Professional Documents
Culture Documents
Reference: https://doc.wallix.com/en/bastion/9.0/rn-en-9.0.2.html
Date: 2021-09-28
Copyright: © 2021 WALLIX
Contents
5.2.3.3 Procedure
6 Installing an hotfix from an earlier version
6.1 Procedure for hotfix installation
6.2 Procedure for hotfix uninstallation
7 Known issues
8 Compatibility with third-party software
9 Compatibility with third-party hardware
In order to protect against and avoid lateral attacks, it is recommended to know well the devices on
the local network.
In this version, we propose a discovery module based on the scan of network ports (RDP and
SSH) as well as import from the AD. This module has a scheduling capability, a complete
traceability and an on-boarding workflow of discovered devices.
A service account is a specific dedicated account that allows software deployed on the customers'
infrastructure to run. Service accounts are a security weakness because they often run software
that contains sensitive information.
Best practices recommend enforcing password policies, rotating passwords regularly as well as
changing passwords when used as service accounts on the servers.
You can now manage your service accounts from WALLIX Bastion, by automatically rotating the
secrets, and restarting the services to take them into account.
Administration dashboard
Audit dashboard.
Business-oriented reporting:
https://doc.wallix.com/en/bastion/9.0/rn-en-9.0.2.html 2/24
5/4/22, 5:29 PM WALLIX Bastion 9.0 hotfix 2 – Release Notes
Sessions:
Security:
AD authentication silos:
Best practice: have a dedicated Bastion for the AD admin to store secrets and AD
silos to secure the scope of use.
https://docs.microsoft.com/en-us/windows-server/security/credentials-protection-
and-management/authentication-policies-and-authentication-policy-silos
The following features and improvements have been implemented in this version:
#13583: Implement option to view RDP sessions in real-time (4eyes) without recording
#15519: Implement support of Unix socket forwarding in SSH sessions
#16600: Implement option to allow a user to retrieve the target session of another user
#17057: Add mail notification when a license threshold is exceeded
#17387: Improve VNC keyboard mapping
#19495: Implement support of rsa-sha2 user public key signature
#22422: Improve REST API error when the given API version in the URL does not exist
#28215: Add new "References" feature in "Accounts" menu (aka "service accounts")
#28583: Add automatic discovery of devices by network and AD server scan
#28592: Add new dashboards in the Web interface
#28929: Implement shell startup scenario for Telnet and Rlogin target sessions
#29066: Add support of ping of LDAP server in external authentications
#29148: Improve RDP selector filters
#29199: Improve SSH selector filters
#29471: Add a way to filters devices and applications by tag key or key+value pair in REST
API
#29562: Add UNIXSOCK proxy options for SSH services
#29680: Add support of mobile device with RADIUS authentication
#29688: Add dedicated user for performing appliance upgrades
#29746: Generate disk images with associated NVRAM to allow a EFI boot
#29941: Implement WALLIX Bastion REST API 3.6 and remove version 3.4
https://doc.wallix.com/en/bastion/9.0/rn-en-9.0.2.html 3/24
5/4/22, 5:29 PM WALLIX Bastion 9.0 hotfix 2 – Release Notes
#30518: Add more logs in syslog when the ITSM script is called
#30566: spark_view_specific_glyph_width is no longer required to support SparkView RDP
client
#30594: Add a way to check if user passwords expire when saving a local password policy
via the REST API
#30752: Prevent search engine bots from indexing the legacy interface pages
#31047: Implement support of audio input channel in RDP session
#31305: New signing certificate for WALLIX-Putty
#31326: Remove default password for GUI admin account
#31359: Allow IPv6 address in /etc/hosts and DNS Servers
Since WALLIX Bastion 7.1, the Web interface is being redesigned to provide a more intuitive and
efficient navigation and offer better performance.
The following features and improvements have been implemented for the Web interface in this
version:
Following the implementation of security measures against cross-site request forgery attacks (or
CSRF attacks), REST API requests can no longer be made directly from a browser.
