Summary

This update adds versioned release tiers for the ControlOne Desktop Agent: Beta, General Availability (GA), and Long-Term Support (LTS). Partners now have more control over when and how new versions roll out. It also improves Teleport for partners using the Unity platform by honoring the Unity MFA code instead of requiring a separate ControlOne code for authentication. Endpoint performance on Windows and macOS has been improved by fixing high background CPU usage in recent ControlOne Agent versions.

What’s New

• Partners can now choose when and how updates are deployed through defined release tiers: Beta, General Availability (GA), and Long-Term Support (LTS). This gives greater visibility into the state of each release and more control over which version is applied to each customer. For example, partners can restrict a customer to LTS to receive only essential security updates and fewer feature changes, or assign power users to Beta for immediate access to new capabilities and the opportunity to share feedback with developers.
• For partners using the Unity platform, Teleport now honors the Unity MFA code instead of requiring a separate ControlOne code for authentication.
• The Agent’s background performance has been improved by fixing an issue that caused the app to use more CPU than expected when idle.

Why You’ll Love It

Defined release tiers give partners meaningful control over how updates reach their customers. You can align each tenant to the release cadence that best fits their needs, choosing between Beta for early adopters, General Availability for standard rollouts, or Long-Term Support for customers who prioritize stability. This flexibility simplifies update planning, reduces risk, and builds confidence in the update process.

This release also resolves two issues: Teleport now correctly honors Unity MFA for partners using the Unity platform, and the ControlOne Agent’s background CPU usage has been reduced to restore normal performance levels.

How to Access It

These updates are available now for Windows and macOS.

• Release tiers (Beta, GA, and LTS) can be managed in the ControlOne Admin Portal under Agent Settings.

  • Review the detailed Knowledge Base release notes here.
• Step-up verification is automatically available for Unity users once the feature is enabled in their environment.

This release improves sign-in reliability, speeds up performance for large tenants, and makes it easier to see what’s happening across environments. Partners will notice faster MFA verification, enhanced reporting with visible sensor messages, and streamlined tenant and user management.

What’s New

• The Global Tenant Status View has been redesigned for clarity and speed. New columns and filters make it easier to find affected tenants, and the new Go action provides one-click navigation directly to tenant maps.
• Performance for large connected directories has been improved, making it faster to load zones, users, and groups even in environments with thousands of entries. The interface no longer stalls or refreshes unnecessarily.
• Sensor messages are now displayed directly in network session details and lists. These messages appear in plain language, giving partners faster insight and a more meaningful reporting context.
• Configuration tasks for network devices are now fully managed through centralized admin actions, replacing legacy automation methods with a more consistent, auditable process.
• Addressed an issue that restricted the primary administrative (root) user to View-only permissions after purchase. Full portal access and management capabilities are now restored.
• MFA verification speed has been improved. A previous issue that caused verification to appear stuck has been resolved, and logins now complete promptly after code entry.

Why You’ll Love It

Daily operations feel faster and more predictable. Partners managing large tenants or many user groups will notice easier navigation and fewer slowdowns. The updated Global Tenant Status page prioritizes visibility while enabling direct navigation, and MFA verification now responds quickly every time. Reporting views surface meaningful sensor data in plain language, helping partners move from alert to insight without extra steps.

How to Access It

All updates are live as of October 1, 2025. No action is required.

ControlOne now validates permissions in real time, ensures user sessions and configuration are uninterrupted during portal updates, and introduces key improvements to SIEM export. Navigation has also been refreshed with a cleaner menu and a simplified admin experience.

What’s New

• SIEM export now supports certificate-based encryption for CEF over TLS. You can upload and manage certificates directly in the UI for secure export.
• Root user accounts are protected from unintended permission changes. Updates to the permissions logic prevent edge cases where modification rights could be removed.
• Permission checks are now managed directly through Unity. Instead of relying on session tokens that can become outdated, ControlOne validates roles in real time for greater accuracy and reliability.
• The left-side navigation has been refreshed with a cleaner structure, subtle hover animations, and reduced clutter. Second-level tabs have also been removed and consolidated into collapsible menu items, making navigation more organized and consistent.
• Syncing status is now reported with a clearer, more intuitive visual indicator, and the user menu includes a quick link back to the customer portal.
• The Admin menu has been simplified, and common actions like Settings, Help, and Logout have been relocated for easier access.
• The Settings and Admin Settings pages have been updated with clear page titles, making it easier to confirm your current location at a glance.
• The Network Map is now the default landing page. It loads automatically and displays a helpful placeholder when no data is available.
• A new unified site header with a customer selector makes it easier to switch between accounts.
• Minor polish updates improve consistency, such as standardizing the capitalization of “Log Out.”
• Resolved an issue where syslog exports occasionally sent blank lines instead of event data.
• Addressed an API issue that could briefly interrupt workflows during certain updates.

