website with two services using the same frontend domain but different dns_names caused the browser name resolution to fail.

September-2024 Release Highlights

Generally Available Features

• Simplified Entra ID config for end user authentication:

  • Admins can now use the metadata URL to automatically configure Entra ID (using SAML) as an IDP for end users.
  • The metadata URL updates daily, so any changes made in CSE are transferred to the IDP.
  • Admins can now upload the certificate if manually configuring Entra ID using SAML.

• New Filter for Unauthorized Access Attempts via Service Tunnels:

  • Admins can now view end users’ unauthorized access attempts via a Tunnel Policy.
  • Admins can also filter access attempts by Service Tunnel.

Enhancements

• User Attributes are now Collected by CSE Services:

  • Used for infrastructure services and hosted websites; admins can create one service and use the user attribute as a variable to set up user-specific host domains.

Bug Fixes

Fix Remove API key after Access Tier install package.

Fix New hosted web services erroring out due to certificate issues.

August-2024 Release Highlights

Generally Available Features

• New Cloud Secure Edge License Management:

  • Admins can now grant and revoke user licenses as part of the new Cloud Secure Edge licensing model, which includes SIA (Secure Internet Access) and SPA (Secure Private Access licensing.

• Support for a Windows-based Connector:

  • The Cloud Secure Edge now supports Windows-based Connectors, installable via the Windows executable.
  • Supported on Windows version 2022.

• Enhanced Connector Install and Details page:

  • Simplified UI flow for Connector install via all methods.

• Enhanced Service Tunnel Policy:

  • Service Tunnel policies have been adapted to reflect a firewall style in the UI, to promote ease of use.

Enhancements

• ReadOnly admins can now view everything with sensitive details redacted.

Bug Fixes

Fix Connector status reporting was showing the incorrect status colour.

Fix Custom remediation messaging was not being shown in Linux.

Fix Read only admins were unable to view Access Tier details.

Fix Identity Providers were prompting authentication twice in certain scenarios.

Hotfix Internet connectivity issues encountered when devices were waking from sleep.

July-2024 Release Highlights

Generally Available Features

• New Cloud Secure Edge Licensing:

  • Secure Private Access licenses are now available for customers seeking a VPNaaS or a ZTNA platform.
  • Secure Internet Access licenses are now available for customers seeking compliance or security focused web filtering.

• Name Resolution Policy Table (NRPT) Setting for Windows devices:

  • Name Resolution Policy Table (NRPT) rules tell end users’ (Windows) devices where to send traffic.
  • We recommend that admins enable this setting when the Cisco Umbrella Roaming Client is installed on end users’ devices.

Bug Fixes

Fix Serial number casing changed, which made the app unable to recognize registered devices.

Fix The app was facing technical issues calculating Trust Level directly after a device awakened from sleep.

June-2024 Release Highlights

Generally Available Features

• Event Geolocation Setting:

  • Event Geolocation is now an org-level setting available for admins to configure in the Command Center.
  • This setting allows admins to collect end users’ geolocation data for Event logs, if necessary for their company’s privacy standards or security practices.

• New Geolocation Trust Factor:

  • The Device Geolocation Trust Factor assesses whether devices are in admin-blocked countries.
  • Admins can use this Trust Factor if your org has specific legal, compliance, or expected use requirements that mandate user access be blocked in specific countries.

May-2024 Release Highlights

Generally Available Features

• Define File Properties for RDP Services:

  • Admins can now define additional aspects of RDP service usage by adding file properties to the service configuration.

• Trusted Network Detection:

  • Admins can configure Trusted Networks for end users in their org.
  • A Trusted Network can be configured to automatically disconnect end users from Service Tunnels when Trusted Networks are available.

Enhancements & Updates

• Enhanced Event Chart UI for Troubleshooting:

  • Collapsible UI to enhance visibility for troubleshooting purposes.

• Hotfix Search Domains: Domain names and FQDNs are now case insensitive.

Bug Fixes

Fix Service Tunnels with certain configurations were not appearing in the Service Tunnels list.

April-2024 Release Highlights

Generally Available Features

• Hotfix Search Domains:

  • Admins can now configure search domains so that end users can use a short-hand search (i.e., a hostname) to navigate to an FQDN, enabling easier use of file sharing.
  • Admins can set search domains in order of priority; users are navigated to top priority search domains first. (Last updated April 18th, 2024)

• New Service Tunnel UI:

  • Service Tunnel features a new long-form configuration.
  • Global and Private Edge routing is now configurable via one Service Tunnel.

• Connect on Login:

  • End users can auto-connect to admin-configured Service Tunnels upon app login.
  • Admins can prevent users in their org from changing the auto-connected Service Tunnel.

• System for Cross-Domain Identity Management (SCIM):

  • SCIM can tell the Command Center which users exist at any given time, keeping the list of created and deleted users up-to-date.

Early Preview Features

• Connector Open Virtual Appliance (OVA) Install:

  • An OVA file is available within a Linux-based operating system, with the Connector pre-installed.
  • Admins can run the Connector for their end users via a simple configuration.

• Geolocation Visibility Events:

  • End user location logs are now available in Events log.
  • Access Event Logs can contain geolocation data including city, country, latitude, and longitude.
  • This event is enabled via an API; Work with CSE to enable it.

Enhancements & Updates

• Global Edge Troubleshooting:

  • When a device is connected to a Service Tunnel, the Device Details page (in the Command Center) will indicate which point of presence (POP) the device is connected to (under the Device Information tab).

Bug Fixes

Hotfix Admins were unable to create a Service Tunnel for public traffic only without selecting a Connector. (Last updated April 19th, 2024)

March-2024 Release Highlights

Early Preview Features

• Internet Access Enable URL Filtering:

  • Admins can now inspect host URLs within domains that are not considered a threat.
  • Admins can configure URL filtering within ITP settings using a PAC file that contains URL inspection rules.

• Event Charting:

  • Admins can now view trends related to user access and service usage within CSE.
  • Event charting provides a visualization of events within the Command Center.

Enhancements & Updates

• Internet Access Active Roles in Internet Threat Protection (ITP) Policies:

  • Roles used in ITP policies now show as Active.

• Terraform Exemptions:

  • Terraform now supports exemptions within service configurations.

Bug Fixes

• Fix Private domain names were not working as expected in L4 policies in Global Edge deployments.

February-2024 Release Highlights

Early Preview Features

• Internet Access Create a Custom Public App:

  • Admins can now define public apps that CSE has not already pre-populated in the App Discovery list in the Command Center.
  • This new feature allows admins to easily surface, secure, and monitor apps that are critical to their business.

• Support for Oracle Linux in the OS Version Trust Factor:

  • CSE now supports Oracle Linux 8 and 9 as values in the OS Version Trust Factor.

Enhancements & Updates

• Simplified Silent Cert Authentication:

  • Silent cert authentication now works directly through the API in orgs that have the silent cert auth flow configured; Admins no longer need to maintain the mdm-config file in order for this flow to work.

Bug Fixes

• Fix Authentication issues for devices with ITP enabled in orgs that use JAMF mdm (macOS devices only).

January-2024 Release Highlights

Generally Available Features

• New Cloud Command Center User Interface (UI) Re-design:

  • CSE’s Command Center UI has been re-designed for improved usability.
  • New navigation categories include Private Access, Internet Access, and Trust.

• New Enable Private Resource Discovery:

  • Admins can enable private resource discovery in the Advanced Settings of their Access Tier configuration.
  • Once enabled, private resources will be displayed in the Discovery section of the Command Center.

• New Encrypting DNS via DoT:

  • With CSE app versions 3.14+, devices’ DNS requests are resolved over TLS by default; these requests are encrypted.

• New Auto re-enablement of ITP:

  • Now, when an end user disables ITP enforcement from the desktop app, ITP is automatically re-enabled after 1 hour.

Early Preview Features

• New Silent Cert Authentication for User Sessions:

  • Admins can now configure silent certificate user authentication for Mac and Linux devices.
  • With this configuration, users will no longer need to manually accept a certificate prompt each time they authenticate.
  • This configuration works for any IDP that supports OIDC or SAML.

Enhancements & Updates

• Improved Netagent performance by lowering overall CPU usage.

Bug Fixes

• Fix CSE app was still using previously configured (outdated) remediation links.

• Fix Zero touch install script (deployed through Kandji) was failing to execute and timing out.

• Fix App login sessions were not refreshing when users selected the Re-Login button.

• Fix AI-assisted admin search was indefinitely loading.

Release Notes From Previous Years

Release Notes Archive - 2023

Release Notes Archive - 2022

Release Notes Archive - 2021

Release Notes Archive - 2020

Release Notes Archive - 2019

December-2023 Release Highlights

Early Preview Features

• New Managed Service Provider (MSP) console:

  • New console for MSP admins to manage their customer orgs as well as admins to their customer orgs.

Enhancements & Updates

• New Kubernetes config file now updates by default:

  • By default, CSE’s desktop app updates (instead of regenerates) the kube config file when end users connect to a Kubernetes service, retaining previous configuration used by kubectl.

Bug Fixes

• Fix Connection test was failing for hosted web services with capitalized Access Tier names.

• Fix Okta group name was preventing services from publishing to end users.

November-2023 Release Highlights

Generally Available Features

• New App-based routing for Service Tunnel:

  • Admins can now configure specific apps to tunnel through or block from their Service Tunnels.

Early Preview Features

• New Security Actions for Public Apps:

  • Discovered public apps now offer guidance on Security Actions admins can take; Security Actions are specific to the app.
  • Security Actions include guidance on configuring ITP policies, DLP policies, CSE IDP federation, and routing via Service Tunnel.

• New AI-Assisted Admin Search:

  • Admins can now use CSE’s AI-assisted admin search in the Command Center to perform quick searches related to the CSE product.
  • This feature leverages a large-language model (LLM) trained to CSE’s documentation and website.

Enhancements & Updates

• New Let's Encrypt Wildcard Support:

  • Admins can now protect multiple hosted websites with a single wildcard Let’s Encrypt certificate, procured and managed by CSE.

• New Terraform Import Tool:

  • A command-line utility that allows admins to import existing resources from the CSE API and generate Terraform configuration files for managing those resources.
  • This tool simplifies the process of managing CSE resources through Terraform, making it easier for admins to automate infrastructure setup.

Bug Fixes

• Fix (Discover Public Resources) Accessing the same FQDN resource using a second Service Tunnel was not updating the tunnel information on the list page or in the "Last Reported" status.

• Fix The admin-server did not have access to the http proxy on the user context for the desktop app. The app now supports HTTP proxy setting consistently across app components (including the admin server).

• Fix dns-names was failing to update when the user changed the URL or cloned a service; now, if dns-names matches the spec, it will update accordingly.

October-2023 Release Highlights

Generally Available Features

• Private Resource discovery:

  • Admins can now view a comprehensive list of private resources (including domain name, IP address, and port) accessed via Service Tunnel by users in their orgs.

• Zero Touch install for Chrome Browser Extension:

  • CSE now supports zero touch installation for the new Chrome Browser extension.

Enhancements & Updates

• Refreshed TrustScoring on reawakening devices:

  • Trust Levels are now refreshed when devices reawaken from sleep.
  • Trust factors are sent as soon as the device reawakens.

September-2023 Release Highlights

Early Preview Features

• Chrome Version Trust Factor (for CSE Chrome Extension):

  • CSE’s Chrome Version Trust Factor is designed to help admins keep their end users’ devices on the latest Chrome browser versions, to reduce security risk and protect resources.
  • This Trust Factor assesses whether the device's Chrome version is equal to the admin-configured version.

Enhancements & Updates

• Trust Scoring and Internet Threat Protection (ITP) without the desktop app running:

  • CSE’s Trust Scoring and ITP policies now work without requiring end users to run their desktop apps.

• Authorized Connection events were removed from hosted web services in Netagent.

• Support for non-standard websockets (like socket.io), enabled through a new API option:

  • Set enable_websocket_duplex to true via Access Tier's local config API call (PUT).

Bug Fixes

• [Resolved] End users were receiving a 'Could not fetch devices' error when switching networks on the desktop app.
• [Resolved] Access Tiers were collecting stale certificates from outdated services.
• [Resolved] Admins were unable to view or access select policies.
• [Resolved] Command Center does not show API key (mdm_config) after using patch API (/v2/orgs/{id}/mdm_config) to update fields.

August-2023 Release Highlights

Generally Available Features

• Netagent Health Check:

  • New health check endpoint that provides a real time indicator for the status for the Netagent and preliminary stats that can be used to evaluate performance.

Enhancements & Updates

• Session Expiration Timer

  • Renew your session early to avoid losing work due to expiration.

• Added Trust Factor information in Log Events

  • View passed and failed trust factors in each Trust scoring log event

July-2023 Release Highlights

Generally Available Features

• Service Tunnel Active Connections:

  • Admins can view how many users are actively connected to a given Service Tunnel via the Command Center. Device details, including OS, Trust Level, associated Trust Profiles, and Last Login, are easily viewable.

• Internet Threat Protection - Exclude Users:

  • Admins can now exclude users from all ITP policies by applying specific roles to the default Excluded Devices policy.

Early Preview Features

• Clientless Chrome Browser Extension:

  • The CSE Chrome Extension is a lightweight browser extension that offers users access to internal websites and provides Device Trust Verification (DTV).

Bug Fixes

• [Resolved] Enabling ITP was misrouting DNS in Ubuntu.
• [Resolved] Error when attempting to pull user details in the Command Center.
• [Resolved] The WireGuard config file was rendered unreadable due to a recurring error.

June-2023 Releases

2023-06-14 Release Highlights

Generally Available Features

• New Trust Factor: Enhanced OS Version

  • OS Versions can now be configured by the “Last x version(s)”. This frees admins from having to update the Trust Factor configuration with every new OS version release. Previously, admins had to configure and continually update specific OS version numbers.

• New Trust Factor: CrowdStrike Registered With

  • The Registered With factor validates that the device at hand is registered with the CrowdStrike environment. Registered With is derived from a CrowdStrike API endpoint.

• Branding Customization

  • Admins can now use customized branding for any CSE browser error and success pages with their organization’s own logo and brand colors.

Enhancements and Updates

• Event Log Viewer for Service Tunnel Activity:

  • Admins can now find Service Tunnel activity under the Service filter in the Event Log Viewer in the Command Center.

• Lookup Domain:

  • Admins can use the Lookup Domain to view which Content Category or Threat Category a given domain falls under.

• Service Tunnel Access Logs - blocked access attempts:

  • Admins can view blocked Service Tunnel access attempts (traffic rejected by CSE L4 Policies). These can be viewed on the Access Tier.

• DNS filter in Captive Portal environments:

  • The CSE client will use the host DNS server for any DNS requests until captive portal authentication is complete and internet access is available.
  • The CSE client will periodically probe for well-known URLs to detect internet access. On detecting reachability to those URLs, it will start forwarding DNS requests to the DNS filter server for DNS filtering.

Bug Fixes

• [Resolved] Edit Access Tier parameters was removing Service Tunnel logging parameter (i.e., EnableServiceTunnelLog).

May-2023 Releases

2023-05-25 Release Highlights

Generally Available Features

• Mobile Tunnel:

  • CSE’s mobile app now allows end users to connect to Service Tunnels in addition to hosted websites.

• Enhanced Roles UI:

  • Simplified UI flow for creating a Role in the CSE Cloud Command Center.
  • Roles can be configured based on Users, Devices, or Service Accounts.
  • Roles now support adding serial numbers.

Enhancements and Updates

• Internet Threat Protection – Policy Sync Status:

  • CSE’s sync status indicates whether the ITP policies page in the Command Center is up-to-date or syncing is in progress.
  • If a sync is in progress, then an ETA will also be available, so that admins can expect when ITP policy updates will be reflected in the console.

Bug Fixes

• [Resolved] Launching the desktop app (from the Windows start menu) when the app was already running was causing the tunnel to disconnect.

April-2023 Releases

2023-04-12 Release Highlights

Generally Available Features

• Self-Service Hosted Websites:

  • Simplified UI flow for registering a hosted website in CSE.
  • Domains can be registered directly within the hosted web service registration flow.

• Service Tunnel - Exclude CIDRs:

  • Admins can now configure the exclusion of CIDRs during Service Tunnel registration.

Enhancements and Updates

• StatsD support for monitoring Service Tunnels:

  • Admins can now monitor the number of active clients, Tx rate, and Rx rate per Service Tunnel.

