Unified Access Gateway 2207 | 14 JUL 2022

Check for additions and updates to these release notes.

What's New

VMware Unified Access Gateway 2207 provides the following new features and enhancements:

  • Added SAML authentication for the Admin interface with the FIPS version.

  • Added support for additional security settings required for NIAP/CSfC compliance.

  • Provided additional security settings required to allow the FIPS version of Unified Access Gateway to be deployed with Photon OS DISA STIG compliance. DISA is the Defense Information Systems Agency and the Photon OS STIG is the published Security Technical Implementation Guide.

  • Added further ssh hardening configuration options.

  • Added setting to allow the Horizon Connection Server pre-login message to be skipped. This is often required when Unified Access Gateway is configured in a way that requires a Horizon user to authenticate with SAML or through VMware Workspace ONE first. In these cases, it is not appropriate to require the user to accept a pre-login disclaimer after they have already logged in.

  • Added adminreset command. This is available from the root login console and sets the Admin interface settings back to default settings which is for password authentication. This command is useful during misconfiguration of a SAML IdP when Unified Access Gateway is configured for SAML admin authentication but login fails.

  • Syslog configuration improvements. Upgraded the syslog functionality to use the new syslog-ng instead of the older rsyslog. This includes MQTT improvements which allow syslog-ng to be used for MQTT event forwarding with optional certificate support.

  • Endpoint compliance functionality improvements for OPSWAT integration. This includes logging the client device ID at INFO level in esmanager.log entries which can be forwarded to an external syslog server. In addition, added an optional periodic check to log a warning event if the OPSWAT service becomes inaccessible.

  • Updated log rotation configuration for additional /var/log files.

  • Added support during deployment to run a small script either on first boot or on every boot. This is used to support a limited number of customizations as documented in the Deployment and Configuration guide.

  • Extended the support for automatic OS package updates to include potential non-Photon Unified Access Gateway specific rpm updates.

  • Improvements in certificate revocation checks made on the received TLS server certificate for outbound TLS connections.

  • Backslash character is now supported in PFX TLS server certificate passwords.

  • Improved logging and communication of analysis data to Horizon brokers for cases where a Horizon Client is detected as idle, and for cases where misrouting of Horizon Client protocols (PCoIP and Tunnel) occurs.

  • Improved the Tunnel's vpnreport troubleshooting tool to include flow details based on device type and TCP/UDP, and a breakdown of most used apps.

  • Updates to Photon OS package versions and Java component versions.

Internationalization

The Unified Access Gateway user interface, online help, and product documentation are available in Japanese, French, German, Spanish, Brazilian Portuguese, Simplified Chinese, Traditional Chinese, and Korean. For the complete documentation, go to the Documentation Center.

Compatibility Notes

For more information about the compatiblity of Unified Access Gateway with other VMware products, see VMware Product Interoperability Matrix.

Lifecycle Support Policy

For information about the Unified Access Gateway Lifecycle Support policy, see this knowledge base article.

Installation and Upgrade

To download the Unified Access Gateway, see the Product Download page.

Technical Resources

There are several resources that help you learn and understand Unified Access Gateway. For more information, see these information resources.

Resolved Issues

  • Updated ciphers used by the Appliance Agent in FIPS mode to support improved interoperability when connecting from Unified Access Gateway to Workspace ONE UEM Console.

  • Resolved unhandled exceptions with stack trace output in Powershell deployment scripts when invalid input was specified in certain cases.

  • Resolved a 500 Internal Server Error response from Unified Access Gateway when using HTML Access to launch desktop after "ALREADY_AUTHENTICATED".

check-circle-line exclamation-circle-line close-line
Scroll to top icon