ClickySkip to main content
Need help with a cyber incident now?
Call 24/7: +31 88-2747800

Release Notes Tesorion Immunity

Here you will find the most current release notes of Tesorion Immunity. Do you want to know which devices we support? These can be found on the Supported Device List.

Tesorion Immunity 2024.1

Immunity 2024.1 contains several new functionalities as well as updates and improvements that are not externally visible.

Principal new functionalities

  • It is possible to use an OpenID Connect-provider (i.e. Google, Azure, etc) for Administrator-logins to the Immunity webinterface.
  • The piecharts in the Dashboard-parts for Security Events and Incidents have links. The will allow Administrators to get to the Security Events in the category a “pie-piece” represents or the Incidents for a Reason a “pie-piece” represents.
  • In a few tables with overviews (active MAC-registrations/802.1X-account-registrations, Switches, Wlan devices, Switchports and active incidents) an Advanced Search is now available, allowing the Administrator to search for items across specific columns.
  • The underlying database system (PostgreSQL) has been updated to version 16.

Hardware support

  • Netgear M4250-xxxxxx-PoE+ switches are now supported.
  • Huawei S5720-HI switches are now supported.
  • Cisco Catalyst 9200CX switches are now supported.
  • Juniper EX4100 switches are now supported.
  • Cisco Catalyst 9100 Wireless Access Points are now supported.

As usual, there are also several minor improvements and bugfixes that are not explicitly listed.

Tesorion Immunity 2023.2

Immunity 2023.2 contains several new functionalities as well as updates and improvements that are not externally visible.

Principal new functionalities

  • It is now possible to add multiple pieces of managed network hardware (for instance wireless Fat Access Points) to Immunity by importing an Excel-sheet, filled out with required data and credentials.
  • It is possible to use an OpenID Connect-provider (i.e. Google, Azure, etc.) in the registration procedures for end users.
  • The underlying OS (Debian) has been updated to Bookworm (12).

Hardware support

  • Cambium XV2-2T0/T1 Access Points are now supported.
  • Huawei S5720-*-LI-* switches are now supported.
  • Huawei AC6005-series wireless controllers are now supported.
  • Ruckus Access Points, which support Unleashed-mode, are now supported in that mode.
  • TP-Link TL-SG3452 is now supported.

As usual, there are also several minor improvements and bugfixes that are not explicitly listed.

Tesorion Immunity 2023.1

Immunity 2023.1 contains several new functionalities as well as updates and improvements that are not externally visible.

Principal new functionalities

  • Immunity’s DHCP-server has support for the Captive-Portal option (option 114, RFC8910).
  • Immunity can be configured to authenticate against Azure and map ‘roles’ from Azure to Host Groups in Immunity for authorization.
  • Immunity can now be configured to natively handle EAP-TLS (certificate) authentications.
  • Similar to the functionality to configure trunk ports for Fat Access Points, Immunity can now also configure trunk ports to connect Local LAN switches (i.e. a managed switch with its’ uplink connected to a port on another managed switch)
  • The underlying database system (PostgreSQL) has been updated to version 15.

Hardware support

  • For the Aruba CX series (LAN) 802.1X is now supported.
  • The Cisco IE3400 Rugged Series (LAN) is now supported.

As usual, there are also several minor improvements and bugfixes that are not explicitly listed.

Tesorion Immunity 2022.2

Immunity 2022.2 contains several new functionalities as well as updates and improvements that are not externally visible.

The most obvious change is in the version numbering scheme, which has moved to a scheme based on year, the number of the release in that year and a patch-level. Since this release in the 2nd release in 2022, the full version number becomes 2022.2.0.

Principal new functionalities

  • It is now possible to have Tesorion configure a limit to the number of devices connected per username on WLAN 802.1X.
  • For Guest access codes (“activatiecodes”) it is now possible to set the time limit for network access to a fixed period after activation (e.g. “1 week”) from the Immunity web-interface. This also works when creating multiple guest access codes.
  • The underlying OS (Debian) has been updated to Bullseye (11).

Hardware support

  • The Aruba CX 6000 series (LAN) is now supported.
  • The Huawei S5735-L series (LAN) is now supported.

As usual, there are also several minor improvements and bugfixes that are not explicitly listed.

Tesorion Immunity 8.3

Immunity 8.3 contains several new functionalities as well as updates and improvements that are not externally visible.