Bug Fixes

• [Resolved] CSE app has migrated commands to PowerShell; the app no longer uses wmic commands.
• [Resolved] "User not found" error when adding a new local user in the console.

March-2023 Releases

2023-03-08 Release Highlights

Generally Available Features

• Domain-Based Tunnel Policies:

  • Admins can now use Service Tunnel policies to define which fully-qualified domain names (FQDN) users can access.
  • This offers an alternative to defining access by IPs or CIDR ranges, which dynamically change.

• New Registry Key Check Trust Factor:

  • Admins can use this new Trust Factor to establish a list of keys with corresponding values required on devices in their organization.
  • This Trust Factor supports Windows devices only.

• Admin-Enabled Autorun:

  • Admins can now enable Autorun in Service Tunnel and infrastructure service specifications during service registration in the Cloud Command Center.
  • If enabled, end users no longer need to manually enable Autorun from their desktop app.

Early Preview Features

• Internet Threat Protection (DNS Filtering) Policies:

  • Admins can now create Internet Threat Protection (ITP) Policies.
  • These policies are designed to protect devices from accessing domains outside of acceptable use policies.

Enhancements and Updates

• Time-Based One Time Passcode for Local Admins:

  • A new Time-based One Time Passcode (TOTP) setting has been added to Admin Sign-on Settings (i.e., Enable TOTP). Please contact CSE to enable this feature.
  • If enabled, all local admins that log into the Cloud Command Center will be required to set up and validate with TOTP.

February-2023 Releases

2023-02-08 Release Highlights

Generally Available Features

• New Get Started guide in CSE’s Command Center:

  • CSE’s Command Center now offers a Get Started section, which contains guides related to onboarding and helps admins discover and enable new CSE functionalities in their orgs.

• Self-Service Connector Installation flow:

  • CSE is introducing a new guided Connector installation flow in the Command Center.
  • Connector installation can now be completed almost entirely through the Command Center UI, similar to our simplified Access Tier installation.

Enhancements and Updates

• Service Tunnel Access Logs:

  • CSE can now collect all traffic events from end users through Service Tunnels, providing comprehensive logging.

January-2023 Releases

2023-01-11 Release Highlights

Generally Available Features

• New Trust Factor – Property List Check:

  • Property List Check evaluates whether property list (plist) files’ keys match their defined values (on macOS devices).

Enhancements and Updates

• Refreshed Devices Page:

  • Updated UI and enhanced performance.

• Terraform Provider v1.1:

  • Now supports importing existing CSE services, roles, and policies.

Bug Fixes

• [Resolved] Private domains (ipv6) were not resolving over Service Tunnel.

December-2022 Releases

2022-12-21 Release Highlights

Enhancements and Updates

• Support for ChromeOS on mobile app:

  • CSE now supports ChromeOS on v2.1.3 of the Android mobile app.

• In v3.6.1 of CSE’s desktop app, the WireGuard Service only listens on Port 53 (default port) when Service Tunnel for public domains is enabled.

Bug Fixes

• [Resolved] Trust Level was not being calculated when devices were first registering to the CSE app.

• [Resolved] The Let’s Encrypt certificate chain for hosted websites did not include an intermediate certificate.

• [Resolved] iPadOS and Ubuntu were not adhering to the OS Version Trust Factor.

2022-12-14 Release Highlights

Generally Available Features

• Service Tunnel for Public Domains:

  • Service Tunnels can route public traffic through Access Tiers deployed in orgs.
  • Routing public traffic through Service Tunnels also provides continuous authorization for SaaS services throughout the duration of users’ sessions, taking security beyond a one-time login authorization and authentication step.

• Remote Diagnostics:

  • Admins can now run diagnostics on registered devices from CSE’s Cloud Command Center (instead of requesting logs from end users).
  • Admins can download the logs from the Command Center to troubleshoot devices.

• New Trust Factor - CSE App Version:

  • CSE App Version allows admins to validate whether devices are running a minimum version of the CSE app.

• New Trust Factor - File Check:

  • File Check allows admins to verify that a specific file is present on the device.

New Early Preview Features

• Service Tunnel Discovery:

  • Service Tunnels can now provide an inventory of accessed resources based on DNS/IP and port.
  • These records show which users have accessed which resources, providing admins with deeper insight into user access activity.

Enhancements and Updates

• Internationalization of CSE Trust Factors:

  • CSE’s desktop app is now fully supported on international devices

• Terraform Provider v1.0.0:

  • Now supports deployment of Service Tunnels (in addition to Services, Roles, and Policies)

• Removed Support URL from Remediation tab:

  • To simplify remediation configurations CSE has removed the support URL and now allows admins to add URLs directly to the remediation text

• Support for ARM architecture in Connector install

November-2022 Releases

2022-11-09 Release Highlights

Generally Available Features

• Trust Profiles:

  • CSE is introducing Trust Profiles, which apply admin-defined Trust Factors to a specific subset of devices in an org.
  • Trust Factors can be applied to specific groups of devices (based on device serial number, OS, device ownership type, and user group), offering admins granular control over devices’ security posture.

• Access Tier Version 2 - Simplified Installation and Management:

  • CSE is introducing a new guided Access Tier installation flow in the Cloud Command Center.
  • Most of the installation process can now be completed directly through the Command Center’s UI.

• Custom Help Messaging for End Users:

  • Admins can now create custom support messaging for end users from the Command Center, helping guide end users through authentication and authorization errors.

Enhancements and Updates

• Enhanced WireGuard performance (bandwidth and speed) for Windows devices.

• The desktop app registration process is now language-agnostic (we now support registration for non-English devices).

Bug Fixes

• The Firewall Trust Factor now supports group policy firewall settings for Windows devices on the desktop app.

October-2022 Releases

2022-10-13 Release Highlights

There are upcoming Trust Scoring changes in our October 2022 release. CSE will provide more details related to the migration as we get closer to the date.

Generally Available Features

• Granular Trust Scoring:

  • Instead of a numerical Trust Score (out of 100), devices will now receive a Trust Level (e.g., Always Deny, Low, Medium, or High) as a result of the Trust Scoring calculation.
  • Admins will be able to designate the specific Effect that a Trust Factor has on a device’s Trust Level, providing admins fine-grained control over devices' security posture.
  • In the Command Center, the Device Scoring page has been renamed to Trust Factors.

• The Trust Level Expiration setting has been relocated to the Trust Score Settings page.

• App Support:

  • In the Command Center, a new section called App Support allows admins to enter custom help messaging and support links for end users, so that end users can self-remediate technical issues.
  • This custom help messaging appears when end users click the new Help button on the desktop app.
  • If no custom message is set, the Help button sends end users to Health Check.

September-2022 Releases

2022-09-14 Release Highlights

New Early Preview Features

• Trust Integration with SentinelOne:

  • Two new trust factors from SentinelOne (i.e., Registered With and Not Active Threat) are now available within device scoring.
  • For more information on the SentinelOne integration, see documentation.

Generally Available Features

• Desktop app v3.3.0:

  • Service Tunnel Quick Connect: The CSE desktop app icon (in the menu bar or system tray) now features a drop-down menu that allows users to:
    • Log in or out of the desktop app,
    • Jump to settings,
    • Quick connect to (or disconnect from) Service Tunnel, or
    • Quit the CSE app.

  • App log files send to CSE Support: If end users encounter issues, they can directly send logs to CSE support via a new button in the desktop app, called Send Log Files to CSE Support, to expedite the troubleshooting process.

• App Session Expiry Icon: The CSE app icon (in the menu bar or system tray) now signals when a user's 24 hour session has expired.
  • On macOS: Indicated by an ‘!’ on the CSE app icon
    
  • On Windows and Ubuntu: Indicated by a red-coloured CSE app icon

August-2022 Releases

2022-08-25 Release Highlights

Enhancements and Updates

• Performance and stability improvements

July-2022 Releases

2022-07-28 Release Highlights

Generally Available Features

• Trust Integration with CrowdStrike:

  • Zero Trust Assessment Score (ZTA Score) from CrowdStrike is now available within Device Scoring.

Enhancements and Updates

• Service Tunnel enhancements:

  • Desktop app users will now see an error if validation fails while attempting to connect.

  • the Run Diagnostic Tool now collects logs related to Service Tunnel.

• The Support link has been removed from the desktop app.

Bug fixes

• [Resolved] Auto-Update TrustScore factor was showing as disabled when JAMF config profile was used.

• [Resolved] Device registration was failing for Mac users if the device hostname was missing.

• [Resolved] Netagent logs were not being collected through Netagent Support Bundle

• [Resolved] Websocket connections were not being closed in certain conditions.

2022-07-21 Release Highlights

Enhancements and Updates

• Performance and stability improvements

2022-07-14 Release Highlights

Enhancements and Updates

• Use multiple Access Tier instances with the same hostname:

  • Multiple Netagent instances with the same hostname are now able to run at the same time.

2022-07-07 Release Highlights

Enhancements and Updates

• Access Activity tab for Service Tunnel:

  • The Access Activity tab indicates which authorized users and devices recently accessed the Service Tunnel.

Bug Fixes

• [Resolved] CSE’s Private DNS resolution was case-sensitive; DNS resolution is no longer case-sensitive.

• [Resolved] Enhanced DNS routing was not resolving correctly for Windows.

June-2022 Releases

2022-06-30 Release Highlights

Generally Available Features

• Desktop app v3.1.0:

  • Enhanced support for Zero Touch Installation with v3.1.0.
  • Known Issue: For Passwordless Authentication, CSE is unable to silently swap the certificate with no UPN information specified to a certificate with the user’s UPN, derived from the first authentication flow when accessing a service. This will be resolved in an upcoming release of the CSE app.

Enhancements and Updates

• In Infrastructure service specifications, Backend Allowed Hostnames (under Client specifies using HTTP Connect mode) now allows users to enter regular expressions as Hostnames (example below).

Bug Fixes

• [Resolved] Updating the Access Tier tunnel configuration in CSE’s Cloud Command Center was causing Netagent to bring down the WireGuard (wg) interface.

• [Resolved] In some scenarios, enhanced DNS routing was not resolving correctly.

2022-06-23 Release Highlights

Enhancements and Updates

• Performance and stability improvements.

Bug Fixes

• [Resolved] Device Trust Verification issues. A new version of the Desktop App (v.3.0.2) will be available for Linux only.

2022-06-16 Release Highlights

Early Preview Features

• CrowdStrike Integration:

  • CrowdStrike is an Endpoint Detection and Response (EDR) platform that collects device telemetry data to determine whether a device is in a state of compromised security. CSE has integrated with CrowdStrike to obtain additional device trust information. Related documentation is forthcoming.

Bug Fixes

• [Resolved] Service Tunnel issues on Windows devices. A new version of the Desktop App (v.3.0.1) will be available for Windows only.

2022-06-09 Release Highlights

Enhancements and Updates

• Performance and stability improvements.

2022-06-02 Release Highlights

Generally Available Features

• Desktop App v3.0.0:

  • Admin Service: The desktop app now has an administrative component, for any actions within the app that require admin privileges.
  • Enhanced logging, with admin logs.
  • Home tab: A single location for accessing Service Tunnels, Recently Accessed Services, and Active Connections.
  • Enhanced Search: End users can easily search their services catalog without having to re-open the desktop app.
  • New Service Tunnel interface with an Autorun option, so that Service Tunnel connects when an end user logs into the desktop app.

May-2022 Releases

2022-05-26 Release Highlights

Enhancements and Updates

• Added 'user creation' logs in the System Log when Team Edition admins create new users:

  • Previously, when a Team Edition admin created new users, no record of the user creation was listed in the System Log. Now, when an admin creates a new user or admin, it’s added to the System Log. These logs show who created the user, the role(s) of the new user, and the timestamp.

2022-05-19 Release Highlights

Enhancements and Updates

• Enhanced DNS Routing:

  • CSE DNS routing no longer requires admins to make changes to public DNS records when migrating from service access via Service Tunnel to individual published services (i.e., hosted web services or infrastructure services). After migrating a resource, admins can simply leave Service Tunnel enabled.

2022-05-12 Release Highlights

Enhancements and Updates

• Refresh token support for SAML-based admins:

  • The CSE Command Center now supports SAML-based Admin accounts in obtaining personal refresh tokens. The process is identical to obtaining refresh tokens from non-SAML admin accounts found here.

• Option to disable Strict-Transport-Security HTTP Response Header within Netagent configuration:

  • Admins have a new configuration option to disable Strict-Transport-Security HTTP within the Netagent config.yaml file. The configuration option is ‘disable_hsts’ with the default value of “False”. This option is only available in netagent releases v1.44 and up.

2022-05-05 Release Highlights

Enhancements and Updates

• Performance and stability improvements.

April-2022 Releases

2022-04-28 Release Highlights

New Features

• Streamlined OneLogin passwordless setup:

  • We’ve simplified passwordless authentication setup for OneLogin by providing a new method that uses a toggle.

Bug Fixes

• [Resolved] The ‘Download Devices’ button was not working in the CSE Cloud Command Center.

2022-04-21 Release Highlights

Enhancements and Updates

• The Events API now supports time-based querying, including start time (start_time) and end time (end_time).

Bug Fixes

• [Resolved] Now, admins can view users in CSE’s Cloud Command Center without users having to first register their devices.

2022-04-14 Release Highlights

Enhancements and Updates

• Performance and stability improvements.

Bug Fixes

• [Resolved] Setting the “Only include devices that have the CSE app deployed by MDM” role to “False” through the API (i.e., mdm_present: False) was returning a value of "True" in the UI.

2022-04-07 Release Highlights

New Features

• Device trust for Azure AD federated apps:

  • Admins can now use federation capabilities in Azure AD to enforce CSE policies and enable passwordless authentication for their SaaS applications.

Enhancements and Updates

• Admins can now sort Devices by 'App Version' in the CSE Cloud Command Center.

• Character limits were extended for preferred apps process names, enhancing regex pattern matching.

March-2022 Releases

2022-03-31 Release Highlights

New Early Preview Features

• Terraform Provider:

  • In addition to deployment of Access Tiers through Terraform, admins can now create (and manage) Roles, Policies, and Services via the Terraform Provider.

Enhancements and Updates

• Streamlined passwordless set-up for Okta:

  • We’ve simplified setting up passwordless for Okta by providing a new method that uses a toggle. We’re planning on deprecating the old method (which leverages Okta routing rules).

2022-03-24 Release Highlights

New Features

• Service Accounts:

  • Admins can now create Service Accounts for programmatic access to hosted websites, authenticating third-party apps to CSE-protected services via an API key or JWT token.

• Access Groups for Infrastructure Policies:

  • Admins can now add Access Groups to Infrastructure Policies in CSE’s Cloud Command Center.

Enhancements and Updates

• The search filter for Devices now allows admins to filter by app version. This is part of an overall enhancement of filtering capabilities across the CSE Cloud Command Center.

• The Activity Dashboard in the Cloud Command Center now allows admins to use a specific date range picker. This replaces the previous dropdown menu of predetermined time ranges.

2022-03-17 Release Highlights

Enhancements and Updates

• Service Tunnel support for Amazon Linux:
  • We have released an updated version of our Cloud Formation template to support Service Tunnel on Amazon Linux.

New Features

• New Support for HTTP/3 for the Cloud Command Center:

  • Next week, we will be offering support for HTTP/3 to serve our Cloud Command Center. This adheres to Google Cloud Platform’s recommended configurations. Upon enablement, browsers that support HTTP/3 will automatically negotiate an upgraded connection. Browsers that do not support HTTP/3 will continue communications on HTTP/2 protocol.

Bug Fixes

• [Resolved] Session tokens in CSE’s Cloud Command Center web application were not expiring after users were logging out.

2022-03-10 Release Highlights

Bug Fixes

• API keys with a “Read Only” scope were receiving unauthorized access messages. This has been fixed.

2022-03-03 Release Highlights

Enhancements & Updates

• New TrustScore Statuses for Devices:

  • Admins can now view TrustScore statuses (Expired, Reporting, Overridden, and Pending) for devices in their org. These statuses provide insight into the state or security posture of each device.

February-2022 Releases

2022-02-24 Release Highlights

Enhancements & Updates

• Fedora Support:
  • We now have full support for Fedora (34 and later) in the newest version of the CSE Desktop App.

2022-02-17 Release Highlights

Enhancements & Updates

• Admins can now click through chart segments on the All Devices and All Access Tiers pie graphs in the reporting dashboard of CSE’s Cloud Command Center. This way, admins have a detailed view of devices.