This interface implements a new design which is only available for the following pages:
My preferences
Dashboards
Administration
Audit
Targets
Devices
Accounts
Groups
Checkout policies
Discovery
Password management
Password change policies
Configuration
Notifications
https://doc.wallix.com/en/bastion/9.0/rn-en-9.0.2.html 4/24
5/4/22, 5:29 PM WALLIX Bastion 9.0 hotfix 2 – Release Notes
The other pages of the interface operate in hybrid mode: they show the graphical elements of the
legacy interface inside the new design.
In many IT infrastructures, devices are identified by tags. The use of these tags has also been
generalized in the Cloud.
Users now can apply tags and use them to filter their devices.
1.2.1.2 AAPM
PasswordFS is a new tool for removing passwords from configuration files. It dynamically injects
the password into the configuration file when requested.
Use case: Wordpress database access password that resides in a configuration file.
Group-based fingerprint: new capacity to have users of a group in the Seal mechanism.
Sessions:
Session sharing ("session shadowing"): now visible in the audit list, recording of
auditor's actions in session sharing. The user is informed that a session sharing is
about to start.
New analysis and recording protocol: WinSCP. It is a multi-channel protocol, audited by
default.
DLP/AV (Data Loss Prevention/Anti-Virus): WinSCP and SFTP are now analyzed and
can be blocked.
ITSM ticket number: the ITSM ticket number is stored in the UI approval list, and is
displayed in the session history.
TCP keepalive: TCP keepalive option added for SSH sessions.
ECDSA key: support of ECDSA key for SSH hosts.
Performance improvements:
Parallel execution of password change plugins. Credential change operation lab
measured credential change of 1000 accounts in 6 minutes.
Add session performance tracking in seconds (to /var/log/wabproxy.log with tag
"TIME_METRICS" once target connection is done), on:
Primary connection (network time)
Primary authentication (Bastion CPU/database time)
Rights retrieval (Bastion CPU/database time)
https://doc.wallix.com/en/bastion/9.0/rn-en-9.0.2.html 5/24
5/4/22, 5:29 PM WALLIX Bastion 9.0 hotfix 2 – Release Notes
The following features and improvements have been implemented in this version:
https://doc.wallix.com/en/bastion/9.0/rn-en-9.0.2.html 6/24
5/4/22, 5:29 PM WALLIX Bastion 9.0 hotfix 2 – Release Notes
Simplification of OT management via WALLIX Bastion by simplifying and automating the creation
of OT tunnels.
WALLIX-PuTTY version 0.73.6 has a new flag for tunnel management which allows mapping the
local IP to the loopback interface. Windows admin rights are required (windows routing).
The following features and improvements have been implemented in this version:
https://doc.wallix.com/en/bastion/9.0/rn-en-9.0.2.html 7/24
5/4/22, 5:29 PM WALLIX Bastion 9.0 hotfix 2 – Release Notes
The following minor features and improvements have been implemented in this version:
Availability of a new WALLIX Bastion REST API version: REST API 3.4. This version includes
the latest updates. The REST API versions 3.3 and 3.2 are also available and remain
unchanged. The REST API version 2.4 is deprecated and then no longer available for this
version of WALLIX Bastion. For further information, please refer to the REST API
documentation available online: https://bastion_ip_address/api/doc.
Important
The GRUB boot screen shows an additional entry for the UEFI mode to
access the firmware setup. The access to this entry requests the same
login and password as those required when accessing the "Recovery
Mode" entry in the BIOS mode, below the "Advanced Options" entry.
As the Secure Boot functionality is not used when booting in UEFI mode,
WALLIX Bastion is not affected by the following latest vulnerabilities
observed on grub2 for this mode: CVE-2020-10713 (BootHole), CVE-
2020-14308, CVE-2020-14309, CVE-2020-14310, CVE-2020-14311,
CVE-2020-15706 and CVE-2020-15707.
Redesign of the following pages on the Configuration menu: Local password policy, API keys
and License.
Implement the selection of resource associations to be able to create applications or clusters.
