Versa SASE Client Release Notes for Android

Release 7.5.14

Released May 10, 2024

New Features

• Add support for mobile device management (MDM) and managed configuration for the Ivanti Go application.

Fixed Bugs

• Certificate-based login issue for Microsoft 365.
• Handle request ID and reauthentication in certificate-based and SAML authentication.
• Permission issue for SCHEDULE_EXACT_ALARM in Android 14 and later.

Release 7.5.13

Released April 17, 2024

New Features

There are no new features in this release.

Fixed Bugs

• Multiple SSL root or intermediate certificates download during registration.
• The Permission screen does not update when you enable or disable Draw Over Other Applications.
• Optimize the CA certificate installation steps for Chromebook.
• During SAML registration, a popup error window displays if the internet connection is poor or is not available.

Release 7.5.12

Released March 7, 2024

New Features

• Enhance enterprise-specific EIP data to include mobile device data.
• Rename Troubleshooting menu to App Settings.
  
  

Fixed Bugs

• Update the API request method to generate OTP from GET to POST to fix an issue with invalid OTPs.
• Handle empty or null routes during traffic steering.
• Change metric and EIP posture interval from seconds to minutes.
• Other bug fixes and improvements.

Release 7.5.11

Released January 29, 2024

New Features

• Support to capture and post enterprise-specific EIP data.

Fixed Bugs

• Allow users to disconnect the client when the client is connected to a trusted network.
• Dynamically exclude applications, based on the gateway configuration, from FAIL-CLOSE mode. 
• FAIL-CLOSE mode works independently of that Always On setting.  
• Prioritize user-defined Always On configuration over gateway side Always On configuration. 
• Other bug fixes and improvements.

Release 7.5.10

Released January 2, 2024

New Features

There are no new features in this release.

Fixed Bugs

• Remove tunnel monitoring feature.
• Support multiple CA certificates for gateway to fix an issue that occurs during registration.
• Clear organization details in exported logs after deleting the organization.
• Client crashes during registration.
• Client crashes when deleting prefix or DNS records.
• Notification displays incorrect gateway name after a tunnel is established.
• Other bug fixes and Improvements.

Release 7.5.9

Released November 14, 2023

New Features

• Detect trusted networks and perform tunnel bypass.
• Capture and post enterprise-specific endpoint information profile (EIP) data. A Versa EIP can classify endpoints based on multiple types of endpoint posture information.
• Add support for IPv6 when client checks private IP addresses during a change in the network.
• Enable or disable restricted access when Edit Gateway is set to false.
• Connect to any gateway or gateway group if a disconnection occurs during FAIL-CLOSE mode.

Fixed Bugs

• Reduce the time to attempt probing of IPsec during network failure to 35-40 seconds.
• After three keepalive attempt failures, reconnect triggers only if always-on is enabled.
• Remove probing of optimal gateway.
• Other bug fixes and improvements.

Release 7.5.8

Released August 28, 2023

New Features

There are no new features in this release.

Enhancements

• During automatic profile synchronization, when using a time-based one-time password (TOTP), display the OTP window instead of the Scan QR code window.

Fixed Bugs

• When Always On is enabled, after registration, connect without waiting for the disconnect interval to expire.
• Show notification access on permission window for Android 13.0 and later.
• Access Always On even if autodisconnect is enabled.
• In the Gateway field on the main client UI, display gateways based on priority .
• To enhance security, increase the length of the database password (Base64 string).
• Other bug fixes and UI improvements.

Release 7.5.7

Released June 26, 2023

New Features

There are no new features in this release.

Fixed Bugs

• When a tunnel is established, do not change FAIL_OPEN mode to FAIL_CLOSE.

Release 7.5.6

Released June 7, 2023

New Features

• Support for Maintenance mode.
• Autodisconnect—Automatically disconnect tunnel after the configured autodisconnect interval.