• We introduced a toggle (in all policy types) that allows admins to hide the service from the service catalog. Previously, hiding a service in the service catalog of the CSE App was only possible through the API or a custom policy.

• We have improved our logging capabilities by adding sign-in events for local admins.

Bug Fixes

• Users had issues validating the Common Name (CN) in the CSE Certificate due to irregular length serial numbers. We now support devices with irregular length serial numbers.

2022-02-10 Release Highlights

Enhancements & Updates

• Delete unregistered devices:

  • Admins can now delete unregistered devices from the CSE Cloud Command Center.

January-2022 Releases

2022-01-27 Release Highlights

Generally Available Features

• New Service Tunnel (L4) Policies:

  • Admins can now create network-level (L4) Service Tunnel policies. Access groups can be defined by role, trust level, protocol, CIDR range, and port, and admins can configure exceptions to the defined rules.

• New Web (L7) Policies:

  • Admins can now define L7 rules within web policies using a simple policy definition form in Banyan’s Cloud Command Center instead of having to manually configure a custom policy.

Enhancements & Updates

• Expiration Notification:

  • CSE’s Desktop App now provides an expiration notification when a user’s login token is 2 hours away from expiring. The expiration notification time is configurable.

• CSEproxy now auto-detects and uses the system proxy for outgoing connections.

Bug Fixes

• Previously, default permissions in Netagent log files were allowing everyone ‘read access’. Now, permissions limit read access to the file's owner and users in the file's group.

2022-01-13 Release Highlights

Enhancements & Updates

• Added timestamp sorting to Admin System Log
• Performance and stability improvements

2022-01-06 Release Highlights

Enhancements & Updates

• Enhanced Zero Touch Installation scripts:

  • We simplified installation, adding (i) steps to upgrade the app via Zero Touch and (ii) steps to start the app after Zero Touch deployment.

  • We added a configuration option to hide the HTTP backend connection log (used for troubleshooting purposes) from view.

Bug Fixes

• Netagent was stripping out invalid HTTP cookies. Now, it forwards invalid cookies.

• macOS users now receive the correct IP address when they use Service Tunnel.

• If admins added an IP exemption within a policy and then removed the Access Tier attached to this same service, IP addresses were being retained (when they should have been removed).

December-2021 Releases

4.33 (2021.12.23) Release Highlights

Enhancements and Updates

• Admin SAML login changes:

  • Admins can now edit the ‘SP issuer URL’ field.

4.32 (2021.12.15) Release Highlights

Enhancements and Updates

• New Admin System Log:

  • The Admin System Log provides a time-stamped log of administrators' actions in the CSE Console, so that their previous actions can be reviewed and understood for auditing purposes. Admins can now filter searches for logs by action type or by time. Admins can also click into individual logs for a more detailed view of actions taken.

• Added Devices to Auto-Deletion Setting:

  • In the CSE Console, admins can use the auto-delete setting to automatically delete users after a specified period of user inactivity. Now, admins can also use the auto-delete setting to automatically delete devices after a specified period of inactivity.

• Automatic Device Certificate Renewal:

  • Device certificates last for 1 year after registration. Now, 30 days before certificate expiration, certs are automatically renewed in the next user log-in. This feature requires CSE Desktop App 2.5.

Bug Fixes

• Admins couldn’t disable the ‘Service Tunnel for End Users’ setting after creating a Service Tunnel. This issue has been fixed.

4.31 Release Highlights

Generally Available Features

• Run Diagnostic Tool:

  • If end users are having trouble (e.g., with registering a device, accessing a service, or their Trust Scoring is mis-reporting) and want to investigate whether there are issues with the CSE Desktop App, they can use our new Run Diagnostics Tool to help diagnose their issue.

  • End users can also use the diagnostics tool to package logs to send to their administrator.

• Support for Specifying Users in Zero Touch Registration:

  • Using ZeroTouch, admins can now specify the named user on the device the app will be registered to, improving visibility into device ownership during roll-out.

Enhancements and Updates

• Keychain Explainer Prompt:

  • With CSE Desktop App 2.5, macOS users now receive an explainer prompt, notifying them that CSE needs keychain access in order to grant access and encouraging them to select “Always Allow”.

• Enhanced App Logging:

  • We added additional logging for API calls and HTTP requests made by the Desktop App.

4.30 Release Highlights

Generally Available Features

• Service Tunnel

  Service Tunnel is a modern WireGuard VPN service that provides encrypted network connectivity to various network segments. It supports Banyan device trust and continuous evaluation.

• Discover and Publish for AWS

  CSE automatically discovers AWS resources that need to be accessed by your end users. You can then publish these discovered resources as Banyan services from the Command Center.

Early Preview Features

• Discover and Publish for Azure, Google Cloud, and Oracle Cloud

  Extends CSE’s cloud resource discovery solution to additional Infrastructure as a Service (IaaS) providers.

Component Versions

Client Components	Server Components	Management Components
Desktop App v4.2.0 (Changelog)	Netagent v2.10.6 (Changelog)	Shield v1.57.0 (Changelog)
Mobile App v2.3.5 (Changelog)	Connector v2.0.8 (Changelog)

* Updated in the latest release

November-2021 Releases

4.22 Release Highlights

Enhancements and Updates

• To improve users’ experience of the application, we've:

(1) Differentiated the Device Trust Verification and Passwordless steps in the process flow; (2) Added auto-continue (replacing manual continuation) after verification has been completed.

• A new version of the iOS app (v2.0.1) is now available. In this version, we’ve re-introduced the shield icon in Device Trust Verification, providing challenge code functionality.

Bug Fixes

• Trust Scoring was changing expired trust scores from “0” to non-zero numbers in select scenarios. This issue has been resolved.

4.21 Release Highlights

Enhancements and Updates

• We now support an access tier scope for API key use so that admins don’t have to use a Refresh Token while installing the Access Tier.

• CSE’s Refresh Token API endpoint now accepts API keys as a form of authentication (in addition to Refresh Tokens). Now, when the Refresh Token endpoint receives an API key, it will return the API key (instead of an Access Token).

• To improve user experience of the application, the Device Trust Verification and Passwordless steps have been differentiated in the process flow.

4.20 Release Highlights

Enhancements and Updates

• Admins can now delete issued Let’s Encrypt certificates from the CSE console
• Performance and stability improvements

4.13 Release Highlights

Generally Available Features

API keys for service accounts:

• Admins can create and manage API keys for programmatic access to the CSE Command Center REST APIs (as an alternative to using a personal refresh token). An API key can be issued with Admin privilege levels - Admin, ServiceAuthor, PolicyAuthor, etc - or at more specific scopes - satellite, access_tier, etc.

Enhancements and Updates

Clone services:

• Admins now have the ability to clone services. Cloned services retain all of the same properties except for the service name and service domain name.

Support for unregistered devices on mobile:

• CSE mobile app users going through the Device Trust Verification flow can now select “Don’t have the CSE App”, which takes them through the unregistered device flow if enabled for their organization.

October-2021 Releases

4.12 Release Highlights

Enhancements and Updates

• Device Trust Verification can now be turned on or off for a whole organization or for individual hosted websites and SaaS applications from the console.

Bug Fixes

• Services that weren’t supposed to be user-facing were appearing in the CSE App.

4.11 Release Highlights

Enhancements and Updates

• The Org Name was added to the toolbar of the CSE console so that customers with multiple instances of CSE can now clearly identify which Org they’re presently logged into.

• The device verification page was updated (the challenge code was removed) to reflect mobile devices’ use of certificates in app keychains.

• Error page designs were updated for consistency.

Bug Fixes

• Service test connection fails when service uses http_connect mode

• Incorrect error message when a device is not MDM-compliant

4.10 Release Highlights

Early Preview Features

Service Tunnel

• Service Tunnel is a modern WireGuard VPN that provides encrypted network connectivity to various network segments, including VPCs, VLANs, and subnets. Service Tunnel supports device trust and continuous evaluation.
• Contact support@sonicwall.com or your Customer Success Engineer to enable this feature in your org.

Enhancements and Updates

• Support for Zero Touch Installation on macOS Big Sur: macOS Big Sur prevents administrators from silently installing CSE certificates through a device manager. CSE now stages the device certificates on the end user’s device, and installation completes when the user launches the app and enters their admin credentials.

• Connector v1.3.0 supports installations via Docker on macOS.

• Users can now convert an existing service to Custom JSON for advanced configurations.

4.0 Release Highlights

Enhancements and Updates

• Added CSE App Version as a column in Devices list view so that administrators can see the version of the CSE app that’s installed on each user’s device.

Component Versions

Client Components	Server Components	Management Components
Desktop App* v4.2.0 (Changelog)	Netagent* v2.10.6 (Changelog)	Shield* v1.57.0 (Changelog)
Mobile App* v2.3.5 (Changelog)	Connector* v2.0.8 (Changelog)

* Not updated since last major release

September-2021 Releases

3.94 Release Highlights

Enhancements and Updates

• Added a confirmation message to setting the threshold for stale Trust Scores.
• Performance and stability improvements.

3.93 Release Highlights

Enhancements & Updates

• Performance and stability improvements.

3.92 Release Highlights

Enhancements & Updates

• Performance and stability improvements.

Bug Fixes

• Service Test Connection fails for all Access Tiers if one Access Tier fails.

3.91 Release Highlights

Generally Available Features

• User-defined Service Bundles

  • With CSE Desktop App v2.3, end users can now create their own service bundles within the app. The bundles will persist across all of the user’s registered devices.

• Service Test Connection (Requires Netagent v1.37.0+)

  • Ensure connectivity for your published CSE services via a simple test connection. The test validates the Service Domain Name routes to a CSE Access Tier and confirms the backend domain or IP is reachable from the Access Tier.

  Note: Currently, service test connection does not support services that use HTTP Connect.

Enhancements & Updates

• Added filters for service types within the Service Catalog

3.90 Release Highlights

Enhancements & Updates

• Restored “Netagent Details” for hosted websites and infrastructure
• Removed enforcement of “Site Domain Names” configuration parameter

Component Versions

Client Components	Server Components	Management Components
Desktop App* v4.2.0 (Changelog)	Netagent v2.10.6 (Changelog)	Shield v1.57.0 (Changelog)
Mobile App* v2.3.5 (Changelog)	Connector* v2.0.8 (Changelog)

* Not updated since last major release

August-2021 Releases

3.83 Release Highlights

Generally Available Features

• Simplified Mobile App Registration
  • With the CSE Mobile App v2.0, end user-initiated registration is now 50% faster, eliminating multiple login and certificate install steps. The streamlined onboarding flow will include four steps within the app before having access to all Hosted Web and SaaS applications.
• Docker container for CSE Access Tier installation
• Device Trust Verification
  • Required to validate device trust for Sandboxed apps and the new CSE Mobile App v2.0.

Enhancements & Updates

• International availability of the CSE Mobile App in the following countries: UK, Ireland, Canada, Germany, Spain, India, Brazil, UAE, Oman, Bahrain, and Finland.

Bug Fixes

• API should not allow deleting roles and registered services that are in enabled state
  • Customers using the API to delete roles or delete services will need to ensure they call the disable role or disable service API first before deletion.

3.82 Release Highlights

Enhancements & Updates

• Ability to automatically remove inactive users
  • Admins can set a threshold (in days) for when an inactive user is removed from the CSE Command Center. The device(s) associated to the user will also be removed.
• Performance and stability improvements

3.81 Release Highlights

Enhancements & Updates

• Devices CSV export includes information about the latest TrustScore factors
• Ability to delete multiple users at once

3.80 Release Highlights

Generally Available Features

• Access Tier monitoring and metrics collection using statsd to send metrics to Datadog via Dogstatsd
• Use Let's Encrypt certificates for hosted websites
  • Organizations can now use CSE to issue Let’s Encrypt certificates for their hosted websites. CSE will manage issuance, renewal, and revocation of the Let’s Encrypt certificates.

Enhancements & Updates

• Ability to delete users from the CSE Command Center

Early Preview

• CSE Mobile App v2.0.0
  • The updated mobile app supports streamlined registration and access flows. See important notices for more details on requirements and impact.
• CSE Connector v1.2.0
  • Initial release of the CSE Connector which creates a secure tunnel to the CSE Global Edge Network. Supports management from UI and CIDR-less configurations.
• Docker container for CSE Access Tier installation

July-2021 Releases

3.74 Release Highlights

Enhancements & Updates

• Updated CORS Exemption fields in standard website service spec to allow specifying target
• Performance and stability improvements

3.73 Release Highlights

Enhancements & Updates

• IDP routed is now listed as a subtype within SaaS applications in the Command Center. When adding a SaaS application, admins will have the choice of CSE Federated or IDP routed.

Bug Fixes

• “Database” services do not show up in services filter

3.72 Release Highlights

Enhancements & Updates

• Added Exemptions and Advanced Settings sections to Standard Website services
  • Organizations can now configure OIDC Exemptions and CORS Exemptions from the Standard Website service spec.
• Performance and stability improvements

3.71 Release Highlights

New Early Preview Features

• Access Tier metrics collection using statsd to send metrics to Datadog via Dogstatsd
• Use Let's Encrypt certificates for hosted websites
  • Organizations can now use CSE to issue Let’s Encrypt certificates for their hosted websites. CSE will manage issuance, renewal, and revocation of the Let’s Encrypt certificates

Enhancements & Updates

• Ability to forward the bnn_trust JWT token as a Custom HTTP header for hosted websites
• New Infrastructure Service subtype of “Database”
  • Previously databases were created as Generic TCP services. Going forward, databases will be carved out into their own infrastructure services subtype allowing for enhanced admin visibility and end user access flows

3.70 Release Highlights

Enhancements & Updates

• CSE Desktop App support for additional keyboard shortcuts
• Simplified Desktop App Registration - End user-initiated registration is now 50% faster, eliminating multiple login and keychain access prompts. The streamlined onboarding flow will include five steps before having access to all Infrastructure, Hosted Web, and SaaS applications.

• Hidden Services Until Login - All CSE services within the app will require an identity provider login before they are visible. Previously, Hosted Web services were always visible and required an identity provider login after launching a service. This experience will be standard across manually registered devices as well as devices registered via Zero Touch mode.

Bug Fixes

• Unable to send Access Tier logs from console

Component Versions

Client Components	Server Components	Management Components
Desktop App v2.2.1(Changelog)	Netagent v1.37.0 (Changelog)	Shield v1.35.0 (Changelog)
Mobile App* v1.10.0 (Changelog)		Command Center v1.66.0

* Not updated since last major release

June-2021 Releases

3.64 Release Highlights

Bug Fixes

• When configuring a custom JSON service, the Link (shown to end users) field did not save.

Upcoming Enhancements to CSE Desktop App Registration and Access Flows

As part of the upcoming CSE Desktop App 2.2 release (expected to release June 30th), we are introducing enhancements to streamline the Desktop App registration and access flows.

• Simplified Registration - End user-initiated registration is now 50% faster, eliminating multiple login and keychain access prompts. The streamlined onboarding flow will include five steps before having access to all Infrastructure, Hosted Web, and SaaS applications.

• Hidden Services Until Login - All CSE services within the app will require an identity provider login before they are visible. Previously, Hosted Web services were always visible and required an identity provider login after launching a service. This experience will be standard across manually registered devices as well as devices registered via Zero Touch mode.

Support Contact Information For questions or concerns, please reach out to your Customer Success Engineer or support@sonicwall.com.

3.63 Release Highlights

Enhancements & Updates

• Improved organization of services in the Command Center for greater visibility and streamlined service creation. Now, services are organized according types and subtypes:
  • Hosted Services
    • Standard Websites
    • Custom Service (JSON)
  • Infrastructure
    • SSH
    • RDP
    • Kubernetes
    • Other TCP
    • Custom Service (JSON)
  • SaaS Applications
  • IDP Routed
• The following features have been promoted from early preview and are now generally available for all tenants:
  • Devices enrolled via Zero Touch installation support CSE’s Passwordless authentication.
  • Identity Federation in OneLogin for Device Policies on SaaS Apps.

Bug Fixes

• On the Users page in the Command Center, sorting users by Last Login date was inconsistent.

3.62 Release Highlights

Enhancements & Updates

• Improved backend domain validation when registering a service. Valid field values are IP address, FQDN, or template syntax.
• Command Center version is now indicated in the UI (top-right question mark icon) instead of the UI version.

3.61 Release Highlights

Enhancements & Updates

• Performance and stability improvements.