Russian is available as display language
https://doc.wallix.com/en/bastion/9.0/rn-en-9.0.2.html 8/24
5/4/22, 5:29 PM WALLIX Bastion 9.0 hotfix 2 – Release Notes
https://doc.wallix.com/en/bastion/9.0/rn-en-9.0.2.html 9/24
5/4/22, 5:29 PM WALLIX Bastion 9.0 hotfix 2 – Release Notes
#29774: Fix Thycotic plugin issues with check-in, check-out, and URL validation
#29799: Display min/max values for string/integer fields in REST API GET schema
documentation
#29828: Allow duplicate of forbidden passwords in PUT /api/localpasswordpolicies
#29907: Fix sending of HTML emails in custom notifications
#29925: Fix error 500 from REST API in case of invalid Authorization header
#29927: Check authentication type in Authorization header (REST API)
#29931: Fix encoding error in messages returned by the REST API when objects already
exist
#29934: Fix error 500 from REST API when searching device certificates
#29938: Fix error 500 from REST API when searching time frames
#29946: Fix error 500 with search "q=~search" in several REST API resources
#29952: Fix REST API to make tag search case sensitive
#29955: Return an error 404 in REST API /api/tags when a tag id is not found
#29957: Fix error 500 when an invalid id is sent in an API REST GET request
#29981: Fix domain root password update when password change is successful on target
#30059: Add information when changing password of primary or secondary account
#30066: Fix display of unused target accounts in "Connection statistics" page in "Audit" menu
#30121: Fix LDAP GSSAPI protected user authentication
#30123: Fix crash of RDP session when dragged between several monitors
#30158: Fix Kerberos authentication issue on SSH proxy with the new authentication
interface
#30170: Re-enable DLP/AV feature with a "Legacy license"
#30171: Re-enable ITSM feature with a "Legacy license"
#30217: Update sudo package to fix the following security issue: CVE-2021-3156
#30251: Fix form validation on the "Passphrase" field for an account
#30276: Fix disk size issue for /var/wab directory on AWS, Azure and GCP
#30281: Fix issue with duration of pending approval request with a start date in the past
#30326: Fix user disconnection on legacy interface when many Web sessions are open
#30359: Fix LDAP GSSAPI authentication
#30410: Fix PUT applications/devices resources on the option to force tags (REST API
3.5/3.6)
#30411: Fix issue with copy/paste function in RDP application sessions
#30471: Fix missing checksum for the Vmware images
#30495: Change default settings for SIEM log export
#30522: Allow test of LDAP external authentication if the resource already exists
#30523: Do not call ITSM script at start/end of session if the license does not allow it
#30527: Fix empty file sent to the approval ticketing script
#30551: Fix default gateway which disappears after reboot in some network configurations
#30601: Fix precision of API session timeout
#30647: Add SSH session logs integrity check upon access
#30658: Fix session logs not moved to the remote storage
#30693: Fix erroneous logs of REST API requests
#30696: Fix REST API External Auth resource for PUT request
#30722: Improve display of errors after form validation
#30762: Fix blocked request issues in REST API
#30771: Fix URLs with spaces returned by REST API
#30800: Fix wrong login page language after a logout
#30824: Fix issue when displaying the "Backup/Restore" page in some specific hardware
environments
#30825: Fix an issue when trying to restore a backup on a system with a modified database
root password
#30829: Allow upload of CA certificate embedding elliptic curve in LDAP external
authentication
#30834: Use REST API timeout immediately after change without restarting the service
#30903: Fix subnet route when IP source routing is enabled
#30912: Fix display issue when associating an account with an application
#30914: Support SCP file transfer with MobaXterm
https://doc.wallix.com/en/bastion/9.0/rn-en-9.0.2.html 10/24
5/4/22, 5:29 PM WALLIX Bastion 9.0 hotfix 2 – Release Notes
3 Hardware requirements
WALLIX Bastion version 9.0 hotfix 2 requires at least 4GB of RAM and 30GB of disk space.