Principal new functionalities

  • Immunity 8.3 now shows errors on port-level for switches in the GUI. This means that Immunity shows unexpected responses to configuration commands issued on ports through SNMP or CLI (SSH/Telnet) rather than an “unknown issue” for the entire switch.
  • Some improvements have been made to allow Immunity to better handle situations, where Immunity is unable to reach managed hardware in certain network segments due to reasons beyond Immunity’s control such as, for instance, partial network outages.
  • The underlying database system (PostgreSQL) has been updated to version 14.

Hardware support

  • The Aruba CX 6100 Series of switches is now supported.
  • The Aruba CX 6200 Series of switches is now supported.
  • The Cambium XE3-4 Access Point is now supported.
  • The Huawei AirEngine 9700-M1 Wireless Controller is now supported.
As usual, there are also several minor improvements and bugfixes that are not explicitly listed.

Tesorion Immunity 8.2

Immunity 8.2 contains several new functionalities as well as updates and improvements that are not externally visible.

Principal new functionalities

  • Two-factor authentication for access to the Immunity Webinterface is now possible.
    • For existing API-accounts and other script-users, which can’t scan a QR-code, a one-time switch from a ‘regular’ user-account to an API-account, which uses a JWT security token, is required after the upgrade to 8.2.
  • The underlying OS has moved to a 64-bit architecture.
  • Immunity has started supporting ‘Externally manageable’ hardware with the Juniper EX 2300/3400 switch series and the Juniper AP43-WW and AP61-WW access points. ‘Externally manageable’ is meant for hardware which is managed by the hardware vendor’s (cloud)service. When network hardware is externally managed, Tesorion Immunity will not make any changes to the configuration of this network hardware, but answers to RADIUS requests and may reset port connections to provide network access control.

Removed functionalities

  • The Incidents-API, which was already deprecated since Qmanage 6.1, has been removed.

Hardware support

  • The Cisco Catalyst 1000 series is now supported
  • The Huawei AirEngine 9700-M (Wireless LAN Concentrator) is now supported
  • The Netgear GC752XP is now supported
  • The Netgear GS7xxT series are now supported
  • The Netgear M4300 series is now supported
  • The Netgear S3300 series is now supported
  • The Juniper EX 2300 series is now supported, also ‘Externally manageable’
  • The Juniper EX 3400 series is now supported, also ‘Externally manageable’
  • Juniper AP43-WW and AP61-WW (Wireless Access Points) are now supported as ‘Externally manageable’
As usual, there are also several minor improvements and bugfixes that are not explicitly listed.

Tesorion Immunity 8.1

Immunity 8.1 contains several new functionalities as well as updates and improvements that are not externally visible.

Principal new functionalities

By request of several customers new functionalities have been added. These are the most important ones:

  • Reports have been added for target groups IT Management and Board of Directors. These may be found via Insight -> Reports. If you want to receive these reports by e-mail as well, please raise a request with Tesorion Support.
  • Immunity is now also able to configure switch ports for use by lightweight access points, making sure the relevant tagged VLANs are made available on the port. This functionality can be used through Network Hardware -> Hardware -> Other Hardware.
  • DHCP Groups are now fully configurable through the interface.
  • It is now possible to create separate CSS’s per reason.
  • The underlying OS and database have been upgraded

Removed functionalities

  • The Reports-API, which was already deprecated since Immunity 7.1, has been removed
  • Please note that the Incidents-API, which was already deprecated since Immunity 7.1, will be removed in version 8.2.

Hardware support

  • The Cisco WLC 9800 is now supported
  • The Cisco 9200(L) Series is now supported
  • The Hirschmann MSP30 switch media module  is now supported
  • The Hirschmann RSPE30 switch is now supported
  • The Aerohive AP410C en 510C is now supported
  • The Cisco 3560-CX Series is now supported
  • The Cambrium XV3-8 Access Point is now supported
  • The Moxa EDS-G512E is now supported
  • The Ruckus Wireless SmartZone (vSZ-H) is now supported

Removed hardware support

  • The Dell 7200 series is no longer supported
  • The Aruba MC-VA is no longer supported
  • The Avaya/Nortel ERS4000 is no longer supported
  • The H3C S5500-SI is no longer supported
  • The HPE A3600v2 is no longer supported
  • The Dell N-series is no longer supported
As usual, there are also several minor improvements and bugfixes that are not explicitly listed.

Tesorion Immunity 8.0

Vanaf versie 8.0 gaat Qmanage voort onder de naam Immunity. Daarbij is een deel van de termen die gebruikt werden in Qmanage, in lijn gebracht met overige producten en diensten van Tesorion. Onder het kopje ‘Gewijzigde terminologie’ vindt u een overzicht.

