Release Notes

System Requirements

Ipswitch Gateway Server:

Windows Server 2012R2 or 2016
4 GB RAM
40 GB hard drive
Dual-core or faster processor
Dual network interface cards (1GB/sec minimum) for separate external and internal services (recommended)
Production systems will benefit from additional resources, including faster, additional and multi-core processors, more RAM, hard drive capacity, and speed
Supported Virtualization Environments:
- VMware vSphere (64-bit guest servers)
- Microsoft Hyper-V (64-bit guest servers)

MOVEit Transfer Server:

MOVEit Transfer 2018
Windows Server 2016, Windows Server 2012 R2, Windows Server 2012, or Windows Server 2008 R2 (64-bit English)
MOVEit Mobile 1.3.1 (optional)

Version 2018 Limitations

Lack of support for Ipswitch® Failover
Multiple organizations with unique IP addresses

New Features

ID	Category	Issue
GW-1124	Installer	In previous releases, during the client installation, the installer added a trusted host IP address. 2018 introduces the ability to delete an IP address from the list of trusted hosts during the uninstall process.
GW-1122	FTP	In previous releases, users enabled TLS 1.0 in the DMZ configuration for incoming FTP connections.In 2018, there is added support for TLS 1.1 and TLS 1.2 so that FTP traffic can pass through Gateway regardless of which TLS version is enabled in the DMZ configuration.

Fixed Issues

ID	Category	Issue
GW-1145	Installer	In previous releases, the MOVEit Transfer install process could not contact the Gateway server to pull in the provided certificate if TLS 1.1 or TLS 1.2, or both were enabled but TLS 1.0 was disabled on the Gateway server. The installer .NET was updated, to support TLS 1.1 and TLS 1.2.
GW-1127	Installer, Security	In previous releases, Rasphone launched the VPN tunnel from the Task Scheduler. The updated VPN authentication method is not compatible with Rasphone. Rasphone was replaced with Rasdial, resulting in successful connections.
GW-1129	SFTP	In previous releases, the SSH proxy failed a short time after starting on port 22. This issue was fixed using the 1.7.1-MIG SSHD library.
GW-1128	Installer	In previous releases, the RRAS UI was disabled by default on Server 2016. Users that accessed rrasmgmt.msc to open the RRAS UI got a messages that stated "Legacy mode is disabled on this Server".
GW-1089	Installer	In previous releases, the EAP-MSCHAP v2 authorization method was not enabled following a Gateway client-side upgrade.
GW-840	Installer	In previous releases, after uninstall, Computer Management (win+R > compmgmt.msc) still showed Local Users and Groups > Users > GatewayVPNUser.

Known Issues and Workarounds

ID	Category	Issue
GW-1111	Web App	The tunnel between Gateway and Transfer disconnects, preventing users from accessing Transfer through Gateway if a user account uses Remote Desktop Protocol (RDP) to log into the Transfer box when another user account is running a scheduled Ipswitch Gateway Tunnel task on the Transfer box. Workaround: Use the same user account that is running the Ipswitch Gateway Tunnel scheduled task to log into the Transfer server with RDP. If different user’s accounts are used, the tunnel will temporarily disconnect until the scheduled task restarts the connection.
GW-1073	Keys and Certs	In Internet Explorer 11, when you select Keys and Certs > Import to upload a client certificate, there is no "Modified On" field.
GW-1070	Install / Uninstall	The install does not create an item for the Gateway client under Programs and Features. To confirm that the Ipswitch Gateway Tunnel is present, go to Network and Sharing Center on the MOVEit Transfer server. To uninstall, please execute the Gateway installer directly on the MOVEit Transfer machine and select Step 2 and then select Uninstall.
GW-1003	HTTPS	By default the Outlook plugin uses port 443 to initiate a connection to MOVEit DMZ. With Gateway deployment, if a user has a client certificate requirement they will run into issues connecting to Gateway via a default Outlook plugin install. Workaround: Change the default port in Outlook.
GW-992	Licensing	When a MOVEit Transfer administrator installs a new license that enables Ipswitch Gateway, it can take up to fifteen minutes for Gateway to notice that a new license is available. Hence, proxies which have been stopped for licensing reasons may continue to be unavailable for up to 15 minutes. The Gateway administrator can shorten this waiting period by logging into the Ipswitch Gateway administrative interface and manually starting each proxy. To do this, for each proxy, under Actions choose Start Proxy.
GW-990	FTP	The following specific FTP configuration on Gateway/MOVEit Transfer prevents users from accessing MOVEit Transfer through Gateway using insecure FTP: Allow FTP/SSL Access: Yes Allow Insecure FTP Access: Yes SSL Client Cert Required: Yes Password also required with SSL Client Cert: Yes Workaround: To utilize insecure FTP, do not set both “Allow Insecure FTP Access” and “SSL Client Cert Required” to “Yes”.
GW-989	FTP	If the FTP client shuts down during file download, the connection between Gateway and MOVEit Transfer Server could remain open up to 10 minutes. If this happens more frequently than normal, it could potentially exhaust the allowed number of connections on MOVEit Transfer Server and clients can no longer make new connections until the existing open connections are closed. Workaround: It is recommended that you use the MOVEit Transfer Config utility to change FTP Ports > Connection Limit from 32 to a larger number such as 1000, to allow an adequate number of clients to connect without reaching the limit easily.
GW-985	Upgrade	During an upgrade, the SSTP connection drops. Workaround: After upgrading Gateway Server, reconnect the SSTP connection by manually running the Windows scheduler task.
GW-879	Sign In	On the MOVEit Transfer sign in page, when you click Try Automatic Signon through Gateway, you see a window that displays available certificates. If you click Cancel in this window, the browser redirects you to an error page that states "This site can't provide a secure connection" (a certificate was not provided). Workaround: If you see this error page, press the back button to return to the sign in page or refresh the browser page to display the available certificates again and choose the correct certificate.
GW-849	Security	When using HTTPS client certificates through a browser, Ipswitch Gateway users may be offered to choose from more certificates than would be the case if they accessed MOVEit Transfer directly. While MOVEit Transfer instructs the browser to prompt the user only for certificates created or approved through MOVEit Transfer, Ipswitch Gateway has no such feature. Thus, users who have installed client certificates for applications other than MOVEit Transfer should ignore those certificates when making a selection from their browser's list of certificates.
GW-813	Upgrade	Customers upgrading from a previous release should check that the new "Host Name" field is correct. This field is in the Settings tab of the administrative interface. Ipswitch Gateway provides a default value, which is often incorrect. This new setting is used for client certificate authentication.
GW-760	Install	After Ipswitch Gateway is installed on Windows Server 2016, the Remote Access Connection Manager service will not start. This does not adversely affect the operation of Ipswitch Gateway; however, it could be a problem if the server is being used for RAS for other purposes. This is unlikely, as Ipswitch recommends that Ipswitch Gateway be run on a dedicated server. This problem does not occur when Gateway is installed on Windows Server 2012R2.