Why You’ll Love It

SIEM export is now more secure and reliable, with support for certificate-based encryption and improved syslog formatting. Permissions always reflect the latest account roles, and workflows continue smoothly during updates. Navigation is cleaner and more intuitive, so you can move through ControlOne with ease!

How to Access It

These updates are live now in ControlOne. Review the detailed Knowledge Base release notes here.

Moving through ControlOne is now quicker and more intuitive. Navigation has been streamlined, menus simplified, and page context clarified so partners can get to the right place with confidence and speed.

What’s New

• The left-side menu has been reordered and redesigned with a collapsible, two-level structure that keeps everything organized while still making deeper features easy to reach.
• A new unified header puts the customer selector front and center, so switching between accounts is faster and more natural.
• The Admin menu has been simplified, with common actions like ‘Settings’, ‘Back to Customer Portal’ and ‘Help’ relocated for quicker, more logical access.
• Both the Settings and Admin Settings pages now include clear, descriptive titles, helping partners confirm where they are at a glance.
• The Network Map is now the default landing page, providing immediate visibility into network health along with a helpful placeholder when no data is available.
• A small but important polish update ensures “Log Out” follows standard naming conventions, adding to the platform’s overall consistency and professionalism.
• The “Updates” icon has been removed for a cleaner experience. A new “What’s New” icon has been added. Users can click it anytime to view the latest product updates.
• We’ve introduced a new and improved Agent Download menu, giving you quick access to deploy agents.
• We’ve removed the “configuration syncing” text from the left navigation menu. Now, when syncing is in progress, you'll see a sleek spinner that clearly indicates the status.

Why You’ll Love It

ControlOne now feels lighter, faster and more modern. Everything is in one streamlined menu, switching between customers takes a single click, and clearer page titles reduce second-guessing. The result: less effort spent navigating and more time focused on what matters.

How to Access It

The updated navigation is live now in ControlOne.

• Explore the new left navigation and unified site header directly in the platform.
• Review the navigation guide in the Knowledge Base: https://help.cytracom.com/hc/en-us/articles/39535631089677-ControlOne-Navigation-UI-Updates

What’s New
The new Global Status Page gives you a single, real-time health view across all customers. No more tenant-hopping. Now you can instantly see sites, connectors, agents, services, and users together in a unified dashboard.

Why You’ll Love It

• Unified visibility: See sites, connectors, agents, services, and users across every tenant in one view.
• Real-time monitoring: Always-on visibility with no refresh required.
• Smart status aggregation: All critical infrastructure status is organized and color-coded for clarity.
• Spot issues instantly: Know exactly which tenants, sites, or users are affected when outages or degradations occur.
• Stay ahead of customer calls: Deliver updates before tickets come in.
• Troubleshoot faster: Start with the big picture and drill into details.
  
  

How to Access It
The Global Status Page is live today for all partners. No setup required. Log in to your ControlOne portal, and you’ll find it in the navigation menu.

App Version: ControlOne 25.34.2

👉 Questions? Check our KB article or reach out to support!

What’s New
This release introduces Default User Zone functionality, allowing admins to automatically assign newly provisioned users to a designated zone when no explicit mapping exists. New users can connect to the agent immediately, reducing setup steps and eliminating errors from missing assignments.

Alongside this, we’ve delivered platform updates to improve authentication, access control, and Partner Portal integration. These changes strengthen security, simplify sign-in, and ensure the Partner Portal remains the single source of truth for user data.

Why You’ll Love It

• Default User Zone: Streamline onboarding by automatically assigning new users without explicit mappings.
• Immediate connectivity: Ensure new users can connect to the agent right after provisioning.
• Reduced admin overhead: Eliminate manual steps and lower the chance of misconfiguration.
• Partner Portal as source of truth: User data now syncs directly from the Partner Portal, improving consistency and traceability.
• Expanded authentication support: Agents now support more identity providers across platforms, reducing login friction.
• Stronger access control: Updates to tokens and REST API enhance security by ensuring users only see and interact with the tenants and companies they’re authorized for.

How to Access It
The Default User Zone and supporting enhancements are live today. Admins can configure a tenant’s default zone through the ControlOne portal.

Internal Reference: CO-3985

Block pages used to be… functional. Now, they’re a whole lot smarter. With this latest update, users get the context they need—why something was blocked, who to contact, and even how to request a bypass (if you allow it)—all without blowing up your helpdesk.

🎉 What’s New?

🛑 Brandable Block Pages – Add your logo and a custom message on the block page so users know it’s your security keeping them safe (and not just the internet being difficult).

📬 Bypass Requests – Give users a structured way to submit bypass requests instead of them hunting you down in a panic. 

🔔 Real-Time Alerts – Get notified when someone submits a request for access so you can track and respond quickly. 

📊 Reporting & Logs – See block events, bypass requests, and approvals in the ControlOne Reporting page, because accountability is 🔑.