Belangrijkste nieuwe functionaliteiten

Vanuit de Lunch & Learn eind 2019 is een aantal wijzigingen doorgevoerd. Tesorion wil de aandragers van deze suggesties graag hartelijk danken!

  • De restart-button in de self service portal is verbeterd, en kan nu duidelijker/anders gestylet worden.
  • Foutmelding toegevoegd als er een range VLAN’s wordt toegevoegd bij het aanpassen van een mapping
  • Bij het in bulk importeren van MAC-adressen is het nu mogelijk om te kiezen of dubbele/reeds aanwezige MAC-adressen overgeslagen of overschreven worden, of dat de hele import geannuleerd wordt.
  • Het is (weer) mogelijk om de trace-functionaliteit te gebruiken op DHCP-hostnames.
Dan de overige aanpassingen. Zoals gebruikelijk zijn er diverse bugfixes en verbeteringen doorgevoerd, die niet uitputtend benoemd worden.
  • TLS v1.0 en v1.1 worden niet meer ondersteund voor webpagina’s
  • TLS v1.0 en v1.1 worden niet meer ondersteund voor de API
  • LDAPS vereist nu TLS v1.2. Nota bene: MS Domain controllers ondersteunen binnenkort geen LDAP meer, maar alleen nog LDAPS. Tesorion raadt u aan om over te stappen naar LDAPS, indien u twijfelt of dit al zo ingesteld is, neemt u vooral even contact op met Tesorion Support.
  • Diverse aanpassingen en verbeteringen aan de GUI

Gewijzigde Terminologie

Manage-concepten

  • Client -> Host
  • Machine -> Host
  • Access Group -> Host Group
  • (Machine) Registration -> Host Group Membership
  • Register -> Add to host group, make a host group member
  • Automatic registration on MAC prefix -> MAC prefix host group membership
  • Activation code -> Guest Access Code
  • DHCP Machine Name -> DHCP Hostname
  • Rollout Mode -> Host Discovery
  • Manage (a switch) -> Enable NAC (on a switch)

Detect & Respond-concepten

  • Possible Incident -> Security Event
  • Preset -> Automated Response Policy
  • Onestrike -> Self Service Close
  • Incidents (in GUI menu) -> Detect & Respond
  • Isolation (in GUI menu) -> Captive Portal
  • User ID -> Host ID

Captive Portal-concepten

  • End user pages -> Self Service Portal

Hardware-ondersteuning

  • De  Alcatel-Lucent OmniSwitch 6400 and 6450 worden nu ondersteund
  • De HP V1910-24G wordt nu ondersteund
  • De Cisco Catalyst 2960-Plus 24PC-S en 48PST-S worden nu ondersteund
  • Wired 802.1X wordt nu ondersteund op de HPE Aruba 2615, 2910, 2915, 3500yl en 4200vl series
Er zijn tevens enkele brede aanpassingen in de switch-aansturing
  • STP Edge port en PortFast enabled op HPE Aruba/Procurve and Cisco switches
  • BPDU Guard en BPDU Filtering disabled op HPE Aruba/Procurve and Cisco switches
  • GVRP is disabled op alle switches (D-link switches volgen in Immunity 8.1)
  • Bij het wisselen van 802.1X naar portsecurity op Cisco- en HP-switches wordt de 802.1X-configuratie nu verwijderd van de switchpoort.

Vervallen hardware-ondersteuning

  • De HP MSM premium mobily controller series wordt niet meer ondersteund
  • De Juniper Networks EX 4200 series wordt niet meer ondersteund
  • De Cisco WiSM wordt niet meer ondersteund
  • De WiFi-functionaliteit van de Huawei S5720-HI wordt niet meer ondersteund
  • De 3com 4500 wordt niet meer ondersteund.

Software-ondersteuning

Voor een veelheid aan apparatuur is er aanvullende software ondersteund in combinatie met Qmanage. Daarnaast zijn er wat softwareversies niet langer ondersteund, bijvoorbeeld vanwege leeftijd of gekende beveiligings-issues in de betreffende software. Voor de goede orde: Tesorion voert geen proactieve checks uit of er beveiligingsissues in supported software aanwezig zijn, er wordt slechts op best-effort basis iets aan gedaan.

Een aantal specifieke gevallen zijn in deze release vermeldenswaardig:

  • Op de Aruba IAP wordt nu de volledige softwareversie getoond
  • Softwareversie 15.2(4)E8 is expliciet niet ondersteund voor gestackte Cisco 29XX switches
  • Stacking wordt niet ondersteund voor Cisco 2000- en 3000-series op softwareversies 15.2(4)E6 en 15.2(6)E1.