3.60 Release Highlights

Enhancements & Updates

• Integrated CSE CLI to run in-terminal commands to connect to CSE services without interacting with the CSE Desktop App.
• Devices enrolled via Zero Touch installation support CSE's Passwordless authentication. (This feature is in early preview and must be explicitly enabled for your organization)
• Added the ability to exclude the Preferred Apps TrustScore Factor based on device ownership type.
• Added guardrails to prevent attaching a TCP policy to a Hosted Website, or attaching a Web policy to a TCP service.

Bug Fixes

• Devices enrolled via Zero Touch installation were unable to favorite services or set services to autorun in the CSE Desktop App.

Component Versions

Client Components	Server Components	Management Components
Desktop App v2.1.0(Changelog)	Netagent v1.36.1 (Changelog)	Shield v1.34.1 (Changelog)
Mobile App* v1.10.0 (Changelog)		Command Center v1.66.0

* Not updated since last major release

May-2021 Releases

3.52 Release Highlights

Enhancements & Updates

• Added validation for Frontend/TLS SNI when creating a service to prevent creation of duplicate services with the same SNI or Frontend domain (and port).

Bug Fixes

• Autorun and “Start All Services” button did not respect the configured port and instead chose a random port.
• Certificate selection pop-up was not suppressed on Windows.

3.51 Release Highlights

Enhancements & Updates

• Performance and stability improvements.

3.50 Release Highlights

Enhancements & Updates

• Added service bundles which allow admins to group any CSE services that are needed for a specific team or project and surface them as a bundle within the CSE Desktop App.
• Revamped the desktop version of the CSE App with expanded viewport, services catalog, service bundles, favorites, and more. For more information on the new app, check out our blog post and refer to What’s New in Desktop App 2.0? to help your end users transition to the new Banyan app.

Component Versions

Client Components	Server Components	Management Components
Desktop App v2.0.1(Changelog)	Netagent v1.36.1 (Changelog)	Shield v1.34.1 (Changelog)
Mobile App* v1.10.0 (Changelog)		Command Center v1.61.1

* Not updated since last major release

April-2021 Releases

3.43 Release Highlights

Enhancements & Updates

• Download .csv of Users list under Directory & Infrastructure in the Command Center.

3.42 Release Highlights

Enhancements & Updates

• Performance and stability improvements.

3.41 Release Highlights

Enhancements & Updates

• Performance and stability improvements.

3.40 Release Highlights

Enhancements & Updates

• When configuring SAML SSO CSE Administrators, the existing IDP Issuer URL field has been renamed to IDP Issuer and now supports URLs and entity IDs.
• Miscellaneous Access event improvements.
• Published troubleshooting guide to help end users work around common errors and issues they may face when using Banyan.

Bug Fixes

• After adding a new local Admin in the Command Center, the New Admin form fields did not clear and reset to empty.

Component Versions

Client Components	Enforcement Components	Management Components
Desktop App v1.14.1 (Changelog)	Netagent v1.35.0 (Changelog)	Shield v1.33.0 (Changelog)
Mobile App* v1.10.0 (Changelog)		Command Center v1.58.0

* Not updated since last major release

March-2021 Releases

3.33 Release Highlights

New Features

• New CSE Reporting page to provide high-level visualizations of data related to your organization, including:
  • Access activity - Total counts and breakdowns of your devices, users, services, policies, roles, and Access Tiers.
  • Access patterns - Most popular services by user, most active users by service, and more.
  • TrustScore intelligence - Path of Zero Trust access from device (operating system) through Trust Level to services.

• Added audit logging for Kubernetes API events.

Enhancements & Updates

• Streamlined setup of Kubernetes OIDC Authentication feature.
  • Customers no longer need to update the certificate in the CSE Service spec after every upgrade of the Helm chart.
  • Reduced number of parameters manually entered in the Helm chart’s values.yaml file.
• Increased size limitations of the service.json to support larger service request bodies.
• Removed GPG Password from Cluster details page.

Bug Fixes

• For organizations that do not allow unregistered devices, the Passwordless fallback flow was not working properly for registered devices where the UPN was not present because it was installed via Zero Touch Desktop App installation and device registration.

3.32 Release Highlights

Enhancements & Updates

• Added a Link (shown to end users) field when configuring a hosted website or infrastructure service. (Only supported on Desktop App v1.13.1+)

Bug Fixes

• The Events Log Viewer did not display user and device details for Access events.

3.31 Release Highlights

Enhancements & Updates

• Performance and stability improvements.

Bug Fixes

• End users received an authorization error when attempting to access services via the CSE App if their organization configured the Device Cert Only authentication feature.

3.30 Release Highlights

Enhancements & Updates

• Wildcard Web Service definitions (such as *.example.com) now support the root domain (example.com).

Component Versions

Client Components	Enforcement Components	Management Components
Desktop App v1.13.1 (Changelog)	Netagent v1.34.1 (Changelog)	Shield v1.32.0 (Changelog)
Mobile App* v1.10.0 (Changelog)		Command Center v1.54.0

* Not updated since last major release

February-2021 Releases

3.24 Release Highlights

Enhancements & Updates

• Added ability to configure a 302 redirect HTTP response for Unregistered Devices.

3.23 Release Highlights

Enhancements & Updates

• Performance and stability improvements.

3.22 Release Highlights

Enhancements & Updates

• Performance and stability improvements.

3.21 Release Highlights

Bug Fixes

• Removed Backend DNS Override for Service Domain Name (optional) from the Custom Service JSON page in Command Center.
• On Windows Devices running banyanproxy in RDP Gateway mode, the CSE Desktop App sent an incompatible connection header.

3.20 Release Highlights

New Features

• Various CSE Desktop App enhancements and updates, such as:
  • Fixes for macOS Big Sur M1 on ARM64 and X64 devices.
  • Session expiration awareness.
    • End users will see an indicator of when their login certificate for banyanproxy is close to expiration or expired.
  • New utility functions for command line when distributing the CSE Desktop App using a device manager.

Enhancements & Updates

• Enhanced Access Activity views for Services, Devices, and Users in the Command Center.

Component Versions

Client Components	Enforcement Components	Management Components
Desktop App v1.12.2 (Changelog)	Netagent v1.33.0 (Changelog)	Shield v1.31.0 (Changelog)
Mobile App* v1.10.0 (Changelog)		Command Center v1.50.0

* Not updated since last major release

January-2021 Releases

3.12 Release Highlights

Enhancements & Updates

• Download .csv of Devices and Unregistered Devices lists under Directory & Infrastructure in the Command Center.
• Support to enable/disable email OTP for mobile device registration.

Bug Fixes

• If an end user registered a device with CSE but did not access any services, the user name did not populate in the Devices lists under Directory & Infrastructure in the Command Center.

3.11 Release Highlights

New Features

• Zero Touch installation and registration of the Desktop App via Device Managers (such as Intune).
  • Introduces the capability to silently install and register the CSE Desktop App for macOS and Windows with zero end-user interaction. Zero Touch mode is particularly useful when the end-user does not have administrative privileges on their device.

Enhancements & Updates

• Reorganized the App Deployment settings page in Command Center to make OTP-based email verification an org-level setting. (Please note: The Mobile App registration will fail for end users who are provided OTP-based email verification due to a temporary Known Issue.)
• Extend validity of Reporting Token to one year, to match the Device Certificate lifetime.
• Improved filtering on the Events Log Viewer.
• Updated the https://getbanyan.app page, so end-users can easily download the latest version of the CSE App.

3.10 Release Highlights

Welcome to our first release of 2021! This release is a small maintenance release, but next week we will roll out a new Desktop App that includes zero touch installation capabilities, along with other enhancements and improvements.

Component Versions

Client Components	Enforcement Components	Management Components
Desktop App v1.11.1 (Changelog	Netagent v1.32.0 (Changelog)	Shield v1.30.0 (Changelog)
Mobile App v1.10.0 (Changelog)		Command Center v1.45.0

* Not updated since last major release

December-2020 Releases

2.63 Release Highlights

Enhancements & Updates

• Filters in the Events Log Viewer support multiple values; for example, you can now search for events corresponding to User-A OR User-B OR User-C.
• Improved Access Tier documentation, with dedicated sections on deployment models and troubleshooting.

Bug Fixes

• Access Tier Site Domain Names were sometimes not reflecting correctly in CSE Command Center.

2.62 Release Highlights

Enhancements & Updates

• Performance and stability improvements.

Bug Fixes

• Added backend validation to disallow invalid characters (such as a slash (/)) in service names.

2.61 Release Highlights

Enhancements & Updates

• Additional filters (Event Severity, Event ID, and External ID) in the Events Log Viewer.
• Command Center Dashboard displays a dedicated tile for Unregistered Devices. (This tile only appears if your organization has Unregistered Devices allowed at the Organization level.)

Bug Fixes

• If an IDP sends a large number (>100) of groups to CSE in the SAML/OIDC assertion, users may see failures when logging in via CSE Desktop App.

2.60 Release Highlights

New Features

• Support for OneLogin as an IDP Routed Service. (This feature is in early preview and will be enhanced with future releases.)
  • Allows OneLogin customers to enable device trust for SaaS applications.

Enhancements & Updates

• Various enhancements for CSE Apps (Desktop App v.1.10.0 and Mobile App v.1.9.0).
• Updated TCP Service templates (SSH, RDP, Kubernetes, and Generic TCP) to allow Hostnames and CIDR ranges.
• Select multiple Access Tiers for a single service.
• Filter Devices by TrustScore in Command Center.

Bug Fixes

• Attempting to view or edit existing services in the Command Center only loaded a blank page.

Component Versions

Client Components	Enforcement Components	Management Components
Desktop App v1.10.1 (macOS, Windows, Linux-Ubuntu, Linux-RPM)	Netagent v1.31.0 (Changelog)	Shield v1.29.0 (Changelog)
Mobile App v1.9.0 (iOS, Android)		Command Center v1.41.0

* Not updated since last major release

November-2020 Releases

2.54 Release Highlights

• Improved tracking and management of Unregistered Devices in the Command Center.

2.53 Release Highlights

• Initial release of CSE’s Just-In-Time SSH User (JITSU) provisioning and auditing script to streamline Advanced SSH capabilities.
• Performance and stability improvements.

2.52 Release Highlights

• Unknown Devices are now referred to as Unregistered Devices throughout CSE. Devices in CSE are classified as:
  • Managed – Device is administered by a Device Manager (such as VMware Workspace ONE UEM, Jamf Pro, Microsoft Intune, etc.)
  • Registered – Device has a Trusted Device Certificate in its keychain/certificate manager; the Device Certificate can be placed in the keychain/certificate manager either by the Device Manager or by the CSE App.
  • Unregistered – Device does not have a Trusted Device Certificate in its keychain/certificate manager
• Performance and stability improvements.

2.51 Release Highlights

• Updated TrustScore logic so that the range for High Trust Level changed from 81-99 to 81-100 and AlwaysAllow changed from 100 to 101.
• Added ability to configure SAML attribute mapping and ability to persist Name ID for SAML SaaS applications.
• Improved Dashboard data quality.
• Deprecated the Legacy Events page in the Command Center along with Legacy Events API, which has been replaced by the new Events API.

2.50 Release Highlights

• One-click access for Kubernetes Services.
  • Introduced a new TCP Service Type of “Kubernetes” for secure access to Kubernetes API via kubectl. Includes support for just-in-time user provisioning and integration with native K8S RBAC. No updates to kubectl client or Kubernetes API required.
• Enhanced support RDP Servers.
  • Leverage RDP clients' RD Gateway support to provide access to a collection of RDP Servers.
• Added ability to exempt specific Source IPs from Policies for OIDC Web Services

Component Versions

Client Components	Enforcement Components	Management Components
Desktop App* v1.9.0 (macOS, Windows, Linux)	Netagent* v1.30.0 (Changelog)	Shield* v1.28.0 (Changelog)
Mobile App* v1.8.0 (iOS, Android)		Command Center v1.38.0

* Not updated since last release

October-2020 Releases

2.43 Release Highlights

• List all Users and Devices by Role in the Command Center.
• Performance and stability improvements.

2.42 Release Highlights

• Updated Users and Devices list views to support pagination.
• Minor Desktop App release for bug fixes and stability.

2.40 Release Highlights

• Administrators can customize TrustScore remediation instructions and links displayed to end users in the Desktop App. These instructions can be customized for each TrustScore factor and are specific to the device's operating system.
• Improvements to SSH service connectivity, including the ability to access collections of SSH servers by IP address via HTTP_CONNECT mode in Netagent. (This feature requires Desktop App v1.8.0+).
• Initial release of Device Trust Verification capability to support native "sandboxed" apps. "Sandboxed" apps are iOS/Android/MacOS/Windows apps that use WebViews for authentication that are unable to access the CSE Device Cert placed in the device cert store or keychain. Also introduced a Device Trust Verification tab in the CSE Desktop and Mobile Apps to enter the device Trust Code to verify the device. (This feature is in early preview and must be explicitly enabled for your organization.)
• Updated Role details and Policy details pages.

Component Versions

Client Components	Enforcement Components	Management Components
Desktop App* v1.8.2 (macOS, Windows, Linux)	Netagent* v1.29.1 (Changelog)	Shield* v1.28.0 (Changelog)
Mobile App* v1.8.0 (iOS, Android)		Command Center v1.33.0

* Not updated since last release

September-2020 Releases

2.34 Release Highlights

• Content and stability enhancements to the new Events API.

2.33 Release Highlights

• Automatically remove terminated agents from Command Center views after 48 hours of inactivity.

2.32 Release Highlights

• Updated Command Center landing page
• Initial release of new Events API and UI. The current Events API will be deprecated later this year.

2.31 Release Highlights

• Added ability to remove terminated agents from the Command Center

2.30 Release Highlights

• Preferred Apps for Device Trust Scoring now supports regex pattern matching for apps having process names that are variable or change regularly.
• Enriched information collected about a Netagent when generating a one-click support bundle.
• Ability to create allow list of backends and ports (including CIDR ranges) when configuring services.
• (Bugfix) Previously, when configuring CORS, the target parameter only supported a wildcard (*). Now, the target parameter supports actual domains.

Component Versions

Client Components	Enforcement Components	Management Components
Desktop App v1.7.1 (macOS, Windows, Linux)	Netagent v1.28.0 (Changelog)	Shield v1.27.0 (Changelog)
Mobile App* v1.6.0 (iOS, Android)		Command Center v1.29.0

* Not updated since last release

August-2020 Releases

2.23 Release Highlights

• (Bugfix) Certain end user facing "reporting" APIs were incorrectly applying Policy calculations.

2.22 Release Highlights

• Revamped CSE Mobile Apps (iOS and Android) for performance and stability improvements.

2.20 Release Highlights

• Simplified configurations for TCP Services - admins can preconfigure all end user parameters and optionally allow end users to override those.
• Added HTTP_CONNECT mode to Netagent and a corresponding HTTP_CONNECT_DAISY_CHAIN mode in the Desktop App banyanproxy. When enabled, the banyanproxy forwards the client's HTTP CONNECT request to Netagent, and Netagent forwards the request to the configured destination.
• Issue short-lived SSH certificates for certificated-based authentication and authorization to SSH servers. (This feature is in early preview and must be explicitly enabled for your organization).
• Initial release of Application Catalog, which features guides to configure access to common enterprise applications for Zero Trust security using CSE.
• Added ability to delete Device Registration in the Command Center.
• Added ability to manage cryptographic tokens and certificates, such as your organization's Root CA, in the Command Center.
• Pagination for User and Device APIs.
• When configuring SaaS Applications, you can specify nameid format for SAML applications.
• (Bugfix) Email address response to SAML providers was formatted as a transient nameid.

Component Versions

Client Components	Enforcement Components	Management Components
Desktop App* v1.6.0 (macOS, Windows, Linux)	Netagent* v1.27.1 (Changelog)	Shield* v1.26.1 (Changelog)
Mobile App v1.6.0 (iOS, Android)		Command Center v1.23.1

* Not updated since last release

July-2020 Releases

2.16 Release Highlights

• Added configuration options for deploying Desktop App via Device Managers.
• For devices managed by Workspace ONE UEM, device TrustScore calculation accounts for Workspace ONE UEM factors.
• Command Center displays the CSE App version installed on a device in the Device Details view.
• (Bugfix) Admins could create a single role or policy multiple times with different letter casings.