Enhancements

• Reset password for the user account on the Versa identity provider (IdP).
• Encrypt data stored in the client application.
• Remove storage permission to export logs from Android 11.0.
• Display FQDN or IP address in the Account Details window.

Fixed Bugs

• Trusted network private IP address issue.
• Handle NPE IKE/IPsec proposal values during registration.
• Receive supported API versions from Discover API and share correct API version in the APIs.
• Update portal request URL for grouped gateway. Handle preferred gateway FQDN and IP address, and look for best in the request.
• Bugs reported in Play Store.
• Hide the Gateway Group field when the progress bar loads.
• Do not send multiple alerts for autodisconnect notification. (Bug 96056)
• Check current enterprise Always On status. (Bug 96055)
• Update pending intent in notification to avoid crash in Android 12.0 and later. (Bug 96058)
• Other UI fixes. (Bug 95932)

Release 7.5.5

Released February 7, 2023

New Features

There are no new features in this release.

Enhancements

• Upgraded the Gradle build automation tool to Release 7.2.2.
• During events such as registration, gateway connection, and profile synchronization, display portal error messages for failure and success events.

Fixed Bugs

• Crash in Google Play store.
• Upgrade the method to retrieve the private IP address of connected networks.
• Update user preference when Edit Gateway is enabled for Always-On.

Release 7.5.4

Released December 15, 2022

New Features

• Multifactor authentication (MFA)—Certificate-based user authentication, and device and user certificate authentication.

Enhancements

• Implement scalable device-independent pixel (DP or DIP) to regulate the aspect ratio for fonts and spacing on devices, to account for different screen sizes and densities.
• Reduce size of APK 20 percent, from 34.6 MB to 26.6 MB.
• Minimum Android version support for the SASE client has changed from Android 6 (SDK v23) to Android 7 (SDK v24).
• Always-on updates are handled If response does not include the Always-Connected field.

Fixed Bugs

• Improve loader image quality for all devices (with smooth edges).
• Implemented a popup window to display CA certificate issue to the user during registration.
• Plus and Delete icons are bolder to match the forward arrow (>) icon.
• Data not erased after uninstalling an application.
• Client's OkHttp higher logs are restricted only to application debug.
• Added a reset password success message.

Release 7.5.3

Released September 22, 2022

New Features

There are no new features in this release.

Fixed Bugs

• Intermediate certificate issue.
• AIA URL is now retrieved using the R3 cert URL method.
• Fix private IP address null issue by generating 172.16.x.x IP as null.
• Add prelogin, authlogin, and OTP verification for private IP addresses and public IP addresses.
• Fix issue of registering TOTP certificate cancel to form.
• Remember credentials when disabled, remove all saved passwords, and always prompt for password.
• Other fixes and improvements.

Release 7.5.2

Released August 31, 2022

New Features

• Application-based split tunneling.
• Websocket support over TLS to receive Cloud Access Security Broker (CASB) server alerts. To receive CASB notifications, make the following the client application settings on your device:
  • Enable Floating Notifications under Settings > Apps > All Apps (or Manage Apps) > Manage Notifications.
  • Disable Battery Optimization under Settings > All Apps (or Manage Apps) > Battery.
  • Disable Do Not Disturb mode under Settings > Sound > Do Not Disturb.
• Security certificate warning displays.
• Rotate log implementation.
• TOTP—Scan QR code for registration and AutoProfileSync.
• UI displays a circular progress indicator to show that a popup window is closing.

Fixed Bugs

• Handle NPE and other fixes.
• Domain fmt-blr-gw2-wan1.versa-networks.com when selected is not displayed in the gateway list.
• fmt-portal—AutoProfileSync connection issue.

Release 7.5.1

Released April 15, 2022

New Features

• FIPS compliance—OpenSSL and strongSwan support.
• API v2 updates
  • Response implementation—Support for CA certificate, hosts (find latency and find optimal host), service port, and service URL.
  • 50% tolerance while finding optimal gateway latency bias.
  • Support for hot-standby gateway.
  • Support for always connected, allow disconnect, and restricted mode.
  • Metric reporting.
  • Tunnel monitoring.
  • IP stickiness.
  • Add connection or add new SASE gateway.
• API 22 implementation changes
  • Autoprofile sync—Configuration merge when switching from API v1 to API v2.
  • Reregister—Configuration merge.
• Trusted network and keepalive support.