Please contact WALLIX Technical Support Team if you need further information related to the
necessary sizing parameters.
External storage is recommended for virtual machines.
The old appliances Dell R310, R320, R510, R520, R810 and R820 are no longer supported.
WALLIX provides a generic ISO and specific images for the above-mentioned environments.
Please refer to the Quick Start Guide to get the instructions on how to deploy on-premises images
and Cloud tenant images.
https://doc.wallix.com/en/bastion/9.0/rn-en-9.0.2.html 11/24
5/4/22, 5:29 PM WALLIX Bastion 9.0 hotfix 2 – Release Notes
You can only upgrade to WALLIX Bastion 9.0 hotfix 2 from WALLIX Bastion
6.2 or higher version. We recommend installing first the last hotfix released for
your current version before upgrading to WALLIX Bastion 9.0 hotfix 2.
Please also note that only backups created from WALLIX Bastion 6.0 or higher
version can be restored on this version.
The table below lists the versions from which the upgrade to WALLIX Bastion
9.0 hotfix 2 can be performed.
The upgrade to WALLIX Bastion 9.0 hotfix 2 can be performed from hotfix
versions prior to the one listed in the above table. However, we strongly advise
you to apply this procedure from the recommended version.
Important: Before any update to version 9.0.2 from a previous version, please
proceed to the verification list detailed in the Known issues section.
The upgrade process takes at least a few minutes and may run over a longer
period in the case of High Availability clusters containing many session
recordings.
https://doc.wallix.com/en/bastion/9.0/rn-en-9.0.2.html 12/24
5/4/22, 5:29 PM WALLIX Bastion 9.0 hotfix 2 – Release Notes
In case of an SSH disconnection during the upgrade or the HA setup, you can
return to the input/output of the running script by entering the following
command:
# cd /mnt
# ./bastion-upgrade.sh
When the upgrade has completed, we recommend you to check that the
selection of the cryptographic algorithms accepted by both the SSH and the
HTTP servers still meet your requirements. Otherwise, the command
WABSecurityLevel allows you to set the security level of these servers.
The default security level for the SSH server is set to a low value, allowing any
cryptographic algorithms to be used.
The default security level for the HTTP server is set to a high value. Only the
following cryptographic algorithms can then be used:
ECDHE-ECDSA-AES256-GCM-SHA384
ECDHE-RSA-AES256-GCM-SHA384
ECDHE-ECDSA-CHACHA20-POLY1305
ECDHE-RSA-CHACHA20-POLY1305
ECDHE-ECDSA-AES128-GCM-SHA256
ECDHE-RSA-AES128-GCM-SHA256
ECDHE-ECDSA-AES256-SHA384
ECDHE-RSA-AES256-SHA384
ECDHE-ECDSA-AES128-SHA256
ECDHE-RSA-AES128-SHA256
The old appliances Dell R310, R510 and R810 are no longer supported neither
by the manufacturer nor by WALLIX. Nevertheless, WALLIX Support Team will
provide a best-effort assistance on these products, with no obligation to
achieve a fixed result.
5.1.1 Prerequisites
Note
If you cannot access Internet in order to retrieve the ISO image, please contact
WALLIX Support Team, which will send you the upgrade on a USB key.
https://doc.wallix.com/en/bastion/9.0/rn-en-9.0.2.html 13/24
5/4/22, 5:29 PM WALLIX Bastion 9.0 hotfix 2 – Release Notes
If you do not have the USB key, the first step consists in retrieving the ISO image of the upgrade
‘bastion-9.0.2.9.iso’ and its checksum file ‘bastion-9.0.2.9.iso.sha256sum’.
1. Connect to the following address in your Internet browser and enter your WALLIX Support
credentials:
https://support.wallix.com/
2. Click on the “Downloads” tab and download both the image and the integrity check files from
the “Update image” section for WALLIX Bastion version 9.0.2.
sha256sum -c bastion-9.0.2.9.iso.sha256sum
(https://sourceforge.net/projects/win32diskimager/)
where <usb_device> must be replaced by the device onto which the USB key is connected,
typically something like /dev/sdb.
