SonicWall CSE: Important Notices

Updated on 10/11/2022

In October 2022, Banyan began migrating to a new Trust Scoring model. As a result, admins need to re-configure Trust Factors, by assigning an Effect to each Trust Factor in use. Banyan is requiring admins to complete migration prior to February, 2023.

Design is subject to change

Potential impacts on desktop app #

If the desktop app is not updated to the latest version (i.e., versions 3.3 or lower are in use), users will continue to view numerical Trust Scores instead of the new Trust Levels. In the case that desktop app users are on v3.3 or lower, Trust Levels will be represented by the following Trust Scores:

High = 81
Medium = 61
Low = 1
Always Deny = 0

New Trust Scoring model #

Instead of evaluating device trust using a numerical Trust Score (out of 100), devices will receive a Trust Level (e.g., Low, Medium, or High) in the new model.

Currently, all Trust Factors (when enabled) are weighted equally and, when calculated, result in a score out of 100. After migration, admins will be able to designate the specific Effect a Factor has on a device’s Trust Level.

No action is required at this time (Sept 14, 2022). We will provide you with more information about the migration and required actions as we get closer to the transition date.

Updated on 12/14/2022

Banyan’s Access Tier v2 is now available. The latest Access Tier version simplifies the installation and configuration of Access Tiers in your org. Major changes in this version include the following:

• Most of the Access Tier configuration is done via the Command Center UI
• The Netagent binary uses an API key for registration
• The guided installation flow simplifies the deployment process

Upgrade Path from Access Tier v1 to v2

The Access Tier can be installed and deployed in the following ways:

• Manual: For migration to v2, adhere to the existing upgrade process
  • Tarball installer
  • Docker container
  • Deb/RPM package
• Automated: For migration to v2, use the updated Cloudformation Stack and the Terraform Module
  • AWS CloudFormation
  • Terraform Module

Note: You cannot upgrade Access Tier v1 to v2 with the existing automated methods.

Advanced Configuration Parameters

Note that any existing configuration of Advanced settings (such as Statsd, HSTS, etc.) will need to be reconfigured (through the UI or API) once your Access Tier has been upgraded to v2.

Updated on 16/05/2022

This month, we will be releasing a new version (v.3.0.0) of the Banyan Desktop App. In v.3.0.0, the CLI functionality will be deprecated.

Updated 01/10/2022

In early December, we released the Banyan Desktop App v2.5.0, followed by a release which introduced our Automatic Device Certificate Renewal enhancement.

Whenever a user registers their device through the Banyan Desktop App, it installs 2 certificates on the device:

1. Root Certificate (valid for 30 years)
2. Device Certificate (valid for 1 year)

Until December, users had to go through manual steps to renew the device certificate prior to expiration. With the introduction of our Automatic Device Certificate Renewal feature, users don’t need to worry about renewal as it will be taken care of by our Desktop App v2.5.0.

We highly recommend that all users upgrade the Banyan Desktop App to v2.5.0 to avoid any additional steps.

Upgrade Steps:

If your org has deployed the Banyan Desktop App through Zero Touch Installation mode, you can now upgrade the app through the new upgrade flow script. If the deployment of Banyan desktop app has been done manually, please look for the bell icon to auto-update. You can get the latest app here.

FAQ’s

1. What happens if the device certificate expires before upgrading to v2.5.0?
   • Users will need to obtain a new device certificate via the Banyan Desktop App. Once the certificate expires, upgrading to v2.5.0 will not auto renew the certificate.
2. What is the certificate renewal flow for the new desktop app?
   • The certificate renewal flow will be automatic and will not require interaction from the end user.

Updated 8/18/2021

We are excited to begin rolling out Banyan Mobile App 2.0 on August 26th, 2021. As part of this release, we are introducing enhancements to streamline the Mobile App registration and access flows.

Simplified Registration

Registration will no longer require adding certificates to the device keychain, reducing numerous steps in the flow. Instead the certificates will be stored in the app keychain, allowing the streamlined experience and eliminating inconsistencies where certain browsers or applications cannot access the device keychain.

The enhanced registration flow will consist of three steps:

New Device Trust Flows

Device trust checks on mobile will contain an automatic flip to the Banyan app. The app will submit relevant Trust Factors and the client certificates for validation. End users will navigate back to the browser or native app they are attempting to access and proceed to identity provider authentication.

The new device trust flow for mobile will consist of the following steps:

Customer Impact

Additional Pre-Requirements

There are two additional pre-requirements when leveraging the Banyan Mobile App 2.0:

1. Device Trust Verification will need to be enabled for the services being accessed. This will allow Banyan to validate the device certificate stored in the Banyan mobile application keychain.
2. Hosted websites accessed on mobile will need to leverage a Banyan managed Let’s Encrypt certificate or have a Private PKI root certificate pushed to the mobile device via a Device Manager. Read more here.

Known Issues

There are a few known issues we are working to resolve:

1. Leveraging passwordless on mobile requires two flips to the Banyan app
2. Challenge code should not show up on the Device Trust Verification page

FAQ’s

1. What happens to previously registered mobile devices?
   • Users who upgrade to Banyan Mobile 2.0 will be asked to authenticate in order to move the Banyan certificate into the application keychain.
   • Users currently using the Banyan mobile app will continue to experience the previous device trust flow until their device certificate expires or is removed.
2. What is the certificate renewal flow for the new mobile app?
   • The certificate renewal flow will be automatic and not require interaction from the end user.

Publish Date: 6/22/2021

As part of the upcoming Banyan Desktop App 2.2 release (expected to release June 30th), we are introducing enhancements to streamline the Desktop App registration and access flows.

Simplified Registration

End user-initiated registration is now 50% faster, eliminating multiple login and keychain access prompts. The streamlined onboarding flow will include four steps before having access to all Infrastructure, Hosted Web, and SaaS applications.

Hidden Services Until Login

All Banyan services within the app will require an identity provider login before they are visible. Previously, Hosted Web services were always visible and required an identity provider login after launching a service. This experience will be standard across manually registered devices as well as devices registered via Zero Touch mode.