Component Versions

Client Components	Enforcement Components	Management Components
Desktop App v1.5.2 (macOS, Windows, Linux)	Netagent v1.25.1* (Changelog)	Shield v1.23.1* (Changelog)
Mobile App* (iOS v.1.4.0, Android v.1.3.1)		Command Center v1.18.0

* Not updated since last release

June-2020 Releases

2.15 Release Highlights

• Extended service spec to handle Cross-Origin Resource Sharing (CORS) traffic to CSE-protected web services.
• Updated Identity Provider configuration fields to consistently use new OIDC V2 endpoints. (If you have previously configured Passwordless Authentication with Okta, please review the steps to migrate from OICD V1 endpoints to OIDC V2 endpoints here.)
• Added new Roles to apply policies based on the device’s operating system and whether it is managed by a device manager.
• Added capability for an Admin to de-register and delete a Device from the Command Center.
• Updated Settings > TrustProvider Settings > Device Manager page for added granularity when updating Workspace ONE UEM API configuration and device certificates.
• (Bugfix) Admins could create a single service multiple times with different letter casings.

2.14 Release Highlights

• Added configuration options for deploying Desktop App via Device Managers. Admins can customize specific CSE Desktop App functionality such as device registration, startup behavior, visible views, and more.
• Added Settings > Desktop & Mobile > App Deployment page, which includes download links for the latest CSE Desktop and Mobile Apps, the Organization Invite Code, and Device Manager Deployment Settings.
• Performance and stability improvements.

Component Versions

Client Components	Enforcement Components	Management Components
Desktop App v1.5.1 (macOS, Windows, Linux)	Netagent v1.23.0* (Changelog)	Shield v1.21.0* (Changelog)
Mobile App* (iOS v.1.4.0, Android v.1.3.1)		Command Center v1.16.0

* Not updated since last release

May-2020 Releases

2.13 Release Highlights

• Initial release of CSE Zero Trust security policies for SaaS Applications.
• Added capability to send a "Support Bundle" of Netagent logs to the CSE customer success team via a button click in the Command Center, streamlining support and troubleshooting processes.
• Passwordless Authentication no longer always blocks unregistered devices. Now, if an organization configured for Passwordless permits access from unregistered devices, a user on an Unregistered Devices will skip the Passwordless flow and instead receive a prompt to enter IdP credentials.
• Published Users & Devices APIs.
• Shield logs are now displayed in the CSE Command Center.

2.12 Release Highlights

• Added capabilities to enable large-scale fleet deployments using Device Managers.
• Desktop App - Added features to improve the authentication experience and to support developer workflows.
• Updated Access Tier CloudFormation deployment template to support traffic redirection from Port 80 (HTTP) to Port 443 (HTTPS).
• (Bugfix) Inconsistent Device TrustScore enforcement in certain situations.
• (Bugfix) Users on Unregistered Devices were not being tracked correctly in the Command Center.
• (Bugfix) Netagent - Cookie logic fix for WebSockets and Multi-domain Services.

Component Versions

Client Components	Enforcement Components	Management Components
Desktop App v1.5.0 (macOS, Windows, Linux)	Netagent v1.22.0 (Changelog)	Shield v1.19.0* (Changelog)
Mobile App* (iOS v.1.4.0, Android v.1.3.1)		Command Center v1.14.0

* Not updated since last release

Apr-2020 Releases

2.11 Release Highlights

• Host Agents and Access Tiers display their current status in the list and overview pages. The status for an Access Tier is the "best" (Reporting, Inactive, or Terminated) status of any of its aggregated Netagents.
• Added IDP Routed tab to the Manage Services page to distinguish SaaS Applications secured via Identity Federation.
• Netagent - Added a configuration option to redirect traffic from Port 80 (HTTP) to Port 443 (HTTPS).
• Changed Transactional Email provider from GoogleCloud to SendGrid. (Please check your spam filters in case CSE system emails are automatically filtering as spam)
• (Bugfix) Aggregation of User/Device/Role was being done inconsistently.

2.10 Release Highlights

• CSE App - Desktop App can be installed on devices running the Ubuntu Linux operating system.
• Service configuration details are now reported from Netagent and displayed in the CSE Command Center.
• Wildcard service definitions (*.example.com) have been extended to cover WEB services (wildcards previously only worked for TCP services).
• Netagent - When OpenID Connect is enabled for a Service, you can now exempt specific paths from the OIDC Authentication requirement.

Component Versions

Client Components	Enforcement Components	Management Components
Desktop App v1.4.1 (macOS, Windows, Linux)	Netagent v1.20.0 (Changelog)	Shield v1.16.0* (Changelog)
Mobile App* (iOS v.1.4.0, Android v.1.3.1)		Command Center v1.12.0

* Not updated since last release

Mar-2020 Releases

2.9 Release Highlights

• Desktop App - Enhanced user experience, with specific focus on Developer workflows.
• Command Center - Added OpenID Connect Discovery endpoint to Settings > OIDC Settings.
• Published new enhanced V2 OpenID Connect (OIDC) endpoints, used in federated authentication flows. (Existing V1 endpoints used for Passwordless Authentication have been deprecated and will be removed in a future release.)
• (Bugfix) Netagent - A race condition at the token validation stage was causing sporadic hangings of connections to applications.
• (Bugfix) User Roles based on Device Claims were not computing correctly.

2.8 Release Highlights

• More consistent real-time policy enforcement via Trust Scoring.
• Command Center - Organizations enabled with Single Sign-On can conveniently view types of Admins via the Manage Admins page.
• Command Center - Added Hosts list and overview (Directory & Infrastructure > Hosts) to display and easily manage all hosts across clusters.
• (Bugfix) Command Center - When creating services, removed the IDP-First option if an organization's Identity Provider was not Okta. (CSE currently only supports Okta for Identity Federation for Device Policies on SaaS Apps.)

Component Versions

Client Components	Enforcement Components	Management Components
Desktop App v1.3.0 (macOS, Windows)	Netagent v1.18.0 (Changelog)	Shield v1.16.0 (Changelog)
Mobile App (iOS v.1.4.0, Android v.1.3.1)		Command Center v1.10.0

Feb-2020 Releases

2.7 Release Highlights

• Added OCSP capability for device certificate revocation and the ability to ban and unban devices
• Events API surfaces new Identity event types (OCSP, MDM, IDP) during authentication flow
• Organizations can now have multiple Owners
• New restrictions on SAML-Only administrators
• Command Center - Streamline Infrastructure (Cluster, Access Tier, Host Agent) views
• Desktop App - Added auto-update capability so end users are automatically notified of new versions and can update with a button click
• (Bugfix) Desktop App - Fixed ‘Delete Device Registration’ error, banyanproxy now placed in PATH consistently
• (Bugfix) Mobile App - Fixed “Invalid Token” error - notifications to inactive Mobile App is now sent based on the TrustScore TTL instead of every 24 hours

Component Versions

Client Components	Enforcement Components	Management Components
Desktop App v1.3 (macOS), Windows	Netagent v1.17.0 (changelog)	Shield v1.15.0 (changelog)
Mobile App v1.3 (iOS, Android)		Command Center v1.9

Jan-2020 Releases

2.6 Release Highlights

• Added support for OpenID Connect (OIDC) Discovery endpoint
• Desktop App displays list of available Services and supports multi-org registration
• Improved Services templates in Console UI
• Added Role attribute “Device Registration” to configure roles for Known and Unregistered Devices
• Disabled token generation and password-setting for SSO Admin accounts that use SAML

Component Versions

Client Components	Enforcement Components
Desktop App v1.2.1	Netagent v1.15.1

Release Notes From Previous Years

Release Notes Archive - 2019

Dec-2019 Releases

2.3 Release Highlights

• Initial release of Mobile App for Android
• Enhance OIDC capabilities used by Policies for SaaS Apps

Component Versions

Client Components	Enforcement Components
Desktop App v1.0.11	Netagent v1.13.0
Mobile App (Android) v1.2

Nov-2019 Releases

2.1 Release Highlights

• Policy enforcement for SaaS Applications
• Desktop App redesigned, leveraging the browser for authentication flows
• Initial release of Mobile App for iOS

Component Versions

Client Components	Enforcement Components
Desktop App v1.0.6	Netagent v1.11.0
Mobile App (iOS) v1.2

Oct-2019 Releases

1.9 Release Highlights

• Passwordless authentication using device certs (read our blog post for details)
• Netagent "BadActor" module for DoS prevention

Component Versions

Client Components	Enforcement Components
Desktop App v0.3.7	Netagent v1.9.0

Sep-2019 Release

1.7 Release Highlights

• Trust Scoring capabilities enhanced to cover LatestOS and OrgPreferredApps
• Netagents proxies WebSocket connections
• Initial release of Desktop App

Component Versions:

Client Components	Enforcement Components
Desktop App v0.3.5	Netagent v1.7.0

Aug-2019 Release

1.5 Release Highlights

• GA versions of all components!

Component Versions

Client Components	Enforcement Components
	Netagent v1.5.0

Desktop App

March 27th 2026

v4.1.0

• New app-generated sessions for multi-user Service Tunnels.

• Event hooks for post-connection scripts on Windows.

• Fix Service Tunnel Active Connection was reporting inconsistently.

• Download:

  • macOS-Intel
  • macOS-ARM
  • Windows
  • Linux-Deb
  • Linux-RPM

---

March 5th 2026

v.4.0.1

• Cloud Secure Edge support for MacOS 26.3.1: The CSE App must be upgraded to v4.0.1 before upgrading to MacOS 26.3.1.

• Download:

  • macOS-Intel
  • macOS-ARM
  • Windows
  • Linux-Deb
  • Linux-RPM

---

February 19th 2026

v.4.0.0

• Desktop app re-brand: App executable names, package names, service names, and directory names are now SonicWall Cloud Secure Edge branded.

• Fix Application Check Trust Factor not updating in real time.

• Download:

  • macOS-Intel
  • macOS-ARM
  • Windows
  • Linux-Deb
  • Linux-RPM

---

January 16th 2026

v3.28.1

• Fix Auto-Update Trust Factor was failing.

• Fix Multiple PowerShells were running indefinitely.

• Fix After zero-touch deployments, tunnels were not auto-connecting.

• Download:

  • macOS-Intel
  • macOS-ARM
  • Windows
  • Linux-Deb
  • Linux-RPM

---

November 11th 2025

v3.28.0

• New ARM Architecture support on CSE desktop app: Desktop app now supports ARM architecture on macOS and Windows devices.

• Fix Service Tunnel was failing to connect over TCP.

• Fix Firewall Trust Factor erroneously reporting a Low Trust Level.

• Fix Mandarin characters were displayed in the app after upgrading to v3.26.0.

• Fix Service Tunnel exclude public domains function was not working on Windows devices.

• Download:

  • macOS-Intel
  • macOS-ARM
  • Windows
  • Linux-Deb
  • Linux-RPM

---

August 21st 2025

v3.27.2

• Fix Shared access on ethernet adaptors was not starting automatically.

• Download:

  • macOS-Intel
  • macOS-ARM
  • Windows
  • Linux-Deb
  • Linux-RPM

---

July 15th 2025

v3.27.1

• Fix CSE app couldn’t identify devices via Serial Number.

• Fix Symlinks for login were returning device trust verification errors on select versions of Windows devices.

• Fix Select Trust Factors were failing on app first startup until refreshed.

• Download:

  • macOS-Intel
  • macOS-ARM
  • Windows
  • Linux-Deb
  • Linux-RPM

---

May 14th 2025

v3.26.0

• Performance enhancements.

• Download:

  • macOS-Intel
  • macOS-ARM
  • Windows
  • Linux-Deb
  • Linux-RPM

---

April 29th 2025

v3.25.1

• Hotfix With ITP enabled, Service Tunnel was delaying connecting and disconnecting to configured domains.

• New Enable Auto Login toggle on the app; when enabled, this feature automatically re-authenticates user sessions on app start up; Available on macOS and Windows devices.

• Download:

  • macOS-Intel
  • macOS-ARM
  • Windows
  • Linux-Deb
  • Linux-RPM

---

April 9th 2025

v3.25.0

• App start-up automatically initiates login flow once session expires

• Fix After re-authenticating in the CSE app, infra services are sometimes binding to random ports even when the specified listening port is available.

• Download:

  • macOS-Intel
  • macOS-ARM
  • Windows
  • Linux-Deb
  • Linux-RPM

---

March 12th 2025

v3.24.0

• New Enable Continuous Ping toggle to keeps sessions alive and prevent connections from dropping.

• New Enable Service Tunnel over TCP toggle for end users who require internet access temporarily on restrictive networks; this toggle is for Private Edge traffic only.

• Download:

  • macOS-Intel
  • macOS-ARM
  • Windows
  • Linux-Deb
  • Linux-RPM

---

February 27th 2025

v3.23.1

• Fix Certificate install was failing on macOS versions 15+ in new orgs.

• Fix Admins were unable to connect to Captive Portal or pay-walled networks when using ITP.

• Fix Admins were receiving an error when connecting to Service Tunnels designated as Trusted Networks.

• Fix Admins were experiencing delayed updates when toggling ITP on or off on macOS versions of the desktop app; ITP updates are now reflected within 15 minutes.

• Download:

  • macOS-Intel
  • macOS-ARM
  • Windows
  • Linux-Deb
  • Linux-RPM

---

February 12th 2025

v3.23.0

• Performance enhancements.

• Download:

  • macOS-Intel
  • macOS-ARM
  • Windows
  • Linux-Deb
  • Linux-RPM

---

December 6th 2024

v3.22.2

• New Fedora 40 support

• Download:

  • macOS-Intel
  • macOS-ARM
  • Windows
  • Linux-Deb
  • Linux-RPM

---

November 7th 2024

v3.22.1

• Fix In some cases, end users running desktop app versions 3.21+ were unable to log in while connected to non-CSE VPNs.

• Download:

  • macOS-Intel
  • macOS-ARM
  • Windows
  • Linux-Deb
  • Linux-RPM

---

October 9th 2024

v3.22.0

• Support for macOS Sequoia.

• Download:

  • macOS-Intel
  • macOS-ARM
  • Windows
  • Linux-Deb
  • Linux-RPM

---

August 21st 2024

v3.21.2

• Hotfix Internet connectivity issues encountered when devices were waking from sleep.

• Download:

  • macOS-Intel
  • macOS-ARM
  • Windows
  • Linux-Deb
  • Linux-RPM

---

August 14th 2024

v3.21.0

• Fix End users were being prompted twice for credentials during login.

• Download:

  • macOS-Intel
  • macOS-ARM
  • Windows
  • Linux-Deb
  • Linux-RPM

---

July 10th 2024

v3.20.0

• Fix Serial number casing changed, which made the app unable to recognize registered devices.

• Fix The app was facing technical issues calculating Trust Score directly after a device awakened from sleep.

• Download:

  • macOS-Intel
  • macOS-ARM
  • Windows
  • Linux-Deb
  • Linux-RPM

---

May 22nd 2024

v3.18.1

• Hotfix Search Domains: Domain names and FQDNs are now case insensitive.

• Download:

  • macOS-Intel
  • macOS-ARM
  • Windows
  • Linux-Deb
  • Linux-RPM

May 8th 2024

v3.18.0

• Trusted Networks support.

• RDP file properties support.

• Download:

  • macOS-Intel
  • macOS-ARM
  • Windows
  • Linux-Deb
  • Linux-RPM

---

April 10th 2024

v3.17.0

• Performance enhancements.

• Download:

  • macOS-Intel
  • macOS-ARM
  • Windows
  • Linux-Deb
  • Linux-RPM

---

March 18th 2024

v3.16.0

• Support for URL filtering

• New Internet access issue after the app showed the following error "Internet Threat Protection could not be configured; port 53 in use".

• Previous versions of the app (3.8.2 and older) were able to handle registrations for machines that did not have a serial number by creating a serial number. This functionality was restored.

• Download:

  • macOS-Intel
  • macOS-ARM
  • Windows
  • Linux-Deb
  • Linux-RPM

---

February 15th 2024

v3.15.0

• Support for Oracle Linux in OS Version Trust Factor.

• Download:

  • macOS-Intel
  • macOS-ARM
  • Windows
  • Linux-Deb
  • Linux-RPM

---

January 17th 2024

v3.14.0

• New Auto re-enablement of ITP after one hour of being disabled.

• New Device-side DNS resolution now defaults to resolving over TLS, which is encrypted.

• Download:

  • macOS-Intel
  • macOS-ARM
  • Windows
  • Linux-Deb
  • Linux-RPM

---

December 13th 2023

v3.13.0

• New CSE’s desktop app now updates (instead of regenerates) the kube config file when end users connect to a Kubernetes service, retaining previous configuration used by kubectl.

