New Features and Enhancements in 3.4.1
Introduces the new features in PAM 3.4.1
Keep Alive Sessions
Support for a configuration option in Symantec Privileged Access Manager (PAM) to enable SSH to save keep alive sessions so that user do not have timeout issues with their sessions. For configuration information, see Create TCP/UDP Services to Access a Device.
Web Portal Traffic
Support for all web portal traffic to be routed through a configured proxy. No user interface changes were made as a result of this feature.
If Symantec ProxySG is configured as a proxy in the PAM client, the following policy configuration change is required on the ProxySG to allow protocols such as SSH and RDP through the ProxySG:
<ssl-intercept> ssl.forward_proxy (https)
<ssl-intercept> ssl.forward_proxy (stunnel)
The stunnel configuration allows the ProxySG to intercept other protocols that are tunneled through SSL/TLS, not just HTTPS.
The Ability to Run a Network Mapping Job from the PAM Configuration Page
"Disallow Max Class Repeat" Password Composition Policy
This password composition policy prevents passwords from containing consecutive characters from the same class. Uppercase, lowercase, numeric, and special characters are the class types.
Examples: If MaxClassRepeat is set to 2, then ABcc34^& is allowed, but not AABcc34^&
For more information, see Construct Password Composition Policies.
Deploy Threat Analytics in Azure
The PAM Threat Analytics Module, in vhd format, is now supported for deployment in the Microsoft Azure cloud environment. See Deploy CA Threat Analytics Server.
The "Credential Unavailable" access mode is displayed when credentials are out of sync and have a password view policy with check in/check out or exclusive lock options. The credentials are still presented to the user in the "Available Credentials" panel, but are not actionable.
When a single credential with the access mode "Credential Unavailable" is configured for auto login, a warning popup is displayed and no auto login occurs.