Enhancements

• Send previous gateway IP address and FQDN with API.
• For strongSwan, send same IP address used for API call to create tunnel instead of FQDN.
• Enable ProGuard to shrink, obfuscate, and optimize app.
• Tablet-specific screens—Two screens merged into one.
• Change Secure Access Server to SASE Gateway in the UI.
• (For Android 11.0 only.) Install package in manifest to check whether the authenticator application is installed.
• Trust certificate in user store imports certificate and shows certificate content.
• Update my-domain in optimal gateway response.

Fixed Bugs

• Ping failure on one node affects optimal gateway selection.
• If one node fails, find optimal gateway with other available nodes available.
• Chromebook UI and other design fixes.

Release 7.4.4

Released September 6, 2021

New Features

• Reduce font size to improve readability on smaller screens.
• Add a new gateway if this option is enabled for the enterprise. In the SASE client home screen, click Settings > Enterprise > Select an enterprise > Secure Access Server > Add New Connection.
• Add traffic steering prefix. Note that Android SASE client does not support split DNS. See Set Prefixes and DNS Servers in Use the Versa SASE Client Application.
• IKE Phase 1 and Phase 2. See Set IKE Phase 1 and Phase 2 in Use the Versa SASE Client Application.
• Pool IP stickiness—During tunnel connection the client gets same IP address for each new connection.
• Disable some ciphers in strongSwan for FIPS. Only TLSv1.2 and TLSv1.3 are allowed on OkHttp. Remove insecure ciphers suites.
• The client temporarily saves the password received during profile synchronization. Users do not have to enter the password again during initial login. Earlier, when Remember Password was disabled, users were prompted to enter the password twice.

Fixed Bugs

• Fix nesting issue during registration with Versa Networks in Play Store.
• Autoprofile synchronization disables always-on if there is only one enterprise.
• Unable to return to main page from Auto Profile Sync > Web View > Register Activity, when Remember Password is turned off and cookies are empty.
• Login URL and register FQDN were incorrect after automatic profile synchronization.
• Home screen now displays group name when the application is connected to a gateway. Group is also displayed on clicking Connection Status from the connected home screen.
• Other bug and design fixes:
  • Response.errorBody().string() xml output is incorrect on calling a second time.
  • Null pointer exceptions (NPE).

Release 7.4.3

Released July 26, 2021

New Features

• Log files include crash logs.
• Automatic profile synchronization—If the expiration time is earlier than the current time, the device displays a message about synchronizing the profile and then connects.
• Password expiration notification message displays to remind users to reset the password.
• Users can reset the password if the option is enabled at the server level using Versa Director.
• Change ping test from reporting average TTL to reporting average latency in optimal gateway selection.
• Add option to turn on or turn off split tunnel using a toggle button. See Enable an Application-Based Split Tunnel in Use the SASE Client Application.
• Delete gateway or connection.
• See Delete a Connection.
• Application-based split tunnels. See Enable an Application-Based Split Tunnel in Use the SASE Client Application.
• Enterprise URL registration with port and gateway connect URL with port.

Fixed Bugs

• APAC group not selected when registering an enterprise if always-on is enabled.
• Fix certificate SSL trust issue in WebView. SSL trust certificate in Keystore sources is trusted for WebView
• Always-on fails on connection when it is manually set and NPEs occur on re-registration.
• Ping test handling failure has been resolved.
• Delete unused VPN profiles from the database.
• Design corrections in home and connect windows to suit all Android devices.
• Remove constraint to allow wildcard subject alternate name (SAN) in strongSwan. This issue has been fixed and now, it works in multiple subdomains and wildcard domain (*.domain.com) in SAN.
• Text is visible on typing even when password is hidden.
• Disable reset password if registration token is not provided.
• Generic design fixes.