If the script stops after a few seconds, you must consult the last part of the /root/migration-
<PREVIOUS_VERSION>-9.0.2.log file using the following command:
tail /root/migration-<PREVIOUS_VERSION>-9.0.2.log
where <PREVIOUS_VERSION> must be replaced by the version number from which the upgrade is
performed.
The last line should indicate which problem must be corrected before continuing the upgrade.
https://doc.wallix.com/en/bastion/9.0/rn-en-9.0.2.html 14/24
5/4/22, 5:29 PM WALLIX Bastion 9.0 hotfix 2 – Release Notes
1. If you have the USB key and a physical appliance, you just need to plug it in a free USB port
in the front or back of the unit.
If Bastion is a virtual machine, you can use the ISO file as a disk image to the VM's optical
drive (CD/DVD drive).
2. Use an SCP client (such as WinSCP - http://winscp.net/) to send the two downloaded files to
the Bastion’s /home/wabadmin/ directory (the wabadmin user’s default directory). If you use
the High Availability (HA) mode, the files must be transferred to the Master and to the Slave.
3. Check that the transfer was successful by entering the following command:
In the case of HA configuration, the above command must be executed on both the master
and the slave.
4. You can now upgrade WALLIX Bastion by following the procedure described in one of the
next two sections, according to your particular configuration.
1. Connect to WALLIX Bastion by entering the wabadmin user name and password.
2. Pass root by entering the following commands and providing the wabsuper password each
time you are prompted:
wabadmin@wab:~$ super
wabsuper@wab:/home/wabadmin$ sudo -i
or if you are using the USB key (replacing sdb by the device onto which the key is
connected):
# cd /mnt
# ./bastion-upgrade.sh
WALLIX Bastion will now install the Debian packages and the WALLIX packages in order to
perform the updates of the system and Bastion. It will then migrate the data to the
appropriate format.
https://doc.wallix.com/en/bastion/9.0/rn-en-9.0.2.html 15/24
5/4/22, 5:29 PM WALLIX Bastion 9.0 hotfix 2 – Release Notes
5. Once the upgrade is completed, press the Enter key to exit the screen displaying the process
actions and go back to the shell. Please make sure that the upgrade process has
successfully completed by checking the last lines of the /root/migration-
<PREVIOUS_VERSION>-9.0.2.log file using the following command:
tail /root/migration-<PREVIOUS_VERSION>-9.0.2.log
where <PREVIOUS_VERSION> must be replaced by the version number from which the
upgrade is performed.
# reboot
After the system reboot, you can use WALLIX Bastion immediately.
5.2.3.1 Prerequisites
In order to upgrade a HA cluster, you must upgrade the Master node first then the Slave one.
Continuity of service cannot be maintained during the upgrade process.
You must beforehand check that the network parameters are correctly configured, the Bastion
administrator’s email address has been defined and encryption has been unlocked on the Web
User Interface.
On both the Master and the Slave nodes, the /etc/hosts file must include the following lines:
127.0.0.1 localhost
IP_MASTER HOSTNAME_FQDN_MASTER
IP_SLAVE HOSTNAME_FQDN_SLAVE
HOSTNAME_FQDN_MASTER
HOSTNAME_FQDN_SLAVE
hostname -F /etc/hostname
(Replace the locations indicated in capitals above by the actual values. _FQDN_: the fully qualified
domain name, which must be included in the host name).
We will now call your current Master node as “node1” and your current Slave node as “node2”. You
can determine which machine is the Master and which is the Slave by entering the following
command:
WABHAStatus
https://doc.wallix.com/en/bastion/9.0/rn-en-9.0.2.html 16/24
5/4/22, 5:29 PM WALLIX Bastion 9.0 hotfix 2 – Release Notes
When the upgrade script is launched on node1, HA service is stopped on both nodes (node1 and
node2): a lock file in the directory for node2 prevents HA service from accidentally restarting. This
aims to prevent node2 from becoming the Master node.