• Download:

  • macOS-Intel
  • macOS-ARM
  • Windows
  • Linux-Deb
  • Linux-RPM

---

November 15th 2023

v3.12.3

• Fix The admin-server did not have access to the http proxy on the user context for the desktop app. The app now supports HTTP proxy setting consistently across app components (including the admin server).

• Download:

  • macOS-Intel
  • macOS-ARM
  • Windows
  • Linux-Deb
  • Linux-RPM

November 8th 2023

v3.12.2

• Fix Desktop app no longer enforces automatic retry for sending features and TrustScoring.

• Download:

  • macOS-Intel
  • macOS-ARM
  • Windows
  • Linux-Deb
  • Linux-RPM

---

October 11th 2023

v3.12.1

• Fix Refreshed TrustScoring on reawakening devices

• Download:

  • macOS-Intel
  • macOS-ARM
  • Windows
  • Linux-Deb
  • Linux-RPM

---

September 20th 2023

v3.12.0

• New Trust Level updates when users switch orgs via the desktop app.

• New ITP and TrustScoring now function via the Admin Service alone (independently of the desktop app); therefore, the desktop doesn't need to be running in order for these functionalities to work.

• New Chrome Version Trust Factor in early preview.

• Fix End users were receiving a 'Could not fetch devices' error when switching networks on the desktop app.

• Download:

  • macOS-Intel
  • macOS-ARM
  • Windows
  • Linux-Deb
  • Linux-RPM

---

August 10th 2023

v3.11.0

• New Session expiration timer in app.

• Download:

  • macOS-Intel
  • macOS-ARM
  • Windows
  • Linux-Deb
  • Linux-RPM

---

July 12th 2023

v3.10.0

• Fix Enabling ITP was misrouting DNS in Ubuntu.

• Download:

  • macOS-Intel
  • macOS-ARM
  • Windows
  • Linux-Deb
  • Linux-RPM

---

June 14 2023

v3.9.0

• Fix The CSE client will use the host DNS server for any DNS requests until captive portal authentication is complete and internet access is available.

• Download:

  • macOS-Intel
  • macOS-ARM
  • Windows
  • Linux-Deb
  • Linux-RPM

---

May 25th 2023

v3.8.5

• Fix Launching the desktop app (from the Windows start menu) when the app was already running was causing the tunnel to disconnect.

• Download:

  • macOS-Intel
  • macOS-ARM
  • Windows
  • Linux-Deb
  • Linux-RPM

May 10th 2023

v3.8.4

• New OS version and Bios serial number update on app start up.

• Download:

  • macOS-Intel
  • macOS-ARM
  • Windows
  • Linux-Deb
  • Linux-RPM

---

April 12th 2023

v3.8.3

• Fix CSE app has migrated commands to PowerShell; the app no longer uses wmic commands.

• Fix When users connected to Service Tunnel on Windows devices, the IP address without mask defaulted to /8.

• Download:

  • macOS-Intel
  • macOS-ARM
  • Windows
  • Linux-Deb
  • Linux-RPM

---

March 23 2023

v3.8.2

• Performance improvements for cases in which there are large numbers of public domains in a Service Tunnel.

• Download:

  • macOS-Intel
  • macOS-ARM
  • Windows
  • Linux-Deb
  • Linux-RPM

March 8th 2023

v3.8.1

• New Registry Key Trust Factor for Windows devices.

• New Admin-enabled Autorun setting in the Command Center.

• New Internet Threat Protection (ITP) policies and functionality.

• Download:

  • macOS-Intel
  • macOS-ARM
  • Windows
  • Linux-Deb
  • Linux-RPM

---

February 8th 2023

v3.7.1

• Fix Preinstalled Firefox Extension (without the core browser) was failing device registration

• Fix MDM parameters were not working as expected for Linux devices

• Fix Registered 10ZiG devices were showing up as a single device in the Command Center

• Download:

  • macOS-Intel
  • macOS-ARM
  • Windows
  • Linux-Deb
  • Linux-RPM

---

January 11th 2023

v3.7.0

• New Property List Check Trust Factor

• Download:

  • macOS-Intel
  • macOS-ARM
  • Windows
  • Linux-Deb
  • Linux-RPM

---

December 21st 2022

v3.6.1

• the WireGuard Service now only listens on Port 53 (default port) when Service Tunnel for public domains is enabled.

• Download:

  • macOS-Intel
  • macOS-ARM
  • Windows
  • Linux-Deb
  • Linux-RPM

December 13th 2022

v3.6.0

• New Internationalization of CSE Trust Factors.

• New CSE App Version and File Check Trust Factors.

• Download:

  • macOS-Intel
  • macOS-ARM
  • Windows
  • Linux-Deb
  • Linux-RPM

---

November 9th 2022

v3.5.0

• New Internationalization of registration on Windows devices.

• Enhanced WireGuard performance on Windows devices.

• Fix Firewall Trust Level Factor now supports Group Policy settings for Windows devices.

• Download:

  • macOS-Intel
  • macOS-ARM
  • Windows
  • Linux-Deb
  • Linux-RPM

---

October 13th 2022

v3.4.0

• New Trust Levels are replacing numerical Trust Scores in CSE's new Granular Trust Scoring model.

• Lengthened Service Tunnel startup probe timeout.

• New Help button that redirects end users to an internal ticketing system for any assistance.

• Fix WireGuard interface now sets the correct MTU size of 1380, allowing Service Tunnel traffic to pass through faster.

• Download:

  • macOS-Intel
  • macOS-ARM
  • Windows
  • Linux-Deb
  • Linux-RPM

---

September 14th 2022

v3.3.0

• New App logs can be sent directly to CSE Support from the Health Check page.

• New App session expiry icon.

• New Service Tunnel quick connect option from the CSE app icon in the menu bar.

• New macOS ARM build (in Early Preview).

• Download:

  • macOS-Intel
  • macOS-ARM
  • Windows
  • Linux-Deb
  • Linux-RPM

---

July 28th 2022

v3.2.0

• Fix Auto-Update TrustScore factor was shown as disabled when using JAMF config profile.

• Fix Device registration failed for Mac users when the device hostname was missing.

• Enhanced Service Tunnel validation on connecting; an error now appears if the validation fails.

• New Run Diagnostic Tool now collects Service Tunnel related logs and data.

• The support link has been removed from the desktop app.

• Download:

  • macOS-Intel
  • Windows
  • Linux-Deb
  • Linux-RPM

---

June 30th 2022

v3.1.0

• Enhanced support for Zero-Touch Installation

• Download:

  • macOS-Intel
  • Windows
  • Linux-Deb
  • Linux-RPM

June 23rd 2022

v3.0.2

• Fix Device Trust Verification issues on Linux devices have been resolved.

• Download:

  • Linux-Deb
  • Linux-RPM

June 16th 2022

v3.0.1 (Windows)

• Fix Service Tunnel issues on Windows devices have been resolved.

• Download:

  • Windows

June 2nd 2022

v3.0.0

• New Admin Service: The desktop app now has an administrative component, for any actions within the app that require admin privileges.

• Enhanced logging, with admin logs.

• New Home tab: A single location for accessing Service Tunnels, Recently Accessed Services, and Active Connections.

• New Enhanced Search: End users can easily search their services catalog without having to re-open the desktop app.

• New Service Tunnel interface with an Autorun option, so that Service Tunnel connects when an end user logs into the desktop app.

• Download:

  • macOS-Intel
  • Windows
  • Linux-Deb
  • Linux-RPM

---

February 24th, 2022

v2.6.0

• Full support for Fedora (34 and later) in CSE's desktop app.

• Download:

  • macOS-Intel
  • macOS-ARM
  • Windows
  • Linux-Deb
  • Linux-RPM

---

January 27th, 2022

v2.5.1

• New Expiration notification when a user’s login token is 2 hours away from expiring. The expiration notification time is configurable.

• Download:

  • macOS-Intel
  • macOS-ARM
  • Windows
  • Linux-Deb
  • Linux-RPM

---

December 9th, 2021

v2.5.0

• New Run Diagnostic Tool.

• New Support for specifying users in ZeroTouch registration.

• Enhanced app logs.

• New Keychain explainer prompt to notify macOS users that CSE needs access to their keychains.

• Download:

  • macOS-Intel
  • macOS-ARM
  • Windows
  • Linux-Deb
  • Linux-RPM

---

October 14th 2021

v2.4.0

• New The CSE Service Tunnel feature is now available in Early Preview.

• Download:

  • macOS-Intel
  • macOS-ARM
  • Windows
  • Linux-Deb
  • Linux-RPM

---

September 8th 2021

v2.3.0

• User defined Service Bundles

• Added filters for service types within the service catalog.

• Download:

  • macOS-Intel
  • macOS-ARM
  • Windows
  • Linux-Deb
  • Linux-RPM

---

July 2nd 2021

v2.2.1

• Fix CMD+W shortcut was not usable with other applications when CSE App running.

• Download:

  • macOS-Intel
  • macOS-ARM
  • Windows
  • Linux-Deb
  • Linux-RPM

July 1st 2021

v2.2.0

• Simplified Desktop App Registration

• Viewing Hosted Web Services will require an identity provider login

• Additional keyboard shortcuts

• Performance and stability improvements

• Download:

  • macOS-Intel
  • macOS-ARM
  • Windows
  • Linux-Deb
  • Linux-RPM

---

May 26th 2021

v2.1.0

• Integrated CSE CLI to run in-terminal commands to connect to CSE services without interacting with the CSE Desktop App. *(This feature is in early preview.

• Devices enrolled via Zero Touch installation support CSE's Passwordless authentication. (This feature is in early preview and must be explicitly enabled for your organization)

• (Bug fix) Devices enrolled via Zero Touch installation were unable to favorite services or set services to autorun.

• Download:

  • macOS-Intel
  • macOS-ARM
  • Windows
  • Linux-Deb
  • Linux-RPM

May 19th 2021

v2.0.1

• Fix Autorun did not respect the configured port and instead chose a random port.

• Fix The status of a service did not update properly until the app was refreshed.

• Fix Certificate selection pop-up was not suppressed on Windows.

• Download:

  • macOS-Intel
  • macOS-ARM
  • Windows
  • Linux-Deb
  • Linux-RPM

---

April 28th 2021

v2.0.0

• Desktop app re-design:

  • Enlarged app to display more details throughout. You can manually resize the frame as well as expand it to fullscreen.
  • Services have been organized into sections: My Services and Service Catalog.
    • In the My Services section, you can view Favorites (commonly accessed services) and Autorun (services that start when the Desktop App launches) for quick access.
    • The Service Bundles section includes sets of services configured by CSE Admins for similar services or projects. They help browsing and for bulk connecting to several services simultaneously.
  • The Services Catalog organizes all of your services according to their type (Hosted Websites, Infrastructure, SaaS Applications).
  • Search for specific services, sort columns alphanumerically, and refresh the lists for any latest changes
  • Previously, you had to click into a service in order to launch it. Now, you can launch and connect to a service from the service list view.
    • The Settings have been organized into sections according to Desktop App settings and preference, then quick links to helpful resources (documentation, app log, and privacy policy).

• Quicker refresh of Trust Score when checking device posture.

• (Bug fix) If an organization had multiple devices having serial numbers as "Default string" (literal value) rather than an actual serial number, then the devices appeared in the Command Center as a single device with multiple users.

• (Bug fix) The one-time passcode exclusion feature was not working for policies configured for individual roles and only worked for policies configured with the ANY roles option.

• Download:

  • macOS-Intel
  • macOS-ARM
  • Windows
  • Linux-Deb
  • Linux-RPM

April 8th 2021

v1.14.1

• (Bug fix) Fixes related to wildcard TCP services.

• Download:

  • macOS-Intel
  • macOS-ARM
  • Windows
  • Linux-Deb
  • Linux-RPM

April 7th 2021

v1.14.0

• When tunneling to a collection of TCP services with the Domains to Proxy feature, the banyanproxy did not properly start.

• Download:

  • macOS-Intel
  • macOS-ARM
  • Windows
  • Linux-Deb
  • Linux-RPM

---

March 15th 2021

v1.13.1

• Service descriptions now support clickable links.

• Download:

  • macOS-Intel
  • macOS-ARM
  • Windows
  • Linux-Deb
  • Linux-RPM

March 4th 2021

v1.13.0

• Device certificate auto-renewal (Not supported for devices registered via Zero Touch Deployment).

• (Bug Fix) Token size limit reached due to having a large group claims.

• Download:

  • macOS-Intel
  • macOS-ARM
  • Windows
  • Linux-Deb
  • Linux-RPM

---

February 12th 2021

v1.12.2

• (Bug fix) Trust Factor calculations were incorrect for Firewall & AutoUpdate on Linux-RPM.

• (Bug fix) Suppress error messages when invalid requests are made for port 8118.

• (Bug fix) Kubernetes services configured without a specific port did not connect because the Desktop App used a random port (as expected) while banyanproxy expected port 8080.

• Download:

  • macOS-Intel
  • macOS-ARM
  • Windows
  • Linux-Deb
  • Linux-RPM

February 1st 2021

v1.12.1

• Leverages full application path instead of symlink.

• (Bug fix) Token size limit reached due to having a large group claims.

• (Bug fix) The RDP Gateway mode did not work in CSE DesktopApp for Windows.

• Download:

  • macOS-Intel
  • macOS-ARM
  • Windows
  • Linux-Deb
  • Linux-RPM

---

January 27th 2021

v1.12.0

• Fixes for macOS Big Sur M1 on ARM64 and X64 devices.

• Deprecate banyanproxy mode options (HTTP_CONNECT and HTTP_CONNECT_BASTION).

• In-app indicator for length of time remaining in session.

• Tray icon indicator for when session is about to expire (yellow at < 2hrs, red after expiry).

• Display prompt when session expires (configurable in Desktop App settings).

• New utility functions (--unregister and --remove-staging) for command line when distributing the CSE Desktop App using a device manager.

• CSEproxy, when running in HTTP_CONNECT_DAISY_CHAIN mode, can be configured to only proxy certain IncludeDomains using MTLS. All other domains will be passed through transparently.

• (Bug fix) banyanproxy did not initiate auth flows for some TCP services when the certificate expired.

• Download:

  • macOS-Intel
  • macOS-ARM
  • Windows
  • Linux-Deb
  • Linux-RPM

January 15th 2021

v1.11.1

• (Bug fix) Fixed issue involving Zero Touch installation and excessive token length.

• Download:

  • macOS
  • Windows
  • Linux-Deb
  • Linux-RPM

January 6th 2021

v1.11.0

(updated Jan-14-2021)

• Added capability to allow Zero Touch Desktop App installation and CSE organization registration via Device Managers (such as Intune).

• View services with login token rather than the reporting token.

• (Bug fix) Link to CSE's Privacy Policy was incorrect.

• (Bug fix) banyanproxy did not inform the end user that the configured local port was already in use.

• (Bug fix) mdm-config.json was deleted when Desktop App was upgraded.

• Download:

  • macOS
  • Windows
  • Linux-Deb
  • Linux-RPM

---

December 9th 2020

v1.10.1

• (Bug fix) If a user is a member of many groups, the resulting login token became excessively long which caused logins to fail.

• Download:

  • macOS
  • Windows
  • Linux-Deb
  • Linux-RPM

December 2nd 2020

v1.10.0

• Added .rpm version of the Desktop App to support Fedora-based Linux distros. (The .rpm version of the Desktop App does not currently support Trust Scoring for up-to-date OS or Org Preferred Apps.)

• SSH Config is now saved to its own file (~/.ssh/banyan.config).

• Display a notification if the device loses Internet connection.

• Display Device Ownership type.

• Improved support for Firefox.

• Improved logging.

• Windows Firewall Trust Factor determination only considers public and private firewall settings, and ignores the domain firewall setting.

• Collect Windows bios serial number if baseboard is blank or "default string"

• SSHCert format changed to SHA-256.

• Enhanced experience for login certificate renewal.

• Desktop App now uses an include command to incorporate SSH configs written to ~/.ssh/banyan.config.

• Download:

  • macOS
  • Windows
  • Linux-Deb
  • Linux-RPM

---

October 28th 2020

v1.9.0

• One-click access for Kubernetes Services.

• Enhanced support RDP Servers.

• Added Trust Factors (Firewall and Disk Encryption) for Linux.

• (Bug fix) Desktop App for Linux was not properly collecting and reporting preferred apps running on the device.

• Download:

  • macOS
  • Windows
  • Linux

October 15th 2020

v1.8.2

• Minor release for bug fixes and stability.