Release 7.4.2

Released May 31, 2021

New Features

There are no new features in this release.

Fixed Bugs

• Missing intermediate CA certificate has been fixed by downloading certificate using AIA URL before registration.

Release 7.4.1

Released May 21, 2021

New Features

• Performance-based dynamic gateway selection. See Performance-Based Dynamic Gateway Selection in Use the SASE Client Application.
• Log updates (in the SASE client home screen, click Settings > Troubleshoot > Log Level):
  • Update Charon logs and rotate log size based on log level.
  • Log severity level (debug, error, info, verbose, warn) cannot be updated when the client is connected to a gateway.
• UI support for languages written right to left (RTL).
• Display CA certificate information such as system, user, and application local in the client UI under Troubleshoot > CA Certificates. See View CA Certificates in n Use the SASE Client Application.

Fixed Bugs

• Window leakage occurs when the error message "remove activity from stack" displays.
• Gateway connection fails because of server authentication failure.
• Display over other application is not friendly on Nokia 6.1 Plus handset.
• Draw popup over other applications for Xiaomi mobiles using MIUI.
• Toggle button should be gray when disabled and blue when enabled. This issue has been fixed for Android handsets and tablets.
• When switching networks, ISP is not updated
• Groups now display servers based on priority.
• NPE fixes based on Android Lint.
• Update drop-down design.

Release 7.3.0

Released April 27, 2021

New Features

• Always-on connectivity—Allow preregistered or authorized clients to connect to the VSA gateway without user intervention. See Enable Always-On in Use the SASE Client Application.
• LDAP, SAML, or local user authentication, and integration with any of these authentication systems. See Enable Authentication in Use the SASE Client Application.
• Two-factor authentication:
  • Message/email-based OTP—Support for OTP using email and separate from SMS.
  • TOTP with any authenticator application—Support for TOTP using Google or Microsoft authenticator. See Enable Authentication in Use the SASE Client Application.
• Enable cookies to for faster connections. You can also clear stored cookies. See Enable Cookies in Use the SASE Client Application.
• Run diagnostics to automatically fix basic issues and, for issues that cannot be fixed, provide logs to send to Versa Customer Support. See Perform Diagnostics and Export Logs in Use the SASE Client Application.
• Report the client's geographic location and the round-trip time (RTT) for the client to connect to the gateway and collect analytics. Apply policies on the Versa cloud portal and gateway using information provided by the client such as OS type, OS version, and device ID. See Use Host Information for Policy Enforcement in Use the SASE Client Application.
• Notification tray—Provide client monitoring. SASE client always runs unless explicitly closed from the notification tray. Tunnel used by application tray is not disconnected when the application closes.
• Pre-logon—Allow connection to a SASE client from a locked screen based on pre-populated enterprise and gateway details. See Configure Pre-Logon in Use the SASE Client Application.
• Enterprise logo implementation—When you register an enterprise, you receive a URL to change the SASE client logo.
• Re-attempt or graceful reconnect—If the tunnel connection is down, the SASE client tries to reconnect to the gateway five times based on the waiting time. When always-on is enabled, the client attempts graceful reconnect until the connection is established
• Mandatory permission settings window displays while installing the client.

Limitations and Behavior Changes

Android OS or Chrome OS has the following limitations:

• Fail-Close mode releases (open to internet) for 3 to 5 seconds, when connecting through IPsec or SSL.
• Multiple background services and periodic jobs run continuously or occasionally, which may lead to more battery consumption in some device models.

The following SASE client features may not be available on Android or Chrome OS:

• Tunnel monitoring  
• Split-DNS

Request Technical Support

To request technical support, visit http://support.versa-networks.com. If you are contacting support for the first time, register and create an account. You can also send email to support@versa-networks.com or contact your Versa Networks sales account team.