|
|
|
|
|
Ipswitch Gateway Server:
MOVEit Transfer Server:
ID |
Category |
Issue |
GW-853 |
HTTP Proxy |
2017 Plus introduces a new setting on the HTTP proxy, the client certificate listening port. This port accepts HTTPS requests from the user during client certificate authentication only, and after sign in, the user's session to Ipswitch Gateway goes through the normal Listen On Port number. The default client certificate listening port is 2443, which requires a firewall rule. |
GW-852 |
Settings |
The Gateway's hostname or IP address was added to the Settings page. You may now edit this name post-installation. Doing so restarts all running HTTP proxies. |
GW-838 |
Install |
On fresh installs, the Ipswitch Gateway installer now prompts for the hostname of the Gateway system, as viewed by end users. This is needed for processing HTTPS client certificate authentication. |
GW-741 |
Proxies |
When adding a proxy, the Listen on IP Address or Hostname value is now prepopulated with 0.0.0.0, which directs the proxy to listen on all available addresses at the given port. |
GW-726 |
Client Identity |
Client IP addresses and client certificates now propagate to MOVEit Transfer for all proxies. Previously, all requests to MOVEit Transfer seemed to originate from the Gateway machine, making it necessary to disable certain security related MOVEit transfer features, such as IP Lockouts, and sign out logs and technical support links in MOVEit Transfer showed the Gateway IP address instead of the client IP address. For every proxy request, Ipswitch Gateway now sends to MOVEit Transfer a header that contains the IP address of the browser that is accessing Gateway. You no longer need to disable IP lockouts on the MOVEit Transfer server. |
GW-47 |
HTTP Proxy |
Ipswitch Gateway now implements authentication to MOVEit Transfer using SSL client certificates, and SFTP public keys. |
GW-72 |
Licensing |
Starting with the 2017 Plus release, Ipswitch Gateway must verify licensing with MOVEit Transfer before launching the Gateway Configuration Interface during Step 3 of the install, and any time the Gateway server reboots. |
ID |
Category |
Issue |
GW-855 |
MOVEit |
MOVEit Session Manager and MOVEit Logs were recognizing the Ipswitch Gateway Web Admin as 'MOVEit Xfer' interface. This issue has been fixed. |
GW-842 |
HTTPS |
Microsoft Edge users authenticating with a client certificate must restart their computer after importing the client certificate. This is a known limitation of the Microsoft Edge browser. |
GW-830 |
Documentation |
Updated Step 3 > step 3 > Configure Endpoint > IP Address to read "The IP address entered here should be 192.168.1.2, which is the IP address of the MOVEit Transfer server on the tunnel connection. Do NOT use the actual IP address of the MOVEit Transfer server. |
GW-829 |
SFTP |
Ipswitch Gateway's SFTP server has been improved so it can handle more simultaneous connection requests. Previously, the SFTP server could refuse connections under heavy load. |
GW-826 |
Settings |
A minor change was made to the message displayed when the FTP passive port range was changed. |
GW-820 |
Security |
Previously it was possible to configure a proxy on the Gateway server to contain certain HTML tags that could be reflected back to the user in the confirmation message associated with start/stop/edit actions. This issue has been fixed. |
ID |
Category |
Issue |
GW-1073 |
Keys and Certs |
In Internet Explorer 11, when you select Keys and Certs > Import to upload a client certificate, there is no "Modified On" field. |
GW-1070 |
Install / Uninstall |
The install does not create an item for the Gateway client under Programs and Features. To confirm that the Ipswitch Gateway Tunnel is present, go to Network and Sharing Center on the MOVEit Transfer server. To uninstall, please execute the Gateway installer directly on the MOVEit Transfer machine and select Step 2 and then select Uninstall. |
GW-1068 |
Uninstall |
After uninstall, Gateway's IP is not removed from the MOVEit Transfer's trusted host list. To delete the Gateway IP from the trusted host list, follow these steps:
|
GW-1003 |
HTTPS |
By default the Outlook plugin uses port 443 to initiate a connection to MOVEit DMZ. With Gateway deployment, if a user has a client certificate requirement they will run into issues connecting to Gateway via a default Outlook plugin install. Workaround: Change the default port in Outlook. |
GW-992 |
Licensing |
When a MOVEit Transfer administrator installs a new license that enables Ipswitch Gateway, it can take up to fifteen minutes for Gateway to notice that a new license is available. Hence, proxies which have been stopped for licensing reasons may continue to be unavailable for up to 15 minutes. The Gateway administrator can shorten this waiting period by logging into the Ipswitch Gateway administrative interface and manually starting each proxy. To do this, for each proxy, under Actions choose Start Proxy. |
GW-990 |
FTP |
The following specific FTP configuration on Gateway/MOVEit Transfer prevents users from accessing MOVEit Transfer through Gateway using insecure FTP: Allow FTP/SSL Access: Yes Workaround: To utilize insecure FTP, do not set both “Allow Insecure FTP Access” and “SSL Client Cert Required” to “Yes”. |
GW-989 |
FTP |
If the FTP client shuts down during file download, the connection between Gateway and MOVEit Transfer Server could remain open up to 10 minutes. If this happens more frequently than normal, it could potentially exhaust the allowed number of connections on MOVEit Transfer Server and clients can no longer make new connections until the existing open connections are closed. Workaround: It is recommended that you use the MOVEit Transfer Config utility to change FTP Ports > Connection Limit from 32 to a larger number such as 1000, to allow an adequate number of clients to connect without reaching the limit easily. |
GW-985 |
Upgrade |
During an upgrade, the SSTP connection drops. Workaround: After upgrading Gateway Server, reconnect the SSTP connection by manually running the Windows scheduler task. |
GW-840 |
Uninstall |
After uninstall, Computer Managment (win+R > compmgmt.msc) still shows Local Users and Groups > Users > GatewayVPNUser. |
GW-879 |
Sign In |
On the MOVEit Transfer sign in page, when you click Try Automatic Signon through Gateway, you see a window that displays available certificates. If you click Cancel in this window, the browser redirects you to an error page that states "This site can't provide a secure connection" (a certificate was not provided). Workaround: If you see this error page, press the back button to return to the sign in page or refresh the browser page to display the available certificates again and choose the correct certificate. |
GW-849 |
Security |
When using HTTPS client certificates through a browser, Ipswitch Gateway users may be offered to choose from more certificates than would be the case if they accessed MOVEit Transfer directly. While MOVEit Transfer instructs the browser to prompt the user only for certificates created or approved through MOVEit Transfer, Ipswitch Gateway has no such feature. Thus, users who have installed client certificates for applications other than MOVEit Transfer should ignore those certificates when making a selection from their browser's list of certificates. |
GW-813 |
Upgrade |
Customers upgrading from a previous release should check that the new "Host Name" field is correct. This field is in the Settings tab of the administrative interface. Ipswitch Gateway provides a default value, which is often incorrect. This new setting is used for client certificate authentication. |
GW-760 |
Install |
After Ipswitch Gateway is installed on Windows Server 2016, the Remote Access Connection Manager service will not start. This does not adversely affect the operation of Ipswitch Gateway; however, it could be a problem if the server is being used for RAS for other purposes. This is unlikely, as Ipswitch recommends that Ipswitch Gateway be run on a dedicated server. This problem does not occur when Gateway is installed on Windows Server 2012R2. |