🚀 Why You’ll Love It

💡 Clarity for Users – Users get the “what” and “why” behind a block—no more guessing or assuming something’s broken.

🔄 Smart Access Flow – Bypass requests give users a clear path forward without compromising security. It’s not a dead end—it’s a decision point. 🚦

🎨 Your Brand, Front and Center – Reinforce your value with every block page. Your security. Your style.

🔧 How to Enable It?

Head over to your ControlOne Partner Menu → Branding to customize block pages, then check your Security Policy settings to enable bypass requests. Need to review user requests? We’ve got a new Bypass Requests tab to keep things clean and easy.

Because a well-informed user is a happy user. And a happy user is… well, less likely to flood your inbox with “Why can’t I access this site?!” emails. 😅

👉 Click here for the full KB on SWG block page enhancements! 🔥

One-size-fits-all routing is great for simplicity—but sometimes, you need more control.  With Policy-Based Routing (PBR), you now have the power to decide which traffic gets inspected and which takes a direct path—because not everything needs full security screening.

What’s New?

🔀 Traffic Routing Control – Choose between Inspection (via ControlOne) or No-Inspection (direct local route), ideal for critical services like BCDR solutions that need speed and stability without added overhead..

🎯 Destination-Based Policies – Set routing based on destination IP, Address Groups, and/or FQDNs—perfect for prioritizing business-critical traffic while keeping unnecessary inspections to a minimum.

Why You’ll Love It?

🚀 Optimized Performance – Give essential services a fast, direct path while keeping inspection where it counts.

🔧 Simplified Management – No more creative workarounds or “I swear this config made sense at 2 AM” moments—just straightforward routing control, just like the network doctor ordered.

How to Enable PBR?

PBR is available now! Head over to your ControlOne Network->Routing Policies settings, configure your routing policies, and finally put your traffic in its place. Choose your destination-based rules and let the good packets roll.

Because performance, flexibility, and efficiency should always come standard.

👉 Click here for the updated KB on PBR 🔥

ControlOne just got a Dark Mode refresh and a major upgrade for IPSEC troubleshooting—because security should be easy on the eyes and even easier to manage!

What’s New?

🖤 Dark Mode Enhancements: A fresh, high-contrast interface designed for comfort and style. Whether you're pulling late nights or prefer a sleek, modern look, Dark Mode reduces eye strain and helps you focus on what matters.

📊 Upgraded Connectors Page: Troubleshooting just got easier. We’ve added utilization graphs to give you a real-time view of performance and a live-streaming logs section to help you pinpoint and resolve issues faster.

Why You’ll Love It:

✨ Dark Mode Goodness: Work in style, reduce eye strain, and enjoy a UI that adapts to your preference.

📡 Better IPSEC Issue Insights – Get a real-time view of tunnel performance and instantly access logs for quick issue resolution.

⚡ Faster Troubleshooting: No more digging—your key diagnostics are now in one place, live and ready when you need them.

How to Enable These Improvements?

• Dark Mode: already live…enjoy!
• Connector Improvements: Just open the Connectors menu and select one of your current Connectors—your new graphs and logs are waiting for you!

Security should look good and work even better. With these latest enhancements, ControlOne is delivering both.

👉Click here for the updated KB on these new features. 🔥

🚨 Big News, Folks! 🚨

The ControlOne SASE Platform just got even smarter, sharper, and safer. Introducing Country-Based Blocking in our Firewall-as-a-Service (FWaaS) module—your new secret weapon for locking down the digital borders of your clients’ networks. 🛡️✈️

What Does This Mean for You?

Imagine your network as a VIP lounge. Now, you get to decide who gets past the velvet rope! Whether you’re blocking the cyber riffraff from known threat regions or ensuring that sensitive data never takes an unauthorized vacation, we’ve got your back.

Use Cases (Or, Why You’ll Love It)

    •    💻 Protect Against Cyber Nasties: Keep out traffic from countries notorious for cyberattacks.

    •    🌎 Stay Compliant: Avoid hefty fines by blocking traffic to/from restricted regions.

    •    🛠️ Optimize Performance: Let your bandwidth breathe by cutting non-critical connections.

    •    🔐 Tighten Security: Ensure egress controls prevent accidental data exfiltration to bad actors.

How Does It Work?

It’s as easy as:

1. Navigate to your Firewall menu in ControlOne

2. Build your policy as always, but this time you can pick a Country in Source and/or Destination

3. Hit save and sip your coffee while we do the hard work. ☕🔥

It’s like building a digital “Do Not Disturb” sign—but way cooler. Click here for the updated FWaaS KB

In addition, this release also includes a LONG requested capability: FQDN Support in our FWaaS(Firewall as a Service) module. This important improvement ensures you can build policies that are reflective of modern cloud and hosted environments where the destination endpoint is RARELY a single or small pool of IP addresses. Click here for the updated FWaaS KB