Enhancements
This release of the product includes these enhancements.
Enhancements in Security Engine version 7.4.0
| Enhancement | Description |
|---|---|
| Application Access Portal improvements | Application Access Portal (previously SSL VPN portal) now supports TLS 1.3. Also support for WebSocket protocol has been added. |
| Datagram Transport Layer Security (DTLS) tunneling protocol support | The Security Engine supports DTLS tunneling protocol for Forcepoint VPN Client versions that have the DTLS support included. This feature can now be configured normally through SMC. Using DTLS can improve remote access performance compared to TLS based tunnels when network conditions are challenging. |
| Local ThreatSeeker URL Categorization database | You can choose to either use the locally downloaded ThreatSeeker URL Categorization database or use the Cloud-based ThreatSeeker URL Categorization database for URL
filtering. Note: This feature is supported on engines that have at least 16 GB of memory.
|
| Log Server per Virtual Engine | You can now assign a dedicated log server to a virtual engine. Previously, the log data from virtual engine was sent to the same log server as the Master Engine. |
| Support for user authentication using email format usernames | Previously user authentication did not support usernames that contain the @-character used in email addresses or in UPN Active Directory user attribute. Forcepoint Network Security Platform can now be configured to allow the use of either an email address or a UPN as the user ID in configuration and user authentication. |
| URL Category sync with Forcepoint portfolio | Unified the URL category taxonomy across web security features for all Forcepoint products. Note: When upgrading from SMC version 7.3 or earlier to version 7.4, any URL categories
that are used in policies will be automatically converted to reflect the latest changes present in the URL Categories.
|
| User or group-based policies without directory server access | You can now include users and user groups in access policy rules for a managed engine even if SMC is not able to query an external LDAP or AD server. Note: The engine must be able
to access the LDAP server for user authentication, even if the LDAP server is not accessible from SMC. When user authentication is SAML-based, it is also possible to operate the
engine without LDAP server access.
|