When the script has finished execution on node1, HA service must be restarted on this node only!
After reboot, node1 is still the Master node.
When the script is launched on node2 and the execution has finished, HA service must be
restarted on this node. After reboot, node2 is still the Slave node.
5.2.3.3 Procedure
1. Upgrade node1 (refer to section: Upgrading a standalone WALLIX Bastion) then reboot.
2. Upgrade node2 (refer to section: Upgrading a standalone WALLIX Bastion) then reboot.
Important
Check that after a few seconds node2 does indeed become the new Master and
the services are restored
If ever the system does not work, stop node2 and restart HA operation on node1
by executing the following command, then contact WALLIX Support Team:
After node1 has taken control, restart HA operation on node2 by executing the
command:
1. Connect to the following address in your Internet browser and enter your WALLIX Support
credentials:
https://support.wallix.com/
2. Click on the “Downloads” tab and download both the hotfix .tar.gz folder and the integrity
check files from the “Hotfixes” section for the last available hotfix version.
3. Check the integrity of the archive by using an appropriate tool, such as HashCheck on
Windows (https://github.com/gurnec/HashCheck), or under Linux by entering the following
command:
sha256sum -c archive_name.tar.gz.sha256sum
4. Use an SCP client (such as WinSCP - http://winscp.net/) to send the two downloaded files to
the Bastion’s /home/wabadmin/ directory (the wabadmin user’s default directory).
Important
5. Connect to WALLIX Bastion by entering the wabadmin user name and password.
6. Pass root and install the hotfix using the following commands:
$ super
$ sudo -i
# tar xf archive_name.tar.gz
# cd archive_name
https://doc.wallix.com/en/bastion/9.0/rn-en-9.0.2.html 18/24
5/4/22, 5:29 PM WALLIX Bastion 9.0 hotfix 2 – Release Notes
# ./install.py
Important
If you are running a setup using the High Availability (HA) mode, the procedure
must first be run on the MASTER node. Once the hotfix is installed, the
procedure must then be run on the SLAVE node. During installation on the
MASTER node, both nodes are unavailable.
Note
The following services are automatically restarted when the hotfix is being
installed:
Wabengine
GUI
REST API
HA (when running a setup using the High Availability (HA) mode)
# ./uninstall.py
Important
If you are running a setup using the High Availability (HA) mode, the procedure
must first be run on the MASTER node. Once the hotfix is installed, the
procedure must be run on the SLAVE node. During installation on the
MASTER node, both nodes are unavailable.
The old hotfixes previously installed are archived in the directory /var/hotfix.
They can be reinstalled if needed from the hotfix directory by entering the
following command:
./install.py
7 Known issues
Important for major upgrades
Before upgrading to version 9.0.2 from a previous major version, please verify
the following points:
License:
Before upgrading, verify if the license has a "Pack" activated. If so,
please contact WALLIX support, a new license needs to be
generated.
If the upgrade is done without the change, license will be
https://doc.wallix.com/en/bastion/9.0/rn-en-9.0.2.html 19/24
5/4/22, 5:29 PM WALLIX Bastion 9.0 hotfix 2 – Release Notes
invalidated, you will then need to ask for a new license file wy
sending the new context file through a support case.
Upgrading with backup export-import:
When upgrading with backup export-import, some configuration
files are wrongly restored. It can cause service activation issues on
the network interfaces. (Issue #32542)
If the number of network interfaces is different between the source
and the target Bastions, please contact WALLIX support in order to
fix the service mapping issue.
Verification of free space:
Before upgrading, please verify the free space on the disk,
particularly on partitions / , /var and /var/wab .
These three partitions need at least 3GB of free space.
Command df -h executed in CLI can be used for this verification.
Password Change plugins:
Before upgrading a Bastion, if you have modified some plugins with
the help of the support team, we recommend that you backup those
plugins.
They are stored in the following path:
/opt/wab/share/plugins/cred_chg/${PLUGIN}/${PLUGIN}.py.
