KB45044 - Deprecated Features and the steps to remove their associated configuration for a smooth upgrade to 9.1R15 and above

This article specifies the list of Deprecated features and the steps to remove their associated configuration for a smooth upgrade to 9.1R15 and above

To improve stability and overall security posture in Pulse Secure gateways, Ivanti has decided to deprecate a set of features from ICS/IPS 9.1R15 onwards,

This also helps streamlining support to newer versions of applications and makes it more secure and stable.

The deprecation list includes older versions of applications, authentication servers, and a few other features.

Related configurations must be deleted on ICS/IPS before upgrading to 9.1R15. It is also important to note that an upgrade to 9.1R15 and above may fail if these configurations are not completely removed. 

If the upgrade is performed through Admin UI, the upgrade failure message displays the list of deprecated feature configuration that needs to be removed to proceed with the upgrade.

If the upgrade is performed using REST APIs or management servers like Pulse One, please check the serial console for the list of deprecated feature configurations.

 

The following is the list of deprecated features and the procedure to remove existing configuration.

Authentication Servers (IPS/ICS)

The following Auth servers are deprecated.

•    Netegrity/Siteminder auth server
•    NIS auth server
•    Anonymous auth server
•    LDAP - Novell Edirectory Server.
•    LDAP – iplanet server

Follow these steps to remove authentication server types:

1.    Navigate to Authentication > Auth. Servers and identify the Authentication servers of deprecated type from Type column.
2.    Navigate to User > User Realms and identify the realms using any of the identified authentication servers under Servers and remove the association.
3.    Navigate to Authentication > Auth. Servers, select the deprecated servers from the list and delete.

Rewriter applications (ICS)

The following versions of the Rewriter Applications are deprecated:
•    Citrix web interface/JICA
•    Citrix Storefront (below 3.1 version)  
•    Microsoft OWA 2000, 2003,2007
•    Lotus inotes 5, 6, 6.5

To remove the configurations, navigate to Users > Resource Profiles > Web, select and delete the web resource profiles of the Type as listed above.

Sensors feature (ICS/IPS) 

Remove the following components of Sensors configuration:
•    Sensors: Navigate to System > Configuration > Sensors and remove the sensors.
•    Sensor event policy: Navigate to System > Configuration > Sensors > Sensor Event Policies and remove the policies associated with the sensors.
•    Syslog server configured for sensor logs: Disable the sensor logs by navigating to System > Log/Monitoring > Sensors > Log.
•    Deselect the Archive Sensors log under Archive Schedule from Maintenance > Archiving > Archiving Servers.
•    Deselect Sensors logs under System logs from Maintenance> Troubleshooting > Log Selection.

Cache Cleaner (ICS)

For User Roles, under Host Checker restrictions remove cache cleaner policy from selected policies list.

•    Users > User Roles > Role > General > Restrictions > Host Checker 

Basic authentication policy wizard (ICS)

Wizard support for Basic authentication is removed.

Host Checker (HC) for Solaris

To remove Host Checker support for Solaris systems:
1.    Navigate to Authentication > Endpoint Security > Host Checker and identify the policies associated with Solaris under Summary column. 
2.    Click on each policy and delete all rules associated with Solaris.

Custom Rule on Windows - Statement of Health

Remove Statement of Health rules for windows.

1.    Navigate to Authentication > Endpoint Security > Host Checker. 
2.    For each policy, under Windows Rules, check and remove rules with Statement of Health under Rule Type column.

Cloud Application visibility (ICS)

Remove the Cloud Application Visibility policies:

1.    Disassociate the roles associated with Cloud Application Visibility.
2.    Navigate to System > Cloud Secure > Cloud Application Visibility > Application Policies, select the policy and delete the application policies.

Telnet/SSH Resource profile

Remove the following Telnet/SSH components:

•    Navigate to Users > User Roles, for each user role under Access Features.

1. If Telnet/SSH sessions are present, click on link and remove all the sessions.
2. Uncheck the Telnet/SSH option under Access Features. Ensure the sessions are 0.

•    Navigate to Users > Resource Profiles > Telnet/SSH, select and delete the resource profiles.
•    Navigate to Users > Resource Policies > Telnet/SSH, select and delete the resource profiles.
•    Navigate to Maintenance > Troubleshooting> User Session  > Policy Tracing, disable Telnet/SSH policies under Events to Log.
•    Navigate to Maintenance > Troubleshooting > User Session > Simulation, disable Telnet/SSH policies under Events to Log.

UNIX(NFS) file share

Remove the following UNIX(NFS) file share components:

•    Navigate to Users > User Roles, for each user role under Access Features

1. If Files > Bookmarks are present, click on link and remove all the bookmarks.
2. Uncheck the Files option under Access Features. Ensure the bookmarks are 0.

•    Navigate to Users > Resource Profile > Files, select and remove the resource profiles with Type Unix.
•    Navigate to Users > Resource Policies > Files, select and remove the resource profiles with Type Unix.
•    Navigate to Maintenance > Troubleshooting > User Session > Policy Tracing, disable Unix/NFS and Compression (Unix/NFS) under File policies.
•    Navigate to Maintenance > Troubleshooting > User Session > Simulation, disable NFS policies under Events to Log.

Pulse Collaboration

On upgrade to 9.1R15 & above, existing Pulse Collaboration configurations are reset and the collaboration functionality will not be available.

SDP feature in PCS

Disable SDP under System > SDP > Overview.

Pulse Client SRX

Navigate to Users > Pulse Secure Client > Connections. For each connection, remove the connections with Type SRX in the Connections table.