• Download:

  • macOS
  • Windows
  • Linux

October 1st 2020

v1.8.0

• Administrators can customize TrustScore remediation instructions and links displayed to end users in the Desktop App. These instructions can be customized for each TrustScore factor and are specific to the device's operating system.

• Initial release of Device Trust Verification capability to support native "sandboxed" apps. "Sandboxed" apps are iOS/Android/MacOS/Windows apps that use WebViews for authentication that are unable to access the CSE Device Cert placed in the device cert store or keychain. (This feature is in early preview and must be explicitly enabled for your organization.)

• Improved implementation and management of connectivity to SSH services.

• Download:

  • macOS
  • Windows
  • Linux

---

August 26th 2020

v1.7.1

• Complete UI refresh.

• Preferred Apps for Device Trust Scoring now supports regex pattern matching for apps having process names that are variable or change regularly.

• Improved feature collection.

• Download:

  • macOS
  • Windows
  • Linux

---

July 29th 2020

v1.6.0

• Added a HTTP_CONNECT_DAISY_CHAIN mode for banyanproxy to forward the client's HTTP CONNECT request to the given proxy host and port. (This feature requires CSE Netagent v1.27.0+)

• Administrators can preconfigure all the parameters the end user needs to connect from the CSE Desktop App to TCP Services.

• If allowed by Administrators, end users can override preconfigured parameters when connecting to TCP Services.

• Added configuration to use TrustCert and/or SSHCert.

• Added configuration to not write to SSH Config.

• Download:

  • macOS
  • Windows
  • Linux

July 1st 2020

v1.5.2

• Added configuration options for deploying desktop app via Device Managers.

• For devices managed by Workspace ONE UEM, device TrustScore calculation accounts for Workspace ONE UEM factors.

• Download:

  • macOS
  • Windows
  • Linux

---

June 3rd 2020

v1.5.1

• Added configuration options when deploying desktop app via Device Managers.

• Device Manager configurations are no longer contained in config.json; instead these should be in a mdm-config.json file in the Desktop App installation directory. If you configured Device Manager settings with CSE Desktop App v.1.5.0, you must move the existing configurations from config.json to mdm-config.json.

• Download:

  • macOS
  • Windows
  • Linux

---

May 6th 2020

v1.5.0

• Added features to enable fleet deployments using Device Managers, including:

  • Ability to pre-populate invite code
  • Better integration with Workspace ONE UEM

• Simplified authentication flows needed for an end user to view their Services and TrustScore

• Added feature to automatically suppress the Device Certificate pop-up in Windows (Chrome, IE) and MacOS (Chrome, Safari) browsers

• Better support for developers workflows

  • banyanproxy now has an HTTP Connect Mode for TCP Services
  • Click-button connectivity for Multi-domain Services

• (Bug fix) Devices where SerialNumber is "0" (such as VirtualBox VMs) are now treated the same as devices that do not have a serial number.

• Download:

  • macOS
  • Windows
  • Linux

---

April 8th 2020

v1.4.1

• Released CSE Desktop App for Linux (Ubuntu-only) with the following known feature limitations:

  • Device must have Chrome installed, and also set as its default browser.
  • User must use Chrome when registering their device and connecting to services.
  • User must have administrative privileges on their Linux device in order to install the CSE Linux Desktop App.
  • Device must have certutil installed.
  • Multiple organizations are not supported. Users must de-register their device in order to register with a separate organization.
  • Firewall data is not collected.
  • banyanproxy is not placed in $PATH.

• (Bug fix) Implemented fixes to TrustScore calculations when overridden.

• (Bug fix) Fixed behavior related to Desktop App starting on bootup.

• (Bug fix) Implemented fixes to Root & Intermediate Cert install/uninstall.

• Download:

  • macOS
  • Windows
  • Linux

---

March 25th 2020

v1.4.0

• Added option to automatically launch Desktop App on device startup.

• Display a list of other devices the user has registered with CSE.

• Simplified connection workflow to generic TCP services.

• Prompt to ask for Device Ownership on registration.

• Allow installation of Desktop App when a device has no SerialNumber value.

• Added support for organizations with Intermediate CA certificates (existing capability supported Root CA certificates).

• Download:

  • macOS
  • Windows

March 11th 2020

v1.3.0

• Added auto-update capability so end users are automatically notified of new versions and can update with a button click.

• Fixed intermittent ‘Delete Device Registration’ error.

• Ensure banyanproxy is placed in PATH consistently.

• Download:

  • macOS
  • Windows

Mobile App

April 1st, 2026

v2.3.4 (Android)

• Fixed DNS connectivity during network changes.

• App now displays Session Expiry time in app Settings.

• Users can now save logs to their local device and share later, using Export Logs in app Settings.

• General stability improvements

• Download:

  • Android

---

March 30th, 2026

v2.3.4 (iOS)

• When Service Tunnel is connected and app is closed, tunnel remains active; when app is re-opened, tunnel re-syncs.

• Users can extend their session from Settings before their session expires.

• App now displays Session Expiry time in app Settings.

• Users can now save logs to their local device and share later, using Export Logs in app Settings.

• Download:

  • iOS

---

November 11th, 2025

v2.3.3 (Android and iOS)

• Fix Android Auto was not working when users were connected to CSE.

• Download:

  • Android
  • iOS

---

October 9th, 2024

v2.3.2 (Android and iOS)

• Download:
  • Android
  • iOS

---

August 14th 2024

v2.3.1 (Android and iOS)

Fix Mobile Service Tunnel was not respecting IP whitelisting.

• Download:
  • Android
  • iOS

---

April 10th 2024

v2.3 (Android and iOS)

• Download:
  • Android
  • iOS

---

August 28th 2023

v2.2.2 (Android)

• Compliance updates.

• Updated app description.

• Download:

  • Android

---

June 13th 2023

v2.2.1 (Android)

• Fix Landscape mode was not working on Android devices.

• Download:

  • Android

v2.2.1 (iOS)

• Fix Crash on iOS with expiration task.

• Download:

  • iOS

---

May 10th 2023

v2.2.0 (Android & iOS)

• New Support for Mobile Tunnel.

• Download:

  • Android
  • iOS

---

December 21st 2022

v2.1.3 (Android)

• New Support for ChromeOS on the Android mobile app.

• Download:

  • Android

---

November 17th 2022

v2.1.2 (iOS & Android)

• New Support for Trust Profiles.

• Updated internal libraries.

• Download:

  • iOS
  • Android

---

October 13th 2022

v2.1.0 (iOS and Android)

• Performance and stability improvements.

• Download:

  • iOS
  • Android

---

August 25th 2022

v2.0.2 (Android)

• Fix Device Trust Verification was not functioning correctly when the mobile app was turned on from deep sleep mode.

• Download:

  • Android

---

November 23rd 2021

v2.0.1 (iOS)

• Re-introduced the shield icon in Device Trust Verification, which allows users to enter challenge code as a verification method.

• Download:

  • iOS

---

September 23rd 2021

v2.0.1 (Android)

• Performance and stability improvements.

• Download:

  • Android

---

August 26th 2021

v2.0.0 (iOS & Android)

• Streamlined Mobile App Registration

• Updated device trust flows to use Device Trust Verification.

• Download:

  • iOS
  • Android

---

January 20th 2021

v.1.10.0 (iOS & Android)

• Support to enable/disable email OTP for device registration.

• Updated Device Trust Verification (beta) screen.

• Download:

  • iOS
  • Android

---

December 2nd 2020

v.1.9.0 (iOS & Android)

• Send Device Features.

• Download:

  • iOS
  • Android

---

October 1st 2020

v.1.8.0 (iOS & Android)

• Support for iOS 14 and Android 11.

• Support for Device Trust Verification.

• Download:

  • iOS
  • Android

---

August 13th 2020

v.1.6.0 (iOS & Android)

• Revamped CSE Mobile Apps (iOS and Android) for performance and stability improvements.

• Download:

  • iOS
  • Android

---

March 11th 2020

v1.4.0 (iOS) and v1.3.1 (Android)

• Initial release of CSE mobile app.

Chrome Extension

April 9th 2025

v1.16.2

• Download:
  • Chrome Extension v1.16.2

---

February 12th 2025

v1.16.0

• Download:
  • Chrome Extension v1.16.0

---

January 15th 2025

v1.15.3

• Download:
  • Chrome Extension v1.15.3

---

January 2nd 2025

v1.15.2

• New Allow using the device serial number when the Chrome Browser Extension is force installed on a Chromebook using Google Workspace policy.

• Download:

  • Chrome Extension v1.15.2

---

November 8th 2023

v1.14.0

• Performance enhancements.

• Download:

  • Chrome Extension v1.14.0

---

October 11th 2023

v1.13.0

• New Zero touch installation for the Chrome Browser Extension so admins can use Google Workspace to distribute to their fleets of managed chromebooks and browsers.

• Download:

  • Chrome Extension v1.13.0

  ---

Netagent

February 17th 2026

v2.10.5

• New Points of Presence (PoP) Management: Admins can now select geographic locations in which they want to provision points of presence (PoPs). PoP selection is available for new orgs (created after March 27th, 2026) with SPA licensing.

• Fix A 3rd-party vulnerability scanner was producing false positives.

• Download:

  • Netagent v2.10.5

---

January 16th 2026

v2.10.4

• New CORS toggle: Admins can now enable a CORS toggle to secure authorization requests on hosted websites.

• Fix Service Tunnel performance improved.

• Download:

  • Netagent v2.10.4

---

December 18th 2025

v2.10.3 (Private Edge Netagents)

• Download:

  • Netagent v2.10.3

• Fix Duplicate entries within the service_tunnel_accesseslog.

---

September 10th 2025

v2.10.2

• New HTTP-2 Transport Toggle: Admins can now enable HTTP-2 Transport so that users connecting to resources can do so via the HTTP-2 protocol; not enabled by default.

• Fix Hosted website sub-URL redirect was not working.

• Fix Global Edge Access Tiers were being terminated, which impacted access to internal services via the Service Tunnel.

• Download:

  • Netagent v2.10.2

---

August 21st 2025

v2.10.1

• Download:
  • Netagent v2.10.1

---

July 15th 2025

v2.10.0

• Service Tunnel over TCP (on port 443) is now available for Global Edge orgs.

• Fix Chunk encoding was not handled properly.

• Fix Multiple users receiving low Trust Levels due to caching issues.

• Download:

  • Netagent v2.10.0

---

June 11th 2025

v2.9.3

• Registered domains can now route to multiple points of presence (PoP) on the Global Edge Network, improving network performance and reliability.

• Trustscoring has been hardened so that device Trust Levels cannot be altered, improving device security.

• Download:

  • Netagent v2.9.3

---

May 14th 2025

v2.9.2

• Download:
  • Netagent v2.9.2

---

April 9th 2025

v2.9.1

• Download:
  • Netagent v2.9.1

---

March 12th 2025

v2.9.0

• Download:
  • Netagent v2.9.0

---

February 12th 2025

v2.8.15

• Download:
  • Netagent v2.8.15

---

November 20th 2024

v2.8.14

• Download:
  • Netagent v2.8.14

---

October 9th 2024

v2.8.13

• Fix Tunnel access policies were not editable when CIDR entries were empty.

• Fix MASQUERADE rule was only being used for the default user interface.

• Fix In Access Tier versions greater than 2.4.2, using a hosted website with two services using the same frontend domain but different dns_names caused the browser name resolution to fail.

• Download:

  • Netagent v2.8.13

---

September 11th 2024

v2.8.11

• Download:
  • Netagent v2.8.11

---

August 14th 2024

v2.8.10

• Download:
  • Netagent v2.8.10

---

July 10th 2024

v2.8.8

• Fix Remove API key after Access Tier install package.

• Download:

  • Netagent v2.8.8

---

May 22nd 2024

v2.8.7

• Hotfix Search Domains: Domain names and FQDNs are now case insensitive.

• Download:

  • Netagent v2.8.7

---

May 8th 2024

v2.8.6

• Netagent bypasses systemd-resolved.

• Download:

  • Netagent v2.8.6

---

April 10th 2024

v2.8.5

• Download:
  • Netagent v2.8.5

---

March 14th 2024

v2.8.4

• Performance enhancements for the Global Edge.

• Download:

  • Netagent v2.8.4

---

February 14th 2024

v2.8.3

• Performance enhancements for the Global Edge.

• Download:

  • Netagent v2.8.3

---

January 17th 2024

v2.8.2

• New Enhanced Netagent performance (lowered CPU usage).

• Download:

  • Netagent v2.8.2

---

December 13th 2023

v2.8.1

• Fix Connection test was failing for hosted web services with capitalized Access Tier names.

• Download:

  • Netagent v2.8.1

November 15th 2023

v2.8.0

• Fix (Discover Public Resources) Accessing the same FQDN resource using a second Service Tunnel was not updating the tunnel information on the list page or in the "Last Reported" status.

• Download:

  • Netagent v2.8.0

---

October 11th 2023

v2.7.4

• Fix Improved support for private resource discovery

• New /health API endpoint supports query parameters to filter results specific to a service or component

• Download:

  • Netagent v2.7.4

---

September 20th 2023

v2.7.3

• Fix Access Tiers were collecting stale certificates from outdated services.

• New Support for non-standard websockets (like socket.io), enabled via Access Tier Local Config API.

• Download:

  • Netagent v2.7.3

---

August 9th 2023

v2.7.2

• New Netagent Health Check.

• Download:

  • Netagent v2.7.2

---

July 12th 2023

v2.7.1

• Fix Enabling ITP misroutes DNS in Ubunutu.

• Download:

  • Netagent v2.7.1

---

June 14th 2023

v2.7.0

• New Debugging interface now enabled by default (memprofile set to true).

• Fix Users were intermittently being disconnected from Infra Services and Service Tunnel; warnings were generated but error messages were not.

• Download:

  • Netagent v2.7.0

---

May 10th 2023

v2.6.0

• Fix ICMP admin prohibited packets are returned for rejected traffic.

• Efficiency improvements in Service Tunnel L4 policy changes.

• Download:

  • Netagent v2.6.0

---

April 28th 2023

v2.5.1

• Fix Hotfix for Netagent - Shield connection.

• Download:

  • Netagent v2.5.1

April 12th 2023

v2.5.0

• Improved Netagent reporting.

• New StatsD support for monitoring Service Tunnels.

• Download:

  • Netagent v2.5.0

April 5th 2023

v2.4.2

• Fix FQDNs used in Tunnel-based policies were failing to resolve in some cases.

• Download:

  • Netagent v2.4.2

---

March 16th 2023

v2.4.1

• Fix Domain-based policies weren't working as expected when FQDNs' IP addresses were changed.

• Download:

  • Netagent v2.4.1

March 8th 2023

v2.4.0

• New Support for new Domain-based Tunnel Policies.
• Performance and stability improvements.

---

February 8th 2023

v2.3.0

• Fix When using intermediate CA certificates, the CA certificate format was incorrectly written, causing the Netagent to fail on start.

• Fix WireGuard kernel module, required for running kernel version in Amazon Linux 2, was missing.

• Browser-based Error messages have been updated.

• Download:

  • Netagent v2.3.0

---

January 11th 2023

v2.2.0

• Fix Private domains (ipv6) were not resolving over Service Tunnel.

• Download:

  • Netagent v2.2.0

---

December 14th 2022

v2.1.1

• Fix Hotfix for Service Tunnel with Connector.

• Download:

  • Netagent v2.1.1

December 13th 2022

v2.1.0

• New Service Tunnel for Public Domains.

• New Service Tunnel Discovery.

• Download:

  • Netagent v2.1.0

---

November 9th 2022

v2.0.0

• Simplified the Access Tier installation process.

• New Local configs (i.e., advanced configs) are done via API/UI instead of the config.yaml file.

• Download:

  • Netagent v2.0.0

---

October 13th 2022

v1.49.0

• New Netagent logs will now report the TLS ciphers and versions for every connection.

• New Access type Event Logs will now report Access Tier name along with its public address for every connection.

• Download:

  • Netagent v1.49.0

---

September 14th 2022

v1.48.0

• Performance and stability improvements.

• Download:

  • Netagent v1.48.0

---

August 25th 2022

v1.47.0

• Fix Netagent was unable to correctly handle websocket connections in case of OIDC exempt requests.

• Download:

  • Netagent v1.47.0

---

July 28th 2022

v1.46.0

• Fix Websocket connections were not being closed in certain conditions.

• Fix Netagent logs were not being collected through Netagent Support Bundle.