You can either backup the plugins in the same directory by copying
them with a '.bak' extension, or store them in another directory like
/var/tmp, to be able to restore them tokeep all the modifications
done.
Important
License:
The email notification alert for the license is in English even if the user preference is in
French. (Issue #31768)
LDAP/AD authentication:
From WALLIX Bastion 8.0, password change for AD Protected Users will fail.
(Issue #29200)
X509 authentication:
The upload of multiple CA certificates will fail on "X509 Configuration" page. (Issues
#29385, #29461)
Transparent mode authentication
The authentication through the transparent mode for both RDP and SSH connections
will fail. (Issue #29558)
Discovery:
Discovery process is stuck when automatic backup is triggered concurrently.
(Issue #31434)
There are some issues in the behaviour and error management when the license limit is
reached. (Issue #31848)
Logs:
Many errors in journalctl related to "Scope has no PIDs. Refusing". (Issue #31443)
Dashboards:
The order of dashboards on a new profile is not always properly saved. (Issue #30113)
RDP session:
https://doc.wallix.com/en/bastion/9.0/rn-en-9.0.2.html 20/24
5/4/22, 5:29 PM WALLIX Bastion 9.0 hotfix 2 – Release Notes
There is an issue when connecting from an Access Manager to Windows Server 2008
targets through Bastion 8.0.8. Please refer to the procedure here, or search the
knowledge 2001 on the support website for a solution. (Issue #31434)
The logon via a Smart card is only available for target access through interactive login.
Once the relevant target has been chosen from the selector, the Smart card logon can
be selected from the "Sign-in options" link on the Windows standard login screen. Note
that it may take 5 to 30 seconds for Windows to display the "Sign-in options" link.
(Issue #30102)
The client Remote Desktop Connection (MSTSC) connected to Windows Server 2008
or 2012 does not allow several RemoteApp programs to share the same RDP session.
There will be as many RDP sessions created as the number of RemoteApp programs
launched. (Issue #30021)
Using applications through the Access Manager may fail. (Issue #31767) Please
contact WALLIX Support Team if you need further information.
Due to the certificate update used to sign the Session Probe, it is required to upgrade
BestSafe agent for proper interoperability of the two products. (Issue #31805) A
workaround exists by updating a dll on the target, please contact WALLIX Support
Team if you need further information.
VNC session:
Encoded characters are not fully supported when converting Unicode to ScanCode.
(Issue #31876)
SSH session:
The SOCKS proxy in SSH session is unstable with PuTTY. (Issue #29167)
REST API:
Some fields of the REST API "External Authentications" resource are missing,
incomplete or have errors. The REST API documentation for this resource will be
updated in a future release. (Issues #29395, #29083, #28828, #29386)
Installation/Upgrade:
From WALLIX Bastion 6.2, the ordering of the 4 network interfaces is reversed on
installation.(Issue #31802)
Error in migration logs when performing an upgrade on Azure. (Issue #31731)
Multiple errors appear in the syslog file during the execution of an upgrade, these
errors do not affect the product operation. (Issue #31875)
Audit:
Backup/Restore:
It will not be possible to interact with the untrusted certificate popup after restoring a
backup from the default interface. (Issue #28064)
Sometimes display issues when restoring a backup through the GUI with Firefox.
(Issue #31699)
https://doc.wallix.com/en/bastion/9.0/rn-en-9.0.2.html 21/24
5/4/22, 5:29 PM WALLIX Bastion 9.0 hotfix 2 – Release Notes
The Web interface supports the up-to-date version of the following browsers:
Compatibility information for password change plugins and external password vault
plugins:
Tested
Category Device/System Version/Type Scope Version/Origin version
Network Palo Alto PA-500 Password change V1.0
Network Generic Radius Authentication Internal FreeRADIUS
Version 2.1.12
Router Cisco 800 Series Password change V1.0.2
Router Cisco Nexus Password change Available on
demand
Router Juniper SRX Password change V1.0
MFA Gemalto Card reader Integration Internal
Firewall Cisco Generic Password change V1.0.2
https://doc.wallix.com/en/bastion/9.0/rn-en-9.0.2.html 22/24
5/4/22, 5:29 PM WALLIX Bastion 9.0 hotfix 2 – Release Notes
Tested
Category Device/System Version/Type Scope Version/Origin version
Firewall Stormshield Stormshield Password change Available on
3.x demand
Firewall Checkpoint Checkpoint Password change Available on
R77.30 Gaia demand
Firewall F5 BigIP v15.1.0. Password change Available on
demand
Firewall Fortinet Fortigate Password change, V1.0
SSH key
Server Controller iDRAC DELL Password change V1.1 v7 & v8
Storage PowerVault ME4024 Password change Available on
demand
OS IBM IBM 3270 Password change V1.0.0
OS Microsoft Windows Password change V1.0.1 Windows
Windows Server 2003 Server 2003
OS Microsoft Windows Password change V1.0.1 Windows
Windows Server 2008 Server 2008
OS Microsoft Windows Password change V1.0.1 Windows
Windows Server 2008 Server 2008
R2 R2
OS Microsoft Windows Password change V1.0.1 Windows
Windows Server 2012 Server 2012
OS Microsoft Windows Password change V1.0.1 Windows
Windows Server 2012 Server 2012
R2 R2
OS Microsoft Windows Password change V1.0.1 Windows
Windows Server 2016 Server 2016
OS Microsoft Windows Password change V1.0.1 Windows
Windows Server 2019 Server 2019
OS Linux/Unix GNU/linux Password change, V1.2.1 Debian 8,9,10,
Debian/Ubuntu SSH key Ubuntu 18.04.4
LTS
OS Linux/Unix GNU/linux Password change, V1.2.1 SLES 11
SLES/Suse SSH key 12SP3 15
OS Linux/Unix GNU/linux Password change, V1.2.1 CentOS 6.6,
RedHat/Centos SSH key 7.1 RedHat 8
OS Linux/Unix OpenBSD 5.1 Password change, V1.2.1
SSH key
OS Linux/Unix FreeBSD 9 Password change, V1.2.1
SSH key
OS Linux/Unix NetBSD 5.1.2 Password change, V1.2.1
SSH key
OS Linux/Unix Solaris 10 Password change, V1.2.1
French SSH key
OS Linux/Unix Solaris 11 Password change, V1.2.1
SSH key
OS Linux/Unix AIX Password change, Available on
SSH key demand
https://doc.wallix.com/en/bastion/9.0/rn-en-9.0.2.html 23/24
5/4/22, 5:29 PM WALLIX Bastion 9.0 hotfix 2 – Release Notes
Tested
Category Device/System Version/Type Scope Version/Origin version
OS VMware ESX 6.5 ESX local Available on
password change demand
OS IBM zOS 3270 Password change 1.0.0
OS HP ILO V4 Password change Available on
demand
Database LDAP Generic Password change V1.0 openldap 2.4
Database Oracle Generic, 11g, Password change V1.0.2
12c
Database Microsoft SQL MsSQL Password change Available on
2008, 2017 demand
Database Mariadb Mariadb Password change V1.0.3 10.2 10.3 10.4
Database Oracle MySQL 5.X to Password change V1.0.3 MySql 7,
8.X MySql 8
Database SAP ASE Password change Available on
demand
Database Teradata Teradata V14 Password change Available on
demand
Vault Cyberark Vault Password change Internal 10.3
Vault Hashicorp Vault, API V1 Password change Internal Hashicorp
Vault 0.10.4
Vault Thycotic Vault Password change Internal 10.5.000001
Application UltraVNC VNC & Password change Available on
ViewOnly demand
Application SAP SAP_IQ 16 Password change Available on
demand
Cloud AWS AWS_IAM Password change Available on
boto3 demand
https://doc.wallix.com/en/bastion/9.0/rn-en-9.0.2.html 24/24