• Download:

  • Netagent v1.46.0

July 1st 2022

v1.45.1

• Fix CSE’s Private DNS resolution was case-sensitive; DNS resolution is no longer case-sensitive.

• Fix Enhanced DNS routing was not resolving correctly for Windows.

• Download:

  • Netagent v1.45.1

---

June 30th 2022

v1.45.0

• Fix Updating the Access Tier tunnel configuration in CSE’s Cloud Command Center was causing Netagent to bring down the WireGuard (wg) interface.

• Fix In some scenarios, enhanced DNS routing was not resolving correctly.

• Download:

  • Netagent v1.45.0

---

May 12th 2022

v1.44.0

• New Option to disable Strict-Transport-Security HTTP R

• New Option to disable Strict-Transport-Security HTTP Response Header within Netagent configuration.

• Download:

  • Netagent v1.44.0

---

March 24th 2022

v1.43.0

• New Support for Service Accounts in the Cloud Command Center.

• Admins can customize the SameSite cookie property of the bnn_trust cookie used by Hosted Websites.

• Fix Service Tunnel iptables rules were not deleting after the Access Tier was removed from the Service Tunnel.

• Download:

  • Netagent v1.43.0

---

February 3rd 2022

v1.42.2

• Fix Service Tunnel issues that were causing select TrustScores to be ignored.

• Download:

  • Netagent v1.42.2

v1.42.1

• Fix Service Tunnel users were experiencing packet loss when users were added or removed.

• Download:

  • Netagent v1.42.1

---

January 27th 2022

v1.42.0

• New Admins can now easily define L7 rules within web policies through the CSE console.

• New Admins can now create network-level (L4) Service Tunnel policies.

• Download:

  • Netagent v1.42.0

January 6th 2022

v1.41.0

• Fix Netagent was stripping out invalid HTTP cookies. Now, it forwards invalid cookies.

• Fix macOS users now receive the correct IP address when they use Service Tunnel.

• Download:

  • Netagent v1.41.0

---

October 31st 2021

v1.40.0

• Download:
  • Netagent v1.40.0

---

September 30th 2021

v1.39.0

• New Netagent now returns a connection test response when it receives a request from shield with * in the site name.

• New The REST API server now reports for all access-tiers in a cluster.

• Download:

  • Netagent v1.39.0

September 2nd 2021

v1.38.0

• Restored “Netagent Details” for hosted websites and infrastructure

• Removed enforcement of “Site Domain Names” configuration parameter

• Download:

  • Netagent v1.38.0

---

July 7th 2021

v1.37.0

• Metrics collection using statsd to send metrics to Datadog via Dogstatsd

• Use Let's Encrypt certificates for hosted websites

• Frontend domain with upper case letters

• Download:

  • Netagent v1.37.0

---

May 12th 2021

v1.36.1

• Performance and stability improvements.

• Download:

  • Netagent v1.36.1

---

April 28th 2021

v1.36.0

• Various improvements to Access events.

  • User and Device info for TCP service connection-level events.
  • Added reported_by field to display the specific Netagent sending the event.
  • For Access events, the correlation_id identifies the TCP connection.

• Added Headers field under HTTP Settings in the Service Spec.

• Download:

  • Netagent v1.36.0

---

March 31st 2021

v1.35.0

• Optimized standard config parameters down to only four values and updated defaults for many parameters to simplify common Netagent configurations. The following defaults have changed:

  • Shield Connectivity - secure_bootstrap = true
  • Access Tier - access_tier = true, site_domain_names = "*"
  • OIDC Services - code_flow = true, groups_by_userinfo = true, redirect_to_https = true

• Miscellaneous Access event improvements.

  • Service Name shows Service ID.
  • HTTP_CONNECT mode now indicates backend address.
  • Increased the time interval for periodic events to 1 hour from 10 minutes.

• (Bug fix) If a request had two Trust cookies -- one that is valid and a second one which is not valid -- then depending on the order in which they are getting processed by Netagent, the valid one could end up getting deleted, which would make the user have to re-authenticate. Now, in that scenario the valid cookie will not be deleted.

• Download v1.35.0

March 12th 2021

v1.34.1

• (Bug fix) Netagent v1.34.0 did not properly handle expired cookies, which caused end users' browsers to get stuck in an endless redirect loop when attempting to access a web service.

• Download:

  • Netagent v1.34.1

March 3rd 2021

v1.34.0

• Wildcard Web Service definitions (such as *.example.com) now support the root domain (example.com).

• (Bug fix) Netagent handling of cookies for wildcard domains.

• Download v1.34.0

---

January 27th 2021

v1.33.0

• (Bug Fix) Valid short-lived certificates that were older than 24 hours were rejected. Now, short-lived certificates can be up to 72-hours old.

• Download v1.33.0

January 6th 2021

v1.32.0

• Performance and stability improvements.

• Download v1.32.0

---

October 28th 2020

v1.31.0

• Performance and stability improvements.

• Download v1.31.0

October 2nd 2020

v1.30.0

• OIDC Services - Added ability to exempt specific Source IPs from Policies

• Download v1.30.0

October 1st 2020

v1.29.1

• OIDC Services - Add ability for Netagent to query TrustProvider's userinfo endpoint to obtain a user's group membership. This is especially useful for organizations where the end users belong to a large number of groups, which increases group information included in the TrustCookie and triggers browser limitations on cookie size.

• (Bug Fix) OIDC Services - the bnn_return cookie logic used to return the end user to the original path they were attempting to access (for example, /foo) now also supports query parameters (such as, foo?bar=123).

• Download v1.29.1

---

August 26th 2020

v1.28.0

• Enriched information collected about a Netagent when generating a one-click support bundle. The bundle now collects additional Netagent configuration files and CIDR ranges as well as common commands support staff needs to better understand the Netagent environment.

• Ability to create allow list of backends and ports (including CIDR ranges) when configuring services.

• (Bug Fix) OIDC Services - Previously, when configuring CORS, the target parameter only supported a wildcard (*). Now, the target parameter supports actual domains.

• Download v1.28.0

---

July 30th 2020

v1.27.1

• Updated a shared-library dependency involving default values for the allow_user_override metadata tag, which (in some scenarios) reset admin-configurations and led to erroneous blocking of end user access.

• Download v1.27.1

July 29th 2020

v1.27.0

• Added HTTP_CONNECT mode for Backend routing; when set, Netagent will rely on an HTTP Connect request to derive the backend target address (i.e., ipaddress:port or fqdn:port).

• (Bug Fix) Successful WebSocket closure statuses were returning incorrectly.

• (Bug Fix) Netagent Service configurations were not properly updating.

• Download v1.27.0

---

June 19th 2020

v1.25.1

• (Bug Fix) Netagent v.1.25.0 introduced a regression for Cognito that passed an OAuth “scope” called “groups”, which Cognito does not support.

• Download v1.25.1

June 17th 2020

v1.25.0

• Support of exempting CORS traffic.

• Download v1.25.0

---

May 20th 2020

v1.23.0

• Added ability to zip up logs folder and send, via Shield, to the Command Center to create a Support Bundle for troubleshooting.

• Download v1.23.0

May 6th 2020

v1.22.0

• Fixed cookie logic for WebSockets and Multi-domain Services so that CSE TrustCookies are removed from HTTP requests that are forwarded to upstream servers.

• Download v1.22.0

The CSE TrustCookie still can be forwarded by setting the forward_trust_cookie parameter to true. CSE TrustCookie removal is performed both with and without the domain parameter to avoid a browser redirect loop scenario.

---

April 22nd 2020

v1.21.1

• Added a configuration option redirect_to_https to redirect traffic from Port 80 (HTTP) to Port 443 (HTTPS).

• Added a configuration option https_proxy to use an HTTP Connect Proxy to make outbound connections to Shield and TrustProvider

• Added a configuration option forward_trust_cookie to not strip out the bnn_trust cookie before sending an HTTP request to the backend application

• (Bug Fix) OIDC Services - Strip out the bnn_ cookies, that are used in OIDC authentication flows, before sending an HTTP request to the backend application. This enables Netagent to proxy traffic to applications that cannot tolerate additional cookies due to their max-http-header-size parameter.

• Download v1.21.1

April 8th 2020

v1.20.0

• Service configuration details are now reported from Netagent and displayed in the CSE Command Center.

• The service spec has a new exempted_paths field which allows specifying a list of HTTP paths that will be accessible without OpenID Connect authentication.

• In the Service Spec, the oidc_settings.service_domain_name URL value can include a wildcard (*) in the first component of the domain name. Including the wildcard enables one CSE service to permit a dynamic, non-fixed set of OpenID Connect redirect URLs. Please note: The OpenID Connect standard does not support wildcard redirect URLs, and so this feature should be used with care.

• Added a configuration option code_flow for opt-in support for OpenID Connect Authorization Code flow. The default mechanism for OIDC authentication remains OpenID Connect Implicit Code flow.

• Changed wildcard support in site_domain_names parameter in the config.yaml settings file, used when Netagent is run in Access Tier mode. Now, the wildcard (*) will match any prefix, not just the first component, of the SNI name. Previously, "*.example.com" in the service_domain_names parameter would match SNI "www.example.com" but not "alpha.beta.example.com"; now, it will match both.

• Download v1.20.0

---

March 25th 2020

v1.19.0

• (Bug Fix) OIDC Services - Fixed a race condition at the token validation stage that was causing sporadic hanging of connections to applications.

• (Bug Fix) Fixed issue where Netagent stopped working if the underlying host was upgraded.

• Download v1.19.0

March 12th 2020

v1.18.0

• Performance and stability improvements.

• Disconnect existing TCP connections (SSH, RDP, etc.) automatically if the device's TrustScore drops below the level specified in the Policy condition.

• Download v1.18.0

---

February 26th 2020

v1.17.0

• Added name_delimiter field to backend target in Service spec

• Performance and stability improvements

• Download v1.17.0

February 12th 2020

v1.16.0

• Configuration guardrails - Require site name, site address, or site domain name

• (Bug Fix) Proxy WebSocket - Passing all headers for WebSocket request

• Download v1.16.0

---

January 29th 2020

v1.15.0

• Improvements to log messages

• Download v1.15.0

---

December 18th 2019

v1.13.0

• (Bug Fix) Workload identification - Improved handling when process or parent process has exited

• (Bug Fix) Workload identification - Client cert issued to Unidentified container even if it has no roles

• (Bug Fix) OIDC Services - robust deep-linking

• Download v1.13.0

---

November 25th 2019

v1.11.1

• Support for Services with mixed (user and workload) client types

• OIDC Services - Trust cookie is a session cookie (auto-removed on browser shutdown)

• (Bug Fix) OIDC Services - Obey Source IP Exceptions as long as Service is non-SNI

• (Bug Fix) Workload Roles - Affix Roles even if workload is "Unidentified"

• Download v1.11.1

---

October 23rd 2019

v1.9.0

• Inactivity & max session timeouts

• "BadActor" module for DoS prevention

• Connection IDs in events & log files for easier troubleshooting

• OIDC Services - deep-linking, HTTP Strict Transport Security (HSTS)

• Download v1.9.0

---

September 25th 2019

v1.7.0

• Support for proxying Websocket

• Send complete cert chain on TLS handshake

• Uninstall script

• Download v1.7.0

---

July 19th 2019

v1.5.0

• GA Release

• Access Tier mode

• Trust Scoring support

• Download v1.5.0

---

February 4th 2019

v0.7.1

• Service definition via Web Console

• CIDRs automatically installed from Service definition

• OIDC workflows

• HTTP authorization policies

• Download v0.7.1

---

September 10th 2018

Netagent v0.6.13

• Forwarding Gateway mode

• Various stability enhancements

• Download v0.6.13

Connector

January 16th, 2025

v2.0.8 (Linux and Windows)

• Download:
  • Connector v2.0.8
  • Windows Connector v2.0.8

---

November 11th, 2025

v2.0.7 (Linux and Windows)

• Fix LDAP configuration was disappearing when the Connector was disconnected.

• Download:

  • Connector v2.0.7
  • Windows Connector v2.0.7

---

September 10th 2025

v2.0.6 (Linux and Windows)

• Windows C++ Redistributable is now packaged with the Windows Connector installer.

• Download:

  • Connector v2.0.6
  • Windows Connector v2.0.6

---

August 21st 2025

v2.0.5 (Linux and Windows)

• New Active Directory Support using LDAP: Admins can now set up Active Directory authentication in CSE.

• Download:

  • Connector v2.0.5
  • Windows Connector v2.0.5

---

July 15th 2025

v2.0.4 (Linux and Windows)

• Fix Resource IP was not translating correctly on Windows Connector when there were more than 50 IPs.

• Download:

  • Connector v2.0.4
  • Windows Connector v2.0.4

---

June 11th 2025

v2.0.3 (Linux and Windows)

• New Windows Connector support for public IPs; until certified with Microsoft, there is a limit of 49 public IPs.

• Download:

  • Connector v2.0.3
  • Windows Connector v2.0.3

---

May 14th 2025

v2.0.2 (Linux)

• Download:
  • Connector v2.0.2

---

April 9th 2025

v2.0.1 (Linux)

• Download:
  • Connector v2.0.1

---

March 12th 2024

v2.0.0 (Linux)

• Download:
  • Connector v2.0.0

---

February 19th 2025

v1.18.4

• Download:
  • Connector v1.18.4
  • Windows Connector v1.18.4

---

November 20th 2024

v1.18.3

• Download:
  • Connector v1.18.3
  • Windows Connector v1.18.3

---

October 9th 2024

v1.18.2

• New Open Virtual Appliance install available for the Connector.

• Download:

  • Connector v1.18.2
  • Windows Connector v1.18.2

---

August 14th 2024

v1.18.1

• Cloud connectivity check was added to installer.

• Help commands for TCP health check were added for Mac, Linux, and Windows.

• Download:

  • Connector v1.18.1
  • Windows Connector v1.18.1

---

July 10th 2024

v.1.18.0

• Enhancements for the new release of the Windows-based Connector.

• Download:

  • Connector v1.18.0

---

May 8th 2024

v1.17.1

• Connector bypasses systemd-resolved.

• Download:

  • Connector v1.17.1

---

April 2024

v1.17.0

• Performance and stability improvements.

• Download:

  • Connector v1.17.0

---

March 2024

v1.16.0

• Performance and stability improvements.

• Download:

  • Connector v1.16.0

---

November 2023

v1.15.0

• Performance and stability improvements.

• Download:

  • Connector v1.15.0

---

October 11th 2023

v1.14.4

• Performance and stability improvements.

• Download:

  • Connector v1.14.4

---

August 9th 2023

v1.14.2

• Performance and stability improvements.

• Download:

  • Connector v1.14.2

---

July 12th 2023

v1.14.1

• Performance and stability improvements.

• Download:

  • Connector v1.14.1

---

May 10th 2023

v1.13.0

• Performance and stability improvements.

• Download:

  • Connector v1.13.0

---

March 8th 2023

v1.12.0

• Performance and stability improvements.

• Download:

  • Connector v1.12.0

---

February 8th 2023

v1.11.0

• Performance and stability improvements.

• Download:

  • Connector v1.11.0

---

January 11th 2023

v1.10.1

• Performance and stability improvements.

• Download:

  • Connector v1.10.1

---

December 21st 2022

v1.9.1

• Performance and stability improvements.

• Download:

  • Connector v1.9.1

December 13th 2022

v1.9.0

• New ARM architecture support for install.

• Download:

• Connector v1.9.0

---

November 9th 2022

v1.8.0

• Performance and stability improvements.

• Download:

  • Connector v1.8.0

---

October 13th 2022

v1.7.0

• Optimized Docker image size for Connector.

• Download:

  • Connector v1.7.0

---

September 14th 2022

v1.6.0

• Performance and stability improvements.

• Download:

  • Connector v1.6.0

---

August 25th 2022

v1.5.0

• Connector will now include /etc/hosts when proxying DNS requests.

• Download:

  • Connector v1.5.0

---

May 12th 2022

v1.4.0

• Support for Service Tunnel.

• Support for Connector deployment on M1.

• Download:

  • Connector v1.4.0

---

October 14th 2021

v1.3.0

• Support for users who want to install the CSE Connector via Docker on a MacOS device.

• Download:

  • Connector v1.3.0

---

August 4th 2021

v1.2.0

• Configure Connectors from Command Center

• CIDR-less support

• Added example services

• Download:

  • Connector v1.2.0

---

July 14th 2021

v1.1.0

• Various bug fixes.

---

June 12th 2021

v1.0.0

• Initial release
• Semi-manual configuration